Manual Chapter : Completing Post-Upgrade Tasks
Applies To:Show Versions
BIG-IQ Centralized Management
Completing Post-Upgrade Tasks
Add the Standby BIG-IQ to the Active BIG-IQ
After you upgrade your F5 BIG-IQ Centralized Management systems in an HA configuration, you can re-associate the standby BIG-IQ with the active BIG-IQ.
Add the standby BIG-IQ to the primary BIG-IQ to re-establish the high availability configuration.
- Log in to active BIG-IQ system with your administrator user name and password.
- At the top of the screen, clickSystem.
- On the left, clickBIG-IQ HA.
- Click theAdd Standbybutton.
- In theIP Addressfield, type the discovery address you want to set up as the standby BIG-IQ.This is the same IP address the peers in a high availability configuration use to communicate.IPv6 short form addresses are not supported.
- Type the local administrativeUsernameandPasswordfor the system.
- Type theRoot Passwordfor the system.
- Click theAddbutton to add this device to this high availability configuration.
Even though you can log in to the standby BIG-IQ after the you re-establish the HA configuration, the system continues some database re-indexing processes in the background. For larger configurations, that can take up to an hour. If you perform any searches on objects before it's done re-indexing, BIG-IQ might not return the expected results.
After the HA configuration is re-established, you'll be automatically logged out of the active BIG-IQ for a few minutes while the standby BIG-IQ restarts.
After the standby BIG-IQ restarts, you can log back into the primary BIG-IQ.
Upgrade BIG-IQ Version 5.4 applications
If you created applications using BIG-IQ version 5.4, you need to upgrade those applications to version 6.0 to enable the HTTP statistics collection and additional functionalities.
Perform this procedure separately for each application.
HTTP statistics collection is available only to applications managed by BIG-IP version 184.108.40.206 or later. If an earlier version of BIG-IP software manages the application, you do not need to enable HTTP statistics collection.
- At the top of the screen, selectApplications, then on the left side of the screen click ).The selected application's screen opens.
- At the right, bottom on the screen, clickUpgrade.The Upgrade 5.4 Application screen opens.
- ClickContinueto upgrade the application.
- Once the upgrade is complete, click theNavigate to evaluationlink to deploy the updated application.You can also manually navigate toand select the upgrade evaluation name in the Evaluations area list.The View Evaluation screen opens.
- From the Deployment area in the center of the screen, clickDeploy Now.The upgraded application now appears in the Deployments area list of the Evaluate and Deploy - Local Traffic & Network screen.
- To enable HTTP statistics collection, return to the application properties screen,.After a successful upgrade, aSavebutton replaces theUpgradebutton.
- Click thePropertiesbutton at the center, left side of the screen.
- ClickCONFIGURATIONat the center of the screen.
- In theHTTP Statistics Collectionarea, click theEnablebutton.HTTP statistics collection is available only to applications that are managed by BIG-IP version 220.127.116.11 or later.
- Repeat this task for each application that needs upgrading.
Run the post upgrade process
After you upgrade the devices in your DCD cluster and the BIG-IQ primary and secondary system, you need to complete the post-upgrade processing.
Perform this task on the primary BIG-IQ system.
- At the top of the screen, clickSystem, then, on the left, clickBIG-IQ DATA COLLECTIONand then selectBIG-IQ Data Collection Devices.The first time you access this screen after performing an upgrade, it triggers a dialog box that prompts you to start the post upgrade processing tasks.
- ClickContinue.The BIG-IQ system is returning the devices in your DCD cluster to their pre-upgrade state. This includes restoring the data snapshot. If you have a substantial amount of data, data snapshot restoration takes an extended amount of time.
- Once the post upgrade processing is complete, clickand confirm that each service you had enabled before the upgrade is still enabled. If there are any services that are not enabled, re-enable them now.
- To activate the services you want to monitor on each DCD, on the BIG-IQ Data Collection Devices screen, in the Services column, clickAdd Services.The Services screen for the data collection device opens.
- For the service you want to add, confirm that theListener Addressspecifies the correct self IP address on the data collection device, and then clickActivate.For Web Application Security, you can resolve insecure connection issues between devices and the Centralized Policy Builder. To establish a secure connection, clickEnableunder the Secure Policy Builder field.When the service is successfully added, theService Statuschanges toActive.
Once your cluster is back online, rediscover your devices and re-discover their services to complete the upgrade.
What are my options for re-discovering and re-importing devices?
After you upgrade F5 BIG-IQ Centralized Management, you must re-discover and re-import services for your managed devices so you can start managing those devices with the new features introduced in this release. You can do this in bulk, or you do it for each device and service individually.
