Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Answers

LTM - Auto Config Sync - Script not working.

Guys,

Can you please help me urgently. I am trying to setup a script to do config sync automatically every 15mins on LTMs in HA.

What i have done so far is

1, I have created a script "auto_backup_cron.sh" (see attachment) and put it in the folLowing directory /etc/cron.daily  on both LTMs.

2, also added to cron file to run script every 15mins.

[root@ltm01:Active] config # crontab -e
# cron tab for root

1-59/30 * * * * /usr/bin/diskmonitor
0,15,30 * * * * /etc/cron.daily/auto_backup_cron.sh


The problem is the cron job i have schedule to run 15mins will not run. nothing happens   I know i have done something wrong. please advise.

Thanks in advance
1
Rate this Question
Comments on this Question
Comment made 17-Sep-2013 by Jason Rahm
what version of BIG-IP are you running?
0
Comment made 18-Sep-2013 by boneyard 4360
question is from 2011, wonder if he is still looking :)
0

Answers to this Question

placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER
First, why do you want to sync the config every 15 minutes? A lot of admins see automated config synching as a liability as you lose your ability to recover from a configuration issue by failing over to the unchanged peer unit.

That said, have you tried running the script manually as root? Does it run successfully?

If so, can you try redirecting the standard output and errors from the script to a file?

0,15,30 * * * * /etc/cron.daily/auto_backup_cron.sh 2>&1 >> /var/log/auto_backup_cron.sh.log

Aaron
0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER
Hello Aaron,

The plan is to run is every 12 hours at mid night. the 15mins interval now is to get it working.

Let me run your suggestions & get back to you .

Thanks
0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER
the file is blank!

-rw-r--r-- 1 root root 0 May 31 22:15 auto_backup_cron.sh.log
0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER
Aaron,

I have tried to run it manually & i get permission denied! I am login as root on the ltm. any ideas?

[root@99bishltm01:Active] log #  /etc/cron.daily/auto_backup_cron.sh
bash: /etc/cron.daily/auto_backup_cron.sh: Permission denied
0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER
Hi Francisco,


Have you tried to chmod 755 auto_backup_cron.sh

Once you do that you should be able to run it then.

#Bhattman
0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER
Hello Bhattman, yes that worked. I am getting errors below. It looks like the problem here is related to my script.

Can someone please help by reviewing the script & make sure i havent ,missed out anything. thaks

[root@99bishltm01:Active] cron.daily # chmod 755 auto_backup_cron.sh
[root@99bishltm01:Active] cron.daily # /etc/cron.daily/auto_backup_cron.sh
/etc/cron.daily/auto_backup_cron.sh: line 2: use: command not found
/etc/cron.daily/auto_backup_cron.sh: line 3: use: command not found
/etc/cron.daily/auto_backup_cron.sh: line 5: syntax error near unexpected token `$LockFile'
/etc/cron.daily/auto_backup_cron.sh: line 5: ` my ($LockFile) = "/tmp/autocs.lck"; '
0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER
A few suggestions:

- This is a shell/perl error. Try searching online for the error message: https://encrypted.google.com/search?q=perl+use+command+not+found
- Verify the file format is correct (od -c auto_backup_cron.sh) that you have !/usr/bin/perl as the first characters of the file and standard *nix line endings \n and not \r\n
- Rename the script from .sh to .pl to avoid confusing others that it's something other than a perl script

Aaron
0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER
Can you run this:

perl /etc/cron.daily/auto_backup_cron.sh

If yes, the script might be in DOS format. You can run this to fix it:

dos2unix /etc/cron.daily/auto_backup_cron.sh

or, modify the cron job to:

0,15,30 * * * * /usr/bin/perl /etc/cron.daily/auto_backup_cron.sh
0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

That worked. Excellent. The good thing about the script iy detect which unit got the latest config (PULL/PUSH Mode) so it works on both units whether active or standby.

Guys, i appeciate your help very much and thank you all.

One more question, can i setup to send a  SNMP trap when the sync is complete.

