Applies To:
Show VersionsF5OS-C
- 1.3.0
F5OS-C Release Information
Version: 1.3.0
Build: 5345
Note: This content is current as of the software release date
Updates to bug information occur periodically. For the most up-to-date bug data, see Bug Tracker.
The blue background highlights fixes |
Known Issues in F5OS-C v1.3.x
Vulnerability Fixes
ID Number | CVE | Links to More Info | Description |
989461 | CVE-2020-29573 | K27238230 | CVE-2020-29573 glibc: stack-based buffer overflow if the input to any of the printf family of functions is an 80-bit long double with a non-canonical bit pattern |
1029561 | CVE-2021-27219 | K82112489 | GNOME GLib vulnerability CVE-2021-27219 |
1004305 | CVE-2020-7595 | K04460334 | libxml2 2.9.10 vulnerability CVE-2020-7595 |
995645 | CVE-2019-9636 | K57542514 | CVE-2019-9636: python vulnerability |
989189 | CVE-2019-18282 | K32380005 | CVE-2019-18282: Linux kernel vulnerability |
1000453 | CVE-2019-25013 | K68251873 | CVE-2019-25013: glibc vulnerability |
1004309 | CVE-2020-12400 CVE-2020-12401 CVE-2020-12402 CVE-2020-12403 CVE-2020-6829 |
K61267093 | NSS vulnerability CVE-2020-12403 |
1004189 | CVE-2020-12825 | K01074825 | libcroco vulnerability CVE-2020-12825 |
Functional Change Fixes
ID Number | Severity | Links to More Info | Description |
991917 | 3-Major | F5OS: Controller/partition needs the ability to set and display a system hostname. |
F5OS-C Fixes
ID Number | Severity | Links to More Info | Description |
1008433 | 1-Blocking | BT1008433 | VQF hot signal asserted warnings |
1068517-1 | 2-Critical | BT1068517 | Software rebroadcaster is dropping all packets, 'rx_drops_no_producer' |
1059209 | 2-Critical | BT1059209 | No tenant config attributes are allowed after 'storage size' |
1055841 | 2-Critical | Chassis component alarm LED shows up on active controller | |
1055397 | 2-Critical | Platform registry ports could become mismatched depending on import timing | |
1055329 | 2-Critical | BT1055329 | VLAN shared between two tenants may not pass traffic to tenant with non-default CMP hash |
1055189-1 | 2-Critical | Optical transceiver tuning values for OPT-0048 updated to reduce errors | |
1054021 | 2-Critical | Tcpdump on VELOS chassis blade or rSeries appliance cores when line-dma agent layer below it fails | |
1052941-2 | 2-Critical | BT1052941 | Hardware-fault alarm not cleared. |
1051269-1 | 2-Critical | BT1051269 | Partition Confd cluster disk usage threshold feature not functioning as expected. |
1044317 | 2-Critical | BT1044317 | dagd core |
1042845 | 2-Critical | BT1042845 | Unable to remove platform services versions that appear unused |
1042253-1 | 2-Critical | BT1042253 | System controller upgrade from 1.2.0-10357 to 1.2.1-10301 intermittently fails★ |
1037525 | 2-Critical | BT1037525 | Some of the PCie AER severity and types are incorrect in the diagnostic monitoring. |
1034481 | 2-Critical | When using IPv6 on mgmt-floating and dhcp, it is possible to get different ip addresses on failover | |
1008549 | 2-Critical | iHealth indicates multiple unhealthy and critical states for un-inserted PSUs. | |
1005025 | 2-Critical | BT1005025 | Orchestration-manager core on standby controller during cluster bringup. |
1004049 | 2-Critical | Show system mgmt-ip displays "Application Timeout" on the Active system controller | |
995769 | 3-Major | CVE-2018-20060: python vulnerability | |
995649 | 3-Major | CVE-2018-16402: libelf vulnerability | |
995633 | 3-Major | CVE-2019-10160: Python vulnerability | |
995597 | 3-Major | CVE-2018-15688: systemd Vulnerability | |
991061 | 3-Major | Admin cannot edit the tenant config in Deployed state from GUI if the tenants are created via CLI | |
979249 | 3-Major | BT979249 | Nodes are displayed in the tenant instance IDs table even after removing them from the tenant |
951633 | 3-Major | qkview Hardening | |
950477 | 3-Major | BT950477 | USB device presence causes errors in the blade log |
950109 | 3-Major | BT950109 | Interface 'in-discards' counter not reset |
1065085-1 | 3-Major | MD5 cipher is allowed on RESTCONF port 8888 with FIPS enabled license | |
1061757 | 3-Major | VLAN Listener for a VLAN shared between tenants may not upgrade properly★ | |
1061065 | 3-Major | After controller upgrade, tenant may not work correctly due to failed install of kubevirt Pods.★ | |
1060417 | 3-Major | Tpm-integrity-status is "Unavailable" for standby controller, but tpm-status reports "Valid" | |
