Backup of F5 BIG-IP

An overview of steps to backup configuration of F5 BIG-IP appliance (10.2.X) to the remote server running Linux Ubuntu 12.04.2 LTS (precise). The backup is done over SSH.

List of actions to be done on the Linux server:

1. Create a user (for example f5backup with /home/f5backup as a home directory).

2. Create .ssh directory under /home/f5backup:

  1. mkdir /home/f5backup/.ssh && chown -R f5backup:f5backup /home/f5backup/.ssh

3. Copy /var/ssh/root/identity.pub file from the F5 appliance to /home/f5backup/.ssh/authorized_keys file on the Linux server and fix permissions:

  1. cd /home/f5backup/.ssh && chown f5backup:f5backup authorized_keys && chmod 600 authorized_keys

4. Ensure that PubkeyAuthentication is set to yes in /etc/ssh/sshd_config file:

  1. PubkeyAuthentication yes

List of actions to be done on the F5 appliance:

1. Create a directory, for example /root/scripts/.

2. Download the relevant version of backup script from here (you need to register to access F5 DevCentral), name it backup.sh, place it under /root/scripts/ directory and ‘chmod 755’ it.

3. Create f5archive_config file under /root/.ssh/ directory:

  1. Host *
  2.    User f5backup
  3.    PasswordAuthentication no
  4.    StrictHostKeyChecking yes
  5.    IdentityFile /root/.ssh/f5archive_dsa
  6.    Port 22
  7.    Protocol 2
  8.    Ciphers aes128-cbc,aes192-cbc,aes256-cbc
  9.    UserKnownHostsFile /root/.ssh/f5archive_host

4. Copy /var/ssh/root/identity file into /root/.ssh/f5archive_dsa:

  1. cd /root/.ssh && cp /var/ssh/root/identity f5archive_dsa

5. Now ssh to the Linux server so /var/ssh/root/known_hosts file is updated with the host entry.

6. Copy /var/ssh/root/known_hosts file into /root/.ssh/f5archive_host.

7. Fix permissions:

  1. cd /root/.ssh && chmod 600 f5*

8. Modify /root/scripts/backup.sh file to suit your needs, particularly SCP_DESTINATION part:

  1. SCP_DESTINATION="f5backup@192.168.0.11:/home/f5backup"

9. Finally, create a cron task to execute the backup.sh file on a regular basis (I run it daily at 2am). To do so, create /etc/cron.d/f5backup file with the following content:

  1. SHELL=/bin/bash
  2. PATH=/sbin:/bin:/usr/sbin:/usr/bin
  3. HOME=/var/tmp
  4. 0 2 * * * root /bin/bash /root/scripts/backup.sh 1>/var/tmp/f5backup.log 2>&1

Tags: , , , , ,

Leave a Reply