Technical Article Archiving BIG-IP Configurations with an iApp in v11.2 Updated 25-Sep-2012 • Originally posted on 25-Sep-2012 by Jason Rahm F5 article automation devops iapps management news techtip I wrote an article last year on utilizing iApps to put a front-end on a common system task, BIG-IP configuration archiving. This worked well for that initial v11 release, but something changed along the way that prevented some of the magic from happening. I think there are two things at play here on later versions: In v11.2, the /var file system is mounted with the noexec flag, so that makes it problematic to use /var/local. In the cron daemon, utilizing a +x flag on the files in /etc/cron.d prevents their inclusion in the cron cycle, so the previous file permissions of 755 should probably be 644 in the updated script. I recommend utilizing the /shared mount for this process. It’s not read-only like the /usr file system, and it mounts in every boot slot, which is ideal for carrying forward through upgrades. Create the File Structure Login into your BIG-IP and create the necessary directories [root@dctest-01:Active:Standalone] # cd /shared [root@dctest-01:Active:Standalone] shared # mkdir backups [root@dctest-01:Active:Standalone] shared # mkdir backups/bin [root@dctest-01:Active:Standalone] shared # mkdir backups/archives Upload the Files First, upload the shell script (f5backup.sh from the attachement available on the iApp codeshare page)via scp from your desktop to the /shared/backups/bin directory you created on your BIG-IP. Next, login to the BIG-IP GUI and then click on iApp and Templates Click Import and upload the bigip_archiving_iApp.tcl file from the attachment linked above. The f5.archiving iApp should now be in the Templates listing: Schedule A Backup Click on Application Services and click Create. Select the f5.archiving template and you’ll see the Backup Schedule options. Choose Daily, Weekly, or Monthly settings as appropriate. For the purposes of this article, I’ll select the Daily and a time of 14:45. This will create the file in /etc/cron.d, as verified in the cli output below: [root@dctest-01:Active:Standalone] archives # ls -las /etc/cron.d total 12 2 drwx------ 2 root root 1024 Sep 25 14:07 . 6 drwxr-xr-x 59 root root 5120 Sep 25 12:14 .. 2 -rw-r--r-- 1 root root 177 Sep 25 14:42 f5backups 2 -rw-r--r-- 1 root root 87 Aug 29 15:52 sysstat Now we’ll verify the contents of the f5backups script created by the iApp: [root@dctest-01:Active:Standalone] archives # cat /etc/cron.d/f5backups SHELL=/bin/bash PATH=/sbin:/bin:/usr/sbin:/usr/bin #MAILTO=user@somewhere HOME=/var/tmp/ 45 14 * * * root /bin/bash /shared/backups/bin/f5backup.sh 1>/var/tmp/f5backup.log 2>&1 Verify the Backup All the work is done, now all that’s left is to verify the backup actually occurred: [root@dctest-01:Active:Standalone] archives # ls -las /shared/backups/archives total 50736 8 drwx------ 2 root root 4096 Sep 25 14:45 . 8 drwx------ 4 root root 4096 Sep 25 12:58 .. 12680 -rw------- 1 root root 12956815 Sep 25 13:10 f5backup-dc2-dev-egw-01.dc.local-20120925130958.tar.bz2 12680 -rw-r--r-- 1 root root 12956947 Sep 25 14:45 f5backup-dc2-dev-egw-01.dc.local-20120925144501.tar.bz2 The full URL for the codeshare sample added today: https://devcentral.f5.com/wiki/iApp.Configuration_Backup_Scheduler_v11_2.ashx 0 Ratings Log in to rate this content Print Download Favorite Share Comments Comment made 22-Jul-2014 by annielee 90 i've tested the backup and it worked, but i need some modification (additional features), and will be glad if someone can point me to the right direction : - backup local copy to var\local\ucs instead of var\tmp - automatically remove local copy older than 14 days i tried the other version of backup by Thomas, but that lacked some features.. (backup local and compress file) Will be glad if someone can point me to the right code to add the above requirement. Comment made 09-Jul-2014 by R Eastman 273 Hi annielee, Add this to the iApp to compress the .ucs "exec tar cvzf /.tar.gz -C /.ucs 2> /dev/null" Comment made 07-Jul-2014 by annielee 90 another question, anyone can modify the script to compress the ucs file to the backup server instead of raw ucs file only ? Comment made 28-Apr-2014 by mr.evil 203 Hi Jason,I have followed the new iAPP that you have pointed to me I have setup everything correctly and from F5 CLI i can upload file without password as SCP and SFTP however when I setup the via GUI it doesnt work I think because I am doing