Manual Chapter : Completing Post-Upgrade Tasks

Applies To:

Show Versions Show Versions

BIG-IQ Centralized Management

  • 7.1.0
Manual Chapter

Completing Post-Upgrade Tasks

Add the standby BIG-IQ to the active BIG-IQ (manual failover configuration only)

After you upgrade your F5 BIG-IQ Centralized Management systems in an HA configuration, you can re-associate the standby BIG-IQ with the active BIG-IQ.
Add the standby BIG-IQ to the primary BIG-IQ to re-establish the manual failover high availability configuration.
  1. Log in to active BIG-IQ system with your administrator user name and password.
  2. At the top of the screen, click
    System
    .
  3. On the left, click
    BIG-IQ HA
    .
  4. Click the
    Add Standby
    button.
  5. In the
    IP Address
    field, type the discovery address you want to set up as the standby BIG-IQ.
    This is the same IP address the peers in a high availability configuration use to communicate.
    IPv6 short form addresses are not supported.
  6. Type the local administrative
    Username
    and
    Password
    for the system.
  7. Type the
    Root Password
    for the system.
  8. Click the
    Add
    button to add this device to this high availability configuration.
Even though you can log in to the standby BIG-IQ after the you re-establish the HA configuration, the system continues some database re-indexing processes in the background. For larger configurations, that can take up to an hour. If you perform any searches on objects before it's done re-indexing, BIG-IQ might not return the expected results.
After the HA configuration is re-established, you'll be automatically logged out of the active BIG-IQ for a few minutes while the standby BIG-IQ restarts.
After the standby BIG-IQ restarts, you can log back into the primary BIG-IQ.

Upgrade BIG-IQ Version 5.4 applications

If you created applications using BIG-IQ version 5.4, you need to upgrade those applications to version 6.0 to enable the HTTP statistics collection and additional functionalities.
Perform this procedure separately for each application.
HTTP statistics collection is available only to applications managed by BIG-IP version 13.1.0.5 or later. If an earlier version of BIG-IP software manages the application, you do not need to enable HTTP statistics collection.
  1. At the top of the screen, select
    Applications
    , then on the left side of the screen click
    APPLICATIONS
    <Application Name>
    ).
    The selected application's screen opens.
  2. At the right, bottom on the screen, click
    Upgrade
    .
    The Upgrade 5.4 Application screen opens.
  3. Click
    Continue
    to upgrade the application.
  4. Once the upgrade is complete, click the
    Navigate to evaluation
    link to deploy the updated application.
    You can also manually navigate to
    Deployment
    EVALUATE & DEPLOY
    Local Traffic & Network
    and select the upgrade evaluation name in the Evaluations area list.
    The View Evaluation screen opens.
  5. From the Deployment area in the center of the screen, click
    Deploy Now
    .
    The upgraded application now appears in the Deployments area list of the Evaluate and Deploy - Local Traffic & Network screen.
  6. To enable HTTP statistics collection, return to the application properties screen,
    Applications
    APPLICATIONS
    <Application Name>
    .
    After a successful upgrade, a
    Save
    button replaces the
    Upgrade
    button.
  7. Click the
    Properties
    button at the center, left side of the screen.
  8. Click
    CONFIGURATION
    at the center of the screen.
  9. In the
    HTTP Statistics Collection
    area, click the
    Enable
    button.
    HTTP statistics collection is available only to applications that are managed by BIG-IP version 13.1.0.5 or later.
  10. Repeat this task for each application that needs upgrading.

