Manual Chapter :
Upgrading from previous F5 SSL Orchestrator versions using the recovery procedure
Applies To:
Show Versions
F5 SSL Orchestrator
- 17.0.0, 16.1.3, 16.1.1, 16.1.0, 16.0.1, 16.0.0
Upgrading from previous F5 SSL Orchestrator versions using the recovery procedure
Overview: Upgrade from previous F5 SSL Orchestrator versions using
the recovery procedure
If you need to recover from a failed recommended upgrade procedure and still
need to undeploy your previous SSL Orchestrator deployments, as well as uninstall your
previous version of the application, manual steps are required to reset your environment
and undeploy the previous version.
Depending on your previous SSL Orchestrator version and current access to
the BIG-IP Applications LX menu, use one of the following upgrade paths:
- Upgrading from SSL Orchestrator versions 12.x.x, 13.x.x using recovery procedure
- Upgrading from SSL Orchestrator versions 14.0.x using recovery procedure with Applications LX menu access
- Upgrading from SSL Orchestrator versions 14.0.x using recovery procedure without Applications LX menu access
Upgrading from F5 SSL Orchestrator versions 12.x.x, 13.x.x using
recovery procedure
- Access to log on to the BIG-IP console as root or equivalent privileges.
- Access to user credentials so to enter a curl command.
To upgrade from SSL Orchestrator version
12.x.x or 13.x.x, follow the procedure in this section to cleanup your environment. When
you complete this procedure, your environment will be clean and you can log in to BIG-IP
and start using SSL Orchestrator Guided Configuration by clicking
. Steps to cleanup your environment:
- Cleaning up forwarding database (FDB) entries
- Cleaning up nodes
- Cleaning up iApp application service
- Either SSH to BIG-IP as a root user or as a user with equivalent or higher privileges.For example, SSHroot@<Management IP>.
- Enter the following command to get the SSL Orchestrator block and write down the value for theid,name, andstateattribute from the output of the command.curl --insecure -XGET 'https://<<BigIp management IP>>/mgmt/shared/iapp/blocks?$select=id,name,state&$filter=presentationHtmlReference/link%20eq%20%27https://localhost/iapps/f5-iappslx-ssl-orchestrator/index.html%27%20and%20state%20eq%20%27*%27%20and%20state%20ne%20%27TEMPLATE%27' -u <<userID>>:<<password>> | python -m json.toolFor example, note down the details:"id": "2f00771a-48c1-4c0d-a907-b586164177d7", "name": "ssloAppName", "state": "BOUND" [root@localhost:Active:Standalone] config # curl --insecure -XGET 'https://10.192.225.215/mgmt/shared/iapp/blocks?$select=id,name,state&$filter=presentationHtmlReference/link%20eq%20%27https://localhost/iapps/f5-iappslx-ssl-orchestrator/index.html%27%20and%20state%20eq%20%27*%27%20and%20state%20ne%20%27TEMPLATE%27' -u admin:admin | python -m json.tool % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 265 100 265 0 0 884 0 --:--:-- --:--:-- --:--:-- 904 { "generation": 57, "items": [ { "id": "2f00771a-48c1-4c0d-a907-b586164177d7", "name": "ssloAppName", "state": "BOUND" } ], .... }
- Cleaning up forwarding database (FDB) entries
- To delete and cleanup the FDB entries, F5 recommends that you first map the MAC addresses and VLAN names so to properly determine the TMUI command to delete the FDB entries. We recommend creating a table to track the required information.MAC AddressVLAN NameTMUI Command to delete FDB entry
- To retrieve the MAC addresses, enter the following command and populate the table with the correct information.curl --insecure -XGET 'https://<<BigIP Management IP>>/mgmt/shared/iapp/blocks?$select=id,name,inputProperties/value/receiveOnlyServices/macAddress&$filter=state%20eq%20%27*%27%20and%20state%20ne%20%27TEMPLATE%27' -u <<userID>>:<<password>>| python -m json.toolUpdate the table with the MAC address details.MAC AddressVLAN NameTMUI Command to delete FDB entry11:22:33:44:55:6677:88:99:11:22:33The MAC address information would come from this source:[root@localhost:Active:Standalone] config # curl --insecure -XGET 'https://10.192.225.215/mgmt/shared/iapp/blocks?$select=id,name,inputProperties/value/receiveOnlyServices/macAddress&$filter=state%20eq%20%27*%27%20and%20state%20ne%20%27TEMPLATE%27' -u admin:admin | python -m json.tool % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 390 100 390 0 0 2502 0 --:--:-- --:--:-- --:--:-- 2635 { "generation": 57, "items": [ { "id": "2f00771a-48c1-4c0d-a907-b586164177d7", "inputProperties": [ { "value": { "receiveOnlyServices": [ { "macAddress": "11:22:33:44:55:66" }, { "macAddress": "77:88:99:11:22:33" } ] } }, { "value": true } ], "name": "ssloAppName" } ], ....... }
- To retrieve the VLAN names, enter the following command and populate the table with the correct information.curl --insecure -XGET 'https://<<Big Ip Management IP>>/mgmt/tm/net/fdb/vlan?$select=name,records/name' -u <<User ID>>:<<Password>> | python -m json.toolUpdate the table with the VLAN name details.MAC AddressVLAN NameTMUI Command to delete FDB entry11:22:33:44:55:66v177:88:99:11:22:33v1Ignore "v3" because the mapped MAC address in not present in the above table.Ignore the MAC address fa:18:4a:ca:c1:4d from any "v1" VLAN name.The VLAN name information would come from this source:[root@localhost:Active:Standalone] config # curl --insecure -XGET 'https://10.192.225.215/mgmt/tm/net/fdb/vlan?$select=name,records/name' -u admin:admin | python -m json.tool % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 434 100 434 0 0 1254 0 --:--:-- --:--:-- --:--:-- 1280 { "items": [ { "name": "ssloAppName-70-0-D" }, { "name": "ssloAppName-70-0-S" }, { "name": "ssloAppName-71-0-D" }, { "name": "ssloAppName-71-0-S" }, { "name": "v1", "records": [ { "name": "11:22:33:44:55:66" }, { "name": "77:88:99:11:22:33" }, { "name": "fa:18:4a:ca:c1:4d" } ] }, { "name": "v2", }, { "name": "v3", "records": [ { "name": "fa:16:3e:cb:d1:8d" } ] }, { "name": "v4" } ], ...... }
