NimbostratusHello all,
I was wondering what the best approach is for merging the config from a BIG-IP cluster to another BIG-IP cluster. Both clusters are running BIG-IP 10.2.1 Build 511.0 Hotfix HF3 The purpose is to move all local traffic config (virtual servers, profiles, iRules, .. ) from cluster B towards cluster A. The existing config of cluster A should be kept completely.
Thanks for any advice ! Frederik.
It will be a couple of steps, if you cannot simply import a .ucs archive.
Importing a .ucs will replace all device specific settings of the target and I guess you want to avoid it, right? So these are the required steps from my perspective:Get a copy of /config/bigip.conf strip off all unnecessary lines and import on target via:
bigpipe merge Now everything should show up in your running configuration and you can save it to startup configuration:
bigpipe save
NimbostratusThanks for the answer Stepahn.
NimbostratusThanks for the answer Stepahn.
The /config/ssl/ directories contain the SSL private keys, certificate requests, certficate revocation lists and signed certificates.
Actually you will just need the private keys and certficates.
These are the objectes referenced in your clientssl and serverssl profiles.
In case you don´t use SSL termination on your current device, there is no need to export / import these files.
Btw, my answer refers to TMOS v9/v10. Since TMOS v11 these objects are located in the TMOS filestore.
If you´re actually not using so called external data groups, the /var/class/ directory will be empty.
Are you currently using so called exernal monitors (script based monitors)? In this case you would also need to look after the /usr/bin/monitors/ directory. I forgot to mention this part in my first reply.
NimbostratusThis is what is in the folders config/ssl/ssl.key and config/ssl/ssl.crt/
ssl.key ls -ll total 11 -rw------- 1 root root 1675 Oct 21 2011 ITXXXXX5126LB005.key -rw------- 1 root root 1675 Oct 21 2011 ITXXXXX6908LB006.key -rw-r--r-- 1 root root 887 Nov 14 2011 default.key -rw-r--r-- 1 root apache 1679 Jun 28 2012 server.key
ssl.crl ls -ll total 0
I verified in the /config/bigip.conf, and not clientssl or serverssl profiles are used. So I think we are good not to copy this then.
There is also no script based monitors on the LB.
monitors ls -ll total 8 -rwxr-xr-x 1 root root 3006 Jan 5 2011 arg_example lrwxrwxrwx 1 root root 19 Oct 21 2011 builtins -> /usr/share/monitors -rwxr-xr-x 1 root root 1454 Jan 5 2011 sample_monitor
So I think I only need to merge the current /config/bigip.conf into the exisitng LB.
Yes, right. The certificate and key are the default cert and key. They are not required for the transaction.
From this perspective it should be fine to merge the modified configuration file as described above.
Make sure to use the same VLAN names as they may be associated with your virtual servers.
Remove the floating self IPs and routes and some other information which already exists or is in conflict with the configuration of the target system.
And create a ucs archive of your target system before running all kind of changes, please.
NimbostratusThanks Stephan for the advice !