Forum Discussion

skunk's avatar
skunk
Icon for Nimbostratus rankNimbostratus
Oct 14, 2020

copy config from BIGIP 2000 to VE incl filestore fails...

Hello, I do have a tricky situation - and running out of ideas.

There is a BigIP 2000 running 11.6.5.2, LTM and APM, multiple Partitions, lots of iRules and 100+ Datagroups. As an upgrade is needed, we want to test that on a VE. I only have GUI and ssh access to that virtual machine via the management IP.

 

How can i copy the full config from the BIGIP 2000 onto the VE?

I have tried a ucs (no-license and no-plattform), but that failed.

So used a scf and modified the network settings before, but failed due to the references to the datagroups.

Then copied the full filestore manually over, also the partition folder incl all bigip.confs.

But failed again, as probably this known issue kicks in: "K50710744: Using tmsh to load the configuration from the terminal or from a file fails when an external file is referenced"

For some partitions and their datagroups i followed the recommendation and created manually, and saw them in GUI.

So the VE had all partitions, SSL, and datagroups, as well as the objects in Common created.

used 'tmsh load sys config file' per partition but no success again.

Gave it another try today - lost again: the original admin/root accounts got overwritten. but can use my "personal-admin" via ssh, but tmsh is not possible, GUI does not come up, and I have no root account - so, need someone on the VCenter to access, log in via root and restore my init_ucs from the VE.

 

Probably there is something simple i miss here! Can someone please share some light?

Thanks in advance!

 

 

 

 

application delivery
BIG-IP
TMSH

7 Replies

Sort By
  • Enes_Afsin_Al's avatar
    Enes_Afsin_Al
    Icon for MVP rankMVP
    Oct 14, 2020

    Hi skunk,

    BIG-IP 2000:

    1. Backup UCS

    save /sys ucs /var/local/ucs/MyUCS.ucs

    2. Download UCS

    3. Look f5mku

    f5mku -K

    BIG-IP VM:

    1. Upload MyUCS file to /var/local/ucs folder

    If the interface numbering of the devices is the same, skip to step 8.

    2. Create temp folder in /var/local/ucs

    cd /var/local/ucs
mkdir abc
cd abc

    3. Unzip UCS

    tar -xzf /var/local/ucs/MyUCS.ucs

    4. Open bigip_base.conf folder

    nano config/bigip_base.conf
# or
vi config/bigip_base.conf

    5. Change all interface names in bigip_base.conf

    1.1 > 1.0
1.2 > 2.0
1.3 > 3.0
...

    6. Save bigip_base.conf

    7. Zip files

    tar -czf /var/local/ucs/newMyUCS.ucs *

    8. Enter Bıg-IP 2000's f5mku value

    f5mku -r <big-ip2000 f5mku value>

    9. Restore UCS

    tmsh
load sys ucs newMyUCS.ucs no-license no-platform-check

    Article for f5mku: https://support.f5.com/csp/article/K9420

  • skunk's avatar
    skunk
    Icon for Nimbostratus rankNimbostratus
    Oct 15, 2020

    Hi eaa,

    thanks for that detailed answer! I did not know about the f5mku before ;-) thanks again.

    Well, now as i got access back, I got the key and installed it on the VE.

    Interface namings are the same 1.1 = 1.1.

    I got messages that interface settings were wrong and set  "media-fixed 10000T-FD" on all int: 1.1 - 4

    As the 2000 has 1.1 - 1.8 and 2.1 & 2 (here is a trunk), i deleted the interface config 1.5-1.8, and also changed the trunk interfaces to 1.3 and 1.4.

    followed your guideline, no errors!

    But now it shows:

     01071635:3: /Common/management-ip: Conflicting configuration. Management-ip can't be created manually while DHCP is enabled. Do 'tmsh modify sys global-settings mgmt-dhcp disabled' before manually changing the management-ip. Unexpected Error: Loading configuration process failed.

     

    why ? the management ip is configured:

    list sys management-ip

    sys management-ip 10.107.127.6/26 {

       description static-fallback

    }

     

    and dhcp is disabled:

     list sys global-settings mgmt-dhcp

    sys global-settings {

       mgmt-dhcp disabled

    }

     

    this stops the load process, but what can I change here? Any help is welcome.

     

     

    • Enes_Afsin_Al's avatar
      Enes_Afsin_Al
      Icon for MVP rankMVP
      Oct 15, 2020

      Hi skunk,

      Can you change mgmt with using config command?

      In cli (not tmos):

      config
  • skunk's avatar
    skunk
    Icon for Nimbostratus rankNimbostratus
    Oct 15, 2020

    Hi eaa,

    no , i can't as:

    MCP must be in the running or base phase to run this script.

     

    tmsh show sys mcp-state

    -------------------------------------------------------

    Sys::mcpd State:

    -------------------------------------------------------

    Running Phase                  platform

    Last Configuration Load Status base-config-load-failed

     

  • skunk's avatar
    skunk
    Icon for Nimbostratus rankNimbostratus
    Oct 15, 2020

    i restored another ucs which i took a few days ago - all fine, and VE came back. admin / root account and all processes fine.

    startet with your guideline: put key on the VE, and then load the modified UCS, but again:

     

    Oct 15 21:53:35 xxxxxxxk1 err mcpd[7184]: 01071635:3: /Common/management-ip: Conflicting configuration. Management-ip can't be created manually while DHCP is enabled. Do 'tmsh modify sys global-settings mgmt-dhcp disabled' before manually changing the management-ip.

     

    its done on the GUI, ran the config utility, checked via tmsh ... ? no idea what else too check.

  • skunk's avatar
    skunk
    Icon for Nimbostratus rankNimbostratus
    Oct 16, 2020

    so, tested this now:

    old ucs from the VE i can restore / load without an issue.

    all managment IPs are static: on VE and BIGIP, verified that mgmt-dhcp is disabled on VE too.

    on the VCenter i am told that no dhcp settings made as well.

    modified the bigip_base.conf from the BIGIP.ucs with interface and trunk settings, as well new mgmt iP.

    did f5mku -r (as mentionde above and in K9420).... and load the ucs -> receive still the message above: "01071635:3: /Common/management-ip: Conflicting configuration."

    I search and found that Bug ID 653928, which is not a match and states there must be further errors.

    looking at ltm log shows:

    Oct 16 16:13:50 xyz err mcpd[7201]: 010713d0:3: Symmetric Unit Key decrypt failure - decrypt failure

    Oct 16 16:13:50 xyz notice mcpd[7201]: 01071029:5: Symmmetric Unit Key decrypt

    Oct 16 16:13:50 xyz notice mcpd[7201]: 01071027:5: Master key OpenSSL error: 1496362520:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:evp_enc.c:601: ▒

     

    that error point me to K24780830, and again to K9420

     

    :o feels like a loop - somebody any hint for me please? Thanks a lot.