Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Answers

Restore UCS file across platforms

Hi Everyone,

I need to know whether anyone here tried to restore UCS file restoration across platforms? I will need to restore from 4000 to 4200. This is possible? I think both units are on v11.x

Also during restoration I guess I will have to use

tmsh load sys ucs [ucs file name] no-platform-check no-license

Can some please shed some light on this?

BTW - according to F5 support across platforms restore is not supported, wonder why?

0
Rate this Question

Answers to this Question

placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

Hi Mr. Evil,
with cross-platform ucs restore you may face issues with interface mappings and resource provisioning.
This will not be the case with moving a 4000 config to a 4200.
That´s why I won´t expect problems when using the the "no-platform-check" and "no-license" options.
Restore from WebUI does not support these parameters and will overwrite the license.
Btw, just used exactly this procedure to move a 5200 LTM/APM configuration to VE.
Before I removed interface and trunk settings and increased memory for the VE. No problems at all.
Thanks, Stephan

0
Comments on this Answer
Comment made 03-Mar-2015 by mr.evil 279
Hi Stephan, Thank you for your reply, Can you please let me know is there anyway to check the config before loading the the UCS file into active partition? I did do that once before where it checks the config before loading into partition but I cannot remember. Thanks
0
Comment made 03-Mar-2015 by Stephan Manthey 3803
Hi Mr. evil, as the archive is a zipped tarball you can extract the relevant configuration files (bigip.conf, bigip_base.conf, certificates from filestore) and import the certs manually to filestore or i.e. by one-liner from a local directory on your new BIG-IP (make sure to delete them afterwards): ls -lat | awk '/crt/ {print $NF}' | sed 's/\.crt$//g' | awk '{print "tmsh install sys crypto cert " $1, "from-local-file /shared/certimport/ssl.crt/" $1 ".crt"}' | bash -x ls -lat | awk '/key/ {print $NF}' | sed 's/\.key$//g' | awk '{print "tmsh install sys crypto key " $1, "from-local-file /shared/certimport/ssl.key/" $1 ".key"}' | bash -x Afterwards you use "tmsh load sys config verify merge file <file_name>" to validate the new configurations files from CLI. Thanks, Stephan
0
Comment made 03-Mar-2015 by mr.evil 279
Thanks Stephan, I will let you know how it goes.
0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

You mention "Before I removed interface and trunk settings "...I assume on the original device. What if that isn't an option? Could you setup interface and trunks on the new VE before importing a HW based ucs?

0
Comments on this Answer
Comment made 09-Mar-2015 by Stephan Manthey 3803
Hi JN, sorry for responding late. It is possible to modify a .ucs file via GNU utils or GUI based tools i.e. 7ZIP. The how-to is described by Hamish in the following solution: https://devcentral.f5.com/questions/is-ucs-file-editable-if-so-how-to-compress-it-back- In my comment to the solution above I have added option to retain the original tarball name and the parameter to override the hardware check. Thanks, Stephan
0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

Hello I know its been a while since I last reply to this post...

I have done the restore, however config has loaded properly I am getting the following error when I try to do :

load sys config verify:

Validating system configuration...
  /defaults/asm_base.conf
  /defaults/config_base.conf
  /defaults/low_profile_base.conf
  /defaults/policy_base.conf
  /defaults/wam_base.conf
  /defaults/analytics_base.conf
  /defaults/apm_saml_base.conf
  /defaults/app_template_base.conf
  /defaults/classification_base.conf
  /defaults/daemon.conf
  /defaults/fullarmor_gpo_base.conf
  /defaults/profile_base.conf
  /defaults/sandbox_base.conf
  /defaults/security_base.conf
  /usr/share/monitors/base_monitors.conf
Validating configuration...
  /config/bigip_base.conf
  /config/bigip_user.conf
  /config/bigip.conf
  /config/bigip_script.conf
01070623:3: The vlan (/Common/M10_Vlan10) is referenced by one or more virtual servers.
Unexpected Error: Validating configuration process failed.

I did do a grep to see where is the referenced by but unable to find any reference to /Common/M10_Vlan10 ...

Can someone please help?

Thanks

0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

I did do a grep to see where is the referenced by but unable to find any reference to /Common/M10_Vlan10

can you try this?

by the way, you have console cable, haven't you?

sol13030: Forcing the mcpd process to reload the BIG-IP configuration
https://support.f5.com/kb/en-us/solutions/public/13000/000/sol13030.html

0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

Will this still work if I am on version 11.4.1?

0
Comments on this Answer
Comment made 14-May-2015 by nitass 13357
yes
0
Comment made 14-May-2015 by mr.evil 279
Never mind saw that in the KB, thanks. I am doing this now ... lets see what happens ...
0
Comment made 14-May-2015 by mr.evil 279
Thank you so much Nitass. However once I did pass that error I did run this issue below: 01071769:3: Decryption of the field (admin_pw) for object (/Common/xxx.xxx) failed. Unexpected Error: Loading configuration process failed. Which can be fixed by - https://support.f5.com/kb/en-us/solutions/public/9000/400/sol9420.html Thanks again
0
Comment made 03-Jun-2015 by Stephan Manthey 3803
Hi, what kind of object is /Common/orionhealth.saas? If there is a passphrase associated it might be protected by the so called master key (synchronized between units in sync-failover devicegroup; not stored in .ucs file). Two ways to solve the problem from my perspective: 1. remove the passphrase from configuration file and re-enter afterwards from WebUI 2. import the previously used master key before loading the new configuration. For exporting and restoring the master key you can do the following. On the 4000 (old; source) you run the this command to export: f5mku -K On the 4200 (new; target) you run this command to import: f5mku –r <master_key> Now you should be ready to load the configuration to migrate. You mentioned that you used grep to parse the configuration files. Please be aware, that in case of using administrative partitions you need to parse additional files which can be found in the /config/partitions/<admin_partion>/ subdirectories. Thanks, Stephan</admin_partion></master_key>
0