Getting Started¶
The documentation contains information about how to install and use the F5 BIG-IP Automation Config Converter. F5 BIG-IP Automation Config Converter is a community-supported offering. Please use GitHub Issues to submit an issue for our team. You can also see current Known Issues and their status on that page.
About F5 BIG-IP Automation Config Converter¶
- BIG-IP DO conversions include system settings such as licensing and provisioning, network settings such as VLANs and Self IPs, and clustering settings.
- BIG-IP AS3 configures applications and services on a BIG-IP device that already has its initial settings.
Note
Docker must be installed prior to using BIG-IP ACC. See Docker Desktop for information on installing Docker.
Important Information¶
The information in this section can be used to determine if your system supports the prerequisites for BIG-IP ACC, some important conversion notes and privacy information.
Prerequisites¶
- TMOS versions 12.1+ are supported.
- Docker must be installed prior to using BIG-IP ACC. See Docker Desktop for information on installing Docker.
Conversion Notes¶
- Currently BIG-IP ACC does not support all BIG-IP configuration object types, although coverage will increase over time.
- After the conversion, some manipulation of BIG-IP AS3 stanzas may be required.
- The converter produces an BIG-IP AS3 declaration, placing any configuration objects located in /Common partition on the source BIG-IP into /Common/Shared (an existing BIG-IP AS3 construct).
- For a list of the objects that are converted, see Classes.
- While BIG-IP ACC will convert a BIG-IP app services configuration created by a legacy iApp template, BIG-IP ACC will ignore the iApp template configuration itself.
- iRules only export in base-64.
- TLS/SSL certificates and keys are only extracted if the input source is a UCS file, and the private keys were included when the UCS was created (default option).
Privacy Information¶
- Information regarding the Privacy Notice for the F5, NGINX, Shape Security, and Volterra brands.
- Analytics pseudonymization process. When data is pseudonymized, the information that can point to the identity of a subject is replaced by “pseudonyms” or identifiers. This prevents the data from specifically pinpointing the user. BIG-IP ACC creates a dotfile named .f5-acc on the filesystem, or working directory, used to run BIG-IP ACC via the docker container.
Note
Passphrases/passwords CAN be extracted as a cryptogram and not cleartext, although the output generated by the converter will only work on the same BIG-IP instance that created the configuration input.
Multiple Client_TLS and Server_TLS profiles have limited support. Configurations will be converted, but to apply them see the Referencing multiple SSL profiles documentation. SSL profiles must exist on the BIG-IP device.
All items on the pre-AS3 configuration must be uniquely named. BIG-IP itself allows some objects to have the same name, while BIG-IP AS3 does not. Any object with a duplicate name will be overwritten.
By default, BIG-IP ACC sets “shareNodes”:true for all nodes. “shareNodes”:true is appended to the node to avoid conflicts or errors when exporting more than one BIG-IP AS3 configuration sharing the same node, and is set to true even if no duplicate nodes are configured.
For example:
"web_pool1": {
"class": "Pool",
"members": [
{
"serverAddresses": [
"10.244.1.58"
],
"servicePort": 80,
"shareNodes": true
}
]
}