Manual Chapter : Completing Post-Upgrade Tasks

Applies To:

Show Versions Show Versions

BIG-IQ Centralized Management

  • 7.0.0
Manual Chapter

Completing Post-Upgrade Tasks

Add the Standby BIG-IQ to the Active BIG-IQ

After you upgrade your F5 BIG-IQ Centralized Management systems in an HA configuration, you can re-associate the standby BIG-IQ with the active BIG-IQ.
Add the standby BIG-IQ to the primary BIG-IQ to re-establish the high availability configuration.
  1. Log in to active BIG-IQ system with your administrator user name and password.
  2. At the top of the screen, click
    System
    .
  3. On the left, click
    BIG-IQ HA
    .
  4. Click the
    Add Standby
    button.
  5. In the
    IP Address
    field, type the discovery address you want to set up as the standby BIG-IQ.
    This is the same IP address the peers in a high availability configuration use to communicate.
  6. Type the administrative
    Username
    and
    Password
    for the system.
  7. Type the
    Root Password
    for the system.
  8. Click the
    Add
    button to add this device to this high availability configuration.
Even though you can log in to the standby BIG-IQ after the you re-establish the HA configuration, the system continues some database re-indexing processes in the background. For larger configurations, that can take up to an hour. If you perform any searches on objects before it's done re-indexing, BIG-IQ might not return the expected results.
After the HA configuration is re-established, you'll be automatically logged out of the active BIG-IQ for a few minutes while the standby BIG-IQ restarts.
After the standby BIG-IQ restarts, you can log back into the primary BIG-IQ.

Upgrade BIG-IQ Version 5.4 applications

If you created applications using BIG-IQ version 5.4, you need to upgrade those applications to version 6.0 to enable the HTTP statistics collection and additional functionalities.
Perform this procedure separately for each application.
HTTP statistics collection is available only to applications managed by BIG-IP version 13.1.0.5 or later. If an earlier version of BIG-IP software manages the application, you do not need to enable HTTP statistics collection.
  1. At the top of the screen, select
    Applications
    , then on the left side of the screen click
    APPLICATIONS
    <Application Name>
    ).
    The selected application's screen opens.
  2. At the right, bottom on the screen, click
    Upgrade
    .
    The Upgrade 5.4 Application screen opens.
  3. Click
    Continue
    to upgrade the application.
  4. Once the upgrade is complete, click the
    Navigate to evaluation
    link to deploy the updated application.
    You can also manually navigate to
    Deployment
    EVALUATE & DEPLOY
    Local Traffic & Network
    and select the upgrade evaluation name in the Evaluations area list.
    The View Evaluation screen opens.
  5. From the Deployment area in the center of the screen, click
    Deploy Now
    .
    The upgraded application now appears in the Deployments area list of the Evaluate and Deploy - Local Traffic & Network screen.
  6. To enable HTTP statistics collection, return to the application properties screen,
    Applications
    APPLICATIONS
    <Application Name>
    .
    After a successful upgrade, a
    Save
    button replaces the
    Upgrade
    button.
  7. Click the
    Properties
    button at the center, left side of the screen.
  8. Click
    CONFIGURATION
    at the center of the screen.
  9. In the
    HTTP Statistics Collection
    area, click the
    Enable
    button.
    HTTP statistics collection is available only to applications that are managed by BIG-IP version 13.1.0.5 or later.
  10. Repeat this task for each application that needs upgrading.

Run the post upgrade process

After you upgrade the devices in your DCD cluster and the BIG-IQ primary and secondary system, you need to complete the post-upgrade processing.
Perform this task on the primary BIG-IQ system.
  1. At the top of the screen, click
    System
    , then, on the left, click
    BIG-IQ DATA COLLECTION
    and then select
    BIG-IQ Data Collection Devices
    .
    The first time you access this screen after performing an upgrade, it triggers a dialog box that prompts you to start the post upgrade processing tasks.
  2. Click
    Continue
    .
    The BIG-IQ system is returning the devices in your DCD cluster to their pre-upgrade state. This includes restoring the data snapshot. If you have a substantial amount of data, data snapshot restoration takes an extended amount of time.
  3. Once the post upgrade processing is complete, click
    System
    BIG-IQ DATA COLLECTION
    BIG-IQ Data Collection Devices
    and confirm that each service you had enabled before the upgrade is still enabled. If there are any services that are not enabled, re-enable them now.
    1. To activate the services you want to monitor on each DCD, on the BIG-IQ Data Collection Devices screen, in the Services column, click
      Add Services
      .
      The Services screen for the data collection device opens.
    2. For the service you want to add, confirm that the
      Listener Address
      specifies the correct self IP address on the data collection device, and then click
      Activate
      .
      For Web Application Security, you can resolve insecure connection issues between devices and the Centralized Policy Builder. To establish a secure connection, click
      Enable
      under the Secure Policy Builder field.
      When the service is successfully added, the
      Service Status
      changes to
      Active
      .
Once your cluster is back online, rediscover your devices and re-discover their services to complete the upgrade.

What are my options for re-discovering and re-importing devices?

