Technical Article Archiving BIG-IP Configurations with an iApp in v11.2 September 25, 2012 by Jason Rahm 7530 article automation iapps management news techtip 0 I wrote an article last year on utilizing iApps to put a front-end on a common system task, BIG-IP configuration archiving. This worked well for that initial v11 release, but something changed along the way that prevented some of the magic from happening. I think there are two things at play here on later versions: In v11.2, the /var file system is mounted with the noexec flag, so that makes it problematic to use /var/local. In the cron daemon, utilizing a +x flag on the files in /etc/cron.d prevents their inclusion in the cron cycle, so the previous file permissions of 755 should probably be 644 in the updated script. I recommend utilizing the /shared mount for this process. It’s not read-only like the /usr file system, and it mounts in every boot slot, which is ideal for carrying forward through upgrades. Create the File Structure Login into your BIG-IP and create the necessary directories [root@dctest-01:Active:Standalone] # cd /shared [root@dctest-01:Active:Standalone] shared # mkdir backups [root@dctest-01:Active:Standalone] shared # mkdir backups/bin [root@dctest-01:Active:Standalone] shared # mkdir backups/archives Upload the Files First, upload the shell script (f5backup.sh from the attachement available on the iApp codeshare page)via scp from your desktop to the /shared/backups/bin directory you created on your BIG-IP. Next, login to the BIG-IP GUI and then click on iApp and Templates Click Import and upload the bigip_archiving_iApp.tcl file from the attachment linked above. The f5.archiving iApp should now be in the Templates listing: Schedule A Backup Click on Application Services and click Create. Select the f5.archiving template and you’ll see the Backup Schedule options. Choose Daily, Weekly, or Monthly settings as appropriate. For the purposes of this article, I’ll select the Daily and a time of 14:45. This will create the file in /etc/cron.d, as verified in the cli output below: [root@dctest-01:Active:Standalone] archives # ls -las /etc/cron.d total 12 2 drwx------ 2 root root 1024 Sep 25 14:07 . 6 drwxr-xr-x 59 root root 5120 Sep 25 12:14 .. 2 -rw-r--r-- 1 root root 177 Sep 25 14:42 f5backups 2 -rw-r--r-- 1 root root 87 Aug 29 15:52 sysstat Now we’ll verify the contents of the f5backups script created by the iApp: [root@dctest-01:Active:Standalone] archives # cat /etc/cron.d/f5backups SHELL=/bin/bash PATH=/sbin:/bin:/usr/sbin:/usr/bin #MAILTO=user@somewhere HOME=/var/tmp/ 45 14 * * * root /bin/bash /shared/backups/bin/f5backup.sh 1>/var/tmp/f5backup.log 2>&1 Verify the Backup All the work is done, now all that’s left is to verify the backup actually occurred: [root@dctest-01:Active:Standalone] archives # ls -las /shared/backups/archives total 50736 8 drwx------ 2 root root 4096 Sep 25 14:45 . 8 drwx------ 4 root root 4096 Sep 25 12:58 .. 12680 -rw------- 1 root root 12956815 Sep 25 13:10 f5backup-dc2-dev-egw-01.dc.local-20120925130958.tar.bz2 12680 -rw-r--r-- 1 root root 12956947 Sep 25 14:45 f5backup-dc2-dev-egw-01.dc.local-20120925144501.tar.bz2 The full URL for the codeshare sample added today: https://devcentral.f5.com/wiki/iApp.Configuration_Backup_Scheduler_v11_2.ashx last modified: September 25, 2012 14 Comment(s): 0 i've tested the backup and it worked, but i need some modification (additional features), and will be glad if someone can point me to the right direction : - backup local copy to var\local\ucs instead of var\tmp - automatically remove local copy older than 14 days i tried the other version of backup by Thomas, but that lacked some features.. (backup local and compress file) Will be glad if someone can point me to the right code to add the above requirement. 2 Hi annielee, Add this to the iApp to compress the .ucs "exec tar cvzf /.tar.gz -C /.ucs 2> /dev/null" 0 another question, anyone can modify the script to compress the ucs file to the backup server instead of raw ucs file only ? 