1060405 | 3-Major | Management-address is incorrectly displayed in lldp neighbor information | |
1058757 | 3-Major | Optical transceiver OPT-0043 reports unknown as media type | |
1054837 | 3-Major | Vcc-ConfD may fail to start new child process | |
1050761 | 3-Major | BT1050761 | System logs the following error at startup: SDK error during device programming |
1050677 | 3-Major | Disk I/O stats inaccurate in snmpwalk for partition | |
1047129 | 3-Major | Partition_tmstat_merged container core on shutdown | |
1046765 | 3-Major | BT1046765 | Tenant Data path will not work correctly on downgrade to controller version 1.1.x★ |
1046217 | 3-Major | Database import fails after database reset | |
1045253 | 3-Major | Errors related to LCD module show up in logs | |
1045177 | 3-Major | Stale interfaces left behind upon portgroup mode change from 100GB to 40GB | |
1044557-1 | 3-Major | BT1044557 | Output from the image removal command is confusing and reveals inappropriate, internal details. |
1044257 | 3-Major | BT1044257 | Removal of old chassis partition images might cause tenant issues after blade reboot★ |
1044249 | 3-Major | On initial installation, blades fail to PXE boot after chassis startup. | |
1044117-2 | 3-Major | BT1044117 | Kubevirt pods are not reinstalled after recovering cluster using internal debug setting★ |
1043909 | 3-Major | Inconsistencies in disk threshold limits.★ | |
1042785-1 | 3-Major | BT1042785 | Configuring spanning tree (stp) while disabled may display incorrect state |
1042273 | 3-Major | BT1042273 | ETCD-HA Instance may not initialize correctly after PXE-booting the system controller. |
1041381 | 3-Major | Tcpdump capture may not include broadcast and multicast egress (generated by the system and being sent out) when "--dls true" option is used | |
1039085 | 3-Major | BT1039085 | Partition config restore operation can cause the system to stop processing fdbs. |
1038557-1 | 3-Major | Partition merged stats only reflect one blade when tmstat-rsync service moves to other blade | |
1037749 | 3-Major | BT1037749 | Switch daemon crashes occasionally on shutdown. |
1037673 | 3-Major | BT1037673 | Vcc-lacpd on a system controller can crash and leave a core file while restarting. |
1035353-1 | 3-Major | Missing controller images in show image controller CLI operation | |
1034993-1 | 3-Major | Key-migrationd service can crash if server elements are incomplete | |
1034169 | 3-Major | Qkview reports status of "partial file recorded" when out of disk space | |
1033817 | 3-Major | GUI effected due to /api/data/f5-cluster:cluster/nodes/node taking more than 25 seconds to complete | |
1033813 | 3-Major | BT1033813 | Partition 'show interfaces' command can be slow |
1032697 | 3-Major | File delete operation throws an improper message | |
1032341 | 3-Major | BT1032341 | Confd Encryption key gets rewritten intermittently |
1022729 | 3-Major | Management port issues with instance names containing lacpd, lldpd, stpd, or tmstat-rsync | |
1022589 | 3-Major | New blank blades inserted into system can wind up in a reboot loop and possibly be damaged |
Cumulative fix details for F5OS-C v1.3.0 that are included in this release
995769 : CVE-2018-20060: python vulnerability
Component: F5OS-C
Symptoms:
urllib3 before version 1.23 does not remove the Authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in the Authorization header to be exposed to unintended hosts or transmitted in cleartext.
Conditions:
urllib3 before version 1.23 does not remove the Authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in the Authorization header to be exposed to unintended hosts or transmitted in cleartext.
Impact:
urllib3 before version 1.23 does not remove the Authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in the Authorization header to be exposed to unintended hosts or transmitted in cleartext.
Workaround:
N/A
Fix:
N/A
995649 : CVE-2018-16402: libelf vulnerability
Component: F5OS-C
Symptoms:
libelf/elf_end.c in elfutils 0.173 allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact because it tries to decompress twice.
Conditions:
libelf/elf_end.c in elfutils 0.173 allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact because it tries to decompress twice.
Impact:
libelf/elf_end.c in elfutils 0.173 allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact because it tries to decompress twice.
