This tool modifies (sanitizes) UCS from source BIG-IP (11.x and later) to be restored onto laboratory BIG-IP that simplifies moving the configuration to laboratory and makes it easier to reproduce issues or test upgrades without affecting production. Main advantage is that it does not require access to source BIG-IP master key, certificates, keys or passwords.
docker pull f5devcentral/f5-journeyslab-ucsmodifier:v1.0.4
docker run -v <local_directory_with_UCS>:/UCS -it f5devcentral/f5-journeyslab-ucsmodifier:v1.0.4
ucs-modifier -u <UCS_FILE_NAME>.ucs -m <IP> -p '<PASSWORD>'
To use Podman instead of Docker, we recommend creating a linux alias:
alias docker='podman'
Download the docker image:
docker pull f5devcentral/f5-journeyslab-ucsmodifier:v1.0.4
Save and compress the image:
docker save f5devcentral/f5-journeyslab-ucsmodifier:v1.0.4 | gzip > f5-journeyslab-ucsmodifier_v1.0.4.tar.gz
Transfer archive to the offline system
Load image from the archive:
docker load < f5-journeyslab-ucsmodifier_v1.0.4.tar.gz
Destination BIG-IP (lab):
Run the image in the container interactively:
docker run -v <local_directory_with_UCS>:/UCS -it f5devcentral/f5-journeyslab-ucsmodifier:v1.0.4
Execute ucs-modifier in the container:
ucs-modifier -u /UCS/<UCS_FILE_NAME>.ucs -m <MGMT_IP> -p '<PASSWORD>'
- Destination BIG-IP lab should be prepared (and ready for ssh connection) before executing the "ucs-modifier..." command as it will connect to the target BIG-IP (
) to get some basic config (passwords, management IP, gateway - Details of the changes made). - By defualt modified UCS file (
_modified.ucs) is saved to the same directory as the original UCS file provided ( .ucs). - Only unencrypted UCS files (with .ucs extension) are supported.
Transfer
scp /UCS/<UCS_FILE_NAME>_modified.ucs <MGMT_IP>:/var/local/ucs/
Load UCS:
on the same platform type without the license:
tmsh load sys ucs <UCS_FILE_NAME>_modified.ucs no-license
From version 1.0.1 the original bigip.license file is removed from UCS (avoiding license errors if "no-license" parameter is omitted).
on a different platform type:
tmsh load sys ucs <UCS_FILE_NAME>_modified.ucs platform-migrate
With platform-migrate option, license is excluded by default.
usage: ucs-modifier [-h] -u UCS -m MGMT_IP [-p 'PASSWORD']
[--no-replace-cert] [-o OUTPUT] [-d]
Modifies the specified ucs file, removing any sensitive data using values and
files from destination BIG-IP
optional arguments:
-h, --help show this help message and exit
-u UCS, --ucs UCS Ucs file to modify
-m MGMT_IP, --mgmt-ip MGMT_IP
Management IP of the target BIG-IP
-p 'PASSWORD', --password 'PASSWORD'
Root password of the target BIG-IP in single quotes ('default' by
default)
--no-replace-cert Skip replacing the certificates
-o OUTPUT, --output OUTPUT
Target output UCS file name
-d, --debug Enable debug logging
Let us know if something went wrong. By reporting issues, you support development of this project and get a chance of having it fixed soon. Please use bug template available here.
Ideas for enhancements are welcome here