Manual Chapter :
Setting up F5 Guided
Configuration for SSL Orchestrator
Applies To:
Show Versions
F5 SSL Orchestrator
- 15.0.0
Setting up F5 Guided
Configuration for SSL Orchestrator
Overview: Setting up F5 Guided Configuration for SSL Orchestrator
To install the F5 Guided Configuration for SSL Orchestrator 15.0.0-6.0 and you
do not have an existing SSL Orchestrator add-on license, or a previous version of SSL
Orchestrator installed, download the image from downloads.f5.com. For complete step-by-step
installation instructions, see the
BIG-IP Systems: Upgrading
Software
guide. The F5 Guided Configuration for SSL Orchestrator 6.0 image is packaged
with the F5 BIG-IP 15.0.0 image.To upgrade to the newest version of SSL Orchestrator from a previous version,
or you have an existing add-on license, follow the recommended upgrade steps in the
SSL Orchestrator recommended upgrade procedure
section. This
procedure walks you through the uninstallation and deletion of existing SSL Orchestrator
applications and RPMs before installing the new ISO image. If you do not follow the recommended upgrade procedure to undeploy your
previous SSL Orchestrator deployments, as well as uninstall your previous version of the
application, further manual steps are required to reset your environment and undeploy the
previous version. See the
Upgrade from previous F5 SSL Orchestrator
versions using the recovery procedure
task steps based on the previous version of SSL
Orchestrator you are upgrading from and your access to the BIG-IP Applications LX menu. These upgrade steps are required since in some cases previously deployed SSL
Orchestrator configurations cannot be rolled forward or imported into the new version of SSL
Orchestrator. Following one of the recommended upgrade procedures will assist you in preparing
your system for a clean installation.
If you are implementing a high
availability environment for SSL Orchestrator, review the
Setting up
F5 Guided Configuration for SSL Orchestrator in High Availability
section for more
detailed information.After upgrading SSL Orchestrator from version 5.0, one or more
existing configurations may show an error due to inconsistent egress information. For example,
if the System Setting in version 5.0 had an egress setting of IPv4 while the topology setting
was IPv6, the IPv6 topology’s egress setting will show an error after the upgrade. To fix,
locate the error(s) and update the configuration with the correct egress information (such as
egress gateway pool or SNAT settings) and redeploy.
F5 SSL Orchestrator recommended upgrade procedure
F5
recommends you follow the procedure shown below when upgrading to the newest version of
SSL Orchestrator from a previous version.
Some sections are
conditional and are based on your particular upgrade path. Ensure that you review
all instructions and conditions for which sections are optional, required, or can be
skipped.
- Export currently deployed SSL Orchestrator configurations (Optional task when upgrading from SSL Orchestrator versions 13.0.0-2.3 or 13.1.0-3.0)
- Undeploy your currently deployed SSL Orchestrator application (Required task when upgrading SSL Orchestrator from versions 14.0.x or older to 15.0.0)
- Uninstall SSL Orchestrator (Required task when upgrading SSL Orchestrator from versions 14.0.x or older to 15.0.0)
- Install the new BIG-IP ISO image
- Boot into the new partition and activate the upgrade installation
- Provision the newly activated resource
- Using the F5 SSL Orchestrator setup utility
After an RPM upgrade from 14.1.x-5.0 to 15.0.0-6.0, previously existing
egress topology configurations may contain incorrect egress settings and may result
in a broken configuration. This error occurs after an RPM upgrade due to the system
settings choosing either IPv4 or IPv6 when the topology workflow still allows a
configuration to be created using both IPv4 and IPv6. To fix this conflict, update
the configuration so that it is either using IPv4 or IPv6 and deploy the
configuration again.
Exporting currently deployed F5 SSL Orchestrator configurations
(optional)
If you
are upgrading SSL Orchestrator from 13.0.0-2.3 or 13.1.0-3.0, you have the option to
first export any currently deployed configurations. Only SSL Orchestrator versions
13.0.0-2.3 and 13.1.0-3.0 contain the export functionality.
By
exporting previously successful deployment configurations as JSON files, you can
examine their configuration settings prior to new deployments with SSL Orchestrator.
Whether you have access to the export functionality
or not, you can review any current configurations and make notes that are important
for new configurations once you upgrade.
- Log in to SSL Orchestrator version 13.0.0-2.3 or 13.1.0-3.0.
- On the Main tab, click to view the export configuration settings. The Export Configurations screen opens.If you do not have any previously saved deployments, no information displays.
- In theExport Configurationstable, select a previously deployed configuration.
- ClickExport.A dialog box pop-up opens showing the JSON configuration information to be exported and asksDo you wish to export the current SSL Orchestrator Configuration settings to a .json file?
- To export the current SSL Orchestrator settings into a JSON export file, clickOK, or clickCancelto stop the export process.
- Type the file name of the JSON file to export.
- ClickOK.
The configuration
information you selected to export is downloaded to your local system as a JSON file for
later use as a reference to your previous deployments. You are now ready to undeploy
your SSL Orchestrator configuration.
Undeploying your
currently deployed F5 SSL Orchestrator application
If you
are upgrading SSL Orchestrator from versions 14.0.x or older to 15.0.0, this task is
required for a successful upgrade.
If you are upgrading SSL Orchestrator from version
14.1.x to 15.0.0, you can skip to the
Installing the new BIG-IP ISO
image
section. To undeploy your currently
deployed configuration, do the following:
- On the Main tab, click . The SSL Orchestrator Configuration screen opens.
- For SSL Orchestrator versions prior to 14.0.x-5.x, clickUndeploy.
- For SSL Orchestrator versions 14.1.x-5.x or higher, select the check box next to the name of the deployments you want to remove and clickDelete.
Your entire SSL
Orchestrator configuration is now removed from your system and you are ready to
uninstall your SSL Orchestrator application.
Uninstalling F5 SSL Orchestrator
If you
are upgrading SSL Orchestrator from versions 14.0.x or older to 15.0.0, this task is
required for a successful upgrade.
If you are upgrading SSL Orchestrator from version
14.1.x to 15.0.0, you can skip to the
Installing the new BIG-IP ISO
image
section. To uninstall your SSL
Orchestrator application, do the following:
- On the Main tab, click . The Updates screen opens.
- Under the Version field, clickUninstall.
- ClickOK.Do not click on any link underneath the SSL Orchestrator tab after you clickOKor the system will automatically reinstall.Your application is now removed from your system and you are ready to install the new BIG-IP 15.0.0 ISO image.
Installing the new
BIG-IP ISO image
The latest version of SSL Orchestrator (6.0) is included with the
BIG-IP 15.0.0 ISO image. When you install the F5 BIG-IP 15.0.0 ISO image, the BIG-IP
system installs the configuration of the currently active boot location on the
target installation location.
If you have not already done so, download BIG-IP SSL Orchestrator:
- Go to https://downloads.f5.com and click Downloads. TheDownloadsOverview screen opens.
- ClickFind a Download. The Select a Product Line screen opens.
- In theF5 Product Familycolumn, find the Security section.
- In theProduct Linecolumn, clickSSL Orchestrator. The Select a Product Version and Container for SSL Orchestrator screen opens.
- Select15.0.0from the list of BIG-IP version numbers and then click SSL Orchestrator. The Software Terms and Conditions screen opens.
- ClickI Accept. The Select a Download screen appears.
- Click the appropriate filename to download BIG-IP SSL Orchestrator.
- To install BIG-IP SSL Orchestrator, on the Main tab, click . The Images List screen opens.
- From theAvailable Imagessection, select the check box next the to BIG-IP 15.0.0 ISO image.
- ClickInstall. The Install Software Image pop-up screen opens.
- In theVolume set namelist, type a Boot Location name or number.
