Wednesday, 2 October 2019

BIG-IP Upgrade Procedure Using CLI (vCMP Guest & Host)

Problem this snippet solves:
Next article describes an upgrade procedure to perform only using CLI commands.

The idea is not to replace an official procedure, but to give a different approach for those guys who love using CLI and they want to execute an upgrade only using commands (without GUI access).

The procedure is separated in 4 sections:

  • Data Collection & Planning - for executing some days before the upgrade.
  • Pre-Upgrade Tasks - for executing just before the upgrade (applies to all devices in the cluster).
  • Upgrade Tasks - Only applies for one device in the cluster for each time (normally standby device).
  • Post-Upgrade Tasks - for executing just after the upgrade (applies to all devices in the cluster).

This procedure is valid for most of the BIP-IP set-ups except GTM (so not use this procedure if you have GTM running in your device). vCMP Guest and Host are taking into account on these lines.

This is the first version. I hope to upload new features in the future (maybe considering to include GTM support). Everything that helps to fix mistakes is great, so your comments are welcome.
How to use this snippet:

>> DATA COLLECTION & PLANNING (ALL CLUSTER DEVICES)
>> PRE-UPGRADE TASKS (ALL CLUSTER DEVICES)
>> UPGRADE TASKS (ONE DEVICE AT TIME)
>> POST-UPGRADE TASKS (ALL CLUSTER DEVICES)
Code:
  1. ######################################################
  2. ## DATA COLLECTION & PLANNING (ALL CLUSTER DEVICES) ##
  3. ######################################################
  5. ## Capture Product Code & Serial Number
  6. tmsh show sys hardware
  8. ## Capture Management IP & Blade State
  9. tmsh show sys cluster
  11. ## Capture Provision State
  12. tmsh list sys provision
  14. ## Capture Release and Volume Info
  15. tmsh show sys software
  17. ## Check ZebOS Module Running
  18. vtysh
  19. zebos/rdX/ZebOS.conf
  20. >> 'X' REPRESENTS ROUTE DOMAIN ID
  22. ## Capture Master-key
  23. tmsh show sys crypto
  25. ## Check Upgrade Disk Space (At least 20Gb)
  26. vgs
  28. ## Check Relicensing Needed
  29. tmsh show sys license | grep -i 'service check date'
  30. REF - https://support.f5.com/csp/article/K7727
  32. ## Check Certificate Expiration
  33. openssl x509 -noout -text -in /config/httpd/conf/ssl.crt/server.crt | grep Validity -A2
  34. REF - https://support.f5.com/csp/article/K6353
  36. ## Check RAID Integrity
  37. tmsh show sys raid
  38. tmsh run util platform_check
  39. cat /var/log/user.log
  40. cat /var/log/kern.log
  42. ## Check Mirroring Enabled
  43. show sys connection type mirror
  45. ## Capture QKView (Upload to iHealth)
  46. qkview
  47. REF - https://ihealth.f5.com/qkview-analyzer/
  49. ## Check Release Notes For Specific Details
  50. REF - https://support.f5.com/csp/knowledge-center/software/BIG-IP
  52. ## Upload Release Image
  53. scp -p <IMAGE_PATH>/<IMAGE_ISO_FILE> <USER>@<SERVER>:/shared/images/
  55. ## Upload MD5 Hash Image
  56. scp -p <IMAGE_PATH>/<IMAGE_MD5_FILE> <USER>@<SERVER>:/shared/images/
  58. #############################################
  59. ## PRE-UPGRADE TASKS (ALL CLUSTER DEVICES) ##
  60. #############################################
  62. ## Disable Virtual Server Mirroring
  63. REF - https://support.f5.com/csp/article/K13478
  65. ## Check HA Cluster Synchronization
