Wednesday, 2 October 2019

BIG-IP Upgrade Procedure Using CLI (vCMP Guest & Host)

Problem this snippet solves:
Next article describes an upgrade procedure to perform only using CLI commands.

The idea is not to replace an official procedure, but to give a different approach for those guys who love using CLI and they want to execute an upgrade only using commands (without GUI access).

The procedure is separated in 4 sections:

  • Data Collection & Planning - for executing some days before the upgrade.
  • Pre-Upgrade Tasks - for executing just before the upgrade (applies to all devices in the cluster).
  • Upgrade Tasks - Only applies for one device in the cluster for each time (normally standby device).
  • Post-Upgrade Tasks - for executing just after the upgrade (applies to all devices in the cluster).

This procedure is valid for most of the BIP-IP set-ups except GTM (so not use this procedure if you have GTM running in your device). vCMP Guest and Host are taking into account on these lines.

This is the first version. I hope to upload new features in the future (maybe considering to include GTM support). Everything that helps to fix mistakes is great, so your comments are welcome.
How to use this snippet:

>> DATA COLLECTION & PLANNING (ALL CLUSTER DEVICES)
>> PRE-UPGRADE TASKS (ALL CLUSTER DEVICES)
>> UPGRADE TASKS (ONE DEVICE AT TIME)
>> POST-UPGRADE TASKS (ALL CLUSTER DEVICES)
Code:
  1. ######################################################
  2. ## DATA COLLECTION & PLANNING (ALL CLUSTER DEVICES) ##
  3. ######################################################
  4. ## Capture Product Code & Serial Number
  5. tmsh show sys hardware
  6. ## Capture Management IP & Blade State
  7. tmsh show sys cluster
  8. ## Capture Provision State
  9. tmsh list sys provision
  10. ## Capture Release and Volume Info
  11. tmsh show sys software
  12. ## Check ZebOS Module Running
  13. vtysh
  14. zebos/rdX/ZebOS.conf
  15. >> 'X' REPRESENTS ROUTE DOMAIN ID
  16. ## Capture Master-key
  17. tmsh show sys crypto
  18. ## Check Upgrade Disk Space (At least 20Gb)
  19. vgs
  20. ## Check Relicensing Needed
  21. tmsh show sys license | grep -i 'service check date'
  22. REF - https://support.f5.com/csp/article/K7727
  23. ## Check Certificate Expiration
  24. openssl x509 -noout -text -in /config/httpd/conf/ssl.crt/server.crt | grep Validity -A2
  25. REF - https://support.f5.com/csp/article/K6353
  26. ## Check RAID Integrity
  27. tmsh show sys raid
  28. tmsh run util platform_check
  29. cat /var/log/user.log
  30. cat /var/log/kern.log
  31. ## Check Mirroring Enabled
  32. show sys connection type mirror
  33. ## Capture QKView (Upload to iHealth)
  34. qkview
  35. REF - https://ihealth.f5.com/qkview-analyzer/
  36. ## Check Release Notes For Specific Details
  37. REF - https://support.f5.com/csp/knowledge-center/software/BIG-IP
  38. ## Upload Release Image
  39. scp -p <IMAGE_PATH>/<IMAGE_ISO_FILE> <USER>@<SERVER>:/shared/images/
  40. ## Upload MD5 Hash Image
  41. scp -p <IMAGE_PATH>/<IMAGE_MD5_FILE> <USER>@<SERVER>:/shared/images/
  42. #############################################
  43. ## PRE-UPGRADE TASKS (ALL CLUSTER DEVICES) ##
  44. #############################################
  45. ## Disable Virtual Server Mirroring
  46. REF - https://support.f5.com/csp/article/K13478
  47. ## Check HA Cluster Synchronization