- ClickInstall. The Images List screen opens.If necessary, click the browser Refresh button if the BIG-IP version 15.0.0 image does not appear in the Installed Images list.
- The BIG-IP installation is complete once theInstall Statuscolumn for version 15.0.0 indicatescomplete.
You are now ready to
boot into the new partition and activate the newly installed version of SSL
Orchestrator.
For complete step-by-step installation and upgrade instructions for
BIG-IP, see the
BIG-IP Systems: Upgrading Software
document.Booting into the new
partition and activating the upgrade installation
To upgrade SSL Orchestrator to 15.0.0-6.0 when your system is
partitioned with both 15.0.0-6.0 and a version prior to 14.1.0-5.0, do the
following:
- On the Main tab, click . The Boot Locations screen appears.
- Click the Boot Location name you created in the Boot Location column for BIG-IP 15.0.0. TheGeneral Propertiesscreen opens.
- From theInstall Configurationlist, clickYes.This option is not supported on VIPRION platforms. If you are using SSL Orchestrator on a VIPRION platform, refer to K14724: Using the cpcfg command to copy a configuration from one boot location to another on AskF5 for detailed instructions.
- ClickActivate.
- ClickOK.
Your newly changed
system will reboot the BIG-IP device as it switches partition to the newest version.
Provisioning the newly
activated resource
If you
are upgrading SSL Orchestrator from versions 14.0.x or older to 15.0.0, this task is
required for a successful upgrade.
If you are upgrading SSL Orchestrator from version
14.1.x to 15.0.0, this task is optional and you can skip to the next section.
Your newly installed BIG-IP SSL Orchestrator must now be
provisioned. After your system reboots, do the following:
- Use your previous SSL OrchestratorUsernameandPasswordto sign in. ClickLog in. The Welcome screen opens.
- On the Main tab, click to provision the system. The Resource Provisioning screen opens.
- In theModulecolumn, locate SSL Orchestrator and select the check box in theProvisioningcolumn if it is not already checked. The Provisioning column will change fromNonetoNominalif the check box was not already checked.
- ClickSubmit.
- ClickOK. Your newly changed system will reboot the BIG-IP device as it provisions SSL Orchestrator.
- ClickContinue.
A new version of F5
BIG-IP SSL Orchestrator has been successfully installed and provisioned and you are
ready to begin setting up SSL Orchestrator using the Setup Utility. Refer to the
Using the F5 SSL Orchestrator setup utility
section.If you do not follow the F5 recommended upgrade
procedure, SSL Orchestrator will guide you through the upgrade scenario, providing
warning messages and links to required tasks, as it assist you in activating and
provisioning your newly installed resource.
Using the F5 SSL
Orchestrator setup utility
Before
you begin, make sure you set up a management IP address, netmask, and default routing on
your system and that you have no license currently installed.
If at any time during your configuration you need to return to
the SSL Orchestrator Setup Utility, simply click the F5 logo in the upper-left
corner of the configuration utility, and on the Welcome screen, click the Run the
Setup Utility link.
Fields marked with a blue
ribbon are required fields that must be completed before you can finish a
task.
The SSL Orchestrator setup utility guides you through the
basic, minimal setup configuration for SSL Orchestrator.
- On the Welcome screen, clickNext.
- On the License screen, clickActivate.
- In theBase Registration Keyfield, paste your SSL Orchestrator base license registration key and clickNext.
- On the EULA screen, clickAccept.The license activates and the system reboots for the configuration changes to take effect.
- After the system reboots, clickContinue. The Resource Provisioning screen opens.If you want to validate the installed license and the active and optional modules before proceeding, click . The License screen opens. ClickNextto return to the Resource Provisioning screen.
- On the Resource Provisioning screen, an Informational message indicates that the selected modules are recommended for your current, active license.
- You may modify the selections as needed based on additional licenses that need to be recognized during provisioning.
- ClickNextto indicate you accept the module setup and then clickOKto provision the selected modules.Reprovisioning may restart daemons or reboot the system causing lost connects.
- ClickContinue. The Device Certificates screen opens where you can review Certificate Properties.
- ClickNext. The Platform screen opens.You may also clickRenewto launch a Device Certificates screen where you can make edits to the various fields.
- In theHost Namefield, type the host name (example: bigip.f5.com).
- In theRoot AccountandAdmin Accountfields, type a respective password and then confirm it.
- ClickNext.
- ClickOK.Since you have updated your password, you will be logged out. You must log in again with your new password before continuing.
- Log back in by typing your new password and clickLog in. The Network Time Protocol NTP Configuration screen opens.
- ClickNext. The Domain Name Server DNS Configuration screen opens.
- ClickNext. The Forward Proxy Certificate screen opens.
- On the Forward Proxy Certificate screen, do the following to provideForward Proxy CertificateandKey Sourcedetails.
- In theCertificate Namefield, maintain the defaultNewradio button and type a name for the certificate (example: newCert).
- In theCertificate Sourcefield, maintain the defaultUpload Fileradio button and clickChoose File. Select a certificate file from your local system and clickOpen.
- In theKey Sourcefield, maintain the defaultUpload Fileradio button and clickChoose File. Select a key file from your local system and clickOpen.
- In theSecurity Typefield, maintain theNormaldefault setting.
- ClickFinish.
You are now ready to
log in to the BIG-IP and start using F5 Guided Configuration for SSL Orchestrator by
clicking
.
Overview: Setting up F5 Guided Configuration for SSL Orchestrator logs
settings
The SSL Orchestrator Settings option in the Logs menu can be used to enable
logging for selected facilities at various levels of severity to describe the system
messages. Facilities describe the specific element of the system generating the message:
Per-Request Policy, FTP, IMAP, POP3, SMTPS, SSL Orchestrator Generic.
Each available level describes the severity of the message and are listed in order of the
severity of the messages they handle. Generally, higher levels contain all the messages
for lower levels. For example, the Alert level will generally also report all messages
from the Emergency level, and the Debug level will generally also report all messages
for all levels.
Setting up logs settings
Use the following procedure to set up your SSL
Orchestrator logs settings with specific severity levels.
- On the Main tab, click . The Logs Settings screen opens.
- If theEnablecheck box is not pre-selected, select the check box to see the available levels for each facility. The default severity is Debug.
- For each facility, you can select from the following log setting severities:
- Emergency: Specifies the emergency system panic messages. Severity: Minimum.
- Alert: Serious errors that require administrator intervention. Severity: Low.
- Critical: Critical errors, including hardware and filesystem failures. Severity: Low.
- Error: Non-critical, but possibly very important, error messages. Severity: Low.
- Warning: Warning messages that should at least be logged for review. Severity: Medium.
- Notice: Messages that contain useful information, but may be ignored. Severity: Medium.
- Information: Messages that contain useful information, but may be ignored. Severity: High.
- Debug: Messages that are only necessary for troubleshooting. Severity: Maximum.
- ClickSave.
Overview: Upgrade from previous F5 SSL Orchestrator versions using
the recovery procedure
If you need to recover from a failed recommended upgrade procedure and still
need to undeploy your previous SSL Orchestrator deployments, as well as uninstall your
previous version of the application, manual steps are required to reset your environment
and undeploy the previous version.
Depending on your previous SSL Orchestrator version and current access to
the BIG-IP Applications LX menu, use one of the following upgrade paths:
- Upgrading from SSL Orchestrator versions 12.x.x, 13.x.x using recovery procedure
- Upgrading from SSL Orchestrator versions 14.0.x using recovery procedure with Applications LX menu access
- Upgrading from SSL Orchestrator versions 14.0.x using recovery procedure without Applications LX menu access
Upgrading from F5 SSL Orchestrator versions 12.x.x, 13.x.x using
recovery procedure
- Access to log on to the BIG-IP console as root or equivalent privileges.