  66. tmsh show cm sync-status
  67. tmsh run cm config-sync to-group <DEVICE-GROUP>
  69. ## Check Release Image Integrity
  70. cd /shared/images/
  71. md5sum -c <IMAGE_MD5_FILE>
  73. ## Re-licensing Device
  74. REF - https://support.f5.com/csp/article/K2595
  76. ## Create Initial UCS (Backup)
  77. tmsh save sys ucs /shared/tmp/<DATE>_initial.ucs
  79. ## Capture Initial Config
  80. tmsh save sys config file /shared/tmp/<DATE>_initial.scf no-passphrase
  82. ########################################
  83. ## UPGRADE TASKS (ONE DEVICE AT TIME) ##
  84. ########################################
  86. ## ONLY VCMP HOST - Check That All Guests Are In Standby
  87. tmsh show vcmp guest
  88. >> ACCESS INDIVIDUALLY TO EACH GUEST
  89. tmsh show cm sync-status
  91. ## ONLY VCMP HOST - Deprovision All Guests (Configured)
  92. tmsh show vcmp guest
  93. tmsh modify vcmp guest <GUEST_NAME> state configured
  95. ## Force Offline Mode
  96. tmsh run sys failover offline
  98. ## Verify Configuration Integrity
  99. tmsh load sys config verify
  101. ## Check No Upgrade Process Running
  102. tmsh show sys software status
  104. ## Install Image
  105. tmsh install sys software image <IMAGE_ISO_FILE> create-volume volume <HD1.X>
  107. ## Check Installation State
  108. tmsh show sys software status
  109. cat /var/log/liveinstall.log
  111. ## OPTIONAL - Copy Configuration To New Volume
  112. ## (Only if you have made changes since installation)
  113. clsh --slot=X,Y cpcfg <HD1.X>
  114. >> FROM VIPRION
  115. cpcfg <HD1.X>
  116. >> FROM NOT VIPRION
  118. ## Boot On New Volume
  119. tmsh reboot volume <HD1.X>
  121. ## ONLY VCMP GUEST - Check Boot Up Status
  122. vconsole <GUEST_NAME> <SLOT>
  123. >> FROM VCMP HOST
  125. ## Check Logs (LTM, APM, ASM,...)
  126. REF - https://support.f5.com/csp/article/K16197
  128. ## Capture Final Config
  129. tmsh save sys config file /shared/tmp/<DATE>_final.scf no-passphrase
  131. ## Compare Initial-Final Config
  132. tmsh show sys config-diff /shared/tmp/<DATE>_initial.scf /shared/tmp/<DATE>_final.scf | egrep -e "\s{3}\|\s{3}" -e "[<]$" -e "^\s*[>]"
  134. ## Disable Force Offline
  135. tmsh run sys failover online
  137. ## ONLY VCMP HOST - Deploy All Guests (Deployed)
  138. tmsh show vcmp guest
  139. tmsh modify vcmp guest <GUEST_NAME> state deployed
  141. ## FROM ACTIVE NODE - Force Failover Event
  142. tmsh run sys failover standby
  144. ## Capture Traffic
  145. tcpdump -nnei 0.0 -c 500
  147. ## Perfom Other Custom Tests Here
  148. ...
  150. ##############################################
  151. ## POST-UPGRADE TASKS (ALL CLUSTER DEVICES) ##
  152. ##############################################
  154. ## Re-enable Virtual Server Mirroring
  155. REF - https://support.f5.com/csp/article/K13478
  157. ## Synchronize HA Cluster
  158. tmsh show cm sync-status
  159. tmsh run cm config-sync to-group <DEVICE-GROUP>
  161. ## Create Final UCS (Backup)
  162. tmsh save sys ucs /shared/tmp/<DATE>_final.ucs
  164. ## Delete Unused Images
  165. delete sys software image <IMAGE>
  167. ## Delete Unused Volumes (Mandatory reboot)
  168. delete sys software volume <HD1.X>
  169. full_box_reboot




-
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

iRule

  iRule: -- o iRule is a powerful and flexible feature within the BIG-IP local traffic management (LTM). o IRule is a powerful & flexibl...