Manual Chapter : Deploying Software Images and Backing Up and Restoring Configurations

Applies To:

Show Versions Show Versions

BIG-IQ Cloud

  • 4.2.0

BIG-IQ Device

  • 4.2.0

BIG-IQ Security

  • 4.2.0
Manual Chapter

About deploying software images and configuration files

Using BIG-IQ Device to centrally manage the devices in your network means that you can deploy software images and configurations without having to log in to each individual BIG-IP device.

Deploying a software image

You must first discover and license a device before you can deploy a software image to it.

As an administrator of a number of BIG-IP devices, one of your tasks is to make sure you have as many hardware resources available as possible at any given time. When you use BIG-IQ Device to manage your network, you have a centralized view into the health of your BIG-IP devices. If you see that a managed device has failed and you do not have the time to perform extensive troubleshooting, you have the option to immediately reformat the hard drive of the failed device. You do this through the BIG-IQ Device interface by dragging and dropping stored or downloaded software images onto that device.

When you deploy a software (ISO or .iso) image to a BIG-IP device, you are performing a clean install. A clean install means that you reformat the hard drive, clearing the entire device of everything, including its license and configuration files.
  1. Browse to the F5 Downloads site, https://downloads.f5.com, and locate the image you want to download.
  2. Using a file transfer program, such as FTP, download the .iso file to the BIG-IQ Device shared images directory (/shared/images).
  3. At the top of the screen, click BIG-IQ > Device.
  4. On the Images panel, click the software image that you want to deploy, drag it to the Device panel, and drop it onto the device to which you want it installed.
  5. On the Deployment panel, click the gear icon to view the status of the pending job, then:
    • If Pending list shows the status of the job as Runnable, click the Deploy button to start the job.
    • If the Pending list shows the status of the job as Validation Failed, modify the details as required. Once the job displays as Runnable, click the gear icon, and then click the Deploy button.
When deployment is complete, the job displays in the Deployment panel's Complete list until you delete it.
Before you can manage this device, you must install the required BIG-IQ system components on it. For more information, refer to the Installing required BIG-IQ components on BIG-IP devices chapter. After you install the required components, you can associate the device with a license and configuration.

Installing required BIG-IQ components on BIG-IP devices

You can perform this task only after you have licensed and installed the BIG-IQ system and at least one BIG-IP device running version 11.3 or later.

This task runs a script. For this script to run properly, you must first open specific ports on your EC2 AMI BIG-IQ instance and on any associated EC2 BIG-IP instances. To open these ports, you need additional security group rules in your allow-only-ssh-https-ping security group, and you need to associate these rules with the management interface.

You need to create three rules: two outbound rules for the BIG-IQ instance, and one inbound rule for the BIG-IP instance.

Group Name Group Description Rule Name Source Port
allow-only-ssh-https-ping Allow only SSH, HTTPS, or PING Outbound SSH 0.0.0.0/0 22 (SSH)
    Outbound HTTPS 443 0.0.0.0/0 443 (HTTPS)
    Inbound HTTPS 0.0.0.0/0 443 (HTTPS)
Installing requisite BIG-IQ components onto your managed BIG-IP devices results in a REST framework that supports the required Java-based management services. You must perform this installation task on each device before you can discover it.
Important: When you run this installation script, the traffic management interface (TMM) on each BIG-IP device restarts. Before you run this script, verify that no critical network traffic is targeted to the BIG-IP devices.
  1. Log in to the BIG-IQ system terminal as the root user.
  2. Establish SSH trust between the BIG-IQ system and the managed BIG-IP device. ssh-copy-id root@<BIG-IP Management IP Address> This step is optional. If you do not establish trust, you will be required to provide the BIG-IP system's root password multiple times.
  3. Navigate to the folder in which the files reside. cd /usr/lib/dco/packages/upd-adc
  4. Run the installation script.
    • For devices installed in an Amazon EC2 environment: ./update_bigip.sh -a admin -p <password> -i /<path_to_PEM_file> <BIG-IP Management IP Address>
    • For devices installed in any other environment: ./update_bigip.sh –a admin –p <password> <BIG-IP Management IP Address>
    Where <password> is the administrator password for the BIG-IP device.
  5. Revoke SSH trust between the BIG-IQ system and the managed BIG-IP device. root@<BIG-IP Management IP address> grep -v '<username>@<computername>' /root/.ssh/authorized_keys > /tmp/authorized_keys.tmp; mv -f /tmp/authorized_keys.tmp /root/.ssh/authorized_keys This step is not required if you did not establish trust in step 2.
Important: Before you begin using this BIG-IQ Cloud in a production capacity, depending on your security policies, you will likely want to stop using the security group rules that you added as prerequisite to this task.

Backing up and restoring a set of configuration files

You must discover, license, and configure a device before you can back up and restore a set of configuration files to it.
Creating a backup of a set of configuration files for a device ensures that you can quickly and easily replicate or restore a configuration.
  1. Use SSH to log in to the BIG-IQ system's management IP address as the root user, and type the following command:f5ad-create-config -f <configuration file set name> <host name> BIG-IQ Device backs up the configuration files located in the following directories (including all of the files in the sub-directories) into its /shared/config directory in a folder named <configuration file set name> and displays the configuration file name in the Config Files panel. /config/bigip_base.conf /config/bigip.conf /config/bigip_user.conf /config/startup /config/eav/ /config/failover/ /config/filestore/ /config/partitions/
    Important: If you do not want BIG-IQ Device to overwrite any existing configuration file set with the same name, do not include the f flag for this command.
  2. On the Config Files panel, click the name for the configuration file set you want to deploy, drag it to the Device panel, and drop it on the device to which you want it installed.
  3. On the Deployment panel, click the gear icon to view the status of the pending job, then:
    • If Pending list shows the status of the job as Runnable, click the Deploy button to start the job.
    • If the Pending list shows the status of the job as Validation Failed, modify the details as required. Once the job displays as Runnable, click the gear icon, and then click the Deploy button.
When deployment is complete, the job displays in the Deployment panel's Complete list until you delete it.