- Access to user credentials so to enter a curl command.
To upgrade from SSL Orchestrator version
12.x.x or 13.x.x, follow the procedure in this section to cleanup your environment. When
you complete this procedure, your environment will be clean and you can log in to BIG-IP
and start using SSL Orchestrator Guided Configuration by clicking .
Steps to cleanup your environment:
- Cleaning up forwarding database (FDB) entries
- Cleaning up nodes
- Cleaning up iApp application service
- Either SSH to BIG-IP as a root user or as a user with equivalent or higher privileges.For example, SSHroot@<Management IP>.
- Enter the following command to get the SSL Orchestrator block and write down the value for theid,name, andstateattribute from the output of the command.curl --insecure -XGET 'https://<<BigIp management IP>>/mgmt/shared/iapp/blocks?$select=id,name,state&$filter=presentationHtmlReference/link%20eq%20%27https://localhost/iapps/f5-iappslx-ssl-orchestrator/index.html%27%20and%20state%20eq%20%27*%27%20and%20state%20ne%20%27TEMPLATE%27' -u <<userID>>:<<password>> | python -m json.toolFor example, note down the details:"id": "2f00771a-48c1-4c0d-a907-b586164177d7", "name": "ssloAppName", "state": "BOUND" [root@localhost:Active:Standalone] config # curl --insecure -XGET 'https://10.192.225.215/mgmt/shared/iapp/blocks?$select=id,name,state&$filter=presentationHtmlReference/link%20eq%20%27https://localhost/iapps/f5-iappslx-ssl-orchestrator/index.html%27%20and%20state%20eq%20%27*%27%20and%20state%20ne%20%27TEMPLATE%27' -u admin:admin | python -m json.tool % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 265 100 265 0 0 884 0 --:--:-- --:--:-- --:--:-- 904 { "generation": 57, "items": [ { "id": "2f00771a-48c1-4c0d-a907-b586164177d7", "name": "ssloAppName", "state": "BOUND" } ], .... }
- Cleaning up forwarding database (FDB) entries
- To delete and cleanup the FDB entries, F5 recommends that you first map the MAC addresses and VLAN names so to properly determine the TMUI command to delete the FDB entries. We recommend creating a table to track the required information.MAC AddressVLAN NameTMUI Command to delete FDB entry
- To retrieve the MAC addresses, enter the following command and populate the table with the correct information.curl --insecure -XGET 'https://<<BigIP Management IP>>/mgmt/shared/iapp/blocks?$select=id,name,inputProperties/value/receiveOnlyServices/macAddress&$filter=state%20eq%20%27*%27%20and%20state%20ne%20%27TEMPLATE%27' -u <<userID>>:<<password>>| python -m json.toolUpdate the table with the MAC address details.MAC AddressVLAN NameTMUI Command to delete FDB entry11:22:33:44:55:6677:88:99:11:22:33The MAC address information would come from this source:[root@localhost:Active:Standalone] config # curl --insecure -XGET 'https://10.192.225.215/mgmt/shared/iapp/blocks?$select=id,name,inputProperties/value/receiveOnlyServices/macAddress&$filter=state%20eq%20%27*%27%20and%20state%20ne%20%27TEMPLATE%27' -u admin:admin | python -m json.tool % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 390 100 390 0 0 2502 0 --:--:-- --:--:-- --:--:-- 2635 { "generation": 57, "items": [ { "id": "2f00771a-48c1-4c0d-a907-b586164177d7", "inputProperties": [ { "value": { "receiveOnlyServices": [ { "macAddress": "11:22:33:44:55:66" }, { "macAddress": "77:88:99:11:22:33" } ] } }, { "value": true } ], "name": "ssloAppName" } ], ....... }
- To retrieve the VLAN names, enter the following command and populate the table with the correct information.curl --insecure -XGET 'https://<<Big Ip Management IP>>/mgmt/tm/net/fdb/vlan?$select=name,records/name' -u <<User ID>>:<<Password>> | python -m json.toolUpdate the table with the VLAN name details.MAC AddressVLAN NameTMUI Command to delete FDB entry11:22:33:44:55:66v177:88:99:11:22:33v1Ignore "v3" because the mapped MAC address in not present in the above table.Ignore the MAC address fa:18:4a:ca:c1:4d from any "v1" VLAN name.The VLAN name information would come from this source:[root@localhost:Active:Standalone] config # curl --insecure -XGET 'https://10.192.225.215/mgmt/tm/net/fdb/vlan?$select=name,records/name' -u admin:admin | python -m json.tool % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 434 100 434 0 0 1254 0 --:--:-- --:--:-- --:--:-- 1280 { "items": [ { "name": "ssloAppName-70-0-D" }, { "name": "ssloAppName-70-0-S" }, { "name": "ssloAppName-71-0-D" }, { "name": "ssloAppName-71-0-S" }, { "name": "v1", "records": [ { "name": "11:22:33:44:55:66" }, { "name": "77:88:99:11:22:33" }, { "name": "fa:18:4a:ca:c1:4d" } ] }, { "name": "v2", }, { "name": "v3", "records": [ { "name": "fa:16:3e:cb:d1:8d" } ] }, { "name": "v4" } ], ...... }
- Use the following command to build the delete commands for cleaning up the FDB entries and update the table.modify net fdb vlan <<vlan name>> records delete { <<macaddress>> }Update the table with the delete command details.MAC AddressVLAN NameTMUI Command to delete FDB entry11:22:33:44:55:66v1modify net fdb vlan v1 records delete { 11:22:33:44:55:66 }77:88:99:11:22:33v1modify net fdb vlan v1 records delete { 77:88:99:11:22:33 }
- Enter all of the delete commands for deleting FDB entries. For example:tmsh modify net fdb vlan v1 records delete { 11:22:33:44:55:66 }tmsh modify net fdb vlan v1 records delete { 77:88:99:11:22:33 }
- Cleaning up nodes
- To delete the necessary nodes used in different services and objects created through the SSL Orchestrator application, you must identify the list of IP addresses that map to each node. F5 recommends you populate a table to track the information using information output from commands detailed in the steps below. For example:IP AddressTMUI command for deleting nodes
- Enter the following command and populate the table with the values in the IP address column. Ignore all duplicates when listing all IP addresses forexplicitProxyConfiguration,ingressDeviceEgressConfiguration,ingressDeviceConfiguration,egressDeviceEgressConfiguration, anddecryptZone.curl --insecure -XGET 'https://<<BigIP Management IP>>/mgmt/shared/iapp/blocks?$select=inputProperties/value/generalSection/ingressDeviceEgressConfiguration/ipv4OutboundGateways/ip,inputProperties/value/generalSection/ingressDeviceEgressConfiguration/ipv6OutboundGateways/ip,inputProperties/value/generalSection/egressDeviceEgressConfiguration/ipv4OutboundGateways/ip,inputProperties/value/generalSection/egressDeviceEgressConfiguration/ipv6OutboundGateways/ip&$filter=state%20eq%20%27*%27%20and%20state%20ne%20%27TEMPLATE%27' -u <<userID>>:<<password>> | python -m json.toolFor example:IP AddressTMUI command for deleting nodes90.90.90.9490.90.90.952001:0db8:85a3:0000:0000:8a2e:0370:7334TheexplicitProxyConfiguration,ingressDeviceEgressConfiguration,ingressDeviceConfiguration,egressDeviceEgressConfiguration, anddecryptZoneIP address information would come from this source:[root@localhost:Active:Standalone] config # curl --insecure -XGET 'https://10.192.225.215/mgmt/shared/iapp/blocks?$select=inputProperties/value/generalSection/ingressDeviceEgressConfiguration/ipv4OutboundGateways/ip,inputProperties/value/generalSection/ingressDeviceEgressConfiguration/ipv6OutboundGateways/ip,inputProperties/value/generalSection/egressDeviceEgressConfiguration/ipv4OutboundGateways/ip,inputProperties/value/generalSection/egressDeviceEgressConfiguration/ipv6OutboundGateways/ip&$filter=state%20eq%20%27*%27%20and%20state%20ne%20%27TEMPLATE%27' -u admin:admin | python -m json.tool % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 534 100 534 0 0 3144 0 --:--:-- --:--:-- --:--:-- 3296 { "generation": 57, "items": [ { "inputProperties": [ { "value": { "generalSection": { "egressDeviceEgressConfiguration": { "ipv4OutboundGateways": [ { "ip": "" } ], "ipv6OutboundGateways": [ { "ip": "" } ] }, "ingressDeviceEgressConfiguration": { "ipv4OutboundGateways": [ { "ip": "90.90.90.94" }, { "ip": "90.90.90.95" } ], "ipv6OutboundGateways": [ { "ip": "2001:0db8:85a3:0000:0000:8a2e:0370:7334" } ] } } } }, { "value": true } ] } ], "kind": "shared:iapp:blocks:blockcollectionstate", ...... }