- Use the following command to build the delete commands for cleaning up the FDB entries and update the table.modify net fdb vlan <<vlan name>> records delete { <<macaddress>> }Update the table with the delete command details.MAC AddressVLAN NameTMUI Command to delete FDB entry11:22:33:44:55:66v1modify net fdb vlan v1 records delete { 11:22:33:44:55:66 }77:88:99:11:22:33v1modify net fdb vlan v1 records delete { 77:88:99:11:22:33 }
- Enter all of the delete commands for deleting FDB entries. For example:tmsh modify net fdb vlan v1 records delete { 11:22:33:44:55:66 }tmsh modify net fdb vlan v1 records delete { 77:88:99:11:22:33 }
- Cleaning up nodes
- To delete the necessary nodes used in different services and objects created through the SSL Orchestrator application, you must identify the list of IP addresses that map to each node. F5 recommends you populate a table to track the information using information output from commands detailed in the steps below. For example:IP AddressTMUI command for deleting nodes
- Enter the following command and populate the table with the values in the IP address column. Ignore all duplicates when listing all IP addresses forexplicitProxyConfiguration,ingressDeviceEgressConfiguration,ingressDeviceConfiguration,egressDeviceEgressConfiguration, anddecryptZone.curl --insecure -XGET 'https://<<BigIP Management IP>>/mgmt/shared/iapp/blocks?$select=inputProperties/value/generalSection/ingressDeviceEgressConfiguration/ipv4OutboundGateways/ip,inputProperties/value/generalSection/ingressDeviceEgressConfiguration/ipv6OutboundGateways/ip,inputProperties/value/generalSection/egressDeviceEgressConfiguration/ipv4OutboundGateways/ip,inputProperties/value/generalSection/egressDeviceEgressConfiguration/ipv6OutboundGateways/ip&$filter=state%20eq%20%27*%27%20and%20state%20ne%20%27TEMPLATE%27' -u <<userID>>:<<password>> | python -m json.toolFor example:IP AddressTMUI command for deleting nodes90.90.90.9490.90.90.952001:0db8:85a3:0000:0000:8a2e:0370:7334TheexplicitProxyConfiguration,ingressDeviceEgressConfiguration,ingressDeviceConfiguration,egressDeviceEgressConfiguration, anddecryptZoneIP address information would come from this source:[root@localhost:Active:Standalone] config # curl --insecure -XGET 'https://10.192.225.215/mgmt/shared/iapp/blocks?$select=inputProperties/value/generalSection/ingressDeviceEgressConfiguration/ipv4OutboundGateways/ip,inputProperties/value/generalSection/ingressDeviceEgressConfiguration/ipv6OutboundGateways/ip,inputProperties/value/generalSection/egressDeviceEgressConfiguration/ipv4OutboundGateways/ip,inputProperties/value/generalSection/egressDeviceEgressConfiguration/ipv6OutboundGateways/ip&$filter=state%20eq%20%27*%27%20and%20state%20ne%20%27TEMPLATE%27' -u admin:admin | python -m json.tool % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 534 100 534 0 0 3144 0 --:--:-- --:--:-- --:--:-- 3296 { "generation": 57, "items": [ { "inputProperties": [ { "value": { "generalSection": { "egressDeviceEgressConfiguration": { "ipv4OutboundGateways": [ { "ip": "" } ], "ipv6OutboundGateways": [ { "ip": "" } ] }, "ingressDeviceEgressConfiguration": { "ipv4OutboundGateways": [ { "ip": "90.90.90.94" }, { "ip": "90.90.90.95" } ], "ipv6OutboundGateways": [ { "ip": "2001:0db8:85a3:0000:0000:8a2e:0370:7334" } ] } } } }, { "value": true } ] } ], "kind": "shared:iapp:blocks:blockcollectionstate", ...... }
- List all IP addresses forreceiveOnlyServicesand update the IP addresses in the table by entering the following command:curl --insecure -XGET 'https://<<BigIP Management IP>>/mgmt/shared/iapp/blocks?$select=inputProperties/value/receiveOnlyServices/ipAddress&$filter=state%20eq%20%27*%27%20and%20state%20ne%20%27TEMPLATE%27' -u <<userID>>:<<password>> | python -m json.toolFor example:IP AddressTMUI command for deleting nodes90.90.90.9490.90.90.952001:0db8:85a3:0000:0000:8a2e:0370:733410.10.10.1020.20.20.20ThereceiveOnlyServicesIP address information would come from this source:[root@localhost:Active:Standalone] config # curl --insecure -XGET 'https://10.192.225.215/mgmt/shared/iapp/blocks?$select=inputProperties/value/receiveOnlyServices/ipAddress&$filter=state%20eq%20%27*%27%20and%20state%20ne%20%27TEMPLATE%27' -u admin:admin | python -m json.tool % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 311 100 311 0 0 1800 0 --:--:-- --:--:-- --:--:-- 1884 { "generation": 57, "items": [ { "inputProperties": [ { "value": { "receiveOnlyServices": [ { "ipAddress": "10.10.10.10" }, { "ipAddress": "20.20.20.20" } ] } }, { "value": true } ] } ], "kind": "shared:iapp:blocks:blockcollectionstate", ...... }