After you upgrade F5 BIG-IQ Centralized Management, you must re-discover and re-import services for your managed devices so you can start managing those devices with the new features introduced in this release. You can do this in bulk, or you do it for each device and service individually.
Regardless of which option you choose, you specify how to handle any conflict between objects in the BIG-IQ system's working configuration.
  • When you re-discover and re-import in bulk, all conflicts are resolved the in the same way.
  • When you re-discover devices and re-import services manually, you specify how to resolve conflicts on an individual basis.

Re-discover and re-import services in bulk

After you upgrade F5 BIG-IQ Centralized Management, you must rediscover and re-import services for your managed devices so you can start managing those devices with the new features introduced in this release. Use this procedure to re-discover and re-import services in bulk. You'll have the option to decide how to manage any conflict between objects in the BIG-IQ system's working configuration and objects in the same way for each type of object.
If you upgraded a BIG-IQ system that's managing BIG-IP devices running Network Security or Web App Security services, you'll see evaluation differences for the default logging profile objects imported from BIG-IP devices (global-network, log all requests, log illegal requests, and local-dos). This is expected because the new version of BIG-IQ imports information about default logging profiles that were not present in the previous version. After you complete the upgrade to the latest version and re-import your Network Security or Web Application Security service, these differences should no longer occur.
  1. At the top of the screen, click
    Devices
    .
  2. Select the check box next to the devices for which you want to rediscover and reimport services.
  3. Click the
    More
    button and select
    Re-discover and Re-import
    .
  4. In the
    Name
    field, type a name for this task.
  5. For all of the Conflict Resolution Policies, we recommend you select
    Use BIG-IP
    , to replace any conflicting shared objects in its working configuration with the objects it's importing from the BIG-IP device.
    When you select
    Use BIG-IP
    to resolve conflicts, the BIG-IP device used to resolve those conflicts should appear last in the re-import list. If two or more BIG-IP devices contain the same object with different values, only the value in the last imported BIG-IP is used to resolve the conflict for all the BIG-IP devices.
  6. To create a snapshot of the BIG-IQ configuration before discovering and importing services, select the
    Snapshot
    check box if:.
    Clear this check box if you are adding devices that are in an access group you just created. If you don't, BIG-IQ won't be able to add the device(s).
  7. Click the
    Create
    button at the bottom of the screen.
After the services re-import, devices displays in the BIG-IP Devices inventory list with their services. You can now manage these BIG-IP devices from BIG-IQ.

Re-import and re-discover services individually

After you upgrade F5 BIG-IQ Centralized Management, you must re-discover and re-import services for your managed devices so you can start managing those devices with the new features introduced in this release. Use this procedure to re-discover and re-import services for each device, and handle any conflict any conflict between objects in the BIG-IQ system's working configuration on an individual bases from the Services screen.
  1. At the top of the screen, click
    Devices
    .
  2. Click the name of the BIG-IP device you want to re-discover and re-import services for.
  3. On the left, click
    Service
    .
  4. Select the
    Create a snapshot of the current configuration before importing
    check box for each service you want a snapshot of.
  5. Click the
    Re-discover
    button for each service this BIG-IP device is licensed for.
    BIG-IQ re-discovers the service.
  6. Click the
    Re-import
    button for each service this BIG-IP device is licensed for.
  7. For all of the Conflict Resolution Policies, we recommend you select
    Use BIG-IP
    , to replace any conflicting shared objects in its working configuration with the objects it's importing from the BIG-IP device.
After the services re-import, this device displays in the BIG-IP Devices inventory list with its services. You can now manage this BIG-IP device from BIG-IQ.

Install the vCenter host root certificate on BIG-IQ after upgrading

If you have a VMware service scaling group (SSG) associated with a vCenter certificate that is self-signed or untrusted, after you upgrade BIG-IQ Centralized Management, you'll need to re-add the vCenter host root certificate. For this procedure, you must have root access to the BIG-IQ system's command line.
Providing BIG-IQ the vCenter host root certificate ensures secure communication between BIG-IQ and the vCenter.
  1. From the BIG-IQ system's command line, copy the root certificate from the vCenter host cert
    /etc/vmware-sso/key/ssoserverRoot.crt
    file to the BIG-IQ system's
    /config/ssl/ssl.crt
    file.
  2. Type this command to create a symbolic link to this certificate using the certificate's hash:
    ln -s ssoserverRoot.crt `openssl x509 -hash -noout -in ssoserverRoot.crt`.0
    .
  3. Type this command to restart
    gunicorn
    :
    bigstart restart gunicorn

Reconfigure data retention and aggregation settings

If, prior to the upgrade, DCD statistics data collection retention or aggregation, these custom settings were not automatically retained over the upgrade process. Manually configure these data retention and aggregation settings, once your upgrade is complete.
  1. Go to
    System
    BIG-IQ DATA COLLECTION
    BIG-IQ Data Collection Cluster
    CONFIGURATION
    Statistics Data Collection
    .
  2. To configure previous retention settings, click
    Configure Retention
    .
    Once you complete this step, make sure to click
    Save & Close
    .
  3. To configure previous aggregation settings, click
    Configure Aggregation
    .
    Once you complete this step, make sure to click
    Save & Close
    .