- List all IP addresses forreceiveOnlyServicesand update the IP addresses in the table by entering the following command:curl --insecure -XGET 'https://<<BigIP Management IP>>/mgmt/shared/iapp/blocks?$select=inputProperties/value/receiveOnlyServices/ipAddress&$filter=state%20eq%20%27*%27%20and%20state%20ne%20%27TEMPLATE%27' -u <<userID>>:<<password>> | python -m json.toolFor example:IP AddressTMUI command for deleting nodes90.90.90.9490.90.90.952001:0db8:85a3:0000:0000:8a2e:0370:733410.10.10.1020.20.20.20ThereceiveOnlyServicesIP address information would come from this source:[root@localhost:Active:Standalone] config # curl --insecure -XGET 'https://10.192.225.215/mgmt/shared/iapp/blocks?$select=inputProperties/value/receiveOnlyServices/ipAddress&$filter=state%20eq%20%27*%27%20and%20state%20ne%20%27TEMPLATE%27' -u admin:admin | python -m json.tool % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 311 100 311 0 0 1800 0 --:--:-- --:--:-- --:--:-- 1884 { "generation": 57, "items": [ { "inputProperties": [ { "value": { "receiveOnlyServices": [ { "ipAddress": "10.10.10.10" }, { "ipAddress": "20.20.20.20" } ] } }, { "value": true } ] } ], "kind": "shared:iapp:blocks:blockcollectionstate", ...... }
- List all IP addresses foricapServicesand update the IP addresses in the table by entering the following command:curl --insecure -XGET 'https://<<BigIP Management IP>>/mgmt/shared/iapp/blocks?$select=inputProperties/value/icapServices/inspectionDevices/ipAddress,inputProperties/value/icapServices/backupItem/inspectionDevices/ipAddress&$filter=state%20eq%20%27*%27%20and%20state%20ne%20%27TEMPLATE%27' -u <<userID>>:<<password>> | python -m json.toolFor example:IP AddressTMUI command for deleting nodes90.90.90.9490.90.90.952001:0db8:85a3:0000:0000:8a2e:0370:733410.10.10.1020.20.20.2030.30.30.3040.40.40.4050.50.50.50TheicapServicesIP address information would come from this source:[root@localhost:Active:Standalone] config # curl --insecure -XGET 'https://10.192.225.215/mgmt/shared/iapp/blocks?$select=inputProperties/value/icapServices/inspectionDevices/ipAddress,inputProperties/value/icapServices/backupItem/inspectionDevices/ipAddress&$filter=state%20eq%20%27*%27%20and%20state%20ne%20%27TEMPLATE%27' -u <<userID>>:<<password>> | python -m json.tool % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 538 100 538 0 0 3987 0 --:--:-- --:--:-- --:--:-- 4014 { "generation": 57, "items": [ { "inputProperties": [ { "value": { "icapServices": [ { "backupItem": { "inspectionDevices": [ { "ipAddress": "30.30.30.30" }, { "ipAddress": "40.40.40.40" } ] }, "inspectionDevices": [ { "ipAddress": "30.30.30.30" }, { "ipAddress": "40.40.40.40" } ] }, { "backupItem": { "inspectionDevices": [ { "ipAddress": "50.50.50.50" } ] }, "inspectionDevices": [ { "ipAddress": "50.50.50.50" } ] } ] } }, { "value": true } ] } ], "kind": "shared:iapp:blocks:blockcollectionstate", ..... }
- Create the delete commands for cleaning up FDB entries and update the IP addresses in the table by entering the following command:delete ltm node <<IP Address>>For example:IP AddressTMUI command for deleting nodes90.90.90.94delete ltm node 90.90.90.9490.90.90.95delete ltm node 90.90.90.952001:0db8:85a3:0000:0000:8a2e:0370:7334delete ltm node 2001:0db8:85a3:0000:0000:8a2e:0370:733410.10.10.10delete ltm node 10.10.10.1020.20.20.20delete ltm node 20.20.20.2030.30.30.30delete ltm node 30.30.30.3040.40.40.40delete ltm node 40.40.40.4050.50.50.50delete ltm node 50.50.50.50
- Enter all of the delete commands built in the table.Ignore the following error message if any delete commands fail since the node may be getting used somewhere else."Node address '/Common/<<IP Address>>' is referenced by a member of pool '/Common/<<Pool Name>>'"Example of delete commands:tmsh delete ltm node 90.90.90.94 tmsh delete ltm node 90.90.90.95 tmsh delete ltm node 2001:0db8:85a3:0000:0000:8a2e:0370:7334 tmsh delete ltm node 10.10.10.10 tmsh delete ltm node 20.20.20.20 tmsh delete ltm node 30.30.30.30 tmsh delete ltm node 40.40.40.40 tmsh delete ltm node 50.50.50.50
- Cleaning up iApp application service
- Enter the following command using the SSL Orchestrator application name noted down in Step 4:tmsh delete sys application service <<SSLO App Name>>.app/<<SSLO App Name>>For example, "name":"ssloAppName" would look much like this:delete sys application service ssloAppName.app/ssloAppName
- Enter the following command while replacing the<<block id>>with theidvalue noted down in Step 2:curl --insecure --data '{state:"UNBINDING"}' -X PATCH 'https://<<BigIP Management IP>>/mgmt/shared/iapp/blocks/<<block Id>>' -u <<userID>>:<<password>>For example:curl --insecure --data '{state:"UNBINDING"}' -X PATCH 'https://10.192.225.215/mgmt/shared/iapp/blocks/2f00771a-48c1-4c0d-a907-b586164177d7' -u admin:admin
- Wait at least two to three minutes before attempting to execute the following command so to check the status of the iApp block. Repeat this command until the status value changes toERROR/UNBOUND.curl --insecure -XGET 'https://<<BigIP Management IP>>/mgmt/shared/iapp/blocks?$select=state,id&$filter=id%20eq%20%27<<Block Id>>%27' -u <<userID>>:<<password>> | python -m json.toolIn this example, theidthat was noted down in Step 2 is:2f00771a-48c1-4c0d-a907-b586164177d7.curl --insecure -XGET 'https://10.192.225.215/mgmt/shared/iapp/blocks?$select=state,id&$filter=id%20eq%20%272f00771a-48c1-4c0d-a907-b586164177d7%27' -u admin:admin | python -m json.tool
- Enter the following command to delete the iApp block. The block must be inERORstate before executing this command. Refer to step 16 to check the block state.curl --insecure -X DELETE 'https://<<BigIP Management IP>>/mgmt/shared/iapp/blocks/2f00771a-48c1-4c0d-a907-b586164177d7' -u <<userID>>:<<password>>For example:curl --insecure -X DELETE 'https://10.192.225.215/mgmt/shared/iapp/blocks/2f00771a-48c1-4c0d-a907-b586164177d7' -u admin:admin
You have now cleaned the device of SSL
Orchestrator deployments. Log in to the BIG-IP and start using SSL Orchestrator by
clicking .