  48. tmsh show cm sync-status
  49. tmsh run cm config-sync to-group <DEVICE-GROUP>
  50. ## Check Release Image Integrity
  51. cd /shared/images/
  52. md5sum -c <IMAGE_MD5_FILE>
  53. ## Re-licensing Device
  54. REF - https://support.f5.com/csp/article/K2595
  55. ## Create Initial UCS (Backup)
  56. tmsh save sys ucs /shared/tmp/<DATE>_initial.ucs
  57. ## Capture Initial Config
  58. tmsh save sys config file /shared/tmp/<DATE>_initial.scf no-passphrase
  59. ########################################
  60. ## UPGRADE TASKS (ONE DEVICE AT TIME) ##
  61. ########################################
  62. ## ONLY VCMP HOST - Check That All Guests Are In Standby
  63. tmsh show vcmp guest
  64. >> ACCESS INDIVIDUALLY TO EACH GUEST
  65. tmsh show cm sync-status
  66. ## ONLY VCMP HOST - Deprovision All Guests (Configured)
  67. tmsh show vcmp guest
  68. tmsh modify vcmp guest <GUEST_NAME> state configured
  69. ## Force Offline Mode
  70. tmsh run sys failover offline
  71. ## Verify Configuration Integrity
  72. tmsh load sys config verify
  73. ## Check No Upgrade Process Running
  74. tmsh show sys software status
  75. ## Install Image
  76. tmsh install sys software image <IMAGE_ISO_FILE> create-volume volume <HD1.X>
  77. ## Check Installation State
  78. tmsh show sys software status
  79. cat /var/log/liveinstall.log
  80. ## OPTIONAL - Copy Configuration To New Volume
  81. ## (Only if you have made changes since installation)
  82. clsh --slot=X,Y cpcfg <HD1.X>
  83. >> FROM VIPRION
  84. cpcfg <HD1.X>
  85. >> FROM NOT VIPRION
  86. ## Boot On New Volume
  87. tmsh reboot volume <HD1.X>
  88. ## ONLY VCMP GUEST - Check Boot Up Status
  89. vconsole <GUEST_NAME> <SLOT>
  90. >> FROM VCMP HOST
  91. ## Check Logs (LTM, APM, ASM,...)
  92. REF - https://support.f5.com/csp/article/K16197
  93. ## Capture Final Config
  94. tmsh save sys config file /shared/tmp/<DATE>_final.scf no-passphrase
  95. ## Compare Initial-Final Config
  96. tmsh show sys config-diff /shared/tmp/<DATE>_initial.scf /shared/tmp/<DATE>_final.scf | egrep -e "\s{3}\|\s{3}" -e "[<]$" -e "^\s*[>]"
  97. ## Disable Force Offline
  98. tmsh run sys failover online
  99. ## ONLY VCMP HOST - Deploy All Guests (Deployed)
  100. tmsh show vcmp guest
  101. tmsh modify vcmp guest <GUEST_NAME> state deployed
  102. ## FROM ACTIVE NODE - Force Failover Event
  103. tmsh run sys failover standby
  104. ## Capture Traffic
  105. tcpdump -nnei 0.0 -c 500
  106. ## Perfom Other Custom Tests Here
  107. ...
  108. ##############################################
  109. ## POST-UPGRADE TASKS (ALL CLUSTER DEVICES) ##
  110. ##############################################
  111. ## Re-enable Virtual Server Mirroring
  112. REF - https://support.f5.com/csp/article/K13478
  113. ## Synchronize HA Cluster
  114. tmsh show cm sync-status
  115. tmsh run cm config-sync to-group <DEVICE-GROUP>
  116. ## Create Final UCS (Backup)
  117. tmsh save sys ucs /shared/tmp/<DATE>_final.ucs
  118. ## Delete Unused Images
  119. delete sys software image <IMAGE>
  120. ## Delete Unused Volumes (Mandatory reboot)
  121. delete sys software volume <HD1.X>
  122. full_box_reboot




No comments:

Post a Comment

iRule

  iRule: -- o iRule is a powerful and flexible feature within the BIG-IP local traffic management (LTM). o IRule is a powerful & flexibl...