Manual Chapter : Using F5 SSL Orchestrator Preview Merge

Applies To:

Show Versions Show Versions

F5 SSL Orchestrator

  • 16.0.0
Manual Chapter

Using F5 SSL Orchestrator Preview Merge

Overview: About F5 SSL Orchestrator Preview Merge

The
Preview Merge
option becomes available for previously deployed SSL Orchestrator configurations after a configuration is moved into the
Unprotected Configuration
mode. Once a configuration is unprotected, changes made in any of the following configuration topologies (steps) are available for review and merge configuration options:
  • Topology
  • SSL Configuration
  • Service
  • Interception Rule
  • System Settings
After a configuration is in unprotected mode, the
Preview Merge Config
option appears even if no changes have been made.

Using the Preview Merge Configuration

The following content and steps provide information on when, and how, to use SSL Orchestrator’s
Preview Merge
feature.
After deploying a configuration for the first time, SSL Orchestrator returns to the main Configuration screen listing all deployed configurations. In the
Protected/Unprotected Config…
column, a lock is present in
Protected
mode. At this time, you may make out-of-band changes to your deployed configuration. Do the following to update an existing configuration and use the
Preview Merge
option:
  1. Click on the lock icon in the
    Protected/Unprotected Config…
    column. The
    Unprotect Configuration?
    pop-up message appears which allows you to modify objects for this instance outside of Guided Configuration.
  2. Click
    OK
    to disable the lock so you may make unprotected configuration changes. Click
    Cancel
    to leave the configuration protected. When the lock is enabled, you may not make out-of-band changes to the configuration.
    If you click
    OK
    , the configuration becomes
    Unprotected
    .
  3. With the configuration lock now disabled, click the Name of the unprotected configuration. The Summary screen appears and a greyed-out
    Preview Merge Config
    button becomes available. Out-of-band changes may now be made to this previously configured deployment.
  4. From the Summary screen, select one of the topology steps listed below and edit the configuration.
    Click
    Topology
    to edit and add additional content to the
    Description
    field that describes the configuration changes being made out-of-band. Click
    Save & Next
    . The SSL Configuration screen appears. Make additional configuration changes and click
    Save & Next
    . The Service screen appears. At the top of the screen, a message appears with the option to
    Deploy
    or
    Preview Merge Config
    .
    Depending on which topology (step) you first select to update, the option to either
    Deploy
    or
    Preview Merge Config
    will appear as you move through the available steps.
  5. After making configuration changes to the available topologies (steps), the following message will appear at the top of the screen:
    Configuration has pending changes to deploy. Do you want to deploy now?
    The option to either
    Deploy
    or
    Preview Merge Config
    appears.
    If you select
    Deploy
    , the updated out-of-band configuration will deploy without providing you with a configure merge preview. If you select
    Preview Merge Config
    , you may preview the configuration differences before deploying.
  6. Click
    Preview Merge Config
    . The Preview Merge Configuration screen appears. At the top of the screen, the Preview Merge step appears in the Guided Configuration menu after Summary.
  7. Preview the details between the two objects based on the drop-down list options available:
    Devices
    ,
    Object Type
    , or
    Name
    :
    • Devices
      : The list of
      Devices
      in the High Availability (HA) pair. If you want to preview the merge differences between two HA paired objects, select the second device from this list.
    • Object Type
      : The different configuration object kind accessible from the
      Object Type
      list. Select an object type to compare the differences between the previous configuration and the current configuration.
    • Name
      : The list of device names accessible from the
      Name
      list will change based on the selected object type selected in the
      Object Type
      list. If there is only one object name for a selected object type, the
      Name
      list will only show the name associated with that object type.
  8. The Preview Merge Configuration screen also provides two views:
    • Previously deployed configuration (deployed object with changes made out of SSL Orchestrator UI)
    • Currently deployed configuration (objects as deployed from SSL Orchestrator UI)
  9. As you preview the details between the two objects, color coded lines will indicate differences between the two configurations:
    • Blue highlight
      : Indicates differences between the previous configuration and the current configuration.
    • Green highlight
      : Indicates information that is in only one of the configurations but not in the other.
    • Red highlight
      : Indicates information that has been deleted from the previous configuration.
    False negative indicators may appear at times as changed in the diff view (for example, a SSL Orchestrator configuration may show 0.0.0.0%0/0 while the configuration from MCP will be 0.0.0.0/0). In addition, certain sub-collection data may not be able to be viewed (for example, profiles attached to virtual).
  10. After reviewing the configuration details, click
    Deploy
    . The Deploy? pop-up screen appears:
    Any changes previously made while in Unprotected Configuration will be lost. To retain out-of-band changes, select
    Merge Changes
    before you click
    Deploy
    .
  11. Perform one of the following options:
    • Select the
      Merge Changes
      check box and click
      Deploy
      if you want to merge configurations and retain out-of-band changes.
    • Click
      Deploy
      (leaving the Merge Changes check box unselected) if you want the retain the currently deployed configuration.
  12. After selecting
    Deploy
    for either option above, the Success pop-up message appears:
    Deployment was successfully completed
    . Click
    OK
    . SSL Orchestrator returns to the main Configuration screen listing all deployed configurations.
  13. If you selected the
    Merge Changes
    check box and click
    Deploy
    , there is a potential for drift to occur (there may still be some changes that have not yet been integrated). Click on the Name of the configuration. The Summary screen appears.
    • If the
      Preview Merge Config
      button remains greyed-out, continue with the next step.
    • If the
      Preview Merge Config
      button is no longer present (and only the
      Deploy
      button is available), the configuration merge was successful and does not contain potential drift.
  14. From the Summary screen, select
    Log Settings
    to edit. The Log Settings screen appears.
  15. From the
    Per-Request Policy
    list, select
    Alert
    and
    Save & Next
    . The Summary screen appears with the
    Preview Merge Config
    button now available.
  16. Click
    Preview Merge Config
    . The Preview Merge screen appears.
  17. Click
    Deploy
    after reviewing the changes. The Deploy? pop-up message appears:
    Any changes previously made while in Unprotected Configuration will be lost. To retain out-of-band changes, select Merge Changes before you click Deploy
    .
  18. This time, do not select the
    Merge Changes
    check box and click
    Deploy
    . The Success pop-up message appears:
    Deployment was successfully completed
    .
  19. Click
    OK
    . SSL Orchestrator returns to the main Configuration screen listing all deployed configurations. The configuration lock for your configuration is again enabled and set to
    Protected
    .
  20. Click on the Name of the protected configuration. The Summary screen appears and the
    Preview Merge Config
    button is no longer visible as an option.
You have successfully merged the configurations and re-deployed.