Problem this snippet solves:
Next article describes an upgrade procedure to perform only using CLI commands.
The idea is not to replace an official procedure, but to give a different approach for those guys who love using CLI and they want to execute an upgrade only using commands (without GUI access).
The procedure is separated in 4 sections:
- Data Collection & Planning - for executing some days before the upgrade.
- Pre-Upgrade Tasks - for executing just before the upgrade (applies to all devices in the cluster).
- Upgrade Tasks - Only applies for one device in the cluster for each time (normally standby device).
- Post-Upgrade Tasks - for executing just after the upgrade (applies to all devices in the cluster).
This procedure is valid for most of the BIP-IP set-ups except GTM (so not use this procedure if you have GTM running in your device). vCMP Guest and Host are taking into account on these lines.
This is the first version. I hope to upload new features in the future (maybe considering to include GTM support). Everything that helps to fix mistakes is great, so your comments are welcome.
How to use this snippet:
>> DATA COLLECTION & PLANNING (ALL CLUSTER DEVICES)
>> PRE-UPGRADE TASKS (ALL CLUSTER DEVICES)
>> UPGRADE TASKS (ONE DEVICE AT TIME)
>> POST-UPGRADE TASKS (ALL CLUSTER DEVICES)
Code:
- ######################################################
- ## DATA COLLECTION & PLANNING (ALL CLUSTER DEVICES) ##
- ######################################################
- ## Capture Product Code & Serial Number
- tmsh show sys hardware
- ## Capture Management IP & Blade State
- tmsh show sys cluster
- ## Capture Provision State
- tmsh list sys provision
- ## Capture Release and Volume Info
- tmsh show sys software
- ## Check ZebOS Module Running
- vtysh
- zebos/rdX/ZebOS.conf
- >> 'X' REPRESENTS ROUTE DOMAIN ID
- ## Capture Master-key
- tmsh show sys crypto
- ## Check Upgrade Disk Space (At least 20Gb)
- vgs
- ## Check Relicensing Needed
- tmsh show sys license | grep -i 'service check date'
- REF - https://support.f5.com/csp/article/K7727
- ## Check Certificate Expiration
- openssl x509 -noout -text -in /config/httpd/conf/ssl.crt/server.crt | grep Validity -A2
- REF - https://support.f5.com/csp/article/K6353
- ## Check RAID Integrity
- tmsh show sys raid
- tmsh run util platform_check
- cat /var/log/user.log
- cat /var/log/kern.log
- ## Check Mirroring Enabled
- show sys connection type mirror
- ## Capture QKView (Upload to iHealth)
- qkview
- REF - https://ihealth.f5.com/qkview-analyzer/
- ## Check Release Notes For Specific Details
- REF - https://support.f5.com/csp/knowledge-center/software/BIG-IP
- ## Upload Release Image
- scp -p <IMAGE_PATH>/<IMAGE_ISO_FILE> <USER>@<SERVER>:/shared/images/
- ## Upload MD5 Hash Image
- scp -p <IMAGE_PATH>/<IMAGE_MD5_FILE> <USER>@<SERVER>:/shared/images/
- #############################################
- ## PRE-UPGRADE TASKS (ALL CLUSTER DEVICES) ##
- #############################################
- ## Disable Virtual Server Mirroring
- REF - https://support.f5.com/csp/article/K13478
- ## Check HA Cluster Synchronization
- tmsh show cm sync-status
- tmsh run cm config-sync to-group <DEVICE-GROUP>
- ## Check Release Image Integrity
- cd /shared/images/
- md5sum -c <IMAGE_MD5_FILE>
- ## Re-licensing Device
- REF - https://support.f5.com/csp/article/K2595
- ## Create Initial UCS (Backup)
- tmsh save sys ucs /shared/tmp/<DATE>_initial.ucs
- ## Capture Initial Config
- tmsh save sys config file /shared/tmp/<DATE>_initial.scf no-passphrase
- ########################################
- ## UPGRADE TASKS (ONE DEVICE AT TIME) ##
- ########################################
- ## ONLY VCMP HOST - Check That All Guests Are In Standby
- tmsh show vcmp guest
- >> ACCESS INDIVIDUALLY TO EACH GUEST
- tmsh show cm sync-status
- ## ONLY VCMP HOST - Deprovision All Guests (Configured)
- tmsh show vcmp guest
- tmsh modify vcmp guest <GUEST_NAME> state configured
- ## Force Offline Mode
- tmsh run sys failover offline
- ## Verify Configuration Integrity
- tmsh load sys config verify
- ## Check No Upgrade Process Running
- tmsh show sys software status
- ## Install Image
- tmsh install sys software image <IMAGE_ISO_FILE> create-volume volume <HD1.X>
- ## Check Installation State
- tmsh show sys software status
- cat /var/log/liveinstall.log
- ## OPTIONAL - Copy Configuration To New Volume
- ## (Only if you have made changes since installation)
- clsh --slot=X,Y cpcfg <HD1.X>
- >> FROM VIPRION
- cpcfg <HD1.X>
- >> FROM NOT VIPRION
- ## Boot On New Volume
- tmsh reboot volume <HD1.X>
- ## ONLY VCMP GUEST - Check Boot Up Status
- vconsole <GUEST_NAME> <SLOT>
- >> FROM VCMP HOST
- ## Check Logs (LTM, APM, ASM,...)
- REF - https://support.f5.com/csp/article/K16197
- ## Capture Final Config
- tmsh save sys config file /shared/tmp/<DATE>_final.scf no-passphrase
- ## Compare Initial-Final Config
- tmsh show sys config-diff /shared/tmp/<DATE>_initial.scf /shared/tmp/<DATE>_final.scf | egrep -e "\s{3}\|\s{3}" -e "[<]$" -e "^\s*[>]"
- ## Disable Force Offline
- tmsh run sys failover online
- ## ONLY VCMP HOST - Deploy All Guests (Deployed)
- tmsh show vcmp guest
- tmsh modify vcmp guest <GUEST_NAME> state deployed
- ## FROM ACTIVE NODE - Force Failover Event
- tmsh run sys failover standby
- ## Capture Traffic
- tcpdump -nnei 0.0 -c 500
- ## Perfom Other Custom Tests Here
- ...
- ##############################################
- ## POST-UPGRADE TASKS (ALL CLUSTER DEVICES) ##
- ##############################################
- ## Re-enable Virtual Server Mirroring
- REF - https://support.f5.com/csp/article/K13478
- ## Synchronize HA Cluster
- tmsh show cm sync-status
- tmsh run cm config-sync to-group <DEVICE-GROUP>
- ## Create Final UCS (Backup)
- tmsh save sys ucs /shared/tmp/<DATE>_final.ucs
- ## Delete Unused Images
- delete sys software image <IMAGE>
- ## Delete Unused Volumes (Mandatory reboot)
- delete sys software volume <HD1.X>
- full_box_reboot
No comments:
Post a Comment