F5 Logo MyF5
Search
  1. MyF5 Home
  2. F5 Secure Vault: Administration
  3. vCMP and BIG-IP VE platform considerations
  4. vCMP master key administration
  5. Resetting the vCMP host's master key
Manual Chapter : Resetting the vCMP host's master key

Applies To:

Show Versions Show Versions

BIG-IP LTM

  • 17.1.2, 17.1.1, 17.1.0, 17.0.0, 16.1.5, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0, 14.1.5, 14.1.4, 14.1.3, 14.1.2, 14.1.0, 14.0.1, 14.0.0, 13.1.5, 13.1.4, 13.1.3, 13.1.1, 13.1.0

BIG-IP DNS

  • 17.1.2, 17.1.1, 17.1.0, 17.0.0, 16.1.5, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0, 14.1.5, 14.1.4, 14.1.3, 14.1.2, 14.1.0, 14.0.1, 14.0.0, 13.1.5, 13.1.4, 13.1.3, 13.1.1, 13.1.0
Manual Chapter

Resetting the vCMP host's master key

Before performing this task, be aware that this task requires you to reboot the vCMP host and its guests.
Whenever you reset the master key on a vCMP host for any reason, you must reboot the system immediately afterwards and then reset the master key of each guest. Otherwise, the host loses each guest's unit key and causes an issue with each guest's master key. This causes the state of each guest to switch to
INOPERATIVE
 and causes the BIG-IP system to log messages such as the following to the file
/var/log/ltm
:
01071038:5: Loading keys from the file.
012a0004:4: halStorageRead: unable to read storage on this platform.
01071029:5: Cannot open unit key store
To reset the master key on both the vCMP host and each guest, use this procedure.
  1. Using a program such as PuTTY, open a console window on the vCMP host.
  2. Log into the system.
  3. Optional
    : This step is only useful to ensure that the master key has changed. At the system prompt, display the host's current, encrypted master key by typing the command
    f5mku -K
    .
    Here is sample output from the
    f5mku -K
     command: 
    8/igZhCdlag5Z4rbuOpFtg==
  4. Reset the master key by typing this command, specifying a new password in the process:
    tmsh modify /sys crypto master-key prompt-for-password
  5. After the password is changed, reboot the vCMP host and its guests by typing the command
    tmsh rebooot
  6. After the reboot of the host and guests is finished, log in to each guest and reset the guest's master key by typing this command, specifying a new unencrypted password in the process:
    tmsh modify /sys crypto master-key prompt-for-password
  7. Re-deploy each guest.
After performing this task, the vCMP host and all guests should be deployed, with a modified master key on the host and on each guest.
Contact Support Contact Support

Have a Question?

Support and Sales >

About F5

Education

F5 Sites

Support Tasks




©2023 F5, Inc. All rights reserved.


Trademarks Policies Privacy California Privacy Do Not Sell My Personal Information