Order of Operation:
1. Upgrade STANDBY
2. Then Upgrade PRIMARY
A point release or hotfix is going from 15.1.0 to 15.1.0.x.
1. Validating the Configuration
On F5-B (STANDBY):
tmsh load /sys config verify
This command doesn’t load it but does a ‘test’ load. You are checking to see if there are any problems uploading after the upgrade.
2. Verify the Service Check Date
When looking at the images on the F5 site, look for “License Check Date” and make sure you have a later date than what’s posted on the site.
For example; if it’s 2019-11-05, it has to be a date past that, like 2019-12-01
q grep "Service check date" bigip.license
If you are before the date, you will have to relicense the F5. Check out:
“K7727: License activation may be required before a software upgrade for the BIG-IP or Enterprise Manager system”
“K7752: Licensing the BIG-IP system”
3. Synchronizing the Config
Make sure the configuration is in synch before upgrading; if you are not in Sync, you need to sync it here:
On F5-A (ACTIVE):
Device Management > Overview
You want to sync with the device with the most recent changes.
4. Creating and Saving a UCS Archive (AKA BACKUP)
On F5-B (STANDBY):
System > Archives
Click on archive name, download, and save to a separate secure location
5. Importing the ISO File
System > Software Management > Image List > Import…
You will see it in the “Available images” list.
Check out:
“K167: Downloading software and firmware from F5”
6. Verifying the MD5 checksum
cd images/ ls md5sum -c "filname.iso.md5"
Check out:
“K8337: Verifying the MD5 checksum for the downloaded F5 software file”
7. Disabling the “Automatic with Incremental Sync” Option (ON PRIMARY F5)
If your sync type is set to automatic, you should temporarily set it manual.
On F5-A (ACTIVE):
Device Groups > {Group Name} > Sync Type
Three Options:
1. Automatic with Incremental Sync
2. Manual with Incremental Sync
3. Manual with Full Sync
You want to change it from option 1 above to option 2 temporarily.
Select “Update” to commit Sync Type change
8. Installing and Rebooting to the New Version
On F5-B (STANDBY):
System > Software Management
Look at the “Boot Location” that’s both active and default. If it’s HD1.1, then create a new one HD1.2.
a. Check the box next to the new available image
b. Click “Install”
c. “Select Disk” – you might have more than one, but it’s typically HD1 or MD1
d. “Volume set name:” type in 2
e. Click “Install”
Verify status:
watch "tmsh show sys sof status"
ctrl-c to break out
f. Go to “Boot Locations”
g. Click on new HD#
h. Keep “Install Configuration” to No – this is only if you made any config changes
i. Click “Activate”
Verify Progress:
Use console connection
On F5-A (ACTIVE), you will see “Disconnected” for the Current ConfigSync State.
When you log back onto the F5-B, you will see its status is “Changes Pending.”
IMPORTANT:
When they are on different versions, you do NOT want to synchronize!
9. Verifying the New Point Release Version is Active on the Newly Patched System
On F5-B (STANDBY):
System > Software Management
You should see that the new version is both Active and Default Boot.
Verify your Virtual Servers have loaded:
Local Traffic > Virtual Servers
10. Force Failover to Newly Patched System
After verifying everything loaded OK, it’s now ready to take Traffic.
On F5-A (ACTIVE):
Device Management > Traffic Groups
Check the box for the Traffic Group
Click “Force to Standby…”
Click “Force to Standby”
Look at the top left to the status; you should see F5-A is “STANDBY.”
On F5-B (STANDBY):
You should see the F5-B is “ACTIVE,” but the with “Changes Pending” still.
Verify Traffic Flow:
Check to make sure Traffic is flowing properly
REPEAT PROCEDURES FOR A!
11. Repeat these Steps for F5-A
Validating the configuration
Verifying the Server check date
Creating and saving the UCS archive
Importing the ISO
Verifying the MD5 checksum
Installing and rebooting to the new version
12. Installing and Rebooting to the New Version & Verifying the New point Release Version is Active on the Newly Patched System
On F5-A (ACTIVE):
System > Software Management > Boot Locations
Click on new HD# and Verify Info
Click “Activate”
Look for error messages and verify the Virtual Servers (pool members) are up.
13. Forcing a Failover Back to F5-A
On F5-B (STANDBY):
Device Management > Traffic Groups
Check the box for the Traffic Group
Click “Force to Standby…”
Click “Force to Standby”
On F5-A (ACTIVE):
You should see it’s “ACTIVE” and both are running the same point release.
Check both:
System > Software Management > Image List
Look to see if the new image is “Yes” for both Active and Default Boot.
14. Performing the Final ConfigSync
Now that both F5 are running the same code version, it’s time to Sync.
On F5-A (ACTIVE):
Device Management > Overview
Devices:
Recent Changes – should be on the F5-A, and it will show A because it’s the most recent loaded after the reboot and upgrade
BEST PRACTICE – DO NOT MAKE ANY CHANGES DURING AN UPGRADE
Make sure you select the F5-A
Make sure “Sync Options” is set to “Push the selected device configuration to the group”
Click “Sync”
Everything should be back to normal and synced.
15. OPTIONAL: Restoring the “Automatic with Incremental Sync” Option
If this was set to automatic before this whole process, we could now restore it.
Device Groups > {Group Name} > Sync Type
Three Options:
1. Automatic with Incremental Sync
2. Manual with Incremental Sync
3. Manual with Full Sync
You want to change if from option 2 above back to option 1
Select “Update” to commit Sync Type change
No comments:
Post a Comment