Applies To:
Show VersionsUpgrading BIG-IQ Centralized Management Version 5.2.0, 5.3.0, 5.4.0, or 6.0.0 to Version 6.0.1
Upgrading a BIG-IQ system to version 6.0.1
What BIG-IQ setup does this upgrade process support?
The following process to upgrade to F5 BIG-IQ Centralized Management version 6.0.1 is for setups that currently have one of the following versions installed: version 5.2, 5.3, 5.4, or 6.0, and do not have a data collection device cluster. If your system includes a data collection device cluster, refer to Which BIG-IQ setups support an upgrade to version 6.0.1?.
What happens during a BIG-IQ upgrade to version 6.0.1?
Tasks to complete before you start the upgrade process
Before upgrading F5 BIG-IQ Centralized Management, complete these tasks.
Tasks | Additional information |
---|---|
Deploy any staged configuration changes to your managed devices. | Deploy configuration changes you have staged for your devices. When addressing configuration conflicts for each BIG-IP device, F5 recommends you use BIG-IP to override the configuration settings stored on BIG-IQ. Refer to the section titled, Re-discover devices and re-import services from the user interface. |
Decide which disk volume you want to install the upgrade on. You must have at least two volumes to upgrade. | If you don't have two volumes, refer to: K17406: Using the tmsh utility to create a new software volume for installing a new image or hotfix on the BIG-IQ system at: https://support.f5.com/csp/article/K17406 |
If you are currently using a self-IP address for device discovery, make a note of that IP address. | You'll need to enter that IP address when you perform setup after you upgrade and reboot the BIG-IQ system. |
Upgrade all managed BIG-IP devices to version 12.1 or later | For you to manage BIG-IP devices from BIG-IQ Centralized Management, the BIG-IP devices must be running version 12.1 or later. |
Daemons running on BIG-IQ
Before you upgrade BIG-IQ Centralized Management, it's important to take inventory of the status of the running daemons. Then after you upgrade, you can verify that they're in the same state, and make any necessary modifications. To view the daemons, type the following command: admin@(ip-10-1-1-4)(cfg-sync Standalone)(Active)(/Common)(tmos)# show /sys service .
Daemon | Example of status |
---|---|
admd | down, Not provisioned |
alertd | run (pid 6579) 22 hours |
apmd | down, Not provisioned |
asm | down, Not provisioned |
autodosd | down, Not provisioned |
avrd | down, Not provisioned |
bigd | run (pid 5338) 22 hours |
bigiqsnmpd | run (pid 5035) 22 hours |
captured | down, Not provisioned |
cbrd | run (pid 6117) 22 hours |
chmand | run (pid 5678) 22 hours |
clusterd | down, not required |
csyncd | run (pid 5038) 22 hours |
datasyncd | down, Not provisioned |
dnscached | down, Not provisioned |
dosl7d | down, Not provisioned |
dosl7d_attack_monitor | down, Not provisioned |
dwbld | down, Not provisioned |
elasticsearch | run (pid 5041) 22 hours |
errdefsd | run (pid 6112) 22 hours |
eventd | run (pid 5043) 22 hours |
evrouted | run (pid 6583) 22 hours |
f5_update_checker | down, No action required |
fpuserd | down, Not provisioned |
fslogd | down, Not provisioned |
grafana | run (pid 6107) 22 hours |
gtmd | down, Not provisioned |
guiserver | run (pid 6105) 22 hours |
gunicorn | run (pid 6587) 22 hours |
hwpd | down 22 hours, normally up |
icontrolportald | run (pid 5337) 22 hours |
iprepd | run (pid 6113) 22 hours |
istatsd | run (pid 6109) 22 hours |
lacpd | down, not required |
lind | run (pid 6116) 22 hours |
mcpd | run (pid 6110) 22 hours |
merged | run (pid 6938) 22 hours |
mgmt_acld | down, Not provisioned |
monpd | run (pid 6578) 22 hours |
named | run (pid 4855) 22 hours |
nokiasnmpd | down, not enabled |
ntlmconnpool | run (pid 6111) 22 hours |
pabnagd | down, Not logging node |
pccd | down, Not provisioned |
pgadmind | run (pid 7310) 22 hours |
pkcs11d | down, not required |
restjavad | run (pid 4853) 22 hours |
rethinkdb | run (pid 15058) 21 hours, 1 start |
scriptd | run (pid 5344) 22 hours |
sdmd | down, sdmd is not provisioned |
searchd | run (pid 5343) 22 hours |
sflow_agent | run (pid 6937) 22 hours |
shmmapd | down, Not provisioned |
snmpd | run (pid 5674) 22 hours |