something wrong for "Enter the SSH private key to be used for passwordless authentication" and "Set the remote directory the archive should be copied to"Is there log file I can look at to toubleshoot this issue?for SSH private key should it be the id_rsa (under /root/.ssh) and for Set the remote directory the archive should be copied to does it use "\" or "/"Can you please help me?Thanks Comment made 17-Apr-2014 by Jason Rahm F5 A community member submitted a pretty robust solution for backups from an iApp, I'd give this a shot first:https://devcentral.f5.com/wiki/iApp.Complete-F5-Automated-Backup-Solution.ashx Comment made 16-Apr-2014 by mr.evil 203 Hello I know this is bit old but I am trying to setup remote copy but I am keep on getting permission denied (password):Exec: /usr/bin/scp -F /root/.ssh/f5archive_config /var/tmp/f5backup-filename-20140417155313.tar.bz2 username@host_ip:/archive/Permission denied (password).lost connectionDo you have any idea ?Thanks Comment made 26-Jun-2013 by Jason Rahm F5 Hey everyone, just released an update for 11.4, using iCall scripts to radically simplify this process. Check it out: https://devcentral.f5.com/tech-tips/articles/third-times-the-charm-big-ip-backups-simplified-with-icall Comment made 17-Jun-2013 by Jason Rahm F5 hi Sean, it doesn't look like the backup shell script really supports multiple destinations, that variable would need to be interrogated and dropped through a loop, and I don't see that.Now that 11.4 is out, there is a much simpler way to do config backups, all supported in tmsh, no cron or shell scripts required. Though if archiving off-box, you'll still need to do some ssh work on local and remote systems for key exchanges. Here's the iCall script and iApp:https://devcentral.f5.com/wiki/iCall.Generate_Config_Backup.ashx Comment made 05-Jun-2013 by sean.davidson 0 What is the syntax for specifying multiple destinations on the SCP_DESTINATION variable? I've tried every combination I can think of and it never attempts the connection to the second server. Comment made 13-May-2013 by Jason Rahm F5 1) Can we do backup scheduling in a remote server instead of local or both. -- yes, you can modify the script to send to remote server, but you'll need to generate ssh keys and get that setup done, which is outside the scope of this article. Stay tuned for some movement on this front when 11.4 launches, I just might have what you're looking for, in much better packaging than the current version.2) How can i send the Email Notification whether the backup is successful or not?You would need to configure ssmtp on your local device and then modify the script to shoot the mail out. Check out solution 13180 for details on ssmtp configuration: http://support.f5.com/kb/en-us/solutions/public/13000/100/sol13180.html Comment made 13-May-2013 by Mubasher Sultan 106 Hi,Please confirm the below in regards of backup.1) Can we do backup scheduling in a remote server instead of local or both.2) How can i send the Email Notification whether the backup is successful or not?By the way, it is a nice article and currently i am deploying it.Regards,Mubasher Sultan Comment made 04-Jan-2013 by Jason Rahm F5 There is no current “non-hacky” method to have an iApp on one LTM configure “base” items on other LTMs. iApps have a difficult time managing files like cron directly as well; you would have to write all of the management code for checking for the existence of items before you enter them, deleting them, etc. all on your own.This all comes down to this iApp configuring items that are effectively “base” configuration items (in this case, cron tabs that aren’t even managed by the primary control plane) and not shared configuration items. In order to make this work for all devices in the sync group, you would have to run the iApp on each member to configure the respective “base” configuration items for each. Comment made 19-Dec-2012 by EM 4 Hi,i deployed the iApp and it works. However, if i have a redundant pair, only the one where i configured the iApp does the backup. After a failover, the second box doesn't backup as the cronjob is missing on it. If i reconfigure the iApp it works again. As well would it be nice if both boxes backup their configuration when the iApp is deployed. Is there a way to achieve this with an iApp? Comment made 02-Nov-2012 by ictjl 81 A minor discrepancy on the screenshot. You write to "upload the bigip_archiving_iApp.tcl file..." but the Templates Import screenshot shows the zip file.