Workaround:
N/A
995645 : CVE-2019-9636: python vulnerability
Links to More Info: K57542514
995633 : CVE-2019-10160: Python vulnerability
Component: F5OS-C
Symptoms:
A security regression of CVE-2019-9636 was discovered in python, since commit d537ab0ff9767ef024f26246899728f0116b1ec3, which still allows an attacker to exploit CVE-2019-9636 by abusing the user and password parts of a URL. When an application parses user-supplied URLs to store cookies, authentication credentials, or other kind of information, it is possible for an attacker to provide specially crafted URLs to make the application locate host-related information (e.g. cookies, authentication data) and send them to a different host than where it should, unlike if the URLs had been correctly parsed. The result of an attack may vary based on the application.
Conditions:
A security regression of CVE-2019-9636 was discovered in python, since commit d537ab0ff9767ef024f26246899728f0116b1ec3, which still allows an attacker to exploit CVE-2019-9636 by abusing the user and password parts of a URL. When an application parses user-supplied URLs to store cookies, authentication credentials, or other kind of information, it is possible for an attacker to provide specially crafted URLs to make the application locate host-related information (e.g. cookies, authentication data) and send them to a different host than where it should, unlike if the URLs had been correctly parsed. The result of an attack may vary based on the application.
Impact:
A security regression of CVE-2019-9636 was discovered in python, since commit d537ab0ff9767ef024f26246899728f0116b1ec3, which still allows an attacker to exploit CVE-2019-9636 by abusing the user and password parts of a URL. When an application parses user-supplied URLs to store cookies, authentication credentials, or other kind of information, it is possible for an attacker to provide specially crafted URLs to make the application locate host-related information (e.g. cookies, authentication data) and send them to a different host than where it should, unlike if the URLs had been correctly parsed. The result of an attack may vary based on the application.
Workaround:
N/A
995597 : CVE-2018-15688: systemd Vulnerability
Component: F5OS-C
Symptoms:
It was discovered that systemd-network does not correctly keep track of a buffer size when constructing DHCPv6 packets. This flaw may lead to an integer underflow that can be used to produce a heap-based buffer overflow. A malicious host on the same network segment as the victim's one may advertise itself as a DHCPv6 server and exploit this flaw to cause a Denial of Service or potentially gain code execution on the victim's machine.
Conditions:
It was discovered that systemd-network does not correctly keep track of a buffer size when constructing DHCPv6 packets. This flaw may lead to an integer underflow that can be used to produce a heap-based buffer overflow. A malicious host on the same network segment as the victim's one may advertise itself as a DHCPv6 server and exploit this flaw to cause a Denial of Service or potentially gain code execution on the victim's machine.
Impact:
It was discovered that systemd-network does not correctly keep track of a buffer size when constructing DHCPv6 packets. This flaw may lead to an integer underflow that can be used to produce a heap-based buffer overflow. A malicious host on the same network segment as the victim's one may advertise itself as a DHCPv6 server and exploit this flaw to cause a Denial of Service or potentially gain code execution on the victim's machine.
Workaround:
N/A
991917 : F5OS: Controller/partition needs the ability to set and display a system hostname.
Component: F5OS-C
Symptoms:
System hostname is missing in operational data (state data).
For example: Even after configuring the system hostname, it is not visible when you submit the command: "show system state hostname"
syscon-2-active# show system state hostname
% No entries found.
Conditions:
1. Configure hostname in config mode using the CLI command: "system config hostname <name>".
2. Try to see the configured hostname using the CLI command: "show system state hostname".
Impact:
Hostname is not visible in state info.
Workaround:
Check for the configured hostname using the system controller's bash prompt or by checking running config of system ("show running-config system config hostname")
Fix:
Now hostname now displays when you use the CLI command: "show system state hostname."
Behavior Change:
"show system state hostanme" now gives a valid response and displays the current set hostname.
991061 : Admin cannot edit the tenant config in Deployed state from GUI if the tenants are created via CLI
Component: F5OS-C
Symptoms:
Tenant validations are not working when a tenant is created using the CLI and subsequently edited in the GUI.
Conditions:
Admin creates the tenant via CLI and subsequently edits the following tenant config when the running-state is set to Deployed:
-- Scale-up/Scale-down the tenant.
-- Add/Remove VLAN.
Impact:
Admin cannot scale up/scale down the cluster using the GUI if the tenant is initially deployed via CLI.
Workaround:
Use the CLI to scale-up/scale-down and add/remove the VLAN to the tenant.
989461 : CVE-2020-29573 glibc: stack-based buffer overflow if the input to any of the printf family of functions is an 80-bit long double with a non-canonical bit pattern
Links to More Info: K27238230
989189 : CVE-2019-18282: Linux kernel vulnerability
Links to More Info: K32380005
979249 : Nodes are displayed in the tenant instance IDs table even after removing them from the tenant
Links to More Info: BT979249
Component: F5OS-C
Symptoms:
When running the following command in confd:
show running-config tenants tenant dag-tenant config nodes
One of the fields displayed is tenant-instance-ids. The ID is displayed even after deleting the tenant instance.