Run the post upgrade process (manual process)

After you upgrade, the devices in your DCD cluster and the BIG-IQ primary and secondary system will automatically undergo post-upgrade automatic processing. If the system does not do so automatically, you need to complete the post-upgrade processing on the primary BIG-IQ system.
Before you begin ensure you perform this task on the primary BIG-IQ system.
  1. At the top of the screen, click
    System
    , then, on the left, click
    BIG-IQ DATA COLLECTION
    and then select
    BIG-IQ Data Collection Devices
    .
    The first time you access this screen after performing an upgrade, it triggers a dialog box that prompts you to start the post upgrade processing tasks.
  2. Click
    Continue
    .
    The BIG-IQ system is returning the devices in your DCD cluster to their pre-upgrade state. This includes restoring the data snapshot. If you have a substantial amount of data, data snapshot restoration takes an extended amount of time.
  3. Once the post upgrade processing is complete, click
    System
    BIG-IQ DATA COLLECTION
    BIG-IQ Data Collection Devices
    and confirm that each service you had enabled before the upgrade is still enabled. If there are any services that are not enabled, re-enable them now.
    1. To activate the services you want to monitor on each DCD, on the BIG-IQ Data Collection Devices screen, in the Services column, click
      Add Services
      .
      The Services screen for the data collection device opens.
    2. For the service you want to add, confirm that the
      Listener Address
      specifies the correct self IP address on the data collection device, and then click
      Activate
      .
      For Web Application Security, you can resolve insecure connection issues between devices and the Centralized Policy Builder. To establish a secure connection, click
      Enable
      under the Secure Policy Builder field.
      When the service is successfully added, the
      Service Status
      changes to
      Active
      .
Once your cluster is back online, rediscover your devices and re-discover their services to complete the upgrade.

What are my options for re-discovering and re-importing devices?

After you upgrade F5 BIG-IQ Centralized Management, you must re-discover and re-import services for your managed devices so you can start managing those devices with the new features introduced in this release. You can do this in bulk, or you do it for each device and service individually.
Regardless of which option you choose, you specify how to handle any conflict between objects in the BIG-IQ system's working configuration.
  • When you re-discover and re-import in bulk, all conflicts are resolved the in the same way.
  • When you re-discover devices and re-import services manually, you specify how to resolve conflicts on an individual basis.
Before you proceed to rediscover your devices, you need to update the BIG-IQ iApp to prevent BIG-IP CPU spikes. If your BIG-IQ or BIG-IP setups include one of the following conditions, and you have upgraded to a version earlier than 7.1.0, follow the procedure in the AskF5 article K53001642 on
support.f5.com
.

Re-discover and re-import services in bulk

After you upgrade F5 BIG-IQ Centralized Management, you must rediscover and re-import services for your managed devices so you can start managing those devices with the new features introduced in this release. Use this procedure to re-discover and re-import services in bulk. You'll have the option to decide how to manage any conflict between objects in the BIG-IQ system's working configuration and objects in the same way for each type of object.
  1. At the top of the screen, click
    Devices
    .
  2. On the left, click
  3. Select the check box next to the devices for which you want to rediscover and reimport services.
  4. Click the
    More
    button and select
    Re-discover and Re-import
    .
  5. In the
    Name
    field, type a name for this task.
  6. To create a snapshot of the BIG-IQ configuration before importing services, select the
    Snapshot
    check box.
    Clear this check box if you are adding devices that are in an access group you just created. If you don't, BIG-IQ won't be able to add the device(s).
  7. If BIG-IQ detects a conflict for services between the working configuration on BIG-IQ and the current configuration on BIG-IP, select a conflict resolution policy option for each object type.
    • Use BIG-IQ
      Keep the object settings in the BIG-IQ working configuration. The next time you deploy a configuration to that BIG-IP device, BIG-IQ overwrites the object settings to match the settings defined on BIG-IQ.
      Use BIG-IP
      Use the object settings from this BIG-IP device's configuration to replace the object in the BIG-IQ working configuration. The next time you deploy a configuration to your BIG-IP devices, BIG-IQ replaces that object settings for all of your managed BIG-IP devices to match the object settings on this BIG-IP device.
      Create Version
      For LTM monitors or profiles only, you can create and store a copy of the BIG-IP device's object(s), specific to the software version on that BIG-IP device. The next time you deploy a configuration, BIG-IQ replaces that object for all the managed BIG-IP devices running that specific version with the object on this BIG-IP. You can store multiple versions of LTM monitors or profiles. BIG-IQ deploys the appropriate stored version to your managed devices. BIG-IQ automatically resolves conflicts against the appropriate version the next time it imports services that contain LTM monitors or profiles.
After the services re-import, devices displays in the BIG-IP Devices inventory list with their services. You can now manage these BIG-IP devices from BIG-IQ.

