Manual Chapter : Completing Post-Upgrade Processes

Applies To:

Show Versions Show Versions

BIG-IQ Centralized Management

  • 5.3.0
Manual Chapter

Recheck data collection device health

You can use the Summary Status screen to review the overall health and status of the data collection devices you've configured. You can use the data displayed on this screen both before and after an upgrade to verify that your data collection device cluster configuration is as you expect.
  1. At the top of the screen, click System.
  2. On the left, expand BIG-IQ DATA COLLECTION and then select BIG-IQ Data Collection Cluster.
    The BIG-IQ Data Collection Cluster screen opens to display summary status for the data collection device cluster. On this screen you can view information detailing how much data is stored, as well as how the data is stored.
  3. Note the status icon color for the cluster. If it is not green yet, wait until it turns to green before proceeding. When the icon turns green it indicates that the primary BIG-IQ DCD cluster is functioning again.
  4. Analyze the data collection device cluster details listed in the Summary area, and make sure that the values after upgrade match the values from the health check you did before the upgrade. At a minimum, you should confirm that the following values are correct:
    • Data Node Count

Re-establish the HA configuration after upgrading to BIG-IQ version 5.3

After you upgrade both F5® BIG-IQ® Centralized Management systems in a HA configuration, you can re-associate the secondary system with the primary BIG-IQ system.
  1. Log in to primary BIG-IQ system with your administrator user name and password.
  2. At the top of the screen, click System.
  3. On the left, click BIG-IQ HA.
  4. Click the Add Secondary button.
  5. In the IP Address field, type the discovery address you specified on the BIG-IQ system during setup.
    This is the same IP address the peers in a high availability confirmation use to communicate.
  6. In the User name and Password fields, type the administrative user name and password for the system.
  7. In the Root Password field, type the root password for the system.
  8. Click the Add button to add this device to this high availability configuration.

Even though you can log in to the secondary BIG-IQ after the you re-establish the HA configuration, the system continues some database re-indexing processes in the background. For larger configurations, that can take up to an hour. If you perform any searches on objects before it's done re-indexing, BIG-IQ might not return the expected results. During this time, you can use the primary BIG-IQ.

Next, you should verify that both BIG-IQ systems have the same configuration.

Restart snapshot creation

Because of the mixed software version environment that occurs during the upgrade process, if you had configured snapshot schedules in 5.1, you stopped creating snapshots before the upgrade. Now that the upgrade is complete, you need to restart the snapshots to protect your data.
  1. Use SSH to log in to the primary BIG-IQ system for this cluster.
    You must log in as root to perform this procedure.
  2. Retrieve the list of scheduled snapshots using the following command: restcurl cm/shared/esmgmt/es-snapshot-task | grep task-scheduler
    config # restcurl cm/shared/esmgmt/es-snapshot-task | grep task-scheduler 
    "link": "https://localhost/mgmt/shared/task-scheduler/scheduler/0fdf50ec-8a17-3da9-b717-c63637ccc68a"
    "link": "https://localhost/mgmt/shared/task-scheduler/scheduler/0af33352-2f33-32b3-85cb-1281bb88c249"
    "link": "https://localhost/mgmt/shared/task-scheduler/scheduler/2ad770a8-bdb0-3383-99a9-300846eb0972"
    
    In the example here, there are 3 snapshots scheduled.
  3. Stop each of the schedules using the following command: restcurl -X PATCH -d '{"status":"ENABLED"}' shared/task-scheduler/scheduler/<SNAPSHOT ID>
    #restcurl -X PATCH -d '{"status":"ENABLED"
    shared/task-scheduler/scheduler/0af33352-2f33-32b3-85cb-1281bb88c249
    
    After you run the command for each scheduled snapshot, snapshots will again be created following the snapshot schedule.

Upgrade the BIG-IP framework

To properly communicate, BIG-IQ® Centralized Management and managed BIG-IP® devices must be running a compatible version of its framework. If the frameworks are incompatible, BIG-IQ displays a yellow triangle next to the device in the BIG-IP Device inventory.

When you upgrade a BIG-IP device running version 11.5.x to another 11.5.x version, or to an 11.6.x version (for example, from version 11.5.3 to 11.5.4, or from version 11.5.3 to version 11.6.1), you must upgrade the REST framework so BIG-IQ can manage the device.

When you upgrade BIG-IQ from version 5.x to 5.3, you must also upgrade the REST framework for all BIG-IP devices (currently in the BIG-IP Device inventory) running a version prior to 12.0.0.

  1. At the top of the screen, click Devices.
  2. Select the check box next to a device, click the More button, and select Upgrade Framework.
    A popup screen opens.
  3. Into the fields, type the required credentials, and click the Continue button.
    A REST Framework upgrade in progress message displays.
After the framework is updated, you can successfully manage this device.
Repeat these steps for each device.

