Manual Chapter :
System Controller Management
Applies To:
Show VersionsF5OS-C
- 1.6.0
System Controller Management
System controller overview
A
VELOS
chassis contains a redundant pair of system
controllers. Together, the system controllers provide a high bandwidth interconnect
between blades, as well as external management connectivity to the blades. Each system
controller has a front-panel serial console and a front panel Ethernet management port.
System controllers operate in an active-active state when routing traffic between
blades, but otherwise operate in a active-standby state for management functions.During initial configuration, you assign these three
management IP addresses to the system controllers:
- Floating IP address
- System controller 1 management IP address
- System controller 2 management IP address
The floating IP address should be the primary management address
for the system, so that connections go to the active system controller. You
can use the floating IP address to manage the system from the webUI, system
controller CLI, or REST APIs. In some cases, such as for troubleshooting, you
might log in to an individual system controller IP address, as opposed to the
floating IP address.
System controller high availability overview
The system controllers are designed to work together as a redundant, high
availability pair.
One of the system controllers is designated as active (or the primary node)
and the other as standby. The system controllers act as an active-standby pair for
system management and as an active-active pair with regard to traffic processing on the
backplane. Each system controller handles half of the traffic in the chassis; if a
system controller is not available, the available bandwidth of the chassis is halved.
Centralized management functions include hosting the primary (floating) IP address and
providing the webUI, CLI, and REST API interfaces that you use to configure and manage
the
VELOS
system.The default mode for system controller high availability (HA) is Auto, which
lets the system select the system controller that is best suited at the time to be the
active system controller. This is the recommended setting.
It is possible to set a preference for either system controller to be
active, however, this should rarely be necessary. When you do specify a preference for a
particular system controller, that system controller will become active if it is in a healthy
operational state. If the preferred controller is not present or unhealthy, the
non-preferred system controller becomes active. When the preferred system controller
returns to an available state, a switchover occurs.
Configure high availability for the system controllers from the webUI
You should not need to change system controller high availability (HA) to something other than the default configuration (Auto), but you can opt to change the configuration or initiate a failover from the active controller to the standby from the system controller webUI.
- Log in to the VELOS system controller webUI using an account with admin access.
- On the left, click.
- For thePreferred Nodefield, selectSystem Controller 1orSystem Controller 2to act as an active system controller, or chooseAuto(recommended).Changing the Preferred Node configuration creates a failover event and ends the session if you select the system controller that is currently acting as the standby. Wait 30 seconds and then start a new session with either the floating IP address or the active system controller IP address after the change has completed.Hardware health conditions of the system controllers always take precedence. If one of the system controllers is not healthy, the chassis partition will ignore the preference and synchronize with the healthy system controller.
- To force a failover to occur immediately, clickFailover.TheFailoverbutton is available only whenPreferred Nodefield is set toAuto.You would do this only if you want the current standby system controller to become the active system controller.
Configure high availability for the system controllers from the
CLI
You can change the preferred system controller high
availability (HA) mode from either the system controller or chassis partition
CLI.
- Connect using SSH to the system controller floating management IP address or chassis partition management IP address.
- Log in to the command line interface (CLI) of the system controller or chassis partition using an account with admin access.When you log in to the system, you are in user (operational) mode.
- Change to config mode.configThe CLI prompt changes to include(config).
- Change system controller high availability/redundancy to a specified mode.system redundancy config mode [auto|prefer-1|prefer-2}These redundancy modes are available:OptionDescriptionautoSystem chooses preferred mode automatically. This is the default value.prefer-1Prefer controller-1 to be active.prefer-2Prefer controller-2 to be active.This example shows configuring controller-1 as the preferred active system controller from the system controller CLI:syscon-1-active(config)# system redundancy config mode prefer-1
- Commit the configuration changes.commit
Show high availability status for the system controllers
from the CLI
You can view the status of system controller high
availability (HA) from either the system controller or chassis partition CLI.
- Connect using SSH to the system controller floating management IP address or chassis partition management IP address.
- Log in to the command line interface (CLI) of the system controller or chassis partition using an account with admin access.When you log in to the system, you are in user (operational) mode.
- Show the current HA configuration for the system controllers.show system redundancyA summary similar to this example displays when run on a system controller:syscon-1-active# show system redundancy system redundancy state mode auto system redundancy state current-active controller-1 NAME NAME -------------------- controller-1 - controller-2 -
System controller software installation overview
The Controller Management screen on the system controller
webUI includes options for updating system controller software.
The Software Install Status screen on the system controller webUI enables you
to monitor the progress of the updates to system controllers and the chassis
partitions software.
