Monday, May 8, 2017

Upgrade F5 BIG-IP

I ran into quite a few issues upgrading our F5 BIG-IP's a little bit ago from 12.x code to 13.0. I would like to share what I learned during this experience in hopes to help out others. The F5 documentation is written well, but some of it is not explained in a way that makes sense as to why you would do it in that order, which is where my upgrade troubles began.

Tools you will need:
            - WinSCP
            - SSH Software (ie. Putty)

NOTE: If you have two F5 BIG-IP devices, I highly recommend doing this on your secondary device that is in Standby mode. While you run through the update you will be taking the device out of commission when you install the software as well as when it reboots.

 Edit: You don't need to re-license with every upgrade. If you check F5's site for license activation prior to upgrade, there is a license check list that you can use. This one seems to be updated quite regularly for BIG-IP: https://support.f5.com/csp/article/K7727

First start by checking the version you are running. Open an SSH session to your F5 and run: 'tmsh show sys hardware'. This command will show you the version you are currently on as well as the Registration Key for your system. You will need this later.

  • Go to the F5 website (https://downloads.f5.com). Find your F5 Product and the version you want to upgrade to. 
  • Download and save the latest hotfix or version that you want.
  • Before you upgrade you need to relicense your registration key.
  • From the CLI, run: grep ‘Service check date’ bigip.license (This will give you the date your F5 was licensed.) Copy this key.
  • Run tmsh show sys license (This will display your registration key along with what you are licensed for)
  • Open an SSH session to your VCMP host.
  • With the Registration Key you got earlier, run this command:  get_dossier -b ABCDE-ABCDE-ABCDE-ABCDE-ABCDEFG
  • Copy the product dossier
  • Go to https://activate.f5.com and click on ‘Activate F5 product registration key’.
  • Paste the dossier in the empty box, then click Next.
  • Accept the terms. On the next page will be the new license with the updated date.
  • Save the new license to a file named ‘bigip.license’
  • Easiest way to do this is to:
    • Start WinSCP
    • SSH to the VCMP host
    • Navigate to /config/ and find bigip.license
    • You should download this license file as a backup just in case
    • Drop the new file in there and overwrite the old one
    • Back in your SSH session run: reloadlic
  • Back on the SSH console of the VCMP host, run: 'service check date’ bigip.license
  • The date should reflect today’s date, confirming that the F5 has been relicensed.
  • You can now login to the F5 web interface and upload the hotfix or latest version.
  • Make a backup of the config by going to System > Archives > Click Create Button 
    • Enter a File Name
    • Click the Finished button
  • At this point you want to take the device offline
    • Go to Device Management > Devices
    • Scroll to the bottom of the page and click the button Force Offline
  • Now, upload the latest image by going to System > Software Management > Image List
    • Click the Import button
    • Click Choose File and navigate to where you downloaded the latest image
    • Click the Import button
    • Wait for it to import the file
  • Once the file is imported and you have a snapshot of the system, it is time to upgrade.
  • Back on the Software Management > Image List page, click the check box next to the image you want to upgrade to, then click the Install button.
  • A Pop-up will appear asking you to select a location. Partition 2 is for a new releases. Partition 3 is for Hot Fixes (per F5 support). 
    • Select 2 for a new build image (If this option is not available, go to the next available)
    • Click the Install button
  • You can watch the upgrade progress from the Installed Images field within the Image List page. 
  • Once the install is finished, you need to reboot the system into the new partition.
    • From the web GUI:
      • System > Software Management > Boot Locations
      • Click on the boot location of the new install software image
      • Click the drop-down next to Install Configuration and select Yes
      • Click the drop-down next to Source Volume and select a partition of the Hard Drive to install to
      • Click the Activate button
    • From the CLI:
      • Type switchboot
      • A list of image slots with their boot images will display. Use the arrow key to select the boot slot for startup and hit Enter
  • Once the F5 is back up, log in and you should be good to go.

Posted by at
Labels: , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)