Monday, May 8, 2017

Upgrade F5 BIG-IP

I ran into quite a few issues upgrading our F5 BIG-IP's a little bit ago from 12.x code to 13.0. I would like to share what I learned during this experience in hopes to help out others. The F5 documentation is written well, but some of it is not explained in a way that makes sense as to why you would do it in that order, which is where my upgrade troubles began.

Tools you will need:
            - WinSCP
            - SSH Software (ie. Putty)

NOTE: If you have two F5 BIG-IP devices, I highly recommend doing this on your secondary device that is in Standby mode. While you run through the update you will be taking the device out of commission when you install the software as well as when it reboots.

Edit: You don't need to re-license with every upgrade. If you check F5's site for license activation prior to upgrade, there is a license check list that you can use. This one seems to be updated quite regularly for BIG-IP: https://support.f5.com/csp/article/K7727

First start by checking the version you are running. Open an SSH session to your F5 and run: 'tmsh show sys hardware'. This command will show you the version you are currently on as well as the Registration Key for your system. You will need this later.

  • Go to the F5 website (https://downloads.f5.com). Find your F5 Product and the version you want to upgrade to. 
  • Download and save the latest hotfix or version that you want.
  • Before you upgrade you need to relicense your registration key.
  • From the CLI, run: grep ‘Service check date’ bigip.license (This will give you the date your F5 was licensed.) Copy this key.
  • Run tmsh show sys license (This will display your registration key along with what you are licensed for)
  • Open an SSH session to your VCMP host.
  • With the Registration Key you got earlier, run this command:  get_dossier -b ABCDE-ABCDE-ABCDE-ABCDE-ABCDEFG
  • Copy the product dossier
  • Go to https://activate.f5.com and click on ‘Activate F5 product registration key’.
  • Paste the dossier in the empty box, then click Next.
  • Accept the terms. On the next page will be the new license with the updated date.
  • Save the new license to a file named ‘bigip.license’
  • Easiest way to do this is to:
    • Start WinSCP
    • SSH to the VCMP host
    • Navigate to /config/ and find bigip.license
    • You should download this license file as a backup just in case
    • Drop the new file in there and overwrite the old one
    • Back in your SSH session run: reloadlic
  • Back on the SSH console of the VCMP host, run: 'service check date’ bigip.license
  • The date should reflect today’s date, confirming that the F5 has been relicensed.
  • You can now login to the F5 web interface and upload the hotfix or latest version.
  • Make a backup of the config by going to System > Archives > Click Create Button 
    • Enter a File Name
    • Click the Finished button
  • At this point you want to take the device offline
    • Go to Device Management > Devices
    • Scroll to the bottom of the page and click the button Force Offline
  • Now, upload the latest image by going to System > Software Management > Image List
    • Click the Import button
    • Click Choose File and navigate to where you downloaded the latest image
    • Click the Import button
    • Wait for it to import the file
  • Once the file is imported and you have a snapshot of the system, it is time to upgrade.
  • Back on the Software Management > Image List page, click the check box next to the image you want to upgrade to, then click the Install button.
  • A Pop-up will appear asking you to select a location. Partition 2 is for a new releases. Partition 3 is for Hot Fixes (per F5 support). 
    • Select 2 for a new build image (If this option is not available, go to the next available)
    • Click the Install button
  • You can watch the upgrade progress from the Installed Images field within the Image List page. 
  • Once the install is finished, you need to reboot the system into the new partition.
    • From the web GUI:
      • System > Software Management > Boot Locations
      • Click on the boot location of the new install software image
      • Click the drop-down next to Install Configuration and select Yes
      • Click the drop-down next to Source Volume and select a partition of the Hard Drive to install to
      • Click the Activate button
    • From the CLI:
      • Type switchboot
      • A list of image slots with their boot images will display. Use the arrow key to select the boot slot for startup and hit Enter
  • Once the F5 is back up, log in and you should be good to go.

Tuesday, January 3, 2017

Changes, Challenges and a New Year

Another year has come and gone. I finally accomplished my one sought after certification that I lusted after for so long, the CCNA. Like many others, I spent many days and nights studying, but it wasn't until meeting a fellow Network Engineer who was going for his CCIE and had an amazing study schedule did I truly understand what it meant to actually spend time studying.

I was "studying" for my CCNA for three years. I failed my first three attempts at my CCENT because I was too cocky, and had no schedule or plan. It wasn't until I lined out what areas I was weak in, spending the time on getting that nailed down, then moving on that I was able to truly benefit from all my studying. Creating a schedule and sticking to it was the best thing I ever did for myself and my study habits. If only I could have learned that back in High School.

After I finally got that lovely certification, I took a couple of months off from studying. Bad decision. It was rough getting back into the groove of studying. I have become complacent with where I am with my time and it is tough to get back into that studying mindset. Like most people, I'm making a New Year's resolution. I will begin the New Year with studying! How many times does that work though? None. I just need to go back to creating another schedule and sticking to it.

Towards the end of last year my role at work was shifted from "Wireless" to "Data Center." As much as I was beginning to enjoy Wireless, I felt like Data Center was where I needed to be. The Data Center team handles the virtual infrastructure. Needless to say, I needed to start studying up on my VMWare. Wow, was that something. I quickly started building a lab at home (well, broke it more so than built it). That's how you're supposed to learn, right? By doing?

Today, I was told that I am now being moved back to the Network side of the house. That will make the fourth role change in two years since I moved up to become a Network Engineer: Telecom, Wireless, Data Center, and now Network. I love the network side of the house, but I was starting to enjoy the virtual side. I will keep my lab going strong!

With the changing of my roles so often I think that it is safe to say that there is a need for Engineers out there that have the ability to pick up more than one role, and be well versed in it. Not only with each shift in a new job, but also within each changing moment in the day. You never know when those desktop days may come in handy! I find myself doing other roles during the day because of my past lives. It is always good to have more than that one skill to rely on.

Through all of the role changes and challenges through my past certification experience, I plan to move forward and create new certification goals for this year. My first one will be the VMWare VCP-NV. I know that I am no longer on the Data Center team, but I believe that is a good skill to have with everything moving to virtual infrastructure. After that, I plan on moving on with my Cisco certifications and going for the CCNP Route. Route is not my strong suit, but I feel like this will be the better option for my career.

So, on to a New Year, with more certifications and more learning for all!