Forum Discussion

BaltoStar_12467's avatar
BaltoStar_12467
Oct 26, 2015

BIG-IP : tmsh script to retrieve bigip.conf

F5 BIG-IP Virtual Edition v11.4.1 (Build 635.0) LTM on ESXi

I need a scheduled automated solution to retrieve bigip.conf from the active device in an HA pair.

Is this realistic with via a cron job + tmsh script ?

How simple is this ? What about security concerns ?

Or is it better to implement within an app via iControl API ?

Or is another backup solution better advised ?

According to this support doc :

I should be able to ssh to the device, login, and save the current config with this command :

tmsh sys save config

but I receive error : 

Syntax Error: unexpected argument save
design
devops
iControl
iControlREST
TMSH

15 Replies

Sort By
  • Ryan_80361's avatar
    Ryan_80361
    Icon for Cirrostratus rankCirrostratus
    Oct 27, 2015

    There's a couple of ways of skinning the cat so to speak

    xxx@(yyy)(cfg-sync Changes Pending)(ModuleNotLicensed:Active)(/Common)(tmos) save sys config ?
Options:
base               Base configuration.
binary             The configuration in binary format.
current-partition  The configuration in the current partition.
file               The configuration in the specified file.
gtm-only           GTM configuration only.
one-line           Display each configuration item on a single line
partitions         Partition list
user-only          User account configuration only.
wait

    Or..

    xxx@(yyy)(cfg-sync Changes Pending)(ModuleNotLicensed:Active)(/Common)(tmos.sys.config) save ?
Modules:
/                  TMOS Command Line Interface
/analytics         Analytics reports
/sys               General system configuration
Options:
base               Base configuration.
binary             The configuration in binary format.
current-partition  The configuration in the current partition.
file               The configuration in the specified file.
gtm-only           GTM configuration only.
one-line           Display each configuration item on a single line
partitions         Partition list
user-only          User account configuration only.
wait

    And as far as backups go, i have a shell script that runs via a cronjob. The script performs a nightly backup and pushes it to an ftp server.

    • JG's avatar
      JG
      Icon for Cumulonimbus rankCumulonimbus
      Oct 27, 2015
      Interesting. I wonder if "save /sys config binary" would overwrite/rebuild the mcpd database.
    • Ryan_80361's avatar
      Ryan_80361
      Icon for Cirrostratus rankCirrostratus
      Oct 27, 2015
      you mean instead of using the following? "touch /service/mcpd/forceload"
  • Ryannnnnnnnn's avatar
    Ryannnnnnnnn
    Icon for Altocumulus rankAltocumulus
    Oct 27, 2015

    There's a couple of ways of skinning the cat so to speak

    xxx@(yyy)(cfg-sync Changes Pending)(ModuleNotLicensed:Active)(/Common)(tmos) save sys config ?
Options:
base               Base configuration.
binary             The configuration in binary format.
current-partition  The configuration in the current partition.
file               The configuration in the specified file.
gtm-only           GTM configuration only.
one-line           Display each configuration item on a single line
partitions         Partition list
user-only          User account configuration only.
wait

    Or..

    xxx@(yyy)(cfg-sync Changes Pending)(ModuleNotLicensed:Active)(/Common)(tmos.sys.config) save ?
Modules:
/                  TMOS Command Line Interface
/analytics         Analytics reports
/sys               General system configuration
Options:
base               Base configuration.
binary             The configuration in binary format.
current-partition  The configuration in the current partition.
file               The configuration in the specified file.
gtm-only           GTM configuration only.
one-line           Display each configuration item on a single line
partitions         Partition list
user-only          User account configuration only.
wait

    And as far as backups go, i have a shell script that runs via a cronjob. The script performs a nightly backup and pushes it to an ftp server.

    • JG's avatar
      JG
      Icon for Cumulonimbus rankCumulonimbus
      Oct 27, 2015
      Interesting. I wonder if "save /sys config binary" would overwrite/rebuild the mcpd database.
    • Ryannnnnnnnn's avatar
      Ryannnnnnnnn
      Icon for Altocumulus rankAltocumulus
      Oct 27, 2015
      you mean instead of using the following? "touch /service/mcpd/forceload"
  • Ryannnnnnnnn's avatar
    Ryannnnnnnnn
    Icon for Altocumulus rankAltocumulus
    Oct 27, 2015

    Sure mate. It's run from the BIG-IP's shell every night via a crontab entry:

    [xxx@yyy:Active:Changes Pending] ~  crontab -l -u admin
30 3 * * * /config/BIG-IP_backup.sh

    shell script:

    !/bin/sh -x

tmsh save /sys ucs /var/tmp/BIG-IP_backup
export a=`date +"%y%m%d"`
export aa=$HOSTNAME.$a.ucs
export b=/var/tmp/$aa
mv /var/tmp/BIG-IP_backup.ucs $b

tar -cf /var/tmp/certs.tar /config/ssl
export ff=$HOSTNAME.$a.certs.tar
export f=/var/tmp/$ff
mv /var/tmp/certs.tar $f

export c=$HOSTNAME.$a.crontab
export cc=/var/tmp/$c
cp /etc/crontab $cc

export MName=1.2.3.4
export Log=/var/tmp/log.bigip

export UserName=SomeUserName
export UserPassword=SomePassWord

export Machine1f2=$aa
export Machine1f3=$c
export Machine1f4=$ff

ftp -nvd ${MName} 14 <<-END 1>&2 > ${Log}
user ${UserName} ${UserPassword}
bin
passive
put ${b} ${Machine1f2}
put ${cc} ${Machine1f3}
put ${f} ${Machine1f4}
quit
END
rm -f ${b}
rm -f ${cc}
rm -f ${f}
RTN_CODE=$?

exit $RTN_CODE
  • ogozar_275571's avatar
    ogozar_275571
    Icon for Nimbostratus rankNimbostratus
    Sep 12, 2017

    Hello,

     

    Hello, when I generate an automatic backup it shows me this error when I execute the script:

     

    Error, invalid characters in UCS file name. The dash, period, forward-slash, plus sign, and underscore are the only special characters allowed.

     

    What is the problem?

     

    Thank's

     

  • Satoshi_Toyosa1's avatar
    Satoshi_Toyosa1
    Icon for Employee rankEmployee
    Sep 12, 2017

    Unfortunately, iControl REST is not supported on 11.4. You should have at least 11.5, but for better usability, I recommend the latest 12.1 or 13.0.

    An example iControl REST call to the BIG-IP to perform the 

    save /sys config
    (yes, other way around) is shown below. Then, you can 
    sftp
    or 
    scp
    to the box to retrieve the file: /config/bigip.conf.

    curl  https:///mgmt/tm/sys/config \
  -X POST -H "Content-Type: application/json" \
  -d '{"command":"save"}'