Manual Chapter : Software Image Deployment and Configuration Back Up and Restoration

Applies To:

Show Versions Show Versions

BIG-IQ Cloud

  • 4.3.0

BIG-IQ Device

  • 4.3.0

BIG-IQ Security

  • 4.3.0
Manual Chapter

About deploying software images and configuration files

Using BIG-IQ Device to centrally manage the devices in your network means that you can deploy software images and configurations without having to log in to each individual BIG-IP device. Software image files can contain new software, upgrades, or hot fixes. You can choose to deploy a software installation job immediately, or you can save the job for later deployment. While the software installation job runs, you can continue to perform other administrative tasks.

Deploying software images to physical or virtual devices

You must first discover and license a device before you can deploy a software image to it.

You can centrally deploy software images for new installations, upgrades, or hot fixes to managed physical and virtual devices with just a few clicks.

  1. Browse to the F5 Downloads site, https://downloads.f5.com, and locate the image you want to download.
  2. Using a file transfer program, such as FTP, download the .iso file to the BIG-IQ Device shared images directory (/shared/images).
  3. Log in to BIG-IQ Device with the administrator user name and password.
  4. At the top of the screen, click Physical or Virtual, depending on the type of device you are configuring.
  5. On the Images panel, click the software image that you want to deploy, drag it to the Device panel, and drop it onto the device to which you want it installed.
  6. Hover on the Deployment panel and click the ( + ) icon.
  7. On the Deployment panel, click the gear icon to view the options for the deployment job. The panel expands to display deployment options.
  8. Modify the options as required.
  9. For the Install Method setting:
    • If you select the Factory Install option, BIG-IQ Device reformats the device's hard drive. For this option, you can select a set of saved configuration files from the Config Files list to load onto the device and choose and option from the Licensing list.
      Important:
      To manage this device after deploying the software image, you must re-install the required BIG-IQ system components back onto the device after the job runs. For more information, refer to the Installing required BIG-IQ components on BIG-IP devices chapter.
    • If you select the Live Install option, you can select the Reboot to Target Volume After Live Install and the Set Target Volume as Default Boot Volume check boxes.
  10. Click the Deploy button to immediately initiate the job, or click the Save button for later deployment.
  11. Monitor the job by viewing the status in the Deployment panel. If the Pending list shows the status of the job as Validation Failed, modify the details as required. Once the job displays as Runnable, click the gear icon, and then click the Deploy button.
When deployment is complete, the job displays in the Deployment panel's Complete list until you delete it.
Before you can manage this device, you must install the required BIG-IQ system components on it. For more information, refer to the Installing required BIG-IQ components on BIG-IP devices chapter. After you install the required components, you can associate the device with a license and configuration.

Using a script to install required BIG-IQ components on managed BIG-IP devices

You can perform this task only after you have licensed and installed the BIG-IQ system and at least one BIG-IP device running version 11.3 or later.

Before you perform this task you must first open specific ports on your EC2 AMI BIG-IQ instance and on any associated EC2 BIG-IP instances. To open these ports, you need additional security group rules in your allow-only-ssh-https-ping security group, and you need to associate these rules with the management interface.

You need to create three rules: two outbound rules for the BIG-IQ instance, and one inbound rule for the BIG-IP instance.

Group Name Group Description Rule Name Source Port
allow-only-ssh-https-ping Allow only SSH, HTTPS, or PING Outbound SSH 0.0.0.0/0 22 (SSH)
    Outbound HTTPS 443 0.0.0.0/0 443 (HTTPS)
    Inbound HTTPS 0.0.0.0/0 443 (HTTPS)

Installing requisite BIG-IQ components onto your managed BIG-IP devices results in a REST framework that supports the required Java-based management services. You must perform this installation task on each device before you can discover it.

Important: When you perform this task, the traffic management interface (TMM) on each BIG-IP device restarts. Before you perform this task, verify that no critical network traffic is targeted to the BIG-IP devices.
  1. Log in to the BIG-IQ system terminal as the root user.
  2. Establish SSH trust between the BIG-IQ system and the managed BIG-IP device. ssh-copy-id root@<BIG-IP Management IP Address> This step is optional. If you do not establish trust, you will be required to provide the BIG-IP system's root password multiple times.
  3. Navigate to the folder in which the files reside. cd /usr/lib/dco/packages/upd-adc
  4. Run the installation script.
    • For devices installed in an Amazon EC2 environment: ./update_bigip.sh -a admin -p <password> -i /<path_to_PEM_file> <BIG-IP Management IP Address>
    • For devices installed in any other environment: ./update_bigip.sh –a admin –p <password> <BIG-IP Management IP Address>
    Where <password> is the administrator password for the BIG-IP device.
  5. Revoke SSH trust between the BIG-IQ system and the managed BIG-IP device. ssh root@<big-ip addr> 'cat /var/ssh/root/authorized_keys' | grep -v -F -f /root/.ssh/identity.pub | ssh root@<big-ip addr> 'cat - >/var/ssh/root/authorized_keys.tmp && mv /var/ssh/root/authorized_keys.tmp /var/ssh/root/authorized_keys' This step is not required if you did not establish trust in step 2.
Important: Before you begin using this BIG-IQ system in a production capacity, depending on your security policies, you will likely want to stop using the security group rules that you added as prerequisite to this task.

Backing up and restoring a set of configuration files

You must discover, license, and configure a device before you can back up and restore a set of configuration files to it.
Creating a backup of a set of configuration files for a device ensures that you can quickly and easily replicate or restore a configuration.
  1. Use SSH to log in to the BIG-IQ system's management IP address as the root user, and type the following command: f5ad-create-config -f <configuration file set name> <host name> BIG-IQ Device backs up the configuration files located in the following directories (including all of the files in the sub-directories) into its /shared/config directory in a folder named <configuration file set name>, and displays the configuration file name in the Config Files panel. /config/bigip_base.conf /config/bigip.conf /config/bigip_user.conf /config/startup /config/eav/ /config/failover/ /config/filestore/ /config/partitions/
    Important: If you do not want BIG-IQ Device to overwrite any existing configuration file set with the same name, do not include the f flag for this command.
  2. Log in to BIG-IQ Device with the administrator user name and password.
  3. At the top of the screen, click Physical or Virtual, depending on the type of device you are configuring.
  4. On the Deployment panel, click the gear icon to view the options for the deployment job. The panel expands to display deployment options.
When deployment is complete, the job displays in the Deployment panel's Complete list until you delete it.