sod | run (pid 4810) 22 hours |
statsd | run (pid 5336) 22 hours |
syscalld | run (pid 6939) 22 hours |
tamd | run (pid 5679) 22 hours |
tmipsecd | run (pid 5341) 22 hours |
tmm | run (pid 6581) 22 hours |
tmrouted | run (pid 6581) 22 hours |
tokumond | run (pid 7311) 22 hours |
tokumx | run (pid 6580) 22 hours |
webd | run (pid 6941) 22 hours |
wr_urldbd | down, Not provisioned |
zrd | down, Not provisioned |
zxfrd | run (pid 5034) 22 hours |
Summary of tasks to upgrade a BIG-IQ system from version 5.2, 5.3, 5.4, or 6.0.0 to version 6.0.1
To upgrade F5 BIG-IQ Centralized Management from BIG-IQ version 5.2, 5.3, 5.4, or 6.0.0, perform these procedures. Upgrading BIG-IQ to the most recent version requires that you update its configuration to incorporate new features that have been introduced. It's a good idea to set aside at least several hours to complete this process.
Prepare to upgrade your BIG-IQ system
- Download the software image from the F5 Downloads site.
- Upload the BIG-IQ software image to the BIG-IQ system.
Upgrade the BIG-IQ systems in the HA pair
- Upgrade the primary BIG-IQ.
- Upload the BIG-IQ software image to the secondary BIG-IQ and upgrade it.
Complete the post-upgrade process
- Add the secondary BIG-IQ to the primary BIG-IQ to re-establish the HA pair.
- Upgrade the BIG-IP framework on your managed devices.
- Rediscover your BIG-IP devices, and re-import their services.
- If you have a VMware service scaling group configured, you'll need to re-install the vCenter host root certificate on BIG-IQ.
Download the BIG-IQ software image from F5 Networks
Upload the BIG-IQ software image
You upload the BIG-IQ version software image to the primary BIG-IQ system to make it available for this upgrade.
- At the top of the screen, click System.
- On the left click .
- Click the Upload Image button.
- Click the Choose File button and go to the location to which you downloaded the image, and click the Open button to upload it to BIG-IQ.
Upgrade the primary BIG-IQ to the latest version
You upgrade BIG-IQ to take advantage of the newest functionality and features.
Even though you can log in to this BIG-IQ system after the software is installed, the system continues some database re-indexing processes in the background. For larger configurations, that can take up to an hour. If you perform any searches on objects before it's done re-indexing, BIG-IQ might not return the expected results. During this time, you can continue with the rest of the upgrade process.
Upload the BIG-IQ software image
You upload the BIG-IQ version software image to the primary BIG-IQ system to make it available for this upgrade.
- At the top of the screen, click System.
- On the left click .
- Click the Upload Image button.
- Click the Choose File button and go to the location to which you downloaded the image, and click the Open button to upload it to BIG-IQ.
Upgrade secondary BIG-IQ to the latest version
Add the secondary BIG-IQ system to the primary BIG-IQ system
Even though you can log in to the secondary BIG-IQ after the you re-establish the HA configuration, the system continues some database re-indexing processes in the background. For larger configurations, that can take up to an hour. If you perform any searches on objects before it's done re-indexing, BIG-IQ might not return the expected results.
After the HA configuration is re-established, you'll be automatically logged out of the primary BIG-IQ system for a few minutes while the secondary BIG-IQ system restarts.
After the secondary system restarts, you can log back into the primary BIG-IQ system.
Re-discover devices and re-import services
Re-discover devices and re-import LTM, ASM, AFM, and DNS services in bulk using a script
Install the vCenter host root certificate on BIG-IQ after upgrading
- From the BIG-IQ system's command line, copy the root certificate from the vCenter host cert /etc/vmware-sso/key/ssoserverRoot.crt file to the BIG-IQ system's /config/ssl/ssl.crt file.
- Type this command to create a symbolic link to this certificate using the certificate's hash: ln -s ssoserverRoot.crt `openssl x509 -hash -noout -in ssoserverRoot.crt`.0.
- Type this command to restart gunicorn: bigstart restart gunicorn