Forum Discussion
The default device-group "device_trust_group" could be to blame? I did not check the SOL but I assume in v12.x it has auto-sync enabled by default, and the data-group itself will automatically synchronize primitive parts of configuration such as native user conf (/config/bigip_user.conf)
Check this with
tmsh list cm device-group device_trust_group
tmsh show cm sync-status
You shouldn't worry about that, as long as other non-primitive parts are not synced without your consent (config permitting that). You can verify that by creating a node or pool - if this gets synced automatically then you have a problem.
We dont want that users are synchronized automatically. We use scripts to create user (on the active BIG-IP) and after that it tries to synchronize the cluster.
This runs into a problem because the user is synchronized and the backup BIG-IP has an newer config...
It is not possible to set the "overwrite" flag via tmsh sync command. (?)
Even the auto-sync disable command does not work for the device_trust_group 😞
modify cm device-group device_trust_group auto-sync disabled
list cm device-group device_trust_group
cm device-group device_trust_group {
auto-sync enabled
devices {
device1 { }
device2 { }
}
network-failover disabled
}
~~~