- List all IP addresses foricapServicesand update the IP addresses in the table by entering the following command:curl --insecure -XGET 'https://<<BigIP Management IP>>/mgmt/shared/iapp/blocks?$select=inputProperties/value/icapServices/inspectionDevices/ipAddress,inputProperties/value/icapServices/backupItem/inspectionDevices/ipAddress&$filter=state%20eq%20%27*%27%20and%20state%20ne%20%27TEMPLATE%27' -u <<userID>>:<<password>> | python -m json.toolFor example:IP AddressTMUI command for deleting nodes90.90.90.9490.90.90.952001:0db8:85a3:0000:0000:8a2e:0370:733410.10.10.1020.20.20.2030.30.30.3040.40.40.4050.50.50.50TheicapServicesIP address information would come from this source:[root@localhost:Active:Standalone] config # curl --insecure -XGET 'https://10.192.225.215/mgmt/shared/iapp/blocks?$select=inputProperties/value/icapServices/inspectionDevices/ipAddress,inputProperties/value/icapServices/backupItem/inspectionDevices/ipAddress&$filter=state%20eq%20%27*%27%20and%20state%20ne%20%27TEMPLATE%27' -u <<userID>>:<<password>> | python -m json.tool % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 538 100 538 0 0 3987 0 --:--:-- --:--:-- --:--:-- 4014 { "generation": 57, "items": [ { "inputProperties": [ { "value": { "icapServices": [ { "backupItem": { "inspectionDevices": [ { "ipAddress": "30.30.30.30" }, { "ipAddress": "40.40.40.40" } ] }, "inspectionDevices": [ { "ipAddress": "30.30.30.30" }, { "ipAddress": "40.40.40.40" } ] }, { "backupItem": { "inspectionDevices": [ { "ipAddress": "50.50.50.50" } ] }, "inspectionDevices": [ { "ipAddress": "50.50.50.50" } ] } ] } }, { "value": true } ] } ], "kind": "shared:iapp:blocks:blockcollectionstate", ..... }
- Create the delete commands for cleaning up FDB entries and update the IP addresses in the table by entering the following command:delete ltm node <<IP Address>>For example:IP AddressTMUI command for deleting nodes90.90.90.94delete ltm node 90.90.90.9490.90.90.95delete ltm node 90.90.90.952001:0db8:85a3:0000:0000:8a2e:0370:7334delete ltm node 2001:0db8:85a3:0000:0000:8a2e:0370:733410.10.10.10delete ltm node 10.10.10.1020.20.20.20delete ltm node 20.20.20.2030.30.30.30delete ltm node 30.30.30.3040.40.40.40delete ltm node 40.40.40.4050.50.50.50delete ltm node 50.50.50.50
- Enter all of the delete commands built in the table.Ignore the following error message if any delete commands fail since the node may be getting used somewhere else."Node address '/Common/<<IP Address>>' is referenced by a member of pool '/Common/<<Pool Name>>'"Example of delete commands:tmsh delete ltm node 90.90.90.94 tmsh delete ltm node 90.90.90.95 tmsh delete ltm node 2001:0db8:85a3:0000:0000:8a2e:0370:7334 tmsh delete ltm node 10.10.10.10 tmsh delete ltm node 20.20.20.20 tmsh delete ltm node 30.30.30.30 tmsh delete ltm node 40.40.40.40 tmsh delete ltm node 50.50.50.50
- Cleaning up iApp application service
- Enter the following command using the SSL Orchestrator application name noted down in Step 4:tmsh delete sys application service <<SSLO App Name>>.app/<<SSLO App Name>>For example, "name":"ssloAppName" would look much like this:delete sys application service ssloAppName.app/ssloAppName
- Enter the following command while replacing the<<block id>>with theidvalue noted down in Step 2:curl --insecure --data '{state:"UNBINDING"}' -X PATCH 'https://<<BigIP Management IP>>/mgmt/shared/iapp/blocks/<<block Id>>' -u <<userID>>:<<password>>For example:curl --insecure --data '{state:"UNBINDING"}' -X PATCH 'https://10.192.225.215/mgmt/shared/iapp/blocks/2f00771a-48c1-4c0d-a907-b586164177d7' -u admin:admin
- Wait at least two to three minutes before attempting to execute the following command so to check the status of the iApp block. Repeat this command until the status value changes toERROR/UNBOUND.curl --insecure -XGET 'https://<<BigIP Management IP>>/mgmt/shared/iapp/blocks?$select=state,id&$filter=id%20eq%20%27<<Block Id>>%27' -u <<userID>>:<<password>> | python -m json.toolIn this example, theidthat was noted down in Step 2 is:2f00771a-48c1-4c0d-a907-b586164177d7.curl --insecure -XGET 'https://10.192.225.215/mgmt/shared/iapp/blocks?$select=state,id&$filter=id%20eq%20%272f00771a-48c1-4c0d-a907-b586164177d7%27' -u admin:admin | python -m json.tool
- Enter the following command to delete the iApp block. The block must be inERORstate before executing this command. Refer to step 16 to check the block state.curl --insecure -X DELETE 'https://<<BigIP Management IP>>/mgmt/shared/iapp/blocks/2f00771a-48c1-4c0d-a907-b586164177d7' -u <<userID>>:<<password>>For example:curl --insecure -X DELETE 'https://10.192.225.215/mgmt/shared/iapp/blocks/2f00771a-48c1-4c0d-a907-b586164177d7' -u admin:admin
You have now cleaned the device of SSL
Orchestrator deployments. Log in to the BIG-IP and start using SSL Orchestrator by
clicking
.Upgrading from F5 SSL Orchestrator versions 14.0.x using recovery
procedure with Applications LX menu access
To upgrade from SSL Orchestrator versions 14.0.x
while you have access to the
Applications
LX
menu, follow the procedure in this section to cleanup your
environment. When you complete this procedure your environment will be clean and you can
log in to BIG-IP and start using SSL Orchestrator Guided Configuration by clicking
. - Login to BIG-IP and navigate to.
- Select all deployed SSL Orchestrator applications in the table.
- ClickUndeploy.
- Delete all SSL Orchestrator applications which have the below template type:
- f5-ssl-orchestrator-storage
- f5-ssl-orchestrator-network
- f5-ssl-orchestrator-policy
- f5-ssl-orchestrator-service
- f5-ssl-orchestrator-tls
- f5-ssl-orchestrator
- Click. The Package Management LX screen opens.
