Applies To:Show Versions
F5 SSL Orchestrator
- 17.0.0, 16.1.3, 16.1.1, 16.1.0, 16.0.1, 16.0.0
Overview: SSL Orchestrator High Availability Diagnostics and
- Review prerequisites
- Revert the effect of ssh-copy-id and removing the passwordless SSH access (optional)
- Use the HA synchronization CLI procedure
- Use the diagnostics capability
- Perform local-only repairs
- Support HA data synchronization for BIG-IP frameworks
- REST Framework
- Theha-syncscript requirespasswordless SSH accessfrom the local BIG-IP device, where the script runs, to the remote BIG-IP HA peer. See theReverting the effect of ssh-copy-id and removing the passwordless SSH accesssection below for the procedural steps. This can also be set up by following the instructions in K13454: Configuring SSH public key authentication on BIG-IP systems (11.x - 15.x).
- The following is a summary (procedure) of the aforementioned article. Run the following commands on the BIG-IP device where theha-syncscript would be executed. (Replace$HA_PEERwith the IP address of the remote HA peer device).ssh-keygen ssh-copy-id -i ~/.ssh/id_rsa.pub $(whoami)@$HA_PEER
Reverting the effect of ssh-copy-id and removing the passwordless SSH
- SSH into the BIG-IP device where ssh-copy-id has been invoked.
- Identify the public key used with ssh-copy-id:cat ~/.ssh/id_rsa.pub.
- SSH into the remote HA peer (where the related key has been copied).
- Edit the /root/.ssh/authorized_keys file and remove the line containing the key retrieved in step 2.