How to: Upgrade a BIG-IP Next HA instance on VE from BIG-IP Next Central Manager with automatic failover¶
Overview¶
The BIG-IP Next Central Manager upgrades both active and standby nodes with no intervention using automatic failover method. The upgrade starts in the standby node first so that the active node can continue operations. Once the standby node upgrade is complete, an HA failover is executed to switch from the active node to the standby node in the HA instance and starts the upgrade on the active node.
By default, an upgrade starts with a standby node of a BIG-IP Next HA instance. After the standby node is upgraded, it becomes the active node and the previously active node is automatically upgraded.
If you want to manually failover to upgrade the peer instance, disable the Enable automatic failover option before upgrading.
To upgrade the active node first, click Force Failover to make it the standby node.
Prerequisites¶
A VM with BIG-IP Next Central Manager, refer Create BIG-IP Next Central Manager on VMware.
From the MyF5 Downloads, download the appropriate image .tgz file and if required the signature .sig file(s).
Upgrade the BIG-IP Next instances to the latest version before upgrading BIG-IP Next Central Manager.
For example, if your BIG-IP Next Central Manager is version 20.2.1 and BIG-IP Next instance is version 20.2.1, first upgrade the BIG-IP Next instances from 20.2.1 to version 20.3.0 using the 20.2.1 BIG-IP Next Central Manager, and then upgrade the BIG-IP Next Central Manager from 20.2.1 to 20.3.0 version.
Authenticate with the BIG-IP Next Central Manager API. For details refer to How to: Authenticate with the BIG-IP Next Central Manager API.
Limitations¶
There are limitations on upgrading BIG-IP Next Instance. Refer to the Compatibility Matrix for the User workflow on how to upgrade the BIG-IP Next Central Manager and BIG-IP Next.
Note: It is recommended to upgrade BIG-IP Next before upgrading the BIG-IP Next Central Manager.
Table 1: Compatibility Matrix for BIG-IP Next Central Manager and BIG-IP Next Instance Upgrades
BIG-IP Next Central Manager Release Version | Upgrade BIG-IP Next Version (From) | Upgrade BIG-IP Next Version (To) | Compatible | User Upgrade Workflow |
---|---|---|---|---|
20.1.0 | 20.1.0 | 20.2.0 | Yes | |
20.1.0 | 20.2.1 | No (Follow the workflow mentioned in User upgrade column) |
Follow the sequences below to upgrade:
|
|
20.2.0 | 20.2.1 | No (Follow the workflow mentioned in User upgrade column) |
Follow the below sequences to upgrade
|
|
20.2.0 | 20.1.0 | 20.2.0 | No | |
20.2.0 | 20.2.1 | Yes | ||
20.2.0 | 20.3.0 | Yes | ||
20.2.1 | 20.3.0 | Yes | ||
20.2.1 | 20.2.0 | 20.2.1 | No | |
20.2.1 | 20.3.0 | Yes |
The BIG-IP Next instance do not support downgrading from a higher version to a lower version.
Procedure¶
Use this procedure to upgrade the software for a BIG-IP Next HA instance on VE from BIG-IP Next Central Manager using the automatic failover method. For this procedure, BIG-IP Next Central Manager upgrades both nodes with no intervention required from you.
Note: For information about how to perform this procedure using the manual failover method, see Upgrade a BIG-IP Next HA instance on VE from BIG-IP Next Central Manager with manual failover.
Log in to MyF5 Downloads.
Accept the EULA and click Next.
Under Group, select BIG-IP_Next.
Under Product Line, select Virtual Edition.
Under Product Version, choose the appropriate version.
Under Select a download file select the appropriate .tgz file and .sig file (If required).
Under Download locations, select the appropriate location.
Click Download. The file is downloaded to your local system and can take up to an hour because of the size of these files.
Log in to BIG-IP Next Central Manager as admin, click the Workspace icon next to the F5 logo, and click Infrastructure.
Select the checkbox next to the BIG-IP Next HA instance you want to upgrade.
At the top right of the screen, click Actions and select Upgrade.
Make sure the toggle button for Enable automatic failover is enabled.
For the Standby Node, click the Upgrade button next to the software version.
For the image file, click Upload file and the Browse link to navigate to the location you downloaded the .tgz file.
Click the Open button and then click Upload. This file is large, so uploading can take some time.