- Select thef5-iappslx-ssl-orchestratorpackage and clickuninstall.
You have now cleaned the device of any SSL Orchestrator deployments. Log in to the
BIG-IP and start using SSL Orchestrator by clicking
.Upgrading from F5 SSL Orchestrator versions 14.0.x using recovery
procedure without Applications LX menu access
To upgrade from SSL Orchestrator versions
14.0.x and you do not have access to the
Applications LX
menu, follow the procedure in this section to cleanup
your environment. When you complete this procedure your environment will be clean and
you can log in to BIG-IP and start using SSL Orchestrator Guided Configuration by
clicking .- Enter the following command and note down thenameandid.curl --insecure -XGET 'https://<<BigIP Management IP>>/mgmt/shared/iapp/blocks?$select=id,name&$filter=configurationProcessorReference/link%20eq%20%27https://localhost/mgmt/shared/iapp/processors/f5-iappslx-ssl-orchestrator%27%20and%20state%20ne%20%27TEMPLATE%27' -u <<userID>>:<<password>> | python -m json.toolFor example, note down thenameandiddetails:[root@localhost:Active:Standalone] config # curl --insecure -XGET 'https://10.192.225.215/mgmt/shared/iapp/blocks?$select=id,name&$filter=configurationProcessorReference/link%20eq%20%27https://localhost/mgmt/shared/iapp/processors/f5-iappslx-ssl-orchestrator%27%20and%20state%20ne%20%27TEMPLATE%27' -u admin:admin | python -m json.tool % Total % Received % Xferd Average Speed Time Time Time Current . Dload Upload Total Spent Left Speed 100 257 100 257 0 0 1771 0 --:--:-- --:--:-- --:--:-- 1889 { "generation": 11569, "items": [ { "id": "c670eb32-89a5-4555-a2bf-e7a82c743ff6", "name": "sslo_TestSsloApp" } ], ..... }
- To delete and cleanup the forwarding database (FDB) entries, F5 recommends you first map the MAC addresses and VLAN names so to properly determine the TMUI command to delete the FDB entries. We recommend creating a table to track the required information.MAC AddressVLAN NameTMUI Command to delete FDB entry
- To retrieve all of the MAC addresses used for FDB entries, enter the following command and populate the table with the correct information.curl --insecure -XGET 'https://<<BigIP Management IP>>/mgmt/shared/iapp/blocks?$select=id,state,name,inputProperties/value/customService/serviceSpecific/macAddress,inputProperties/value/customService/serviceSpecific/vlan&$filter=configurationProcessorReference/link%20eq%20%27https://localhost/mgmt/shared/iapp/processors/f5-iappslx-ssl-orchestrator-service%27%20and%20inputProperties/value/customService/serviceType%20eq%20%27tap%27%20and%20%20state%20ne%20%27TEMPLATE%27' -u <<userID>>:<<password>> | python -m json.toolPopulate the table with the MAC addresses.MAC AddressVLAN NameTMUI Command to delete FDB entryfa:16:3e:cb:d1:8dfa:16:3e:5d:fe:58For example, the MAC address information would come from this source:[root@localhost:Active:Standalone] config # curl --insecure -XGET 'https://10.192.225.215/mgmt/shared/iapp/blocks?$select=id,state,name,inputProperties/value/customService/serviceSpecific/macAddress,inputProperties/value/customService/serviceSpecific/vlan&$filter=configurationProcessorReference/link%20eq%20%27https://localhost/mgmt/shared/iapp/processors/f5-iappslx-ssl-orchestrator-service%27%20and%20inputProperties/value/customService/serviceType%20eq%20%27tap%27%20and%20%20state%20ne%20%27TEMPLATE%27' -u admin:bigip123 | python -m json.tool % Total % Received % Xferd Average Speed Time Time Time Current . Dload Upload Total Spent Left Speed 100 645 100 645 0 0 752 0 --:--:-- --:--:-- --:--:-- 761 { "generation": 13107, "items": [ { "id": "9bf2efe3-db82-4c1a-8dd4-52bc23b9d5eb", "inputProperties": [ { "value": { "customService": { "serviceSpecific": { "macAddress": "fa:16:3e:5d:fe:58", "vlan": "/Common/ssloN_vLan3Sslo.app/ssloN_vLan3Sslo" } } } } ], "name": "ssloS_TapService_2", "state": "BOUND" }, { "id": "6e161941-826d-424e-865e-3defbfdfd116", "inputProperties": [ { "value": { "customService": { "serviceSpecific": { "macAddress": "fa:16:3e:cb:d1:8d", "vlan": "/Common/vLan1" } } } } ], "name": "ssloS_TapService", "state": "BOUND" } ], .... }
