How to: Upgrade a BIG-IP Next HA instance on VELOS from BIG-IP Next Central Manager with automatic failover

Overview

The BIG-IP Next Central Manager upgrades both active and standby nodes with no intervention using automatic failover method. The upgrade starts in the standby node first so that the active node can continue operations. Once the standby node upgrade is complete, an HA failover is executed to switch from the active node to the standby node in the HA instance and starts the upgrade on the active node.

By default, an upgrade starts with a standby node of a BIG-IP Next HA instance. After the standby node is upgraded, it becomes the active node and the previously active node is automatically upgraded.

If you want to manually failover to upgrade the peer instance, disable the Enable automatic failover option before upgrading.

To upgrade the active node first, click Force Failover to make it the standby node.

Prerequisites

  • A VM with BIG-IP Next Central Manager, refer Create BIG-IP Next Central Manager on VMware.

  • Configure two tenants from two partitions, one tenant from each partition. Refer to How to: Install BIG-IP Next tenant on VELOS.

  • From the MyF5 Downloads, download the appropriate image .tgz file and if required the signature .sig file(s).

  • Upload the tenant image in the VELOS where the tenant of the HA lives, refer to the VELOS Systems documentation.

  • Upgrade the BIG-IP Next instances to the latest version before upgrading BIG-IP Next Central Manager.

    For example, if your BIG-IP Next Central Manager is version 20.2.1 and BIG-IP Next instance is version 20.2.1, first upgrade the BIG-IP Next instances from 20.2.1 to version 20.3.0 using the 20.2.1 BIG-IP Next Central Manager, and then upgrade the BIG-IP Next Central Manager from 20.2.1 to 20.3.0 version.

  • Authenticate with the BIG-IP Next Central Manager API. For details refer to How to: Authenticate with the BIG-IP Next Central Manager API

Limitations

  • There are limitations on upgrading BIG-IP Next Instance. Refer to the Compatibility Matrix for the User workflow on how to upgrade the BIG-IP Next Central Manager and BIG-IP Next.

    Note: It is recommended to upgrade BIG-IP Next before upgrading the BIG-IP Next Central Manager.

Table 1: Compatibility Matrix for BIG-IP Next Central Manager and BIG-IP Next Instance Upgrades

BIG-IP Next Central Manager Release Version Upgrade BIG-IP Next Version (From) Upgrade BIG-IP Next Version (To) Compatible User Upgrade Workflow
20.1.0 20.1.0 20.2.0 Yes
20.1.0 20.2.1 No
(Follow the workflow mentioned in User upgrade column)
Follow the sequences below to upgrade:
  1. Upgrade BIG-IP Next instance from version 20.1.0 to 20.2.0.
  2. Upgrade BIG-IP Next Central Manager from version 20.1.0 to 20.2.0.
  3. Upgrade BIG-IP Next instance from version 20.2.0 to 20.2.1.
20.2.0 20.2.1 No
(Follow the workflow mentioned in User upgrade column)
Follow the below sequences to upgrade
  1. Upgrade BIG-IP Next Central Manager from version 20.1.0 to 20.2.0.
  2. Upgrade BIG-IP Next instance from version 20.2.0 to 20.2.1.
20.2.0 20.1.0 20.2.0 No
20.2.0 20.2.1 Yes
20.2.0 20.3.0 Yes
20.2.1 20.3.0 Yes
20.2.1 20.2.0 20.2.1 No
20.2.1 20.3.0 Yes
  • The BIG-IP Next instance do not support downgrading from a higher version to a lower version.

Procedure

Use this procedure to upgrade the active and standby nodes in a VELOS HA cluster from BIG-IP Next Central Manager using the automatic failover method.

  1. Log in to MyF5 Downloads.

  2. Accept the EULA and click Next.

  3. Under Group, select BIG-IP_Next.

  4. Under Product Line, select F5 Systems (HW).

  5. Under Product Version, choose the appropriate version.

  6. Under Select a download file select the appropriate .tar.bundle file.
    For example: BIG-IP-Next-20.2.0-2.375.1+0.0.43.tar.bundle

  7. Under Download locations, select the appropriate location.

  8. Click Download. The file is downloaded to your local system, which can take up to an hour because of the size of these files.

  9. To upload the image, first log in to the VELOS WebUI.

  10. Click on Tenant Images from the menu on the left side of the screen.

  11. Click on Upload.

  12. Navigate to the location of the .tar.bundle you downloaded, select it and click Open.

  13. Wait until the images grid shows three related files (image bundle file, image file and image deployment file) and all files have status Replicated.

  14. Repeat steps 9 to 13 for both partitions with tenants in the HA cluster.

  15. Log in to BIG-IP Next Central Manager as admin, click the Workspace icon next to the F5 icon, and then click Infrastructure.

  16. Select the checkbox next to the BIG-IP Next instance you want to upgrade.

  17. On the top right of the screen, click Actions and select Upgrade.

  18. In the Active Node section, in the Chassis Partition IP Address or FQDN field, enter the IP address or FQDN of the VELOS chassis on which the BIG-IP Next instance tenant is located.