For more information about installing or upgrading system controllers, see
VELOS Systems: Installation and Upgrade
at the F5OS Knowledge Center.Software installation from the webUI
Update system controller software from the webUI
Before you begin, consider creating a backup of the system controller configuration before you update the system. Configuration file backups are stored in
configs/
. To export the configuration file, use File Utilities or the file export
command. For more information, see Complete backup and restore overview.Before you begin, you must also have imported the updated system controller software image before you can do the update. Go to
to import the software image file.You can update system controller software while the system is up and running with only a brief interruption from the system controller webUI. The system applies the software update automatically to the system controllers one at a time in a rolling update. F5 recommends, however, that you perform the update during a maintenance window.
- Log in to the VELOS system controller webUI using an account with admin access.
- On the left, click.
- In the Update Software section, forUpdate System Controller Software:
- To install a full F5OS-C version release, selectBundled.
- To install F5OS-C and service version releases independently, selectUnbundled.
- ForISO Image, select the full version release ISO image.This field is available whenBundledis selected.
- To enable out-of-service upgrades, clickShow Advanced Options, then forAllow Out-of-Service Upgrades, selectTrue.Choose this option if you want to either downgrade to a software version that does not support rolling upgrades (for example, software prior to F5OS-C software version 1.2.0) or reduce system controller upgrade time, but with a cost-of-service outage.
- ForBase OS Version, select the F5OS version.This field is available whenUnbundledis selected.
- ForService Version, select the service version release.This field is available whenUnbundledis selected.
- ClickSave.The system displays a confirmation dialog confirming whether to update the system controllers.
- ClickOKto continue with the update.When updating from 1.2.x to a greater release: first, the system updates the standby system controller, reboots it, and then the standby becomes the active system controller. You will have to log in again after the failover occurs. The system then updates the other system controller (now in standby), and no other interruptions occur.F5 recommends updating the system during a maintenance window. Do not perform any configuration operations while the system is being updated.
The system controllers are both updated. Traffic is interrupted briefly during the failover from one system controller to the other. If the update is not successful, the system reverts to the last working software version on both system controllers. You can monitor the update progress on the
screen.Display software installation status from the webUI
You can view the software
installation status for the system controllers and the chassis partitions from
the system controller webUI.
- Log in to the VELOS system controller webUI using an account with admin access.
- On the left, click.
Software installation status is shown for both
system controllers and the chassis partitions. You can see whether a recent installation was
successful and view what software version is running.
Software installation from the CLI
Update system controller software from the CLI
Before you begin updating the system, consider
creating a backup of the system controller configuration. Configuration file backups are
stored in
configs/
. To export the
configuration file, use File Utilities from the webUI or the file export
command. For more
information, see Complete backup and restore overview.Before you can do the update, you must
also have imported the updated system controller software image. To import the
software image file, use File Utilities from the webUI or the
file import
command.You can update system controller
software while the system is up and running from the CLI. The system applies
the software update automatically to the system controllers one at a time in a
rolling update. F5 recommends, however, that you perform the update during a
maintenance window.
- Connect to the system using a management console or console server.The default baud rate and serial port configuration is 19200/8-N-1.
- Log in to the command line interface (CLI) of the system controller using an account with admin access.When you log in to the system, you are in user (operational) mode.
- Verify that the image you want to install is listed, and the status isready.show imageThis verifies that the ISO is imported properly to the image server on the system controllers, and the system controllers can access these images when it reboots.A summary similar to this excerpt displays:syscon-1-active# show image VERSION OS IN CONTROLLER CONTROLLER STATUS DATE USE -------------------------------------------------- 1.6.0-7890 1 ready 2022-12-28 true VERSION SERVICE IN CONTROLLER CONTROLLER STATUS DATE USE -------------------------------------------------- 1.6.0-7890 1 ready 2022-12-28 true VERSION ISO IN CONTROLLER CONTROLLER STATUS DATE USE --------------------------------------------------- 1.6.0-7890 1 ready 2022-12-28 false VERSION OS IN CONTROLLER CONTROLLER STATUS DATE USE -------------------------------------------------- 1.6.0-7890 2 ready 2022-12-28 true VERSION SERVICE IN CONTROLLER CONTROLLER STATUS DATE USE -------------------------------------------------- 1.6.0-7890 2 ready 2022-12-28 true VERSION ISO IN CONTROLLER CONTROLLER STATUS DATE USE --------------------------------------------------- 1.6.0-7890 2 ready 2022-12-28 false VERSION OS IN PARTITION CONTROLLER STATUS DATE USE NAME ID --------------------------------------------------------------- 1.6.0-7890 1 ready 2022-12-28 true default 1 second 2 third 3 ...
