Manual Chapter : Using F5 SSL Orchestrator Preview Merge

Applies To:

F5 SSL Orchestrator

  • 21.0.0
back-action F5 Guided Configuration for SSL Orchestrator: Setup 21.0.0-13.0

Using F5 SSL Orchestrator Preview Merge

The Preview Merge option becomes available for previously deployed SSL Orchestrator configurations after a configuration is moved into the Unprotected Configuration mode. Once a configuration is unprotected, changes made in any of the following configuration topologies (steps) are available for review and merge configuration options:

  • Topology
  • SSL Configuration
  • Service
  • Interception Rule
  • System Settings

Note: After a configuration is in unprotected mode, the Preview Merge Config option appears even if no changes have been made.

The following content and steps provide information on when, and how, to use SSL Orchestrator’s Preview Merge feature.

After deploying a configuration for the first time, SSL Orchestrator returns to the main Configuration screen listing all deployed configurations. In the Protected/Unprotected Config… column, a lock is present in Protected mode. At this time, you may make out-of-band changes to your deployed configuration. Do the following to update an existing configuration and use the Preview Merge option:

  1. Click on the lock icon in the Protected/Unprotected Config… column. TheUnprotect Configuration? pop-up message appears which allows you to modify objects for this instance outside of Guided Configuration.

  2. Click OK to disable the lock so you may make unprotected configuration changes. Click Cancel to leave the configuration protected. When the lock is enabled, you may not make out-of-band changes to the configuration.

    Note: If you click OK, the configuration becomes Unprotected.

  3. With the configuration lock now disabled, click the Name of the unprotected configuration. The Summary screen appears and a greyed-out Preview Merge Config button becomes available. Out-of-band changes may now be made to this previously configured deployment.

  4. From the Summary screen, select one of the topology steps listed below and edit the configuration.

    Click Topology to edit and add additional content to the Description field that describes the configuration changes being made out-of-band. Click Save & Next. The SSL Configuration screen appears. Make additional configuration changes and click Save & Next. The Service screen appears. At the top of the screen, a message appears with the option to Deploy or Preview Merge Config.

    Note: Depending on which topology (step) you first select to update, the option to either Deploy or Preview Merge Config will appear as you move through the available steps.

  5. After making configuration changes to the available topologies (steps), the following message will appear at the top of the screen: Configuration has pending changes to deploy. Do you want to deploy now? The option to either Deploy or Preview Merge Config appears.

    Note: If you select Deploy, the updated out-of-band configuration will deploy without providing you with a configure merge preview. If you select Preview Merge Config, you may preview the configuration differences before deploying.

  6. Click Preview Merge Config. The Preview Merge Configuration screen appears. At the top of the screen, the Preview Merge step appears in the Guided Configuration menu after Summary.

  7. Preview the details between the two objects based on the drop-down list options available: Devices, Object Type, or Name:

    • Devices: The list of Devices in the High Availability (HA) pair. If you want to preview the merge differences between two HA paired objects, select the second device from this list.
    • Object Type: The different configuration object kind accessible from the Object Type list. Select an object type to compare the differences between the previous configuration and the current configuration.
    • Name: The list of device names accessible from the Name list will change based on the selected object type selected in the Object Type list. If there is only one object name for a selected object type, the Name list will only show the name associated with that object type.

  8. The Preview Merge Configuration screen also provides two views:

    • Previously deployed configuration (deployed object with changes made out of SSL Orchestrator UI)
    • Currently deployed configuration (objects as deployed from SSL Orchestrator UI)

  9. As you preview the details between the two objects, color coded lines will indicate differences between the two configurations:

    • Blue highlight: Indicates differences between the previous configuration and the current configuration.
    • Green highlight: Indicates information that is in only one of the configurations but not in the other.
    • Red highlight: Indicates information that has been deleted from the previous configuration. Note: False negative indicators may appear at times as changed in the diff view (for example, a SSL Orchestrator configuration may show 0.0.0.0%0/0 while the configuration from MCP will be 0.0.0.0/0). In addition, certain sub-collection data may not be able to be viewed (for example, profiles attached to virtual).

  10. After reviewing the configuration details, click Deploy. The Deploy pop-up screen appears: Any out-of-band changes previously made will be retained. To overwrite with the SSL Orchestrator generated configuration, select Overwrite Changes before you click Deploy.

  11. Perform one of the following options:

    • Select the Overwrite Changes check box and click Deploy if you want to overwrite with the SSL Orchestrator generated configuration.
    • Click Deploy (leaving the Overwrite Changes check box unselected) if you want the retain the currently deployed configuration.

  12. After selecting Deploy for either option above, the Success pop-up message appears: Deployment was successfully completed. Click OK. SSL Orchestrator returns to the main Configuration screen listing all deployed configurations.

  13. If you selected the Overwrite Changes check box and click Deploy, there is a potential for drift to occur (there may still be some changes that have not yet been integrated). Click on the Name of the configuration. The Summary screen appears.

    • If the Preview Merge Config button remains greyed-out, continue with the next step.
    • If the Preview Merge Config button is no longer present (and only the Deploy button is available), the configuration merge was successful and does not contain potential drift.

  14. From the Summary screen, select Log Settings to edit. The Log Settings screen appears.

  15. From the Per-Request Policy list, select Alert and Save & Next. The Summary screen appears with the Preview Merge Config button now available.

  16. Click Preview Merge Config. The Preview Merge screen appears.

  17. Click Deploy after reviewing the changes. The Deploy pop-up message appears: Any out-of-band changes previously made will be retained. To overwrite with the SSL Orchestrator generated configuration, select Overwrite Changes before you click Deploy.

  18. This time, do not select the Overwrite Changes check box and click Deploy. The Success pop-up message appears: Deployment was successfully completed.

  19. Click OK. SSL Orchestrator returns to the main Configuration screen listing all deployed configurations. The configuration lock for your configuration is again enabled and set to Protected.

  20. Click on the Name of the protected configuration. The Summary screen appears and the Preview Merge Config button is no longer visible as an option.

You have successfully merged the configurations and re-deployed.