Baseline F5 config (.ucs) file

Question

I have multiple environemnet that have ACTIVE/STANDBY F'5s and I am trying to create a baseline config (one for ACTIVE and one for STANDBY) to slap on all of the F5's (10 or more) so I can be sure that they all have a uniform configuration.   
&nbsp;  
&nbsp; I was wondering how taking a backup config of one F5 and putting it on all F5's in all of my environments will affect the licensing and SSL certificates on my other F5's that are currently up and running?   
&nbsp;  
&nbsp; Will I have to take my F5's offline for any re-licensing? 
&nbsp;  
&nbsp; How will this affect the SSL certificates I have setup? 
&nbsp;  
&nbsp; Any advice would be greatly appreciated.

hooleylist · Answer

Hi Sharry, 
&nbsp;  
&nbsp; You could take the /config/bigip_base.conf and the /config/bigip_sys.conf from one unit, edit it for the other units and then reload the configuration using 'b load'. 
&nbsp;  
&nbsp; If you load a UCS from one unit to another unit with a different hostname, only the configuration that is shared between units in a redundant pair would be loaded.  The /config/bigip.license file is not part of the shared configuration--so that wouldn't be a problem.  However, this would not work well as the configuration probably wouldn't load successfully if the non-shared configuration wasn't set up prior to loading the UCS.  ie, you couldn't load a bigip.conf with a floating self IP address which references a VLAN that hasn't already been defined in the /config/bigip_base.conf file. 
&nbsp;  
&nbsp; Aaron

sharry_johnson_ · Answer

Aaron, 
&nbsp;  
&nbsp; Thank you for your reply.  All of my F5's have the same hostnames for the ACTIVE and STANDBY units.  They have the same base configuration, they are just inconsistent when it comes to Virtual servers and nodes and I would like them to all be uniformed in that sense.  I have about 5 pair of ACTIVE/STANDBY units and I want them to all have the same configuration with the same nodes and such.  
&nbsp;  
&nbsp; Is there a way (preferably in the GUI) to download one archive (.ucs) file from the most correct ACTIVE F5 and upload it to a half correct F5 to make them have the same config? 
&nbsp;  
&nbsp; Will I have to re-install the SSL certificates on the F5 that I just uploaded the .ucs file to, or will the certs just be imported when the archive.ucs gets uploaded from the other F5? 
&nbsp;  
&nbsp; Thank you in advance for your support. 
&nbsp;  
&nbsp; Sharry

hooleylist · Answer

If the units all have the same base configuration, you could take advantage of the fact that only the shared config is loaded when the hostname from the UCS does not match the hostname of the unit you're installing it on.  You could take a good copy of the primary unit's config to a UCS and load that on the secondary unit in another pair.  Only the shared config would be loaded (not the base.conf or bigip.license).  You could then sync the config from that unit to the peer.   
&nbsp;  
&nbsp; I'd suggest testing this on a non-production unit to make sure there aren't any issues for your specific scenario.  Make sure to back up the current config to a UCS before testing. 
&nbsp;  
&nbsp; Aaron

Forum Discussion

Baseline F5 config (.ucs) file

3 Replies

Recent Discussions

F5 Access Guard Deprecated: ZTA APM

F5 loadbalancer not working

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

Pricing when used with aws waf

F5 terminal - help to run commands - disk space full

Related Content

uCS platform-migrate

UCS file

Python BigREST ucs save and download

virtual server config

System stuck when using command to save UCS file