Manual Chapter : Software Management

Applies To:

Show Versions Show Versions

BIG-IP APM

  • 17.1.0, 17.0.0, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0

BIG-IP Analytics

  • 17.1.0, 17.0.0, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0

BIG-IP Link Controller

  • 17.1.0, 17.0.0, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0

BIG-IP LTM

  • 17.1.0, 17.0.0, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0

BIG-IP PEM

  • 17.1.0, 17.0.0, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0

BIG-IP AFM

  • 17.1.0, 17.0.0, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0

BIG-IP DNS

  • 17.1.0, 17.0.0, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0

BIG-IP ASM

  • 17.1.0, 17.0.0, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0
Manual Chapter

Software Management

About software management

You can manage the software images, hotfixes, and boot locations on the BIG-IP system using the Configuration utility. You can also enable the automatic software update feature.

Import a software image

If you previously downloaded a BIG-IP software image file (ISO) to a management workstation, you can upload that file to the BIG-IP system.
You can use the Configuration utility to import an ISO that you have stored on a management workstation.
  1. On the Main tab, click
    System
    Software Management
    Image List
    .
    The Image List screen displays a list of existing image files.
  2. Click
    Import
    .
    The New Image screen opens.
  3. For the
    Software Image
    setting, click
    Browse
    .
  4. Click
    Import
    .
    A progress indicator displays as the BIG-IP system uploads the file.
    Be sure that you do not navigate away from the screen until the image import process is complete.

Install a software image

You can use the Configuration utility to install an ISO that you have imported to the BIG-IP system.
  1. On the Main tab, click
    System
    Software Management
    Image List
    .
    The Image List screen displays a list of existing image files.
  2. For the
    Available Images
    setting, select the ISO to install.
    The Install Software Image screen opens.
  3. For the
    Select Disk
    setting, select the disk on which to install the software (for example, MD1 or HD1).
    You can install software only on inactive volumes. To install software to the active volume, you must boot to a different volume.
  4. For the
    Volume set name
    setting, select the volume on which to install the software.
  5. Click
    Install
    .
    A progress indicator displays as the BIG-IP system installs the software image.

Import a hotfix image

If you previously downloaded a BIG-IP hotfix file to a management workstation, you can upload that file to the BIG-IP system.
You can use the Configuration utility to import a hotfix that you have stored on a management workstation.
  1. On the Main tab, click
    System
    Software Management
    Hotfix List
    .
    The Hotfix List screen displays a list of existing hotfix files.
  2. Click
    Import
    .
    The Upload Hotfix screen opens.
  3. For the
    Software Image
    setting, click
    Browse
    .
  4. Click
    Import
    .
    A progress indicator displays as the BIG-IP system uploads the file.
    Be sure that you do not navigate away from the screen until the image import process is complete.

Install a hotfix image

You can use the Configuration utility to install a hotfix that you have imported to the BIG-IP system.
  1. On the Main tab, click
    System
    Software Management
    Hotfix List
    .
    The Hotfix List screen displays a list of existing hotfix files.
  2. For the
    Available Images
    setting, select the hotfix to install.
    The Install Software Hotfix screen opens.
  3. For the
    Select Disk
    setting, select the disk on which to install the software (for example, MD1 or HD1).
    You can install software only on inactive volumes. To install software to the active volume, you must boot to a different volume.
  4. For the
    Volume set name
    setting, select the volume on which to install the software.
  5. Click
    Install
    .
    A progress indicator displays as the BIG-IP system installs the hotfix.

Boot to a different volume

You can use the Configuration utility to boot to a different software volume (target boot location) on the BIG-IP system.
  1. On the Main tab, click
    System
    Software Management
    Boot Locations
    .
    The Boot Locations List screen displays a list of available boot locations.
  2. For the
    Boot Location
    setting, click a software volume name (the target boot location).
  3. For the
    General Properties
    setting for the target boot location, select whether to copy the configuration from the current boot location to the target boot location.
  4. Click
    Activate
    .
    The system reboots to the selected software volume.

Configure update check

You can use the Configuration utility to configure whether the BIG-IP system automatically checks for updated software.
  1. On the Main tab, click
    System
    Software Management
    Update Check
    .
  2. For the
    Automatic Update Check
    setting:
    • Select
      Enabled
      if you want the system to check for updates automatically.
    • Select
      Disabled
      if you want to check for updates manually.
  3. Click
    Apply Settings
    to save your changes.
  4. Click
    Check Now
    to manually check for updates.

About Liveinstall signature checking in ccmode

For each full release ISO, vADC OVA, and hotfix ISO, a corresponding signature file will be available with the .sig extension. The signature file is handled exactly like an ISO. When the ccmode feature is turned on, the installation process requires you to download the ISO file, as well as the
iso.sig
.
The signature file is located in
iso-name.384.sig
, and uses the 307 key/384 hash signature. If an older key (2048 key/256 has signature) is also found, the system will attempt to validate the signature created by the larger key size (the 307 key/384 hash signature).
When you run the ccmode script to put the sensor into a Common Criteria configuration, a db variable called
liveinstall.checksig
is automatically enabled. This feature compares the ISO file against a sys software signature file, which is meant to catch integrity issues with the product.
This feature can only be controlled through
tmsh
.
Signature validation is the first step performed during the liveinstall process, so if the corresponding signature file for the selected software is not in the library, the installation will not begin.
If
liveinstall.checksig
is enabled, software installs will fail if the user copies only the ISO to the
/shared/images
directory. It is important to download both the ISO and the
iso.sig
files to the
/shared/images
directory.
In the event of liveinstall failure, two error messages can occur:
Signature file not found
This means you have not downloaded the corresponding
iso.sig
file with the ISO. The best way to verify if the
iso.sig
is present is to run the command
list sys software signature
. The command
show sys software
will not show the
iso.sig
files.
Archive signature test failed
This might happen if:
  • The product ISO is in
    /shared/images
    .
  • The
    iso.sig
    is present in
    /shared/images
    .
  • When the
    iso.sig
    file was compared against the product ISO, the comparison failed.
In these instances, you will need to re-download the ISO and
iso.sig
files and try again.

Download the .sig file

If you are running your machine in ccmode, you will need to download an
iso.sig
file in addition to the ISO file that you normally download.
  1. In a browser, open the F5 Downloads page (
    https://downloads.f5.com
    ).
  2. From the Downloads Overview page, click
    Find a Download
    .
    The Select a Product Line screen displays.
  3. Download the version's base ISO file, such as version 11.5, and its associated signature file. The signature file is located in
    iso-name.384.sig
    .
    The signature file has the same name as the ISO file with an additional .sig extension.
  4. Log in to the command-line interface of the system using the root account.
  5. Open the TMOS Shell (
    tmsh
    ).
    tmsh
  6. Enable the signature file.
    modify sys db liveinstall.checksig value enable
    You do not need a .sig file to install versions earlier than 11.5.
  7. Install the signature file.
    install sys software image
    Press
    Tab
    to use tab completion to list the ISO files that have a corresponding
    iso.sig
    file present at the time you run the command.