I get the log from tail -f /var/log/ltm
Jun 1 12:05:24 local/99bishltm01 info bigpipe: Completed config sync pull operation

Can i get this sent as syslog including device name?

Thanks

0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER
hmm try this:

Look for this block of code:
  if ( 
    &BigDB("Configsync.LocalConfigTime") > &BigDB("Configsync.PeerConfigTime") 
   ) { 
     system "$bigpipe config sync"; 
   } else { 
     system "$bigpipe config sync pull"; 
   } 


Change it to:


   my ($pull) = "";
   # If LocalConfigTime is smaller than PeerConfigTime then Pull Mode  
   # Else Push Mode 
   $pull = "pull" if ( &BigDB("Configsync.LocalConfigTime") < &BigDB("Configsync.PeerConfigTime") );
   system qq~$bigpipe config sync $pull~; 
   system qq~logger -p local0.debug "`hostname` completed config sync $pull" ~;


I've not tested the script. Please try it on non-production units ...
0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER
Hum,

do i add this to auto_backup_cron.sh ?

Thanks mate
0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER
Yes, you modify auto_backup_cron.sh. I also attached the modified script.

0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER
Thanks hum,
My syslog is setup but when config sync is done, i dont see anything on the syslog server!!

root@99bishltm01:Active] log # b syslog list all
syslog {
authpriv from notice
authpriv to emerg
cron from warning
cron to emerg
daemon from notice
daemon to emerg
include none
kern from notice
kern to emerg
mail from notice
mail to emerg
messages from notice
messages to warning
userlog from notice
userlog to emerg
remote server dblonws29274.uk.db.com {
host 10.128.55.40
local ip none
remote port 514
}
}
0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER
Basically, the modification was to add a 'logger' command to send a syslog message with local0.debug priority when the ConfigSync is happening:

logger -p local0.debug "the message"

From shell prompt, you can experiment with it or commands to send snmp traps.
0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER
could i change it slightly by sending SNMP trap only if the config sycn fails and nothing else.

Thanks
Francisco.
0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER
Automatic ConfigSync is now available in v11.2.1.
0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

i understand auto sync does not sync failover (floating) objects, does it?
 

Automatic
Available for Sync-Only device groups only, automatic synchronization (also known as auto sync) ensures that the BIG-IP system automatically synchronizes the configuration among device group members, whenever you make a change to any one of those members. During auto sync, the BIG-IP system performs incremental, rather than full, synchronization whenever possible.

 

Sync-Only
A Sync-Only device group contains devices that synchronize configuration data, such as policy data, but do not synchronize failover objects. A maximum of 32 devices is supported in a Sync-Only device group.
0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER
Thanks for the clarification nitass, I think I need to do a bit more reading!
0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

If you are still looking for automatic config sync script. Below is a simple script I revised from the previous script using "bigpipe" command. I tested on our onlt v11.3.x devices and wworked perfectly.

!/bin/bash

Revised to ConfigSync the active device to all devices in the device group in tmsh.

file: /shared/bin/configsync.sh

Added to /etc/crontab:

0 1 * * * root /shared/bin/Configsync.sh > /dev/null 2>&1

Variable to make sure this device is Active and out of sunc with the peer

Revised by Vivian Peng

Date: 08/28/2013

Note: This script is tested only on v11.3 devices only.

DFGID="name of your device failover group"
STATE=tmsh show /sys failover | cut -d" " -f 2 STATUS=tmsh show cm sync-status | grep -i status | cut -d" " -f 5

if [ $STATE == "active" ] && [ $STATUS != "Sync" ]; then tmsh run cm config-sync to-group $DFGID fi

0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

Sorry, this is the first time I made my post here. Not sure why it strips out all "#" in front of comment lines. In stead of find out how to keep teh format, I am just post the lines that have no "#" in the front

DFGID="name of your device failover" # replace here to the name of your device group

STATE=tmsh show /sys failover | cut -d" " -f 2 STATUS=tmsh show cm sync-status | grep -i status | cut -d" " -f 5

if [ $STATE == "active" ] && [ $STATUS != "Sync" ]; then tmsh run cm config-sync to-group $DFGID fi

0