Upgrading from F5 SSL Orchestrator versions 14.0.x using recovery
procedure with Applications LX menu access
To upgrade from SSL Orchestrator versions 14.0.x
while you have access to the
Applications
LX
menu, follow the procedure in this section to cleanup your
environment. When you complete this procedure your environment will be clean and you can
log in to BIG-IP and start using SSL Orchestrator Guided Configuration by clicking
. - Login to BIG-IP and navigate to .
- Select all deployed SSL Orchestrator applications in the table.
- ClickUndeploy.
- Delete all SSL Orchestrator applications which have the below template type:
- f5-ssl-orchestrator-storage
- f5-ssl-orchestrator-network
- f5-ssl-orchestrator-policy
- f5-ssl-orchestrator-service
- f5-ssl-orchestrator-tls
- f5-ssl-orchestrator
- Click . The Package Management LX screen opens.
- Select thef5-iappslx-ssl-orchestratorpackage and clickuninstall.
You have now cleaned the device of any SSL Orchestrator deployments. Log in to the
BIG-IP and start using SSL Orchestrator by clicking .
Upgrading from F5 SSL Orchestrator versions 14.0.x using recovery
procedure without Applications LX menu access
To upgrade from SSL Orchestrator versions
14.0.x and you do not have access to the
Applications LX
menu, follow the procedure in this section to cleanup
your environment. When you complete this procedure your environment will be clean and
you can log in to BIG-IP and start using SSL Orchestrator Guided Configuration by
clicking .- Enter the following command and note down thenameandid.curl --insecure -XGET 'https://<<BigIP Management IP>>/mgmt/shared/iapp/blocks?$select=id,name&$filter=configurationProcessorReference/link%20eq%20%27https://localhost/mgmt/shared/iapp/processors/f5-iappslx-ssl-orchestrator%27%20and%20state%20ne%20%27TEMPLATE%27' -u <<userID>>:<<password>> | python -m json.toolFor example, note down thenameandiddetails:[root@localhost:Active:Standalone] config # curl --insecure -XGET 'https://10.192.225.215/mgmt/shared/iapp/blocks?$select=id,name&$filter=configurationProcessorReference/link%20eq%20%27https://localhost/mgmt/shared/iapp/processors/f5-iappslx-ssl-orchestrator%27%20and%20state%20ne%20%27TEMPLATE%27' -u admin:admin | python -m json.tool % Total % Received % Xferd Average Speed Time Time Time Current . Dload Upload Total Spent Left Speed 100 257 100 257 0 0 1771 0 --:--:-- --:--:-- --:--:-- 1889 { "generation": 11569, "items": [ { "id": "c670eb32-89a5-4555-a2bf-e7a82c743ff6", "name": "sslo_TestSsloApp" } ], ..... }
- To delete and cleanup the forwarding database (FDB) entries, F5 recommends you first map the MAC addresses and VLAN names so to properly determine the TMUI command to delete the FDB entries. We recommend creating a table to track the required information.MAC AddressVLAN NameTMUI Command to delete FDB entry
- To retrieve all of the MAC addresses used for FDB entries, enter the following command and populate the table with the correct information.curl --insecure -XGET 'https://<<BigIP Management IP>>/mgmt/shared/iapp/blocks?$select=id,state,name,inputProperties/value/customService/serviceSpecific/macAddress,inputProperties/value/customService/serviceSpecific/vlan&$filter=configurationProcessorReference/link%20eq%20%27https://localhost/mgmt/shared/iapp/processors/f5-iappslx-ssl-orchestrator-service%27%20and%20inputProperties/value/customService/serviceType%20eq%20%27tap%27%20and%20%20state%20ne%20%27TEMPLATE%27' -u <<userID>>:<<password>> | python -m json.toolPopulate the table with the MAC addresses.MAC AddressVLAN NameTMUI Command to delete FDB entryfa:16:3e:cb:d1:8dfa:16:3e:5d:fe:58For example, the MAC address information would come from this source:[root@localhost:Active:Standalone] config # curl --insecure -XGET 'https://10.192.225.215/mgmt/shared/iapp/blocks?$select=id,state,name,inputProperties/value/customService/serviceSpecific/macAddress,inputProperties/value/customService/serviceSpecific/vlan&$filter=configurationProcessorReference/link%20eq%20%27https://localhost/mgmt/shared/iapp/processors/f5-iappslx-ssl-orchestrator-service%27%20and%20inputProperties/value/customService/serviceType%20eq%20%27tap%27%20and%20%20state%20ne%20%27TEMPLATE%27' -u admin:bigip123 | python -m json.tool % Total % Received % Xferd Average Speed Time Time Time Current . Dload Upload Total Spent Left Speed 100 645 100 645 0 0 752 0 --:--:-- --:--:-- --:--:-- 761 { "generation": 13107, "items": [ { "id": "9bf2efe3-db82-4c1a-8dd4-52bc23b9d5eb", "inputProperties": [ { "value": { "customService": { "serviceSpecific": { "macAddress": "fa:16:3e:5d:fe:58", "vlan": "/Common/ssloN_vLan3Sslo.app/ssloN_vLan3Sslo" } } } } ], "name": "ssloS_TapService_2", "state": "BOUND" }, { "id": "6e161941-826d-424e-865e-3defbfdfd116", "inputProperties": [ { "value": { "customService": { "serviceSpecific": { "macAddress": "fa:16:3e:cb:d1:8d", "vlan": "/Common/vLan1" } } } } ], "name": "ssloS_TapService", "state": "BOUND" } ], .... }
- To retrieve the VLAN names, enter the following command and populate the table with the correct information.curl --insecure -XGET 'https://<<BigIP Management IP>>/mgmt/tm/net/fdb/vlan?$select=name,records/name' -u <<userID>>:<<password>> | python -m json.toolUpdate the table with the VLAN name details.MAC AddressVLAN NameTMUI Command to delete FDB entryfa:16:3e:cb:d1:8dvLan1fa:16:3e:cb:d1:8dssloN_ssloVlan_1fa:16:3e:5d:fe:58ssloN_vLan3SsloIf the same MAC address is associated with multiple VLANs, note the multiple VLAN names against each of the MAC addresses.For example, the information would come from this source:[root@localhost:Active:Standalone] config # curl --insecure -XGET 'https://10.192.225.215/mgmt/tm/net/fdb/vlan?$select=name,records/name' -u admin:bigip123 | python -m json.tool % Total % Received % Xferd Average Speed Time Time Time Current . Dload Upload Total Spent Left Speed 100 372 100 372 0 0 1252 0 --:--:-- --:--:-- --:--:-- 1261 { "items": [ { "name": "ssloN_ssloVlan_1", "records": [ { "name": "fa:16:3e:cb:d1:8d" } ] }, { "name": "ssloN_vLan3Sslo", "records": [ { "name": "fa:16:3e:5d:fe:58" } ] }, { "name": "vLan1", "records": [ { "name": "fa:16:3e:cb:d1:8d" } ] }, { "name": "vLan2" }, { "name": "vLan3" }, { "name": "vLan4" } ], .... }