Conditions:
Add a tenant and then delete it.
Impact:
The tenant instance ID is still displayed. This is cosmetic and there is no functional impact.
Workaround:
None
Fix:
The active tenant list is now displayed properly.
951633 : qkview Hardening
Component: F5OS-C
Symptoms:
Under certain conditions, qkview does not follow current best practices.
Conditions:
Occurs while running qkview.
Impact:
Under certain conditions, qkview does not follow current best practices.
Workaround:
N/A
950477 : USB device presence causes errors in the blade log
Links to More Info: BT950477
Component: F5OS-C
Symptoms:
When a USB device is present in the blade, the VELOS.log contains a large number of errors from platform-hal related to the USB device and attempts to detect it.
Conditions:
USB device is present in the blade.
Impact:
Numerous unnecessary messages appear in the log.
Workaround:
These messages are benign, and you can safely ignore them.
950109 : Interface 'in-discards' counter not reset
Links to More Info: BT950109
Component: F5OS-C
Symptoms:
If you issue a reset counters command, the in-discards counter is not reset to 0.
Conditions:
Issue 'reset counters interfaces <interface>' or 'reset counters all' commands.
Impact:
Counter is not reset to 0.
Workaround:
None
1068517-1 : Software rebroadcaster is dropping all packets, 'rx_drops_no_producer'
Links to More Info: BT1068517
Component: F5OS-C
Symptoms:
Inbound ARP broadcasts on VLANs shared by the tenants are not received.
Conditions:
A high volume of DLF packets are handled by the software rebroadcaster.
Impact:
Loss of connectivity on VLANs shared among tenants.
Workaround:
Restart the sw_rbcast container on the affected blade:
# docker restart partition_sw_rbcast
Fix:
Use asynchronous messages to fpgamgr for DLF lookup to prevent the ZMQ socket from filling up.
1065085-1 : MD5 cipher is allowed on RESTCONF port 8888 with FIPS enabled license
Component: F5OS-C
Symptoms:
When the System is installed with a FIPS enabled license, some of the MD5 ciphers are still allowed on RESTCONF port 8888 which is supposed to be disallowed.
Conditions:
The command "openssl s_client -connect <mgmt-ip>:8888 -cipher MD5" returns a valid certificate.
Impact:
MD5 SSLCipher continues to work on port 8888 on both system controller and partition mgmt-ips.
Workaround:
None
Fix:
Removed MD5 SSLCipherSuites from ssl.conf when FIPS enabled license is installed in the system.
1061757 : VLAN Listener for a VLAN shared between tenants may not upgrade properly★
Component: F5OS-C
Symptoms:
After upgrading from 1.1.4 to a 1.2 release when there are tenants configured that share VLANs, the VLAN listener is not properly upgraded.
Conditions:
Tenants sharing VLANs in a configuration that is upgraded from 1.1.4 to 1.2.x.
Impact:
Traffic will not pass correctly.
Workaround:
Remove the VLAN from the interface(s) and then add it back (no changes to the tenant are necessary).
This re-creates the vlan-listener with the correct VTC value.
1061065 : After controller upgrade, tenant may not work correctly due to failed install of kubevirt Pods.★
Component: F5OS-C
Symptoms:
After a controller upgrade, the kubevirt Pods that are part of that upgrade can fail to install correctly so the tenant will not deploy.
Conditions:
-- Controllers were recently upgraded.
-- Kubevirt Pods not installed correctly
Impact:
Tenant will not deploy correctly.
Workaround:
1. remove existing kubevirt Pods that are incorrectly installed.
2. Manually edit the kubevirt-velos-install.sh script to point to the correct registry port.
3. Rerun the install script to install the kubevirt Pods
correctly.
Fix:
The kubevirt-velos-install.sh script is updated to the correct registry port, which allows the kubevirt Pods to be updated correctly.
1060417 : Tpm-integrity-status is "Unavailable" for standby controller, but tpm-status reports "Valid"
Component: F5OS-C
Symptoms:
The tpm-integrity-status is "Unavailable" for the standby controller, but tpm-status reports "Valid".
Conditions:
This is encountered when checking TPM status:
syscon-2-active# show components component controller-* state tpm-integrity-status TPM
INTEGRITY
NAME STATUS
---------------------------
controller-1 Unavailable
controller-2 Valid
Impact:
Wrong tpm-status will be displayed on confD.
Workaround:
Restart vcc-chassis-manager container.