- To retrieve the VLAN names, enter the following command and populate the table with the correct information.curl --insecure -XGET 'https://<<BigIP Management IP>>/mgmt/tm/net/fdb/vlan?$select=name,records/name' -u <<userID>>:<<password>> | python -m json.toolUpdate the table with the VLAN name details.MAC AddressVLAN NameTMUI Command to delete FDB entryfa:16:3e:cb:d1:8dvLan1fa:16:3e:cb:d1:8dssloN_ssloVlan_1fa:16:3e:5d:fe:58ssloN_vLan3SsloIf the same MAC address is associated with multiple VLANs, note the multiple VLAN names against each of the MAC addresses.For example, the information would come from this source:[root@localhost:Active:Standalone] config # curl --insecure -XGET 'https://10.192.225.215/mgmt/tm/net/fdb/vlan?$select=name,records/name' -u admin:bigip123 | python -m json.tool % Total % Received % Xferd Average Speed Time Time Time Current . Dload Upload Total Spent Left Speed 100 372 100 372 0 0 1252 0 --:--:-- --:--:-- --:--:-- 1261 { "items": [ { "name": "ssloN_ssloVlan_1", "records": [ { "name": "fa:16:3e:cb:d1:8d" } ] }, { "name": "ssloN_vLan3Sslo", "records": [ { "name": "fa:16:3e:5d:fe:58" } ] }, { "name": "vLan1", "records": [ { "name": "fa:16:3e:cb:d1:8d" } ] }, { "name": "vLan2" }, { "name": "vLan3" }, { "name": "vLan4" } ], .... }
- Use the following command to build the delete commands for cleaning up the FDB entries and update the table.modify net fdb vlan <<vlan name>> records delete { <<macaddress>> }MAC AddressVLAN NameTMUI Command to delete FDB entryfa:16:3e:cb:d1:8dvLan1modify net fdb vlan vLan1 records delete { fa:16:3e:cb:d1:8d }fa:16:3e:cb:d1:8dssloN_ssloVlan_1modify net fdb vlan ssloN_ssloVlan_1.app/ssloN_ssloVlan_1 records delete {fa:16:3e:cb:d1:8d }fa:16:3e:5d:fe:58ssloN_vLan3Sslomodify net fdb vlan ssloN_vLan3Sslo.app/ssloN_vLan3Sslo records delete {fa:16:3e:5d:fe:58 }If you receive a strictness warning (Protcted/Unprotected Configurations) while deleting FDB entries, enter the following command and try to enter the delete command again.modify sys application service <<vLan Name>>.app/<<vLan Name>> strict-updates disabledFor example, the information would come from this source:root@(localhost)(cfg-sync Standalone)(Active)(/Common)(tmos)# modify net fdb vlan ssloN_vLan3Sslo.app/ssloN_vLan3Sslo records delete {fa:16:3e:5d:fe:58 } 010715bc:3: The application service (/Common/ssloN_vLan3Sslo.app/ssloN_vLan3Sslo) has strict updates enabled, the object (VLAN /Common/ssloN_vLan3Sslo.app/ssloN_vLan3Sslo) must be updated using an application management interface. root@(localhost)(cfg-sync Standalone)(Active)(/Common)(tmos)# modify sys application service ssloN_vLan3Sslo.app/ssloN_vLan3Sslo strict-updates disabled root@(localhost)(cfg-sync Standalone)(Active)(/Common)(tmos)# modify net fdb vlan ssloN_vLan3Sslo.app/ssloN_vLan3Sslo records delete {fa:16:3e:5d:fe:58 } root@(localhost)(cfg-sync Standalone)(Active)(/Common)(tmos)#
- Enter all of the delete commands for deleting FDB entries. For example:tms modify net fdb vlan vLan1 records delete { fa:16:3e:cb:d1:8d }tmsh modify net fdb vlan ssloN_ssloVlan_1.app/ssloN_ssloVlan_1 records delete {fa:16:3e:cb:d1:8d }tmsh modify net fdb vlan ssloN_vLan3Sslo.app/ssloN_vLan3Sslo records delete {fa:16:3e:5d:fe:58 }
- Enter the following command on the BIG-IP:tmshFor example:[root@localhost:Active:Standalone] config # tmshroot@(localhost)(cfg-sync Standalone)(Active)(/Common)(tmos)#
- Enter the following command and presstabto view the list of deployed application services. The resulting information from this step will be used in step 9.delete sys application serviceFor example:[root@localhost:Active:Standalone] config # tmsh root@(localhost)(cfg-sync Standalone)(Active)(/Common)(tmos)# delete sys application service Options: recursive Configuration Items: ssloN_ssloVlan_1.app/ ssloN_vLan3Sslo.app/ ssloS_HttpService.app/ ssloS_L2Service_1.app/ ssloS_L3Service_2.app/ ssloS_TapService_2.app/ ssloS_iCapService_2.app/ ssloT_sslSettings_1.app/ ssloN_vLan2Sslo.app/ ssloP_PRP1.app/ ssloS_HttpService_1.app/ ssloS_L3Service_1.app/ ssloS_TapService.app/ ssloS_iCapService_1.app/ ssloT_SSL3.app/ sslo_TestSsloApp.app/
- Populate a table based on the output from the command used in step 8. For example:
- Deployment App: Name which matches the format <<SSLO deployed App>>.app here <<SSLO deployed App>> is the name which is noted down in step 1.
- Policy App: Name which starts with ssloP_.
- Services App: Name which starts with ssloS_.
- Network App: Name which starts with ssloN_.
- SSL App: Name which starts with ssloT_.