Re-discover devices and re-import LTM, ASM, AFM, and DNS services in bulk using a script

After you upgrade to BIG-IQ® Centralized Management version 5.3, you can use a script to re-discover devices and re-import the LTM, ASM, AFT, and DNS services in bulk. To run this script, you must have root access to the BIG-IQ command line.
Warning: Before you run this script, make sure you don't have any pending configuration changes staged for your managed BIG-IP devices. This script prompts BIG-IQ to import the configurations for all your BIG-IP devices. So, if you don't deploy staged configuration changes before you run this script, you will lose them after you run the script. If you need assistance, contact F5 Support.
Use this script to re-discover devices and re-import LTM, ASM, AFT, and DNS services all at once, so you can start managing your devices with the new version of BIG-IQ software.
Note: If you'd rather re-discover devices and re-import their services individually through the user interface, refer to Re-discover devices and re-import LTM, ASM, AFM, and DNS services from the user interface.
  1. Log in to the downloads.f5.com site, click the Find a Download button, and click BIG-IQ Centralized Management.
  2. Click the v5.3.0 link.
  3. Review the End User Software License agreement and click the I Accept button to accept the terms.
    The Select a Download screen opens.
  4. Click the bulkDiscovery.zip file name, and unzip it on your local system.
  5. Log in to the BIG-IQ system as the root user and upload the script.
  6. Enable executable permissions, by typing: chmod +x ./bulkDiscovery.pl
    Note: To access help for this script, type ./bulkDiscovery.pl -h
  7. Export the IP addresses for the BIG-IP devices in your network to a CSV file, by typing: ./bulkDiscovery.pl -c masterDeviceList.csv -m -o
  8. Re-discover your BIG-IP devices and re-import their services, by using the associated command:
    Note: This command prompts BIG-IQ to import all the configurations from the specified BIG-IP devices. It's important that you've already deployed any configuration changes you have staged for these devices, because they'll be overwritten on BIG-IQ after you run this script. If you'd rather re-discover devices and re-import services individually so you can address any potential configuration conflicts for each device, you can do that from the BIG-IQ system's user interface instead of using this script. For more information, refer to, Re-discover devices and re-import services from the user interface.
    • For LTM, type ./bulkDiscovery.pl -c myDeviceList.csv -l -m
      Note: You must re-discover devices running the LTM service before re-discovering devices running any other service.
    • For ASM, type ./bulkDiscovery.pl -c myDeviceList.csv -l -s -m
    • For AFM, type ./bulkDiscovery.pl -c myDeviceList.csv -l -f -m
    • For DNS, type ./bulkDiscovery.pl -c myDeviceList.csv -l -d -m
You can now start managing your BIG-IP devices using BIG-IQ Centralized Management version 5.3.0.

Re-discover devices and re-import LTM, ASM, AFM, and DNS services from the user interface

After you upgrade F5® BIG-IQ Centralized Management to version 5.3, you must rediscover your managed devices and reimport the services you use so you can start using the new features introduced in this release. This process requires you rediscover each device individually and reimport its services.
Important: If you'd rather run a Perl script to perform a bulk rediscovery of your devices and reimport of their services, refer to Re-discover devices and re-import LTM, ASM, AFM, and DNS services using a bulk script.
  1. At the top of the screen, click Devices.
  2. Click the name of the device you want to rediscover and reimport services for.
  3. On the left, click Services.
  4. Important: To avoid any unnecessary conflicts between services, re-discover and re-import the LTM service first, before any other services.
    Click the Re-discover button next to a service.
    When BIG-IQ rediscovers the service, a yellow triangle next to the Re-import button displays to indicate you need to re-import the service.
  5. Click the Re-Import button.
  6. If there are conflicts, select one of the following options for each object that is different, and then click the Continue button:
    • Use BIG-IQ to use the configuration settings stored on BIG-IQ.
    • Use BIG-IP to override the configuration setting stored on BIG-IQ with the settings from the BIG-IP device.
Perform these steps for the rest of your managed devices.

Use a script to remove and recreate access groups in bulk for devices running APM services