From the root prompt of the system controller:
[root@controller-1 ~]# docker restart vcc-chassis-manager
Fix:
Issue is fixed in latest release. We are checking tpm-status in regular interval and updating correct information in confD.
1060405 : Management-address is incorrectly displayed in lldp neighbor information
Component: F5OS-C
Symptoms:
The 'show lldp' command displays the management-address of the neighbor incorrectly.
Conditions:
-- lldp enabled
-- Run the 'show lldp' command
Impact:
Management-address of the neighbor is shown incorrectly. It is the display issue, there is no functional impact.
Workaround:
None
1059209 : No tenant config attributes are allowed after 'storage size'
Links to More Info: BT1059209
Component: F5OS-C
Symptoms:
While configuring the tenant in the one-line command, you are unable to give any other parameters after the storage size parameter. The storage size should be given at the end of the command only.
Conditions:
Preferring the storage command early while configuring the tenant in one-line command.
Impact:
Commands fail as invalid input if any other parameters are mentioned after storage size.
Workaround:
Place the storage size parameter at the end of command or split the config into multiple lines.
1058757 : Optical transceiver OPT-0043 reports unknown as media type
Component: F5OS-C
Symptoms:
"show portgroups" reports unknown for the media type for an OPT-0043
Conditions:
OPT-0043 transceiver plugged into a system
Impact:
Cosmetic - this has no functional impact. The media field is not used by any software, it is reported as information for the user.
Workaround:
None
Fix:
OPT-0043 now reports media type as "40G BiDi"
1055841 : Chassis component alarm LED shows up on active controller
Component: F5OS-C
Symptoms:
Chassis component alarm LED shows up on the active controller instead of the LCD module.
Conditions:
If a chassis component, such as a PSU, generates an alarm, the RED alarm LED would show up on the active controller instead of the LCD module
Impact:
A RED alarm LED could indicate a controller problem instead of a chassis component problem.
Workaround:
None.
Fix:
Chassis component alarms, such as from a PSU, now generate a RED alarm LED on the chassis instead of the active controller.
1055397 : Platform registry ports could become mismatched depending on import timing
Component: F5OS-C
Symptoms:
Under certain conditions, it is possible for the platform registry port configuration to become mismatched between the two system controllers. This can lead to a number of cascading issues with tenant deployments later.
Conditions:
If a platform image import succeeds on one system controller and fails on the other, or a sync of multiple images leads to them being imported in a different order on the standby system controller compared to the active, it is possible to encounter this scenario.
Impact:
Tenants that reference a version of imported software with mismatched ports may attempt to pull images from the wrong registry port, resulting in tenant failure or starting up with the wrong version of platform software images.
Workaround:
It is possible to fix the port mismatch by removing and re-importing the images with mismatched port assignments.
Fix:
Fixed issue where platform registry ports could become mismatched depending on import timing
1055329 : VLAN shared between two tenants may not pass traffic to tenant with non-default CMP hash
Links to More Info: BT1055329
Component: F5OS-C
Symptoms:
If two tenants on a VELOS chassis are configured with a shared VLAN, one tenant may not pass traffic if it has a non-default CMP hash configured for that VLAN.
Conditions:
-- VELOS chassis
-- Configure a VLAN shared between two or more tenants
-- In one tenant, configure a non-default CMP hash for the VLAN
Impact:
No connectivity.
Workaround:
After configuring a non-default cmp hash, run
`docker restart partition_sw_rbcast`
on each blade.
Fix:
Fixed operation of shared vlan when cmp hash is not the default.
1055189-1 : Optical transceiver tuning values for OPT-0048 updated to reduce errors
Component: F5OS-C
Symptoms:
OPT-0048 may show intermittent errors
Conditions:
OPT-0048 optical transceiver inserted into r10000 or r5000 appliance
Impact:
intermittent optical transceiver errors
Workaround:
None
1054837 : Vcc-ConfD may fail to start new child process
Component: F5OS-C
Symptoms:
The error message
<err> Oct 13 13:41:40 vcc_install_versions_failed: Vcc-ConfD-RU: popen failed => Resource temporarily unavailable
occasionally appears in the /var/log_controller/cc-confd log.
Conditions:
Running system controller rolling upgrade.
Impact:
Presently the only known impact is the message appearing in the log.
Fix:
Vcc-ConfD processes started by popen are properly terminated with pclose.
1054021 : Tcpdump on VELOS chassis blade or rSeries appliance cores when line-dma agent layer below it fails
Component: F5OS-C
Symptoms:
Line-dma agent is the underlying layer of tcpdump in the VELOS/rSeries family of chassis and appliance products
When it is not running, or if it cores or is otherwise not available and a client wants a tcpdump capture, tcpdump may core.