Re-import and re-discover services

After you upgrade F5 BIG-IQ Centralized Management, you must re-discover and re-import services for your managed devices so you can start managing those devices with the new features introduced in the new release.
  1. At the top of the screen, click
    Devices
    .
  2. Select the check box next to the BIG-IP device you want to re-discover and re-import services for.
  3. Click the
    More
    button and select
    Re-discover and Re-import
    .
  4. Type a name for this task and then select the conflict resolution options you want to use if BIG-IQ finds differences between its working configuration and the configuration on the BIG-IP device.
    The BIG-IQ conflict resolution policy options are:
    Use BIG-IQ
    Keep the object settings specified in the BIG-IQ working configuration. The next time you deploy a configuration to that BIG-IP device, BIG-IQ overwrites the object settings to match the settings defined on BIG-IQ.
    Use BIG-IP
    Use the object settings specified in the BIG-IP device's configuration to replace the object settings in the BIG-IQ working configuration. For shared objects, the next time you deploy a configuration to a managed device, BIG-IQ replaces the settings for that object on the target device.
    Create Version
    For LTM monitors and profiles only: You can create and store a copy of the BIG-IP device's object(s), specific to the software version on that BIG-IP device. For shared objects, the next time you deploy a configuration to a managed device, BIG-IQ replaces the settings for that object if that BIG-IP device is running that specific version. This option allows you to store multiple versions of LTM monitors or profiles knowing that BIG-IQ will deploy the appropriate stored version to your managed devices. The next time you import services that contain LTM monitors or profiles, BIG-IQ automatically resolves conflicts against the appropriate version.
  5. From the
    Available
    list, select the device you want to re-discover and re-import services for and move them to the
    Selected
    list.
  6. Click the
    Create
    button.

Install the vCenter host root certificate on BIG-IQ after upgrading

If you have a VMware service scaling group (SSG) associated with a vCenter certificate that is self-signed or untrusted, after you upgrade BIG-IQ Centralized Management, you'll need to re-add the vCenter host root certificate. For this procedure, you must have root access to the BIG-IQ system's command line.
Providing BIG-IQ the vCenter host root certificate ensures secure communication between BIG-IQ and the vCenter.
  1. From the BIG-IQ system's command line, copy the root certificate from the vCenter host cert
    /etc/vmware-sso/key/ssoserverRoot.crt
    file to the BIG-IQ system's
    /config/ssl/ssl.crt
    file.
  2. Type this command to create a symbolic link to this certificate using the certificate's hash:
    ln -s ssoserverRoot.crt `openssl x509 -hash -noout -in ssoserverRoot.crt`.0
    .
  3. Type this command to restart
    gunicorn
    :
    bigstart restart gunicorn

Reconfigure data retention and aggregation settings

If, prior to the upgrade, DCD statistics data collection retention or aggregation, these custom settings were not automatically retained over the upgrade process. Manually configure these data retention and aggregation settings, once your upgrade is complete.
  1. Go to
    System
    BIG-IQ DATA COLLECTION
    BIG-IQ Data Collection Cluster
    CONFIGURATION
    Statistics Data Collection
    .
  2. To configure previous retention settings, click
    Configure Retention
    .
    Once you complete this step, make sure to click
    Save & Close
    .
  3. To configure previous aggregation settings, click
    Configure Aggregation
    .
    Once you complete this step, make sure to click
    Save & Close
    .

Confirm post-upgrade AS3 version

If the version of AS3 software that was running on the BIG-IQ before you upgraded was newer than the AS3 software version post upgrade, then you need to perform additional steps to restore full AS3 functionality to the upgraded BIG-IQ.
These additional steps are detailed in an F5 knowledge base article K54909607. Please refer to this article if you are upgrading a BIG-IQ for which a newer version of AS3 software was installed prior to the upgrade.