After you upgrade F5 BIG-IQ Centralized Management to version 5.3, you must remove and recreate the access groups for devices running the APM service.
Warning: Before you run this script, make sure you don't have any pending configuration changes staged for your managed BIG-IP devices. This script prompts BIG-IQ to import the configurations for all your BIG-IP devices. So, if you don't deploy staged configuration changes before you run this script, you will lose them after you run the script. If you need assistance, contact F5 Support.
You can use this script to remove and recreate the access groups for devices running the APM service so you can start managing those devices with the new version of BIG-IQ.
Note: If you'd rather do this from the user interface, refer to, Remove and recreate access groups (with SWG data) from the user interface for devices running APM services or Reimport access groups (without SWG data) from the user interface for devices running APM services.
  1. Log in to the BIG-IQ system as admin.
  2. At the top of the screen, select Configuration, then expand ACCESS and click Access Groups .
  3. In a separate file (such as a Notepad or Excel file), make a note of:
    • Each access group and the IP addresses of the devices contained within each.
    • The source device, from which you want to copy the configuration to all devices in the access group.
      Note: You'll deploy the configuration from this source device to all of the devices in the access group.
  4. Select the check box next to each access group and click the Remove button.
  5. Log in to the downloads.f5.com site, click the Find a Download button, and click BIG-IQ Centralized Management.
  6. Click the v5.3.0 link.
  7. Review the End User Software License agreement and click the I Accept button to accept the terms.
    The Select a Download screen opens.
  8. Click the bulkDiscovery.zip file name, and unzip it on your local system.
  9. Log in to the BIG-IQ system as the root user and upload the script.
  10. Enable executable permissions, by typing: chmod +x ./bulkDiscovery.pl
    Note: To access help for this script, type ./bulkDiscovery.pl -h
  11. Export the IP addresses for the BIG-IP devices in your network to a CSV file, by typing: ./bulkDiscovery.pl -c masterDeviceList.csv -m -o
  12. For each access group:
    1. Create a device list, by typing cp masterDeviceList.csv <access_group_name>_devices.csv
    2. Edit the file as follows:
      • Remove any devices that don't belong to the access groups by comparing it to the list you made in step 3.
      • Place the source BIG-IP device you identified in step 3, at the top of the <access_group_name>_devices.csv file.
      • Verify the credentials for each device (the script uses ADMIN/APWD by default).
    3. Save your changes to the file.
    4. Impot devices in the access group by, typing: ./bulkDiscovery.pl -c <access_group_name>_devices.csv -g <access_group_name> -l -p -o -v
  13. Log in to the BIG-IQ system as admin.
  14. At the top of the screen, select Configuration, then expand ACCESS and click Access Groups .
  15. Review the access groups to verify all the groups properly imported.
You can now start managing your BIG-IP devices using BIG-IQ Centralized Management version 5.3.0.

Re-import access groups (without SWG data) from the user interface for devices running APM services

After you upgrade F5® BIG-IQ Centralized Management to version 5.3, you must re-import the access groups running the APM service without SWG data.
Use this procedure to access groups for devices running APM services without F5 Secure Web Gateway configuration data so you can start using the new features introduced in this release.
Important: If you'd rather use a script to do this, Use a script to remove and recreate access groups in bulk for devices running APM services. If your APM configuration includes SWG data, refer to Remove and recreate access groups (with SWG data) from the user interface for devices running APM services.
  1. At the top of the screen, select Configuration, then expand ACCESS and click Access Groups .
  2. Click the name of the access group.
  3. From the Device list, select from which to reimport the shared access policy configuration and click the Reimport button.
    This device will share the access policy configuration with all other devices in this access group.
  4. Select Shared Access Group and Device Specific configuration and click the Reimport button at the bottom of the screen.
  5. If the differences window displays for the LTM service, select USE_BIGIP and click the Resolve button.
  6. If the differences window displays for the APM service, click the Accept button.
  7. For the remainder of the devices in this access group:
    1. Select the check box next to the device, and click the Reimport button.
    2. Select Device specific configuration and click the Reimport button at the bottom of the screen.
    3. If the differences window displays for the LTM service, select USE_BIGIP and click the Resolve button.
    4. If the differences window displays for the APM service, click the Accept button.
  8. Repeat steps 2-7 for the rest of the access groups.
You can now start managing your BIG-IP devices using BIG-IQ Centralized Management version 5.3.0.

Remove and recreate access groups (with SWG data) from the user interface for devices running APM services

After you upgrade F5® BIG-IQ Centralized Management to version 5.3, you must recreate the access groups running the APM service.
Use this procedure to remove and recreate access groups for devices running APM services with F5 Secure Web Gateway configuration data so you can start using the new features introduced in this release.
Important: If you'd rather use a script to do this, refer to Use a script to remove and recreate access groups in bulk for devices running APM services. If your APM configuration doesn't include SWG data, refer to Reimport access groups (without SWG data) from the user interface for devices running APM services.
  1. At the top of the screen, select Configuration, then expand ACCESS and click Access Groups .
  2. In a separate file (such as a Notepad or Excel file), make a note of:
    • Each access group and the IP addresses of the devices contained within each.
    • The source device, from which you want to copy the configuration to all devices in the access group.
      Note: You'll deploy the configuration from this source device to all of the devices in the access group.
  3. Select the check box next to each access group and click the Remove button.
  4. Click the Create button.
  5. Type a name for this access group in the Name field.
  6. From the Device list, select from which to reimport the shared access policy configuration and click the Reimport button.
    This device will share the access policy configuration with all other devices in this access group.
  7. Click the Create button at the bottom of the screen.
  8. If the differences window displays for the LTM service, select USE_BIGIP and click the Resolve button.
  9. Click the name of the access group you added.
  10. Click the Add Device button.
  11. From the Device list, select a device to add to this access group.
  12. Click the Add button at the bottom of the screen.
  13. If the differences window displays for the LTM service, select USE_BIGIP and click the Resolve button.
  14. If the differences window displays for the APM service, click the Accept button.
  15. Repeat these steps 10-14 for each device in each access group before creating the next access group.
You can now start managing your BIG-IP devices using BIG-IQ Centralized Management version 5.3.0.