- Use the following command to build the delete commands for cleaning up the FDB entries and update the table.modify net fdb vlan <<vlan name>> records delete { <<macaddress>> }MAC AddressVLAN NameTMUI Command to delete FDB entryfa:16:3e:cb:d1:8dvLan1modify net fdb vlan vLan1 records delete { fa:16:3e:cb:d1:8d }fa:16:3e:cb:d1:8dssloN_ssloVlan_1modify net fdb vlan ssloN_ssloVlan_1.app/ssloN_ssloVlan_1 records delete {fa:16:3e:cb:d1:8d }fa:16:3e:5d:fe:58ssloN_vLan3Sslomodify net fdb vlan ssloN_vLan3Sslo.app/ssloN_vLan3Sslo records delete {fa:16:3e:5d:fe:58 }If you receive a strictness warning (Protcted/Unprotected Configurations) while deleting FDB entries, enter the following command and try to enter the delete command again.modify sys application service <<vLan Name>>.app/<<vLan Name>> strict-updates disabledFor example, the information would come from this source:root@(localhost)(cfg-sync Standalone)(Active)(/Common)(tmos)# modify net fdb vlan ssloN_vLan3Sslo.app/ssloN_vLan3Sslo records delete {fa:16:3e:5d:fe:58 } 010715bc:3: The application service (/Common/ssloN_vLan3Sslo.app/ssloN_vLan3Sslo) has strict updates enabled, the object (VLAN /Common/ssloN_vLan3Sslo.app/ssloN_vLan3Sslo) must be updated using an application management interface. root@(localhost)(cfg-sync Standalone)(Active)(/Common)(tmos)# modify sys application service ssloN_vLan3Sslo.app/ssloN_vLan3Sslo strict-updates disabled root@(localhost)(cfg-sync Standalone)(Active)(/Common)(tmos)# modify net fdb vlan ssloN_vLan3Sslo.app/ssloN_vLan3Sslo records delete {fa:16:3e:5d:fe:58 } root@(localhost)(cfg-sync Standalone)(Active)(/Common)(tmos)#
- Enter all of the delete commands for deleting FDB entries. For example:tms modify net fdb vlan vLan1 records delete { fa:16:3e:cb:d1:8d }tmsh modify net fdb vlan ssloN_ssloVlan_1.app/ssloN_ssloVlan_1 records delete {fa:16:3e:cb:d1:8d }tmsh modify net fdb vlan ssloN_vLan3Sslo.app/ssloN_vLan3Sslo records delete {fa:16:3e:5d:fe:58 }
- Enter the following command on the BIG-IP:tmshFor example:[root@localhost:Active:Standalone] config # tmshroot@(localhost)(cfg-sync Standalone)(Active)(/Common)(tmos)#
- Enter the following command and presstabto view the list of deployed application services. The resulting information from this step will be used in step 9.delete sys application serviceFor example:[root@localhost:Active:Standalone] config # tmsh root@(localhost)(cfg-sync Standalone)(Active)(/Common)(tmos)# delete sys application service Options: recursive Configuration Items: ssloN_ssloVlan_1.app/ ssloN_vLan3Sslo.app/ ssloS_HttpService.app/ ssloS_L2Service_1.app/ ssloS_L3Service_2.app/ ssloS_TapService_2.app/ ssloS_iCapService_2.app/ ssloT_sslSettings_1.app/ ssloN_vLan2Sslo.app/ ssloP_PRP1.app/ ssloS_HttpService_1.app/ ssloS_L3Service_1.app/ ssloS_TapService.app/ ssloS_iCapService_1.app/ ssloT_SSL3.app/ sslo_TestSsloApp.app/
- Populate a table based on the output from the command used in step 8. For example:
- Deployment App: Name which matches the format <<SSLO deployed App>>.app here <<SSLO deployed App>> is the name which is noted down in step 1.
- Policy App: Name which starts with ssloP_.
- Services App: Name which starts with ssloS_.
- Network App: Name which starts with ssloN_.
- SSL App: Name which starts with ssloT_.
Deployment AppPolicy AppServices AppNetwork AppSSL Appsslo_TestSsloApp.app/ssloP_PRP1.app/ssloS_HttpService.app/ssloS_L2Service_1.app/ssloS_L3Service_2.app/ssloS_TapService_2.app/ssloS_iCapService_2.app/ssloS_HttpService_1.app/ssloS_L3Service_1.app/ssloS_TapService.app/ssloS_iCapService_1.app/ssloN_ssloVlan_1.app/ssloN_vLan3Sslo.app/ssloN_vLan2Sslo.app/ssloT_SSL3.app/ssloT_sslSettings_1.app/ - Enter the following command for all of the apps listed in step 9.Make sure to enter the TMSH command before starting this step on the BIG-IP device.The order in which the commands are entered is important. F5 recommends that you start with Deployment App, followed by Policy App, and so on based on the suggested table headings.If a command fails due to a dependency, determine what the dependency is from the message and delete it before proceeding.delete sys application service <<appName>>/ <<press TAB to complete the command>>For example:root@(localhost)(cfg-sync Standalone)(Active)(/Common)(tmos)# delete sys application service sslo_TestSsloApp.app/sslo_TestSsloApp root@(localhost)(cfg-sync Standalone)(Active)(/Common)(tmos)# delete sys application service ssloP_PRP1.app/ssloP_PRP1 root@(localhost)(cfg-sync Standalone)(Active)(/Common)(tmos)# delete sys application service ssloS_HttpService.app/ssloS_HttpService root@(localhost)(cfg-sync Standalone)(Active)(/Common)(tmos)# delete sys application service ssloS_HttpService_1.app/ssloS_HttpService_1 root@(localhost)(cfg-sync Standalone)(Active)(/Common)(tmos)# delete sys application service ssloS_L2Service_1.app/ssloS_L2Service_1 root@(localhost)(cfg-sync Standalone)(Active)(/Common)(tmos)# delete sys application service ssloS_L3Service_2.app/ssloS_L3Service_2 root@(localhost)(cfg-sync Standalone)(Active)(/Common)(tmos)# delete sys application service ssloS_TapService_2 root@(localhost)(cfg-sync Standalone)(Active)(/Common)(tmos)# delete sys application service ssloS_TapService_2.app/ssloS_TapService_2 root@(localhost)(cfg-sync Standalone)(Active)(/Common)(tmos)# delete sys application service ssloS_iCapService_2.app/ssloS_iCapService_2 root@(localhost)(cfg-sync Standalone)(Active)(/Common)(tmos)# delete