- Change to config mode.configThe CLI prompt changes to include(config).
- Set the ISO version to the new version.system image set-version iso-version <version> proceed [ yes | no ]By default, you will be prompted to confirm the upgrade. To bypass the confirmation prompt, includeproceed yesat the end of the command sequence.This example shows upgrading the ISO version:syscon-1-active(config)# system image set-version iso-version 1.6.0-7890
- When the compatibility check succeeds, typeyesto proceed with the installation process.A summary similar to this excerpt displays:syscon-1-active(config)# system image set-version iso-version 1.6.0-7890 response Controller iso version has been set Controller will reboot here, wait for reboot to complete and services to come up. Check controller networking, cluster status, partition status
The software on the standby system
controller updates to the specified version, while the active system
controller maintains production functionality of the chassis. After a
successful update, the active system controller reboots and switches to
standby. Traffic is interrupted briefly during the failover from one system
controller to the other, and you will have to log in again after failover
occurs. The software then installs on the second system controller. If, for
any reason, the update is not successful, the system reverts to the last
working software version on both system controllers.
Cancel system controller software upgrade from the
CLI
You can cancel an in-progress or
pending rolling upgrade of system controller software from the CLI.
- Connect to the system using a management console or console server.The default baud rate and serial port configuration is 19200/8-N-1.
- Log in to the command line interface (CLI) of the system controller using an account with admin access.When you log in to the system, you are in user (operational) mode.
- Change to config mode.configThe CLI prompt changes to include(config).
- Cancel an in-progress software installation.system image install-abortThis example shows canceling and confirming an in-progress software upgrade:syscon-1-active(config)# system image install-abort You are cancelling rolling upgrade, and may require manual recovery. Do you wish to proceed? [no,yes] yes syscon-1-active# show system image SERVICE ISO INSTALL NUMBER OS VERSION VERSION VERSION STATUS -------------------------------------------------- 1 1.6.0-7891 1.6.0-7891 - aborted 2 1.6.0-7891 1.6.0-7891 - aborted
Chassis terminal service overview
With
VELOS
chassis, blades
do not have physical console ports. Each system controller has a physical
console port. The system controllers in the chassis provide a terminal service
that enables authorized users to access blade consoles over SSH using the
chassis floating IP address.At a high level, these user roles have terminal service access:
- Admin
- Users with this role can access any terminals in the chassis.
- Resource admin
- Users with this role can access any terminals in the chassis.
- Terminal server admin
- Users with this role have terminal server access to all consoles on the system regardless of partition restrictions.
- Operator
- Users with this role can access any terminals in the chassis.
- Partition
- Users with this role are not given access to any terminals in the chassis.
Since the chassis terminal service uses SSHD, clients can connect using SSH. The terminal service uses a range of network port numbers to differentiate between connections being requested to the various consoles in the chassis.
You can also access any blade console by selecting the desired blade using the Always-On Management (AOM) Command Menu after you connect a serial cable to either of the system controllers' console ports. For more information about AOM, see the section entitled
About Always-On Management
in the platform guide for your VELOS
chassis
.Console port numbers
The
VELOS
chassis terminal service uses a range of network port numbers to differentiate
between connections being requested to either the blade or system controller
consoles in a chassis. Console |
Port number |
---|---|
System controller 1 |
7100 |
System controller 2 |
7200 |
Blade < 1...x > |
700x |
Connect to a blade or system controller using the chassis
terminal service
If you are an authorized user, you can
connect to a blade or system controller using the chassis terminal service.
- Connect using SSH to the blade or system controller that you want to access.ssh <blade-or-sys-controller-ip-address> -l admin -p <port-number>This example opens an SSH session to an IPv4 address as an admin user to the blade in slot 1:ssh 192.0.2.10 -l admin -p 7001This example opens an SSH session to an IPv4 address as an admin user to the system controller in slot 2:ssh 192.0.2.10 -l admin -p 7200This example opens an SSH session to an IPv6 address as an admin user to the blade in slot 4:ssh 2001:db8:ffff:100::1 -l admin -p 7004If there is not already an active terminal session attached to the specified console, you are connected immediately. If there is already an active terminal session attached, you can choose to terminate the existing terminal session and replace it.
When you complete your terminal session to a blade
or a system controller, you can terminate your session by typing the
Enter ~.
(tilde period) command
sequence.