Forum Discussion
The default device-group "device_trust_group" could be to blame? I did not check the SOL but I assume in v12.x it has auto-sync enabled by default, and the data-group itself will automatically synchronize primitive parts of configuration such as native user conf (/config/bigip_user.conf)
Check this with
tmsh list cm device-group device_trust_group
tmsh show cm sync-status
You shouldn't worry about that, as long as other non-primitive parts are not synced without your consent (config permitting that). You can verify that by creating a node or pool - if this gets synced automatically then you have a problem.
- KaiDuerkopNov 30, 2016Nimbostratus
We dont want that users are synchronized automatically. We use scripts to create user (on the active BIG-IP) and after that it tries to synchronize the cluster.
This runs into a problem because the user is synchronized and the backup BIG-IP has an newer config...
It is not possible to set the "overwrite" flag via tmsh sync command. (?)
Even the auto-sync disable command does not work for the device_trust_group 😞
modify cm device-group device_trust_group auto-sync disabled
list cm device-group device_trust_group cm device-group device_trust_group { auto-sync enabled devices { device1 { } device2 { } } network-failover disabled }
~~~