Regardless of which option you choose, you specify how to handle any conflict between objects in the BIG-IQ system's working configuration.
- When you re-discover and re-import in bulk, all conflicts are resolved the in the same way.
- When you re-discover devices and re-import services manually, you specify how to resolve conflicts on an individual basis.
re-import services in bulk
After you upgrade F5 BIG-IQ Centralized Management, you must rediscover and re-import services for your managed devices so you can start managing those devices with the new features introduced in this release. Use this procedure to re-discover and re-import services in bulk. You'll have the option to decide how to manage any conflict between objects in the BIG-IQ system's working configuration and objects in the same way for each type of object.
If you upgraded a BIG-IQ system that's managing BIG-IP devices running Network Security or Web App Security services, you'll see evaluation differences for the default logging profile objects imported from BIG-IP devices (global-network, log all requests, log illegal requests, and local-dos). This is expected because the new version of BIG-IQ imports information about default logging profiles that were not present in the previous version. After you complete the upgrade to the latest version and re-import your Network Security or Web Application Security service, these differences should no longer occur.
- At the top of the screen, clickDevices.
- Select the check box next to the devices for which you want to rediscover and reimport services.
- Click theMorebutton and selectRe-discover and Re-import.
- In theNamefield, type a name for this task.
- For all of the Conflict Resolution Policies, we recommend you selectUse BIG-IP, to replace any conflicting shared objects in its working configuration with the objects it's importing from the BIG-IP device.When you selectUse BIG-IPto resolve conflicts, the BIG-IP device used to resolve those conflicts should appear last in the re-import list. If two or more BIG-IP devices contain the same object with different values, only the value in the last imported BIG-IP is used to resolve the conflict for all the BIG-IP devices.
- To create a snapshot of the BIG-IQ configuration before discovering and importing services, select theSnapshotcheck box.Clear this check box if you are adding devices that are in an access group you just created. If you don't, BIG-IQ won't be able to add the device(s).
- Click theCreatebutton at the bottom of the screen.
After the services re-import, devices displays in the BIG-IP Devices inventory list with their services. You can now manage these BIG-IP devices from BIG-IQ.
Re-import and re-discover services individually
After you upgrade F5 BIG-IQ Centralized Management, you must re-discover and re-import services for your managed devices so you can start managing those devices with the new features introduced in this release. Use this procedure to re-discover and re-import services for each device, and handle any conflict any conflict between objects in the BIG-IQ system's working configuration on an individual bases from the Services screen.
- At the top of the screen, clickDevices.
- Click the name of the BIG-IP device you want to re-discover and re-import services for.
- On the left, clickService.
- Select theCreate a snapshot of the current configuration before importingcheck box for each service you want a snapshot of.
- Click theRe-discoverbutton for each service this BIG-IP device is licensed for.BIG-IQ re-discovers the service.
- Click theRe-importbutton for each service this BIG-IP device is licensed for.
- For all of the Conflict Resolution Policies, we recommend you selectUse BIG-IP, to replace any conflicting shared objects in its working configuration with the objects it's importing from the BIG-IP device.
After the services re-import, this device displays in the BIG-IP Devices inventory list with its services. You can now manage this BIG-IP device from BIG-IQ.
Install the vCenter host root certificate on BIG-IQ after upgrading
If you have a VMware service scaling group (SSG) associated with a vCenter certificate that is self-signed or untrusted, after you upgrade BIG-IQ Centralized Management, you'll need to re-add the vCenter host root certificate. For this procedure, you must have root access to the BIG-IQ system's command line.
Providing BIG-IQ the vCenter host root certificate ensures secure communication between BIG-IQ and the vCenter.
- From the BIG-IQ system's command line, copy the root certificate from the vCenter host cert/etc/vmware-sso/key/ssoserverRoot.crtfile to the BIG-IQ system's/config/ssl/ssl.crtfile.
- Type this command to create a symbolic link to this certificate using the certificate's hash:ln -s ssoserverRoot.crt `openssl x509 -hash -noout -in ssoserverRoot.crt`.0.
- Type this command to restartgunicorn:bigstart restart gunicorn
Reconfigure data retention and aggregation settings
If, prior to the upgrade, DCD statistics data collection retention or aggregation, these custom settings were not automatically retained over the upgrade process. Manually configure these data retention and aggregation settings, once your upgrade is complete.
- Go to.
- To configure previous retention settings, clickConfigure Retention.Once you complete this step, make sure to clickSave & Close.
- To configure previous aggregation settings, clickConfigure Aggregation.Once you complete this step, make sure to clickSave & Close.