Conditions:
-- line-dma-agent is not functional at start, or at some later point in time during the tcpdump capture
-- a client requests a tcpdump capture
Impact:
Packet capture will be affected and will not work
Fix:
Tcpdump does not core anymore, and will retry line-dma-agent connection when clients ask for capture
1052941-2 : Hardware-fault alarm not cleared.
Links to More Info: BT1052941
Component: F5OS-C
Symptoms:
A hardware-fault alarm triggered by RAS unknown type errors is not cleared after the errors are resolved.
Conditions:
This occurs with hardware fault alarms due to RAS unknown type. The alarm is not cleared after the issue is resolved.
Impact:
Hardware-fault alarm with severity warning will be displayed and is not cleared.
Fix:
Fixed the issue that prevents RAS unknown errors from being cleared from the diagnostics report.
1051269-1 : Partition Confd cluster disk usage threshold feature not functioning as expected.
Links to More Info: BT1051269
Component: F5OS-C
Symptoms:
When there is an update in cluster disk usage threshold configuration, the change is not reflected in the state data.
default-1(config)# cluster disk-usage-threshold config critical-limit 91
default-1(config)# commit
default-1# show cluster disk-usage-threshold state critical-limit
cluster disk-usage-threshold state critical-limit 97
Conditions:
When you connect a cluster to Confd during a firmware update and the disk-usage-threshold is updated at the same time, updates will be missed.
Impact:
Some changes to the partition may not be performed, or they may not be reflected in the state data.
Fix:
Modified the cluster disk threshold subscriber to not use a shared access object in Confd.
1050761 : System logs the following error at startup: SDK error during device programming
Links to More Info: BT1050761
Component: F5OS-C
Symptoms:
During startup of the 'fpgamgr' container, the following error is logged in velos.log: "SDK error during device programming." API="f5sw_port_spn_state_get" code=-1 error="parameter error"."
Conditions:
System startup or fpgamgr restart.
Impact:
Error log message with no functional impact
Workaround:
None
Fix:
Fixed API call to prevent an error.
1050677 : Disk I/O stats inaccurate in snmpwalk for partition
Component: F5OS-C
Symptoms:
Disk I/O stats is inaccurate in snmpwalk.
Conditions:
This occurs when running snmpwalk on a partition.
Impact:
Inaccurate disk I/O stats info in snmpwalk
Workaround:
None
Fix:
Disk I/O stats is now accurate in snmpwalk.
1047129 : Partition_tmstat_merged container core on shutdown
Component: F5OS-C
Symptoms:
When the partition_tmstat_merged container is shutting down and it receives a message from the same container on another blade in the partition, it may crash with a core.
Conditions:
Container is shutting down and also receives a message from another blade.
Impact:
Crashes with a core file. No other impact. Core can be safely ignored and removed.
Workaround:
Remove core file.
Fix:
Race condition on shutdown fixed so that if message is received on shutdown it is properly handled.
1046765 : Tenant Data path will not work correctly on downgrade to controller version 1.1.x★
Links to More Info: BT1046765
Component: F5OS-C
Symptoms:
After a controller downgrade to version 1.1.x, the tenant datapath will not operate correctly.
Conditions:
The kubevirt software version does not downgrade to the correct kubevirt software version needed in the 1.1.x controller release.
Impact:
The tenant will launch correctly, but the datapath will be broken because of the a dma-agent protocol mismatch.
Workaround:
1. In one root command shell window, run this command to delete the current version of kubevirt softare pods.
[root@controller-2 ~]# oc delete -f /tmp/omd/scripts/kubevirt-velos.yaml
2. In another root command shell window, run this command to clear the kubevirt namespace and install the new version of kubevirt pods.
[root@controller-2 kubevirt]# /usr/share/omd/kubevirt/omd-kubevirt-velos-install.sh /usr/share/omd/kubevirt/
Fix:
The tenant datapath should work properly after a downgrade.
1046217 : Database import fails after database reset
Component: F5OS-C
Symptoms:
Attempt to import database using file import in confd/config folder fails. During database reset operation config folder is deleted, due to which import fails
Conditions:
Database reset performed before import operation.
Impact:
Database import fails
Workaround:
None
Fix:
File import operation, to create configs folder if missing.
1045253 : Errors related to LCD module show up in logs
Component: F5OS-C
Symptoms:
The system controller log file can contain errors related to failed communication with the LCD module.
controller-2 platform-monitor[1]: priority="Err" msg="Action Error" name="LCD Sensor Monitor" inputId="1f156c2b-0db1-11ec-bdd4-024264410634" index=0 message="unable to get LCD sensor info" interface="zmq-input"
Conditions:
The error message shows up when the LCD module is restarting due to initial system startup or a firmware update.
