How to: Upgrade a BIG-IP Next HA instance on VE from BIG-IP Next Central Manager with automatic failover¶
Overview¶
The BIG-IP Next Central Manager upgrades both active and standby nodes with no intervention using automatic failover method. The upgrade starts in the standby node first so that the active node can continue operations. Once the standby node upgrade is complete, an HA failover is executed to switch from the active node to the standby node in the HA instance and starts the upgrade on the active node.
By default, an upgrade starts with a standby node of a BIG-IP Next HA instance. After the standby node is upgraded, it becomes the active node and the previously active node is automatically upgraded.
If you want to manually failover to upgrade the peer instance, disable the Enable automatic failover option before upgrading.
To upgrade the active node first, click Force Failover to make it the standby node.
Prerequisites¶
A VM with BIG-IP Next Central Manager, refer Create BIG-IP Next Central Manager on VMware.
From the MyF5 Downloads, download the appropriate image .tgz file and if required the signature .sig file(s).
Authenticate with the BIG-IP Next Central Manager API. For details refer to How to: Authenticate with the BIG-IP Next Central Manager API.
Results¶
BIG-IP Next Central Manager upgrades the software for both active and standby nodes in the BIG-IP Next HA instance.
If you plan to backup your instance files, you need to delete the large image files on the BIG-IP Next instance. See How to: Back up managed BIG-IP Next instances to BIG-IP Next Central Manager’s local drive instantly or on a schedule for more information.
:::
:::{tab-item} Central Manager API
To upgrade Instance using Central Manager APIs:
Get Instance details by sending a GET request to
/spaces/default/instancesendpoint. Identify the ID of the instance that you want to upgrade.GET https://{{CM_IP}}/api/v1/spaces/default/instances?filter=address eq '{{bigip_next_mgmt_ip}}'The VE BIG-IP Next upgrade requires an “image file” and “signature file”. Both files must be downloaded from F5 site and uploaded individually to the instance. When you upload the files they are uploaded to both the nodes (Active and Standby). Therefore, this step should only be executed once per file.
Use the *POST request to upload both the files simultaneously by sending a POST request to
/spaces/default/instances/{remote-Big-IP-Next-ID}/proxy-file-upload:endpoint using instance_id of the instance you want to upgrade.POST https://{{CM_IP}}/api/v1/spaces/default/instances/{{remote-Big-IP-Next-ID}}/proxy-file-upload:For the API form data, use the following example, modifying the values as required.
file_name
File
bigip-next-signature-bundle.tgz.512.sig
name
Text
<tgz.512.sig file name>
description
Text
big-ip next upgrade signature file
*Note: The image file and signature file name ends with ‘.tgz’ and ‘.tgz.512.sig’ respectively.
Get the uploaded files by sending the GET request to the
/device/v1/proxy/{{remote-Big-IP-Next-ID}}?path=/filesendpoint using instance_id of the instance you want to upgrade. The image name and signature name is returned in the response.GET https://https://{{CM_IP}}/api/device/v1/proxy/{{remote-Big-IP-Next-ID}}?path=/filesInitiate the instance upgrade by sending the POST request to the
/spaces/default/instances/{{remote-Big-IP-Next-ID}}/upgradeendpoint using instance_id of the instance you want to upgrade.POST https://{{CM_IP}}/api/v1/spaces/default/instances/{{remote-Big-IP-Next-ID}}/upgradeFor the request payload, use the following example, modifying the values as required.
{ "upgrade_type": "ve_autofailover", "image_name": "<bigip_next_image_filename>", "signature_name": "<bigip_next_signature_filename>" }
Get the status for instance upgrade task by sending the GET request to the
/spaces/default/instances/upgrade-tasks/{{bigip-next-upgrade-task-id}}endpoint.GET https://{{CM_IP}}/api/v1/spaces/default/instances/upgrade-tasks/{{bigip-next-upgrade-task-id}}In the response, when the state indicates wait for user input, accept the fingerprint to trust the certificate. Accept the fingerprint by sending a PATCH request to the
/spaces/default/instances/upgrade-tasks/{{bigip-next-upgrade-task-id}}endpoint to generate new certificates.PATCH https://{{CM_IP}}/api/v1/spaces/default/instances/upgrade-tasks/{{bigip-next-upgrade-task-id}}For the request payload, use the following example, modifying the values as required.
{ "is_user_accepted_untrusted_cert": true }
Result¶
After the upgrade process, the BIG-IP Next instance displays with the new version on the My Instances page.
:::
::::