Deployment AppPolicy AppServices AppNetwork AppSSL Appsslo_TestSsloApp.app/ssloP_PRP1.app/ssloS_HttpService.app/ssloS_L2Service_1.app/ssloS_L3Service_2.app/ssloS_TapService_2.app/ssloS_iCapService_2.app/ssloS_HttpService_1.app/ssloS_L3Service_1.app/ssloS_TapService.app/ssloS_iCapService_1.app/ssloN_ssloVlan_1.app/ssloN_vLan3Sslo.app/ssloN_vLan2Sslo.app/ssloT_SSL3.app/ssloT_sslSettings_1.app/ - Enter the following command for all of the apps listed in step 9.Make sure to enter the TMSH command before starting this step on the BIG-IP device.The order in which the commands are entered is important. F5 recommends that you start with Deployment App, followed by Policy App, and so on based on the suggested table headings.If a command fails due to a dependency, determine what the dependency is from the message and delete it before proceeding.delete sys application service <<appName>>/ <<press TAB to complete the command>>For example:root@(localhost)(cfg-sync Standalone)(Active)(/Common)(tmos)# delete sys application service sslo_TestSsloApp.app/sslo_TestSsloApp root@(localhost)(cfg-sync Standalone)(Active)(/Common)(tmos)# delete sys application service ssloP_PRP1.app/ssloP_PRP1 root@(localhost)(cfg-sync Standalone)(Active)(/Common)(tmos)# delete sys application service ssloS_HttpService.app/ssloS_HttpService root@(localhost)(cfg-sync Standalone)(Active)(/Common)(tmos)# delete sys application service ssloS_HttpService_1.app/ssloS_HttpService_1 root@(localhost)(cfg-sync Standalone)(Active)(/Common)(tmos)# delete sys application service ssloS_L2Service_1.app/ssloS_L2Service_1 root@(localhost)(cfg-sync Standalone)(Active)(/Common)(tmos)# delete sys application service ssloS_L3Service_2.app/ssloS_L3Service_2 root@(localhost)(cfg-sync Standalone)(Active)(/Common)(tmos)# delete sys application service ssloS_TapService_2 root@(localhost)(cfg-sync Standalone)(Active)(/Common)(tmos)# delete sys application service ssloS_TapService_2.app/ssloS_TapService_2 root@(localhost)(cfg-sync Standalone)(Active)(/Common)(tmos)# delete sys application service ssloS_iCapService_2.app/ssloS_iCapService_2 root@(localhost)(cfg-sync Standalone)(Active)(/Common)(tmos)# delete sys application service ssloS_L3Service_1.app/ssloS_L3Service_1 root@(localhost)(cfg-sync Standalone)(Active)(/Common)(tmos)# delete sys application service ssloS_TapService.app/ssloS_TapService root@(localhost)(cfg-sync Standalone)(Active)(/Common)(tmos)# delete sys application service ssloS_iCapService_1.app/ssloS_iCapService_1 root@(localhost)(cfg-sync Standalone)(Active)(/Common)(tmos)# delete sys application service ssloN_ssloVlan_1.app/ssloN_ssloVlan_1 root@(localhost)(cfg-sync Standalone)(Active)(/Common)(tmos)# delete sys application service ssloN_vLan3Sslo.app/ssloN_vLan3Sslo root@(localhost)(cfg-sync Standalone)(Active)(/Common)(tmos)# delete sys application service ssloN_vLan2Sslo.app/ssloN_vLan2Sslo root@(localhost)(cfg-sync Standalone)(Active)(/Common)(tmos)# delete sys application service ssloT_SSL3.app/ssloT_SSL3 root@(localhost)(cfg-sync Standalone)(Active)(/Common)(tmos)# delete sys application service ssloT_sslSettings_1.app/ssloT_sslSettings_1
- Enter the following command:curl --insecure -XGET 'https://<<BigIP Management IP>>mgmt/shared/iapp/blocks?$select=id,state,name&$filter=state%20eq%20%27*%27%20and%20state%20ne%20%27TEMPLATE%27' -u <<userID>>:<<password>> | python -m json.toolFor example:[root@localhost:Active:Standalone] config # curl --insecure -XGET 'https://10.192.225.215/mgmt/shared/iapp/blocks?$select=id,state,name&$filter=state%20eq%20%27*%27%20and%20state%20ne%20%27TEMPLATE%27' -u admin:admin | python -m json.tool % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 3550 100 3550 0 0 20938 0 --:--:-- --:--:-- --:--:-- 21005 { "generation": 46597, "items": [ { "id": "c670eb32-89a5-4555-a2bf-e7a82c743ff6", "name": "sslo_TestSsloApp", "state": "BOUND" }, { "id": "35947fc5-3152-4ee9-94be-d98cc3c32059", "name": "ssloT_sslSettings_1", "state": "BOUND" }, { "id": "c8ff1bcd-451a-4614-a9e0-8a3a02df7dc2", "name": "ssloS_L3Service_1", "state": "BOUND" }, { "id": "9bf2efe3-db82-4c1a-8dd4-52bc23b9d5eb", "name": "ssloS_TapService_2", "state": "BOUND" }, { "id": "22841137-9d38-4176-ad75-362748f7067b", "name": "ssloS_HttpService", "state": "BOUND" }, { "id": "0cf207ce-0460-49b3-b0f3-a140bb265fa9", "name": "ssloN_vLan3Sslo", "state": "BOUND" }, { "id": "aef17b81-929c-4c12-90e6-a70931952ff9", "name": "ssloT_SSL3", "state": "BOUND" }, { "id": "5c8f3039-d6cc-45db-88a1-6d030dac686b", "name": "7684d4ac-00d0-4f43-a0ba-921f459113bc-1538161044915", "state": "ERROR" }, { "id": "2f952eba-