Impact:
The error message is not system critical and can be safely ignored.
1045177 : Stale interfaces left behind upon portgroup mode change from 100GB to 40GB
Component: F5OS-C
Symptoms:
There are situations when stale interfaces are left behind in the config cdb, when the portgroup mode changes from 100GB to 40GB. This causes l2-agent on the blade to exit.
Conditions:
-- reset-to-defaults/backup/restore
OR
-- live install
-- change the portgroup mode from 100GB to 40GB
-- commit
Impact:
The interfaces corresponding to portgroups are not present and stale interfaces are left behind.
Workaround:
Steps for mitigation:
1) verify the issue is caused by the lack of pgindex in cdb:
a) from config mode in partition, create a backup file
(config)# system database config-backup name test
b) look for pgindex in the /var/F5/partition{id}/configs/test
c) if no entries are found, this is the issue
2) remove the slots corresponding to the impacted partition from the system controller configuration and commit
3) re-add the slots corresponding to the impacted partition from the system controller configuration and commit
4) from the partition cli, ensure the system redundancy shows the blade is present and operational
5) from the partition cli, change the portgroup mode from 100GB to 40GB and commit (example below)
(config)# portgroups portgroup 1/1 config mode MODE_40GB; top
(config)# portgroups portgroup 1/2 config mode MODE_40GB; top
(config)# commit
6) wait for the blades to resync by monitoring 'show system redundancy'
At this point the interfaces should be republished matching the new 40GB mode.
Fix:
Proper interfaces will be published to match the portgroup modes that were changed.
1044557-1 : Output from the image removal command is confusing and reveals inappropriate, internal details.
Links to More Info: BT1044557
Component: F5OS-C
Symptoms:
When running commands such as "image <controller|partition> remove iso <version>", the error output contains the following message, among other details:
"Error: unexpected response back from API: 1"
Conditions:
The output occurs after you issue a command to remove the image controller or partition images that are in use. A typical example is when you are trying to remove an ISO that uses OS/service artifacts.
Impact:
The error message from these commands is unhelpful to the user and reveals internal implementation details.
Workaround:
None
Fix:
The fix is present in version 1.2.2. The error message is replaced by one of the following (or another more helpful message if more specific information is available):
"Error: failed to remove controller image; may be in use"
"Error: failed to remove partition image; may be in use"
1044317 : dagd core
Links to More Info: BT1044317
Component: F5OS-C
Symptoms:
Dagd crashes and leaves a core file.
Conditions:
The exact conditions, especially from user point view, are not identified.
Impact:
Traffic disrupted while dagd restarts.
Workaround:
None
Fix:
Make dagd more robust against system conditions.
1044257 : Removal of old chassis partition images might cause tenant issues after blade reboot★
Links to More Info: BT1044257
Component: F5OS-C
Symptoms:
After upgrading the system to version 1.1.4 and old chassis partition images are removed from the system, tenants might not start up correctly after a reboot of the blade hosting the chassis partition.
Conditions:
This might occur if the tenant was started after the system was upgraded to an interim release (such as 1.1.1, 1.1.2, 1.1.3), after originally running version 1.1.0.
Impact:
Tenants will not start correctly, will not pass traffic, or be accessible on their management interfaces.
Workaround:
To work around this issue:
1. Upgrade the system controller to 1.1.4.
2. Wait for the system controller upgrade to complete.
3. Upgrade the chassis partition(s) to 1.1.4.
4. Wait for chassis partition upgrade(s) to complete.
5. Configure all tenants to return to the "Provisioned" state.
6. Wait for all tenants to stop.
7. Configure all tenants back to the "Deployed" state.
8. Remove the old chassis partition and system controller software versions.
Fix:
N/A
1044249 : On initial installation, blades fail to PXE boot after chassis startup.
Component: F5OS-C
Symptoms:
on initial installation, blades fail to PXE boot after chassis powers up.
Other symptoms:
1. When trying to deploy a tenant on a single blade or when multiple blades are bundled for the same partition in the Chassis Partition login (TENANT MANAGEMENT>Tenant Deployments), the "Running Version" remains "Unavailable" indefinitely.
2. Blades are not available for login or other activity from the CLI.
Conditions:
Multiple factory-fresh blades are powered up.
Impact:
Blades fail to PXE boot. This means they fail to load an initial image and cannot join a cluster.
Workaround:
On both controllers, reboot the system controller or restart the image server container.
Type the command to restart image server on each system controller:
docker restart vcc-image-server
Fix:
N/A
1044117-2 : Kubevirt pods are not reinstalled after recovering cluster using internal debug setting★
Links to More Info: BT1044117
Component: F5OS-C
Symptoms:
While reinstalling the openshift cluster by configuring an internal debug flag, the kubevirt pods were not reinstalled. Without these pods, the tenant will not operate.