sys application service ssloS_L3Service_1.app/ssloS_L3Service_1 root@(localhost)(cfg-sync Standalone)(Active)(/Common)(tmos)# delete sys application service ssloS_TapService.app/ssloS_TapService root@(localhost)(cfg-sync Standalone)(Active)(/Common)(tmos)# delete sys application service ssloS_iCapService_1.app/ssloS_iCapService_1 root@(localhost)(cfg-sync Standalone)(Active)(/Common)(tmos)# delete sys application service ssloN_ssloVlan_1.app/ssloN_ssloVlan_1 root@(localhost)(cfg-sync Standalone)(Active)(/Common)(tmos)# delete sys application service ssloN_vLan3Sslo.app/ssloN_vLan3Sslo root@(localhost)(cfg-sync Standalone)(Active)(/Common)(tmos)# delete sys application service ssloN_vLan2Sslo.app/ssloN_vLan2Sslo root@(localhost)(cfg-sync Standalone)(Active)(/Common)(tmos)# delete sys application service ssloT_SSL3.app/ssloT_SSL3 root@(localhost)(cfg-sync Standalone)(Active)(/Common)(tmos)# delete sys application service ssloT_sslSettings_1.app/ssloT_sslSettings_1
- Enter the following command:curl --insecure -XGET 'https://<<BigIP Management IP>>mgmt/shared/iapp/blocks?$select=id,state,name&$filter=state%20eq%20%27*%27%20and%20state%20ne%20%27TEMPLATE%27' -u <<userID>>:<<password>> | python -m json.toolFor example:[root@localhost:Active:Standalone] config # curl --insecure -XGET 'https://10.192.225.215/mgmt/shared/iapp/blocks?$select=id,state,name&$filter=state%20eq%20%27*%27%20and%20state%20ne%20%27TEMPLATE%27' -u admin:admin | python -m json.tool % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 3550 100 3550 0 0 20938 0 --:--:-- --:--:-- --:--:-- 21005 { "generation": 46597, "items": [ { "id": "c670eb32-89a5-4555-a2bf-e7a82c743ff6", "name": "sslo_TestSsloApp", "state": "BOUND" }, { "id": "35947fc5-3152-4ee9-94be-d98cc3c32059", "name": "ssloT_sslSettings_1", "state": "BOUND" }, { "id": "c8ff1bcd-451a-4614-a9e0-8a3a02df7dc2", "name": "ssloS_L3Service_1", "state": "BOUND" }, { "id": "9bf2efe3-db82-4c1a-8dd4-52bc23b9d5eb", "name": "ssloS_TapService_2", "state": "BOUND" }, { "id": "22841137-9d38-4176-ad75-362748f7067b", "name": "ssloS_HttpService", "state": "BOUND" }, { "id": "0cf207ce-0460-49b3-b0f3-a140bb265fa9", "name": "ssloN_vLan3Sslo", "state": "BOUND" }, { "id": "aef17b81-929c-4c12-90e6-a70931952ff9", "name": "ssloT_SSL3", "state": "BOUND" }, { "id": "5c8f3039-d6cc-45db-88a1-6d030dac686b", "name": "7684d4ac-00d0-4f43-a0ba-921f459113bc-1538161044915", "state": "ERROR" }, { "id": "2f952eba-4331-4a3e-995d-644f5a01b045", "name": "ssloS_L3Service_2", "state": "BOUND" }, { "id": "46e05e4e-c350-4e33-8ffc-fa2671acac80", "name": "ssloS_iCapService_1", "state": "BOUND" }, { "id": "75800f9c-f8c8-46e4-9e71-1c7b11fff5fd", "name": "ssloN_vLan2Sslo", "state": "BOUND" }, { "id": "7684d4ac-00d0-4f43-a0ba-921f459113bc", "name": "ssloP_PRP1", "state": "BOUND" }, { "id": "41697b7c-c059-47f2-b13a-b574d2b858f8", "name": "ssloS_L2Service_1", "state": "BOUND" }, { "id": "e44a78c0-4efd-45cc-a3f1-a7d79302004e", "name": "ssloN_ssloVlan_1", "state": "BOUND" }, { "id": "e47a45fb-7422-4ab3-a59a-deafe257660c", "name": "ssloS_iCapService_2", "state": "BOUND" }, { "id": "69ba205f-e618-479e-b355-ae8010219b5f", "name": "ssloS_HttpService_1", "state": "BOUND" }, { "id": "6e161941-826d-424e-865e-3defbfdfd116", "name": "ssloS_TapService", "state": "BOUND" }, { "id": "df843553-dcbb-4239-a3f7-fbf4cf5ccf22", "name": "c670eb32-89a5-4555-a2bf-e7a82c743ff6-1538161044915", "state": "ERROR" }, { "id": "ab0584b4-e8dd-461d-a3c9-f7585c42fdc7", "name": "22841137-9d38-4176-ad75-362748f7067b-1538161044915", "state": "ERROR" }, { "id": "2037b09f-dfaf-4c60-bef9-52b7e1f74ba7", "name": "69ba205f-e618-479e-b355-ae8010219b5f-1538161044915", "state": "ERROR" }, { "id": "ead269a0-43a8-4fd4-88cf-471cd287a6d5", "name": "2f952eba-4331-4a3e-995d-644f5a01b045-1538161044915", "state": "ERROR" }, { "id": "38c5b1af-3f6b-4498-93fc-6380affd1483", "name": "41697b7c-c059-47f2-b13a-b574d2b858f8-1538161044915", "state": "ERROR" }, { "id": "1e97e0ff-955b-43f2-b43f-fa9f806273bc", "name": "9bf2efe3-db82-4c1a-8dd4-52bc23b9d5eb-1538161044915", "state": "ERROR" }, { "id": "f705eb0a-3e8e-4434-8bcc-8bd9135e5383", "name": "6e161941-826d-424e-865e-3defbfdfd116-1538161044915", "state": "ERROR" }, { "id": "3f31c864-d2ca-4b15-baf2-47f4d490f84c", "name": "c8ff1bcd-451a-4614-a9e0-8a3a02df7dc2-1538161044915", "state": "ERROR" }, { "id": "1356eb55-53c4-4eee-86a2-c647228d5cae", "name": "e47a45fb-7422-4ab3-a59a-deafe257660c-1538161044915", "state": "ERROR" }, { "id": "e778bcb2-697f-4238-a76d-169894304d44", "name": "46e05e4e-c350-4e33-8ffc-fa2671acac80-1538161044915", "state": "ERROR" }, { "id": "e75c0952-8838-4484-817d-2cded5d7e63c", "name": "35947fc5-3152-4ee9-94be-d98cc3c32059-1538161044915", "state": "ERROR" }, { "id": "f9c38383-a5a7-46fc-8fca-4196f021a64e", "name": "aef17b81-929c-4c12-90e6-a70931952ff9-1538161044915", "state": "ERROR" }, { "id": "d65877b5-20d2-4c81-9723-0151aa5a51a1", "name": "75800f9c-f8c8-46e4-9e71-1c7b11fff5fd-1538161044915", "state": "ERROR" }, { "id": "05131174-faf2-42a7-8b98-85718e4676d5", "name": "e44a78c0-4efd-45cc-a3f1-a7d79302004e-1538161044915", "state": "ERROR" }, { "id": "67a567c1-f711-45bc-94ac-232121030aa2", "name": "0cf207ce-0460-49b3-b0f3-a140bb265fa9-1538161044915", "state": "ERROR" } ], ..... }
