Forum Discussion

nash_65851's avatar
nash_65851
Icon for Nimbostratus rankNimbostratus
Jan 03, 2013

Sync Config from Production Unit to Development VE

Hello everyone...

 

We have a production BigIP with LTM and APM which is working well, I want to restore the config to our Development VE edition (which has become messy). The production BigIP is running on BigIP 6900's in an Active/Passive HA setup. The development box is a Virtual Edition. They are currently running 11.2.1.

 

I have run the following command in TMSH to use the "no-platform-check" switch which I know I will need.

 

load /sys ucs /var/tmp/prodbackup.ucs no-platform-check

 

I get an error with this as the production unit has a network interface setup for the heartbeat (due to it being HA enabled).

 

My questions are:

 

1.) Is what I am trying to do achievable?

 

2.) Is there a way to "ignore" the Network section in a configuration backup.

 

Thanks in advance

 

10 Replies

  • have you tried to modify configuration file directly and then run "tmsh load sys config"? i understand configuration has already been restored but couldn't be loaded (because of the error you got).
  • Thanks for the suggestion.. No, alas the configuration did not successfully get restored. Apologies, I should have put the following error that I received in the original post:

     

     

    /config/bigip_user.conf 01070307:3: Invalid interface 1.4 Unexpected Error: Loading configuration process failed.

     

     

    Interface 1.4 is enabled on the HA devices (as the heartbeat interface), but it does not exist on the Development VM.
  • No, alas the configuration did not successfully get restored.have you checked configuration file e.g. bigip_base.conf, bigip.conf, etc?
  • Sorry, I just read the errors again (properly this time)... It looks like you are right, the config did get restored. I will try as you suggest and see if I can edit the conf files and attempt another load of the config.

     

     

    Thanks for the help
  • Issue Resolved (I think)

     

    **Edit Jan 7 2013** -> Added point 11.

     

     

    Just in case anyone else wants to do this, here are the steps I followed (may or may not all be required, but this process worked for me):

     

     

    1.) Take the UCS archive file from Prod (source BigIP) and copy to Dev (target BigIP) into the /var/tmp folder

     

    2.) Take a backup of the bigip_base.conf and bigip.license (I just used the mv command in the shell and put a “.dev” extension on it - we do this as these are device specific configs)

     

    3.) Load the UCS file from Prod (using load /sys ucs /var/tmp/prodbackup.ucs no-platform-check) *the error this throws is expected*

     

    4.) Replace the bigip_base.conf and bigip.license with the backups from point 2 (to keep the target base settings and license file)

     

    5.) Run bigstart restart command to pick up the old license again

     

    6.) Go through the bigip.conf file and make any specific changes to IP addresses for virtual servers etc (ie change the IP's specific to the source device to the corresponding IP's for the target device, including VPN Pool addresses)

     

    7.) I also needed to change some VLAN settings in the target bigip_base.conf on the target BigIP (to match those from the source machine)

     

    8.) Run tmsh load sys config verify and fix any errors that pop up in the relevant config files (and repeat this step until all resolved.)

     

    9.) If there are no issues in the command from point 8, finalise the changes by running the command tmsh load sys config

     

    10.) Redo all the SSL certificates (to match the target BigIP host names)

     

    11.) If you have SecurID on your devices, you will need to update the Agent Host IP address and update the securid.conf file on the target BigIP

     

     

    Point 3 is required to get all the iFiles/custom stuff etc from the source to the correct location on the target system first.

     

     

    Like I say, I "think" this is the right process to use. Could probably tidy it up by modifying and re-compressing the files in the UCS first (to avoid changing them later). If anyone has anything else to add to this, please do as I may have missed a few things.

     

     

  • there is no-license option too. 🙂

    root@(B3900-R72-S16)(cfg-sync Standalone)(Active)(/Common)(tmos) load sys ucs config.ucs ?
    Options:
      no-license         This option mostly is for RMA use. It loads full configuration from a UCS file except license file.
      no-platform-check  Bypass platform check.
      passphrase         Passphrase for (un)encrypting UCS.
    
    
    • hpr_220139's avatar
      hpr_220139
      Icon for Nimbostratus rankNimbostratus

      Thanks for this oldie but goldie. :) What is the suggested procedure for a HA cluster of two VMs going to the lab? 1) Do the above for the Active and then for the Standby Node? 2) Do the above for the Active and create an empty Standby Node and establish Sync? 3) ...?

       

      Thanks, HP.

       

  • there is no-license option too. 🙂

    root@(B3900-R72-S16)(cfg-sync Standalone)(Active)(/Common)(tmos) load sys ucs config.ucs ?
    Options:
      no-license         This option mostly is for RMA use. It loads full configuration from a UCS file except license file.
      no-platform-check  Bypass platform check.
      passphrase         Passphrase for (un)encrypting UCS.
    
    
    • hpr_220139's avatar
      hpr_220139
      Icon for Nimbostratus rankNimbostratus

      Thanks for this oldie but goldie. :) What is the suggested procedure for a HA cluster of two VMs going to the lab? 1) Do the above for the Active and then for the Standby Node? 2) Do the above for the Active and create an empty Standby Node and establish Sync? 3) ...?

       

      Thanks, HP.

       

  • Cool... that would have saved a little bit of messing around! Will have to remember that tip.