Manual Chapter :
Solution 2: Copy a master key to a new system
Applies To:
Show Versions
BIG-IP LTM
- 17.1.2, 17.1.1, 17.1.0, 17.0.0, 16.1.5, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0, 14.1.5, 14.1.4, 14.1.3, 14.1.2, 14.1.0, 14.0.1, 14.0.0, 13.1.5, 13.1.4, 13.1.3, 13.1.1, 13.1.0
BIG-IP DNS
- 17.1.2, 17.1.1, 17.1.0, 17.0.0, 16.1.5, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0, 14.1.5, 14.1.4, 14.1.3, 14.1.2, 14.1.0, 14.0.1, 14.0.0, 13.1.5, 13.1.4, 13.1.3, 13.1.1, 13.1.0
Solution 2: Copy a master key to a new system
Before you perform this task, make sure you read the section titled
Preventing UCS restore issues
in this document. Use this task if you intend to use a user configuration set (UCS) archive from an existing BIG-IP system to configure a new (or replacement) system, and you have the existing system's master key.
In this case, you can manually copy the master key from the existing system to the new system and then, on the new system, restore the UCS archive. This will ensure that you can load the BIG-IP configuration successfully.
This task is based on the assumption that the existing system and the new system are members of the same Device Service Clustering (DSC) device group.
You can perform this task on any BIG-IP system, including a vCMP guest.
- On both the existing system and the new system, open a console window, using a program such as PuTTY.
- Log in to the existing BIG-IP system, and at the system prompt, obtain the master key by typing this command:f5mku -K. The command output appears similar to this example:oruIVCHfmVBnwGaSR/+MAA==
- Copy the output.The output is the master key that you will install on the new BIG-IP system.
- Log in to the new system, and at the system prompt, install the master key that you copied from the existing system by typing this command:f5mku -rkey_valueUse the-roption with extreme caution. Using this option when the file/config/bigip.confcontains encrypted passwords or passphrases will cause a BIG-IP load operation to fail.Here's a sample command sequence:f5mku -r oruIVCHfmVBnwGaSR/+MAA==
- Verify that the master key is the same on both the existing system and the new system by typing this command from the command lines of both systems:f5mku -K
- Restore the UCS archive on the new system using this command syntax:tmsh load sys ucsfile_name.ucs no-licenseBecause the original device license was created using device-specific information and specific license registration key(s), any attempt to restore the UCS archive without specifying theno-licenseflag places the device in the unlicensed state, causing the restore operation to fail.
- On the new system, save the BIG-IP configuration by typing this command:tmsh save sys config
- On the new system, load the BIG-IP configuration by typing this command:tmsh load sys config
- At the existing system's system prompt, set the existing system as the sync leader using this command syntax:tmsh modify cm device-groupdevice_groupdevices modify {existing_BIG-IP{ set-sync-leader } }Note that in this command sequence,device_groupis the name of the device group that both the existing system and the new system are members of.
- At the existing system's system prompt, sync the configuration to the new system using this command syntax:tmsh run cm config-sync to-groupdevice_groupNote that the process of initializing the BIG-IP configuration on the new system can take up to a full minute to complete.
- Confirm that the two systems are in sync by typing this command:tmsh show cm sync-status