- F5 recommends creating a table to track the required information based on the output from the command entered in step 11.IDStatePatch CommandDelete Command<<block Id>>BOUNDcurl --insecure --data '{state:"UNBINDING"}' -X PATCH 'https://<<BigIP Management IP>>/mgmt/shared/iapp/blocks/<<block Id>>' -u <<userID>>:<<password>>curl --insecure -X DELETE 'https://<<BigIP Management IP>>/mgmt/shared/iapp/blocks/<<block Id>>' -u <<userID>>:<<password>><<block Id>>ERRORNO NEED FOR ERRORFor example:IDStatePatch CommandDelete Commandc670eb32-89a5-4555-a2bf-e7a82c743ff6BOUNDcurl --insecure --data '{state:"UNBINDING"}' -X PATCH 'https://10.192.225.215/mgmt/shared/iapp/blocks/c670eb32-89a5-4555-a2bf-e7a82c743ff6'-u admin:admincurl --insecure -X DELETE 'https://10.192.225.215/mgmt/shared/iapp/blocks/c670eb32-89a5-4555-a2bf-e7a82c743ff6'-u admin:admin35947fc5-3152-4ee9-94be-d98cc3c32059BOUNDcurl --insecure --data '{state:"UNBINDING"}' -X PATCH 'https://10.192.225.215/mgmt/shared/iapp/blocks/35947fc5-3152-4ee9-94be-d98cc3c32059'-u admin:admincurl --insecure -X DELETE 'https://10.192.225.215/mgmt/shared/iapp/blocks/35947fc5-3152-4ee9-94be-d98cc3c32059'-u admin:adminc8ff1bcd-451a-4614-a9e0-8a3a02df7dc2BOUNDcurl --insecure --data '{state:"UNBINDING"}' -X PATCH 'https://10.192.225.215/mgmt/shared/iapp/blocks/c8ff1bcd-451a-4614-a9e0-8a3a02df7dc2'-u admin:admincurl --insecure -X DELETE 'https://10.192.225.215/mgmt/shared/iapp/blocks/c8ff1bcd-451a-4614-a9e0-8a3a02df7dc2'-u admin:admin9bf2efe3-db82-4c1a-8dd4-52bc23b9d5ebBOUNDcurl --insecure --data '{state:"UNBINDING"}' -X PATCH 'https://10.192.225.215/mgmt/shared/iapp/blocks/9bf2efe3-db82-4c1a-8dd4-52bc23b9d5eb'-u admin:admincurl --insecure -X DELETE 'https://10.192.225.215/mgmt/shared/iapp/blocks/9bf2efe3-db82-4c1a-8dd4-52bc23b9d5eb'-u admin:admin22841137-9d38-4176-ad75-362748f7067bBOUNDcurl --insecure --data '{state:"UNBINDING"}' -X PATCH 'https://10.192.225.215/mgmt/shared/iapp/blocks/22841137-9d38-4176-ad75-362748f7067b'-u admin:admincurl --insecure -X DELETE 'https://10.192.225.215/mgmt/shared/iapp/blocks/22841137-9d38-4176-ad75-362748f7067b'-u admin:admin0cf207ce-0460-49b3-b0f3-a140bb265fa9BOUNDcurl --insecure --data '{state:"UNBINDING"}' -X PATCH 'https://10.192.225.215/mgmt/shared/iapp/blocks/0cf207ce-0460-49b3-b0f3-a140bb265fa9'-u admin:admincurl --insecure -X DELETE 'https://10.192.225.215/mgmt/shared/iapp/blocks/0cf207ce-0460-49b3-b0f3-a140bb265fa9'-u admin:adminaef17b81-929c-4c12-90e6-a70931952ff9BOUNDcurl --insecure --data '{state:"UNBINDING"}' -X PATCH 'https://10.192.225.215/mgmt/shared/iapp/blocks/aef17b81-929c-4c12-90e6-a70931952ff9'-u admin:admincurl --insecure -X DELETE 'https://10.192.225.215/mgmt/shared/iapp/blocks/aef17b81-929c-4c12-90e6-a70931952ff9'-u admin:admin5c8f3039-d6cc-45db-88a1-6d030dac686bERRORcurl --insecure -X DELETE 'https://10.192.225.215/mgmt/shared/iapp/blocks/5c8f3039-d6cc-45db-88a1-6d030dac686b'-u admin:admin2f952eba-4331-4a3e-995d-644f5a01b045BOUNDcurl --insecure --data '{state:"UNBINDING"}' -X PATCH 'https://10.192.225.215/mgmt/shared/iapp/blocks/2f952eba-4331-4a3e-995d-644f5a01b045'-u admin:admincurl --insecure -X DELETE 'https://10.192.225.215/mgmt/shared/iapp/blocks/2f952eba-4331-4a3e-995d-644f5a01b045'-u admin:admin46e05e4e-c350-4e33-8ffc-fa2671acac80BOUNDcurl --insecure --data '{state:"UNBINDING"}' -X PATCH 'https://10.192.225.215/mgmt/shared/iapp/blocks/46e05e4e-c350-4e33-8ffc-fa2671acac80'-u admin:admincurl --insecure -X DELETE 'https://10.192.225.215/mgmt/shared/iapp/blocks/46e05e4e-c350-4e33-8ffc-fa2671acac80'-u admin:admin75800f9c-f8c8-46e4-9e71-1c7b11fff5fdBOUNDcurl --insecure --data '{state:"UNBINDING"}' -X PATCH 'https://10.192.225.215/mgmt/shared/iapp/blocks/75800f9c-f8c8-46e4-9e71-1c7b11fff5fd'-u admin:admincurl --insecure -X DELETE 'https://10.192.225.215/mgmt/shared/iapp/blocks/75800f9c-f8c8-46e4-9e71-1c7b11fff5fd'-u admin:admin7684d4ac-00d0-4f43-a0ba-921f459113bcBOUNDcurl --insecure --data '{state:"UNBINDING"}' -X PATCH 'https://10.192.225.215/mgmt/shared/iapp/blocks/7684d4ac-00d0-4f43-a0ba-921f459113bc'-u admin:admincurl --insecure -X DELETE 'https://10.192.225.215/mgmt/shared/iapp/blocks/7684d4ac-00d0-4f43-a0ba-921f459113bc'-u admin:admin41697b7c-c059-47f2-b13a-b574d2b858f8BOUNDcurl --insecure --data '{state:"UNBINDING"}' -X PATCH 'https://10.192.225.215/mgmt/shared/iapp/blocks/41697b7c-c059-47f2-b13a-b574d2b858f8'-u admin:admincurl --insecure -X DELETE 'https://10.192.225.215/mgmt/shared/iapp/blocks/41697b7c-c059-47f2-b13a-b574d2b858f8'-u admin:admine44a78c0-4efd-45cc-a3f1-a7d79302004eBOUNDcurl --insecure --data '{state:"UNBINDING"}' -X PATCH 'https://10.192.225.215/mgmt/shared/iapp/blocks/e44a78c0-4efd-45cc-a3f1-a7d79302004e'-u admin:admincurl --insecure -X DELETE 'https://10.192.225.215/mgmt/shared/iapp/blocks/e44a78c0-4efd-45cc-a3f1-a7d79302004e'-u admin:admine47a45fb-7422-4ab3-a59a-deafe257660cBOUNDcurl --insecure --data '{state:"UNBINDING"}' -X PATCH 'https://10.192.225.215/mgmt/shared/iapp/blocks/e47a45fb-7422-4ab3-a59a-deafe257660c'-u admin:admincurl --insecure -X DELETE 'https://10.192.225.215/mgmt/shared/iapp/blocks/e47a45fb-7422-4ab3-a59a-deafe257660c'-u admin:admin69ba205f-e618-479e-b355-ae8010219b5fBOUNDcurl --insecure --data '{state:"UNBINDING"}' -X PATCH 'https://10.192.225.215/mgmt/shared/iapp/blocks/69ba205f-e618-479e-b355-ae8010219b5f'-u admin:admincurl --insecure -X DELETE 'https://10.192.225.215/mgmt/shared/iapp/blocks/69ba205f-e618-479e-b355-ae8010219b5f'-u admin:admin6e161941-826d-424e-865e-3defbfdfd116BOUNDcurl --insecure --data '{state:"UNBINDING"}' -X PATCH 'https://10.192.225.215/mgmt/shared/iapp/blocks/6e161941-826d-424e-865e-3defbfdfd116'-u admin:admincurl --insecure -X DELETE 'https://10.192.225.215/mgmt/shared/iapp/blocks/6e161941-826d-424e-865e-3defbfdfd116'-u admin:admindf843553-dcbb-4239-a3f7-fbf4cf5ccf22ERRORcurl --insecure -X DELETE 'https://10.192.225.215/mgmt/shared/iapp/blocks/df843553-dcbb-4239-a3f7-fbf4cf5ccf22'-u admin:adminab0584b4-e8dd-461d-a3c9-f7585c42fdc7ERRORcurl --insecure -X DELETE 'https://10.192.225.215/mgmt/shared/iapp/blocks/ab0584b4-e8dd-461d-a3c9-f7585c42fdc7'-u admin:admin2037b09f-dfaf-4c60-bef9-52b7e1f74ba7ERRORcurl --insecure -X DELETE 'https://10.192.225.215/mgmt/shared/iapp/blocks/2037b09f-dfaf-4c60-bef9-52b7e1f74ba7'-u admin:admin
You have now cleaned the
device of SSL Orchestrator deployments. Log in to the BIG-IP and start using SSL
Orchestrator by clicking .