  19. Enter the Username and Password for the VELOS chassis partition.

  20. In the Tenant field, type the name of the tenant.

  21. In the Standby Node section, in the Chassis Partition IP Address or FQDN field, enter the IP address or FQDN of the VELOS chassis on which the BIG-IP Next instance tenant is located.

  22. Enter the Username and Password for the VELOS chassis partition.

  23. In the Tenant field, type the name of the tenant.

  24. In the Image field, type or paste the name of the BIG-IP Next image you uploaded to VELOS.
    For example: BIG-IP-Next-20.2.0-2.375.1+0.0.43

  25. Click the Authenticate & Upgrade button and accept the fingerprint displayed for authentication with the partitions.

  26. Confirm the upgrade by clicking the Upgrade button on the confirmation message.

  27. When upgrading from version 20.2.0 to 20.2.1, if your BIG-IP Next instance was previously running version 20.1.0, you will be prompted to accept a new certificate for the instance in the BIG-IP Next Central Manager GUI. To proceed with the upgrade, click View and accept the certificate fingerprint. You will be prompted to do this after the first node has upgraded. Then, failover will occur automatically, and you will be prompted again after the second node has upgraded.

    Note: When upgrading to version 20.2.1, you will not be prompted to accept a new certificate if your BIG-IP Next instance was initially installed with version 20.2.0.

Results

BIG-IP Next Central Manager upgrades the software for both active and standby nodes in the BIG-IP Next HA instance.

If you plan to backup your instance files, you need to delete the large image files on the BIG-IP Next instance. See How to: Back up managed BIG-IP Next instances to BIG-IP Next Central Manager’s local drive instantly or on a schedule for more information.

To upgrade Instance using Central Manager APIs:

  1. Get Instance details by sending a GET request to /spaces/default/instances endpoint. Identify the ID of the instance that you want to upgrade.

    GET https://{{CM_IP}}/api/v1/spaces/default/instances?filter=address eq '{{bigip_next_mgmt_ip}}'

  2. The VELOS BIG-IP Next upgrade requires an “image file” and “signature file”. Both files must be downloaded from F5 site and uploaded individually to the instance.

    Use the *POST request to upload both the files simultaneously by sending a POST request to /spaces/default/instances/{remote-Big-IP-Next-ID}/proxy-file-upload: endpoint using instance_id of the instance you want to upgrade. When you upload the files they are uploaded to both the nodes (Active and Standby). Therefore, this step should only be executed once per file.

    POST https://{{CM_IP}}/api/v1/spaces/default/instances/{{remote-Big-IP-Next-ID}}/proxy-file-upload:

    For the API form data, use the following example, modifying the values as required.

    file_name

    File

    bigip-next-signature-bundle.tgz.512.sig

    name

    Text

    <signature_filename>

    description

    Text

    big-ip next upgrade signature file

    Note: The image file and signature file name ends with ‘.tgz’ and ‘.tgz.512.sig’ respectively.

  3. Get the uploaded files by sending the GET request to the /device/v1/proxy/{{remote-Big-IP-Next-ID}}?path=/files endpoint using instance_id of the instance you want to upgrade. The image name and signature name is returned in the response.

    GET https://https://{{CM_IP}}/api/device/v1/proxy/{{remote-Big-IP-Next-ID}}?path=/files

  4. Initiate the instance upgrade by sending the POST request to the /spaces/default/instances/{{remote-Big-IP-Next-ID}}/upgrade endpoint using instance_id of the instance you want to upgrade.

    POST https://{{CM_IP}}/api/v1/spaces/default/instances/{{remote-Big-IP-Next-ID}}/upgrade

    For the request payload, use the following example, modifying the values as required.

    {
        "primary_partition_address": "10.146.16.3",
        "primary_partition_password": "example02",
        "primary_partition_port": 8888,
        "primary_partition_user": "admin",
        "primary_tenant_name": "mbiphaa",
        "secondary_partition_address": "10.146.16.4",
        "secondary_partition_password": "example02",
        "secondary_partition_port": 8888,
        "secondary_partition_user": "admin",
        "secondary_tenant_name": "mbiphaa",
        "image_name": "<signature_filename>",
        "provider": "example velos",
        "upgrade_type": "appliance_autofailover"
    } 
    
  5. Get the status for instance upgrade task by sending the GET request to the /spaces/default/instances/upgrade-tasks/{{bigip-next-upgrade-task-id}} endpoint.

    GET https://{{CM_IP}}/api/v1/spaces/default/instances/upgrade-tasks/{{bigip-next-upgrade-task-id}}

  6. In the response, when the state indicates wait for user input, accept the fingerprint to trust the certificate. Accept the fingerprint by sending a PATCH request to the /spaces/default/instances/upgrade-tasks/{{bigip-next-upgrade-task-id}} endpoint to generate new certificates.

    PATCH https://{{CM_IP}}/api/v1/spaces/default/instances/upgrade-tasks/{{bigip-next-upgrade-task-id}}

    For the request payload, use the following example, modifying the values as required.

    {
        "is_user_accepted_untrusted_cert": true
    }
    

Result

After the upgrade process, the BIG-IP Next instance displays with the new version on the My Instances page.