Manual Chapter : Using the HA synchronization CLI procedure

Applies To:

Show Versions Show Versions

F5 SSL Orchestrator

  • 16.0.0
Manual Chapter

Using the HA synchronization CLI procedure

Below is the usage for the
ha-sync
script:
# ./ha-sync -h BIG-IP HA sync repair helper Usage: ha-sync [OPTIONS]... -d, --dryrun Dry-run (simulation) mode -D, --devicegroup NAME Specifies the HA device group name. Default: HA_GROUP --diagnostic Runs a diagnostic and attempts to detect possible HA sync problems -f, --force Enforces a more coercive HA sync (see README for details) -h, --help Displays help text -H, --host HA_PEER Specifies the HA sync peer -l, --localonly Attempts a local repair only, without touching the remote HA peer -m, --manual Manual (step-by-step) mode -t, --target [NAMES]... Specifies the HA sync target(s) [ALL MCP REST]. Default: ALL -v, --verbose Provides additional (debug) information -V, --version Displays the current version of this script Examples: ha-sync -H 10.192.228.78 ha-sync -H 10.192.228.78 -d -m ha-sync -H 10.192.228.78 -d -m -f -t mcp
The following is an example of running the
ha-sync
script:
./ha-sync -H $HA_PEER
The
$HA_PEER
should point or be replaced with the IP address of the remote BIG-IP HA peer device. This command should perform the required HA-sync initialization of the REST framework, on both BIG-IP HA peer devices, local and remote.
The
ha-sync
CLI options and their description:
Options
Description
-d, --dryrun
Simulation mode
: displays the internal commands without actually running them.
-D, --devicegroup
Specifies the HA device group name. Default:
HA_GROUP
.
--diagnostic
Runs a diagnostic and attempts to detect possible HA sync problems.
-h, --help
Displays help text.
-H, --host
Specifies the remote HA sync peer (_required parameter_).
-f, --force
Enforces a more
coercive
HA sync (e.g. a
full
vs.
incremental
sync). See related details in the
Frameworks
section.
-l, --localonly
Attempts a local repair only, without touching the remote HA peer.
-m, --manual
Manual (step-by-step) mode
: each command is followed by a
Press any key to continue
... prompt, before proceeding with the next command.
-t, --target
Specifies the HA sync target(s) (
ALL, MCP, REST
). Default:
ALL
. Multiple HA sync targets are supported. The targets are sync'ed in the order specified.
-v, --verbose
Provides detailed debug information.
-V, --version
Displays the current version of the
ha-sync
script.
The following is an example of a
verbose
,
manual
, and
dryrun
invocation of the
ha-sync
script (sample output shown):
./ha-sync -H 10.192.228.78 -d -m -v debug: check_env(): Checking passwordless SSH access to remote HA peer 10.192.228.78... debug: check_env(): Successful passwordless SSH access to remote HA peer 10.192.228.78! info: Starting MCP HA sync... info: Initiating CM Config-Sync locally... tmsh run cm config-sync to-group HA_GROUP Press any key to continue... info: MCP HA sync completed! info: Starting REST Framework HA sync... info: Stopping restjavad locally... bigstart stop restjavad Press any key to continue... info: Stopping restjavad on 10.192.228.78... ssh -o BatchMode=yes 10.192.228.78 bigstart stop restjavad Press any key to continue... info: Removing REST Framework storage on 10.192.228.78... ssh -o BatchMode=yes 10.192.228.78 rm -rf /var/config/rest/storage Press any key to continue... ...
The advantage of a
manual
and
step-by-step
run is that the user can copy/paste and invoke the commands at will, while also testing the results, etc.

Using the diagnostics capability

Below is an example of using the diagnostics capability of the
ha-sync
script:
ha-sync --diagnostic -H 10.192.28.52 info: Retrieving platform versions locally... info: Retrieving platform versions on remote HA peer [10.192.28.52]... info: Starting MCP diagnostic... info: Starting REST framework diagnostic... info: Retrieving device/machine IDs locally... info: Retrieving device/machine IDs on remote HA peer [10.192.28.52]... info: Checking REST framework device groups locally... info: Checking REST framework device groups on remote HA peer [10.192.28.52] ... info: No problems detected!

Performing local-only repairs

The
ha-sync
script can be invoked with the
--localonly
(or
-l
) option parameter to exclusively attempt a local repair of the REST framework, without touching the remote HA peer:
./ha-sync -l
The
ha-sync
script is
idempotent
in terms of yielding consistent results with successive runs.