4331-4a3e-995d-644f5a01b045", "name": "ssloS_L3Service_2", "state": "BOUND" }, { "id": "46e05e4e-c350-4e33-8ffc-fa2671acac80", "name": "ssloS_iCapService_1", "state": "BOUND" }, { "id": "75800f9c-f8c8-46e4-9e71-1c7b11fff5fd", "name": "ssloN_vLan2Sslo", "state": "BOUND" }, { "id": "7684d4ac-00d0-4f43-a0ba-921f459113bc", "name": "ssloP_PRP1", "state": "BOUND" }, { "id": "41697b7c-c059-47f2-b13a-b574d2b858f8", "name": "ssloS_L2Service_1", "state": "BOUND" }, { "id": "e44a78c0-4efd-45cc-a3f1-a7d79302004e", "name": "ssloN_ssloVlan_1", "state": "BOUND" }, { "id": "e47a45fb-7422-4ab3-a59a-deafe257660c", "name": "ssloS_iCapService_2", "state": "BOUND" }, { "id": "69ba205f-e618-479e-b355-ae8010219b5f", "name": "ssloS_HttpService_1", "state": "BOUND" }, { "id": "6e161941-826d-424e-865e-3defbfdfd116", "name": "ssloS_TapService", "state": "BOUND" }, { "id": "df843553-dcbb-4239-a3f7-fbf4cf5ccf22", "name": "c670eb32-89a5-4555-a2bf-e7a82c743ff6-1538161044915", "state": "ERROR" }, { "id": "ab0584b4-e8dd-461d-a3c9-f7585c42fdc7", "name": "22841137-9d38-4176-ad75-362748f7067b-1538161044915", "state": "ERROR" }, { "id": "2037b09f-dfaf-4c60-bef9-52b7e1f74ba7", "name": "69ba205f-e618-479e-b355-ae8010219b5f-1538161044915", "state": "ERROR" }, { "id": "ead269a0-43a8-4fd4-88cf-471cd287a6d5", "name": "2f952eba-4331-4a3e-995d-644f5a01b045-1538161044915", "state": "ERROR" }, { "id": "38c5b1af-3f6b-4498-93fc-6380affd1483", "name": "41697b7c-c059-47f2-b13a-b574d2b858f8-1538161044915", "state": "ERROR" }, { "id": "1e97e0ff-955b-43f2-b43f-fa9f806273bc", "name": "9bf2efe3-db82-4c1a-8dd4-52bc23b9d5eb-1538161044915", "state": "ERROR" }, { "id": "f705eb0a-3e8e-4434-8bcc-8bd9135e5383", "name": "6e161941-826d-424e-865e-3defbfdfd116-1538161044915", "state": "ERROR" }, { "id": "3f31c864-d2ca-4b15-baf2-47f4d490f84c", "name": "c8ff1bcd-451a-4614-a9e0-8a3a02df7dc2-1538161044915", "state": "ERROR" }, { "id": "1356eb55-53c4-4eee-86a2-c647228d5cae", "name": "e47a45fb-7422-4ab3-a59a-deafe257660c-1538161044915", "state": "ERROR" }, { "id": "e778bcb2-697f-4238-a76d-169894304d44", "name": "46e05e4e-c350-4e33-8ffc-fa2671acac80-1538161044915", "state": "ERROR" }, { "id": "e75c0952-8838-4484-817d-2cded5d7e63c", "name": "35947fc5-3152-4ee9-94be-d98cc3c32059-1538161044915", "state": "ERROR" }, { "id": "f9c38383-a5a7-46fc-8fca-4196f021a64e", "name": "aef17b81-929c-4c12-90e6-a70931952ff9-1538161044915", "state": "ERROR" }, { "id": "d65877b5-20d2-4c81-9723-0151aa5a51a1", "name": "75800f9c-f8c8-46e4-9e71-1c7b11fff5fd-1538161044915", "state": "ERROR" }, { "id": "05131174-faf2-42a7-8b98-85718e4676d5", "name": "e44a78c0-4efd-45cc-a3f1-a7d79302004e-1538161044915", "state": "ERROR" }, { "id": "67a567c1-f711-45bc-94ac-232121030aa2", "name": "0cf207ce-0460-49b3-b0f3-a140bb265fa9-1538161044915", "state": "ERROR" } ], ..... }
- F5 recommends creating a table to track the required information based on the output from the command entered in step 11.IDStatePatch CommandDelete Command<<block Id>>BOUNDcurl --insecure --data '{state:"UNBINDING"}' -X PATCH 'https://<<BigIP Management IP>>/mgmt/shared/iapp/blocks/<<block Id>>' -u <<userID>>:<<password>>curl --insecure -X DELETE 'https://<<BigIP Management IP>>/mgmt/shared/iapp/blocks/<<block Id>>' -u <<userID>>:<<password>><<block Id>>ERRORNO NEED FOR ERRORFor example:IDStatePatch CommandDelete Commandc670eb32-89a5-4555-a2bf-e7a82c743ff6BOUNDcurl --insecure --data '{state:"UNBINDING"}' -X PATCH 'https://10.192.225.215/mgmt/shared/iapp/blocks/c670eb32-89a5-4555-a2bf-e7a82c743ff6'-u admin:admincurl --insecure -X DELETE 'https://10.192.225.215/mgmt/shared/iapp/blocks/c670eb32-89a5-4555-a2bf-e7a82c743ff6'-u admin:admin35947fc5-3152-4ee9-94be-d98cc3c32059BOUNDcurl --insecure --data '{state:"UNBINDING"}' -X PATCH 'https://10.192.225.215/mgmt/shared/iapp/blocks/35947fc5-3152-4ee9-94be-d98cc3c32059'-u admin:admincurl --insecure -X DELETE 'https://10.192.225.215/mgmt/shared/iapp/blocks/35947fc5-3152-4ee9-94be-d98cc3c32059'-u admin:adminc8ff1bcd-451a-4614-a9e0-8a3a02df7dc2BOUNDcurl --insecure --data '{state:"UNBINDING"}' -X PATCH 'https://10.192.225.215/mgmt/shared/iapp/blocks/c8ff1bcd-451a-4614-a9e0-8a3a02df7dc2'-u admin:admincurl --insecure -X DELETE 'https://10.192.225.215/mgmt/shared/iapp/blocks/c8ff1bcd-451a-4614-a9e0-8a3a02df7dc2'-u admin:admin9bf2efe3-db82-4c1a-8dd4-52bc23b9d5ebBOUNDcurl --insecure --data '{state:"UNBINDING"}' -X PATCH 'https://10.192.225.215/mgmt/shared/iapp/blocks/9bf2efe3-db82-4c1a-8dd4-52bc23b9d5eb'-u admin:admincurl --insecure -X DELETE 'https://10.192.225.215/mgmt/shared/iapp/blocks/9bf2efe3-db82-4c1a-8dd4-52bc23b9d5eb'-u