0 Hi Jason,I have followed the new iAPP that you have pointed to me I have setup everything correctly and from F5 CLI i can upload file without password as SCP and SFTP however when I setup the via GUI it doesnt work I think because I am doing something wrong for "Enter the SSH private key to be used for passwordless authentication" and "Set the remote directory the archive should be copied to"Is there log file I can look at to toubleshoot this issue?for SSH private key should it be the id_rsa (under /root/.ssh) and for Set the remote directory the archive should be copied to does it use "\" or "/"Can you please help me?Thanks 0 A community member submitted a pretty robust solution for backups from an iApp, I'd give this a shot first:https://devcentral.f5.com/wiki/iApp.Complete-F5-Automated-Backup-Solution.ashx 0 Hello I know this is bit old but I am trying to setup remote copy but I am keep on getting permission denied (password):Exec: /usr/bin/scp -F /root/.ssh/f5archive_config /var/tmp/f5backup-filename-20140417155313.tar.bz2 username@host_ip:/archive/Permission denied (password).lost connectionDo you have any idea ?Thanks 0 Hey everyone, just released an update for 11.4, using iCall scripts to radically simplify this process. Check it out: https://devcentral.f5.com/tech-tips/articles/third-times-the-charm-big-ip-backups-simplified-with-icall 0 hi Sean, it doesn't look like the backup shell script really supports multiple destinations, that variable would need to be interrogated and dropped through a loop, and I don't see that.Now that 11.4 is out, there is a much simpler way to do config backups, all supported in tmsh, no cron or shell scripts required. Though if archiving off-box, you'll still need to do some ssh work on local and remote systems for key exchanges. Here's the iCall script and iApp:https://devcentral.f5.com/wiki/iCall.Generate_Config_Backup.ashx 0 What is the syntax for specifying multiple destinations on the SCP_DESTINATION variable? I've tried every combination I can think of and it never attempts the connection to the second server. 0 1) Can we do backup scheduling in a remote server instead of local or both. -- yes, you can modify the script to send to remote server, but you'll need to generate ssh keys and get that setup done, which is outside the scope of this article. Stay tuned for some movement on this front when 11.4 launches, I just might have what you're looking for, in much better packaging than the current version.2) How can i send the Email Notification whether the backup is successful or not?You would need to configure ssmtp on your local device and then modify the script to shoot the mail out. Check out solution 13180 for details on ssmtp configuration: http://support.f5.com/kb/en-us/solutions/public/13000/100/sol13180.html 0 Hi,Please confirm the below in regards of backup.1) Can we do backup scheduling in a remote server instead of local or both.2) How can i send the Email Notification whether the backup is successful or not?By the way, it is a nice article and currently i am deploying it.Regards,Mubasher Sultan 0 There is no current “non-hacky” method to have an iApp on one LTM configure “base” items on other LTMs. iApps have a difficult time managing files like cron directly as well; you would have to write all of the management code for checking for the existence of items before you enter them, deleting them, etc. all on your own.This all comes down to this iApp configuring items that are effectively “base” configuration items (in this case, cron tabs that aren’t even managed by the primary control plane) and not shared configuration items. In order to make this work for all devices in the sync group, you would have to run the iApp on each member to configure the respective “base” configuration items for each. 0 Hi,i deployed the iApp and it works. However, if i have a redundant pair, only the one where i configured the iApp does the backup. After a failover, the second box doesn't backup as the cronjob is missing on it. If i reconfigure the iApp it works again. As well would it be nice if both boxes backup their configuration when the iApp is deployed. Is there a way to achieve this with an iApp? 0 A minor discrepancy on the screenshot. You write to "upload the bigip_archiving_iApp.tcl file..." but the Templates Import screenshot shows the zip file. You must be logged in to post comments.