Applies To:Show Versions
F5 SSL Orchestrator
Setting up F5 Guided
Configuration for SSL Orchestrator
Overview: Setting up F5
Guided Configuration for SSL Orchestrator
F5 SSL Orchestrator recommended upgrade procedure
- Upgrade SSL Orchestrator from version 13.x.x, 14.0.x to 16.0.0 (forklift upgrade)
- Upgrade SSL Orchestrator from version 14.1.x, 15.x.x to 16.0.0
Upgrade SSL Orchestrator from version 13.x.x, 14.0.x to 16.0.0
- Export currently deployed SSL Orchestrator configurations (only for 13.x.x)
- Undeploy your currently deployed SSL Orchestrator application
- Uninstall SSL Orchestrator
deployed F5 SSL Orchestrator configurations
- Log in to SSL Orchestrator version 13.0.0-2.3 or 13.1.0-3.0.
- On the Main tab, clickto view the export configuration settings. The Export Configurations screen opens.If you do not have any previously saved deployments, no information displays.
- In theExport Configurationstable, select a previously deployed configuration.
- ClickExport.A dialog box pop-up opens showing the JSON configuration information to be exported and asksDo you wish to export the current SSL Orchestrator Configuration settings to a .json file?
- To export the current SSL Orchestrator settings into a JSON export file, clickOK, or clickCancelto stop the export process.
- Type the file name of the JSON file to export.
currently deployed F5 SSL Orchestrator application
- On the Main tab, click. The SSL Orchestrator Configuration screen opens.
- For SSL Orchestrator versions prior to 14.0.x-5.x, clickUndeploy.
- For SSL Orchestrator versions 14.1.x-5.x or higher, select the check box next to the name of the deployments you want to remove and clickDelete.
Uninstalling F5 SSL Orchestrator
- On the Main tab, click. The Updates screen opens.
- Under the Version field, clickUninstall.
- ClickOK.Do not click on any link underneath the SSL Orchestrator tab after you clickOKor the system will automatically reinstall.Your application is now removed from your system and you are ready to install the new BIG-IP 16.0.0 ISO image. Proceed to theInstalling the new BIG-IP ISOsection.
Upgrade SSL Orchestrator from version 14.1.x, 15.x.x to 16.0.0
- There should be no applications in Bound, Binding, or Error state when installing the new ISO or before booting to the new partition. There should not be any SSL Orchestrator blocks (block name starting with“sslo_ob_").To verify no issues exist, select. If there is anything in an error state (red icon), fix the deployment by correcting the configuration and redeploy. If there is anything in a bound state (green icon), select them all and clickUndeploy. Once they have been undeployed, select the same block and delete them. If there is anything in a binding state (moving icon), wait until it completes. If the block remains in that state, contact customer care to resolve.
- Perform a UCS backup before installing the new ISO. If any block is identified in Bound, Binding, Pending, or Error state, correct the issues before the UCS backup is performed.After an RPM upgrade from 14.1.x-5.0, 15.0.0-6.x, or 15.1.0-7.x to 16.0.0-8.0, previously existing egress topology configurations may contain incorrect egress settings and may result in a broken configuration. This error occurs after an RPM upgrade due to the system settings choosing either IPv4 or IPv6 when the topology workflow still allows a configuration to be created using both IPv4 and IPv6. To fix this conflict, update the configuration so that it is either using IPv4 or IPv6 and deploy the configuration again.
Installing the new
BIG-IP ISO image
- Go to https://downloads.f5.com for ISO image.
- To upload to BIG-IP SSL Orchestrator, on the Main tab, click. ClickImport.
- Onscreen, select the imported ISO image and clickInstall. The Install Software Image pop-up screen opens.
- In theVolume set namelist, type a Boot Location name or number.
- ClickInstall. The Images List screen opens.If necessary, click the browser Refresh button if the BIG-IP version 16.0.0 image does not appear in the Installed Images list.
Booting into the new partition
- On the Main tab, click. The Boot Locations screen appears.
- Click the Boot Location name you created in the Boot Location column for BIG-IP 16.0.0-8.0. TheGeneral Propertiesscreen opens.
- Select the boot location and clickActivate.
Provisioning the newly
- Use your previous SSL OrchestratorUsernameandPasswordto sign in. ClickLog in. The Welcome screen opens.
- On the Main tab, clickto provision the system. The Resource Provisioning screen opens.
- In theModulecolumn, locate SSL Orchestrator and select the check box in theProvisioningcolumn if it is not already checked. The Provisioning column will change fromNonetoNominalif the check box was not already checked.
- ClickOK. Your newly changed system will reboot the BIG-IP device as it provisions SSL Orchestrator.
Installing SSL Orchestrator RPM (on-box)
- Log into your BIG-IP using management UI.
- Click on SSL Orchestrator > Configuration menu.This operation will auto-install the on-box RPM.
Insatlling SSL Orchestrator RPM (not on-box)
- Download SSL Orchestrator RPM from https://downloads.f5.com.
- Log into your BIG-IP.
- Click onImportand select your RPM.
- ClickUpload. This will install the user selected RPM on the box.
Setting up F5 Guided Configuration for SSL Orechstrator logs
Setting up logs settings
- On the Main tab, click. The Logs Settings screen opens.
- If theEnablecheck box is not pre-selected, select the check box to see the available levels for each facility. The default severity is Debug.
- For each facility, you can select from the following log setting severities:
- Emergency: Specifies the emergency system panic messages.
- Alert: Serious errors that require administrator intervention.
- Critical: Critical errors, including hardware and filesystem failures.
- Error: Non-critical, but possibly very important, error messages.
- Warning: Warning messages that should at least be logged for review.
- Notice: Messages that contain useful information, but may be ignored.
- Information: Messages that contain useful information, but may be ignored.
- Debug: Messages that are only necessary for troubleshooting.