admin:admin22841137-9d38-4176-ad75-362748f7067bBOUNDcurl --insecure --data '{state:"UNBINDING"}' -X PATCH 'https://10.192.225.215/mgmt/shared/iapp/blocks/22841137-9d38-4176-ad75-362748f7067b'-u admin:admincurl --insecure -X DELETE 'https://10.192.225.215/mgmt/shared/iapp/blocks/22841137-9d38-4176-ad75-362748f7067b'-u admin:admin0cf207ce-0460-49b3-b0f3-a140bb265fa9BOUNDcurl --insecure --data '{state:"UNBINDING"}' -X PATCH 'https://10.192.225.215/mgmt/shared/iapp/blocks/0cf207ce-0460-49b3-b0f3-a140bb265fa9'-u admin:admincurl --insecure -X DELETE 'https://10.192.225.215/mgmt/shared/iapp/blocks/0cf207ce-0460-49b3-b0f3-a140bb265fa9'-u admin:adminaef17b81-929c-4c12-90e6-a70931952ff9BOUNDcurl --insecure --data '{state:"UNBINDING"}' -X PATCH 'https://10.192.225.215/mgmt/shared/iapp/blocks/aef17b81-929c-4c12-90e6-a70931952ff9'-u admin:admincurl --insecure -X DELETE 'https://10.192.225.215/mgmt/shared/iapp/blocks/aef17b81-929c-4c12-90e6-a70931952ff9'-u admin:admin5c8f3039-d6cc-45db-88a1-6d030dac686bERRORcurl --insecure -X DELETE 'https://10.192.225.215/mgmt/shared/iapp/blocks/5c8f3039-d6cc-45db-88a1-6d030dac686b'-u admin:admin2f952eba-4331-4a3e-995d-644f5a01b045BOUNDcurl --insecure --data '{state:"UNBINDING"}' -X PATCH 'https://10.192.225.215/mgmt/shared/iapp/blocks/2f952eba-4331-4a3e-995d-644f5a01b045'-u admin:admincurl --insecure -X DELETE 'https://10.192.225.215/mgmt/shared/iapp/blocks/2f952eba-4331-4a3e-995d-644f5a01b045'-u admin:admin46e05e4e-c350-4e33-8ffc-fa2671acac80BOUNDcurl --insecure --data '{state:"UNBINDING"}' -X PATCH 'https://10.192.225.215/mgmt/shared/iapp/blocks/46e05e4e-c350-4e33-8ffc-fa2671acac80'-u admin:admincurl --insecure -X DELETE 'https://10.192.225.215/mgmt/shared/iapp/blocks/46e05e4e-c350-4e33-8ffc-fa2671acac80'-u admin:admin75800f9c-f8c8-46e4-9e71-1c7b11fff5fdBOUNDcurl --insecure --data '{state:"UNBINDING"}' -X PATCH 'https://10.192.225.215/mgmt/shared/iapp/blocks/75800f9c-f8c8-46e4-9e71-1c7b11fff5fd'-u admin:admincurl --insecure -X DELETE 'https://10.192.225.215/mgmt/shared/iapp/blocks/75800f9c-f8c8-46e4-9e71-1c7b11fff5fd'-u admin:admin7684d4ac-00d0-4f43-a0ba-921f459113bcBOUNDcurl --insecure --data '{state:"UNBINDING"}' -X PATCH 'https://10.192.225.215/mgmt/shared/iapp/blocks/7684d4ac-00d0-4f43-a0ba-921f459113bc'-u admin:admincurl --insecure -X DELETE 'https://10.192.225.215/mgmt/shared/iapp/blocks/7684d4ac-00d0-4f43-a0ba-921f459113bc'-u admin:admin41697b7c-c059-47f2-b13a-b574d2b858f8BOUNDcurl --insecure --data '{state:"UNBINDING"}' -X PATCH 'https://10.192.225.215/mgmt/shared/iapp/blocks/41697b7c-c059-47f2-b13a-b574d2b858f8'-u admin:admincurl --insecure -X DELETE 'https://10.192.225.215/mgmt/shared/iapp/blocks/41697b7c-c059-47f2-b13a-b574d2b858f8'-u admin:admine44a78c0-4efd-45cc-a3f1-a7d79302004eBOUNDcurl --insecure --data '{state:"UNBINDING"}' -X PATCH 'https://10.192.225.215/mgmt/shared/iapp/blocks/e44a78c0-4efd-45cc-a3f1-a7d79302004e'-u admin:admincurl --insecure -X DELETE 'https://10.192.225.215/mgmt/shared/iapp/blocks/e44a78c0-4efd-45cc-a3f1-a7d79302004e'-u admin:admine47a45fb-7422-4ab3-a59a-deafe257660cBOUNDcurl --insecure --data '{state:"UNBINDING"}' -X PATCH 'https://10.192.225.215/mgmt/shared/iapp/blocks/e47a45fb-7422-4ab3-a59a-deafe257660c'-u admin:admincurl --insecure -X DELETE 'https://10.192.225.215/mgmt/shared/iapp/blocks/e47a45fb-7422-4ab3-a59a-deafe257660c'-u admin:admin69ba205f-e618-479e-b355-ae8010219b5fBOUNDcurl --insecure --data '{state:"UNBINDING"}' -X PATCH 'https://10.192.225.215/mgmt/shared/iapp/blocks/69ba205f-e618-479e-b355-ae8010219b5f'-u admin:admincurl --insecure -X DELETE 'https://10.192.225.215/mgmt/shared/iapp/blocks/69ba205f-e618-479e-b355-ae8010219b5f'-u admin:admin6e161941-826d-424e-865e-3defbfdfd116BOUNDcurl --insecure --data '{state:"UNBINDING"}' -X PATCH 'https://10.192.225.215/mgmt/shared/iapp/blocks/6e161941-826d-424e-865e-3defbfdfd116'-u admin:admincurl --insecure -X DELETE 'https://10.192.225.215/mgmt/shared/iapp/blocks/6e161941-826d-424e-865e-3defbfdfd116'-u admin:admindf843553-dcbb-4239-a3f7-fbf4cf5ccf22ERRORcurl --insecure -X DELETE 'https://10.192.225.215/mgmt/shared/iapp/blocks/df843553-dcbb-4239-a3f7-fbf4cf5ccf22'-u admin:adminab0584b4-e8dd-461d-a3c9-f7585c42fdc7ERRORcurl --insecure -X DELETE 'https://10.192.225.215/mgmt/shared/iapp/blocks/ab0584b4-e8dd-461d-a3c9-f7585c42fdc7'-u admin:admin2037b09f-dfaf-4c60-bef9-52b7e1f74ba7ERRORcurl --insecure -X DELETE 'https://10.192.225.215/mgmt/shared/iapp/blocks/2037b09f-dfaf-4c60-bef9-52b7e1f74ba7'-u admin:admin
You have now cleaned the
device of SSL Orchestrator deployments. Log in to the BIG-IP and start using SSL
Orchestrator by clicking
.