For the signature file, click Upload file and the Browse link to navigate to the location you downloaded the .sig file.
Click the Open button and then click Upload.
After the files are uploaded, click the Upgrade button to start the upgrade process. Confirm the upgrade by clicking Upgrade again in the pop-up window. BIG-IP Next Central Manager will then initiate the upgrade process.
Note: The version appear for the HA instance represents the active node version.
When upgrading from version 20.2.0 to 20.2.1, if your BIG-IP Next instance was previously running version 20.1.0, you will be prompted to accept a new certificate for the instance in the BIG-IP Next Central Manager GUI. To proceed with the upgrade, click View and accept the certificate fingerprint. You will be prompted to do this after the first node has upgraded. Then, failover will occur automatically, and you will be prompted again after the second node has upgraded.
Note: When upgrading to version 20.2.1, you will not be prompted to accept a new certificate if your BIG-IP Next instance was initially installed with version 20.2.0.
Results
BIG-IP Next Central Manager upgrades the software for both active and standby nodes in the BIG-IP Next HA instance.
If you plan to backup your instance files, you need to delete the large image files on the BIG-IP Next instance. See How to: Back up managed BIG-IP Next instances to BIG-IP Next Central Manager’s local drive instantly or on a schedule for more information.
To upgrade Instance using Central Manager APIs:
Get Instance details by sending a GET request to
/spaces/default/instances
endpoint. Identify the ID of the instance that you want to upgrade.GET https://{{CM_IP}}/api/v1/spaces/default/instances?filter=address eq '{{bigip_next_mgmt_ip}}'
The VE BIG-IP Next upgrade requires an “image file” and “signature file”. Both files must be downloaded from F5 site and uploaded individually to the instance. When you upload the files they are uploaded to both the nodes (Active and Standby). Therefore, this step should only be executed once per file.
Use the *POST request to upload both the files simultaneously by sending a POST request to
/spaces/default/instances/{remote-Big-IP-Next-ID}/proxy-file-upload:
endpoint using instance_id of the instance you want to upgrade.POST https://{{CM_IP}}/api/v1/spaces/default/instances/{{remote-Big-IP-Next-ID}}/proxy-file-upload:
For the API form data, use the following example, modifying the values as required.
file_name
File
bigip-next-signature-bundle.tgz.512.sig
name
Text
<tgz.512.sig file name>
description
Text
big-ip next upgrade signature file
*Note: The image file and signature file name ends with ‘.tgz’ and ‘.tgz.512.sig’ respectively.
Get the uploaded files by sending the GET request to the
/device/v1/proxy/{{remote-Big-IP-Next-ID}}?path=/files
endpoint using instance_id of the instance you want to upgrade. The image name and signature name is returned in the response.GET https://https://{{CM_IP}}/api/device/v1/proxy/{{remote-Big-IP-Next-ID}}?path=/files
Initiate the instance upgrade by sending the POST request to the
/spaces/default/instances/{{remote-Big-IP-Next-ID}}/upgrade
endpoint using instance_id of the instance you want to upgrade.POST https://{{CM_IP}}/api/v1/spaces/default/instances/{{remote-Big-IP-Next-ID}}/upgrade
For the request payload, use the following example, modifying the values as required.
{ "upgrade_type": "ve_autofailover", "image_name": "<bigip_next_image_filename>", "signature_name": "<bigip_next_signature_filename>" }
Get the status for instance upgrade task by sending the GET request to the
/spaces/default/instances/upgrade-tasks/{{bigip-next-upgrade-task-id}}
endpoint.GET https://{{CM_IP}}/api/v1/spaces/default/instances/upgrade-tasks/{{bigip-next-upgrade-task-id}}
In the response, when the state indicates wait for user input, accept the fingerprint to trust the certificate. Accept the fingerprint by sending a PATCH request to the
/spaces/default/instances/upgrade-tasks/{{bigip-next-upgrade-task-id}}
endpoint to generate new certificates.PATCH https://{{CM_IP}}/api/v1/spaces/default/instances/upgrade-tasks/{{bigip-next-upgrade-task-id}}
For the request payload, use the following example, modifying the values as required.
{ "is_user_accepted_untrusted_cert": true }
Result
After the upgrade process, the BIG-IP Next instance displays with the new version on the My Instances page.