Conditions:
When a cluster reinstall is initiated by configuring the internal debug flag, an internal variable was not being reset which prevented the kubevirt pods to be installed.
Impact:
The tenant will not operate.
Workaround:
In a bash console shell, execute the following command:
systemctl restart orchestration_manager_container.service
Fix:
Fix is in release V1.2.2
1043909 : Inconsistencies in disk threshold limits.★
Component: F5OS-C
Symptoms:
Inconsistencies are being observed while configuring disk threshold limits.
default-2# show cluster disk-usage-threshold state
cluster disk-usage-threshold state warning-limit 85
cluster disk-usage-threshold state error-limit 90
cluster disk-usage-threshold state critical-limit 97
cluster disk-usage-threshold state growth-rate-limit 10
cluster disk-usage-threshold state interval 60
No checks are implemented to raise an exception if you attempt to set a critical limit to a value less than error/warning limit.
Conditions:
The problem is seen only while upgrading to 1.3.0 when you configure the disk threshold limits against the constraints.
Impact:
Upgrade can fail if the constraints introduced in version 1.3.0 are violated.
Workaround:
Configure the critical limit > error and warning limit
error limit > warning limit or set to default values before upgrading to 1.3.0
Partition Confd
-------------------------
default-2(config)# cluster disk-usage-threshold config critical-limit 90
default-2(config)# cluster disk-usage-threshold config error-limit 85
default-2(config)# cluster disk-usage-threshold config warning-limit 80
default-2(config)# commit
Commit complete.
1042845 : Unable to remove platform services versions that appear unused
Links to More Info: BT1042845
Component: F5OS-C
Symptoms:
Under certain circumstances, a version of controller or partition services may appear "not in use" in ConfD/GUI tables, but removal of that version is still blocked because other parts of the service package are still in use by other system components.
Conditions:
1. Attempt to remove an (apparently inactive) version of controller or partition services via ConfD or GUI.
2. Other components on the system still silently depend on that version of services, even though ConfD/GUI output does not reflect this.
Impact:
Unable to remove versions of software that appear unused, and the cause is unclear.
Workaround:
N/A
Fix:
Removal of platform services that appear "unused" is no longer blocked by hidden higher-level component dependencies
1042785-1 : Configuring spanning tree (stp) while disabled may display incorrect state
Links to More Info: BT1042785
Component: F5OS-C
Symptoms:
While stp is disabled, configuring a field such as MSTP max-hop causes the the enabled-protocol to display an incorrect value.
Conditions:
Delete enabled-protocol configuration field.
Delete another stp configuration field such as MSTP max-hop
Impact:
The stp enabled-protocol display is incorrect.
Workaround:
To mitigate, do not configure stp while not enabled.
Fix:
Configuring stp while disabled will not lead to incorrect display.
1042273 : ETCD-HA Instance may not initialize correctly after PXE-booting the system controller.
Links to More Info: BT1042273
Component: F5OS-C
Symptoms:
The ETCD-HA instance may not initialize correctly after PXE-booting a system controller and re-installing that system controller into the openshift cluster. When the instance initializes incorrectly and one of the system controllers is down, the openshift API does not operate correctly.
Conditions:
PXE boot of a system controller in a running openshift cluster.
Impact:
When the instance initializes incorrectly and one of the system controllers is down, the openshift API does not operate correctly.
Workaround:
None
Fix:
Fixed the Ochestration-manager to correctly re-initialize the ETCD-HA instance when a system controller is PXE booted and the system controller is re-added into the openshift cluster.
1042253-1 : System controller upgrade from 1.2.0-10357 to 1.2.1-10301 intermittently fails★
Links to More Info: BT1042253
Component: F5OS-C
Symptoms:
The upgrade proceeds to the point where both system controllers boot to the new image but neither system controller becomes active.
Conditions:
Whenever this issue is observed, show full-configuration system redundancy config mode is something other than the default (auto).
Impact:
Neither system controller becomes active. The ability to configure the System controllers is compromised.
Workaround:
Restarting both Vcc-ConfD containers (or a reboot of both system controllers) should clear the problem.
Fix:
Intermittent loss of active system controller when upgrading from 1.2.0-10357 to 1.2.1-10301 is fixed in 1.2.1.
1041381 : Tcpdump capture may not include broadcast and multicast egress (generated by the system and being sent out) when "--dls true" option is used
Component: F5OS-C
Symptoms:
When DLS feature is turned on using "--dls true" option, broadcast and multicast packets generated by the host CPUs of the system and egressing out of the VELOS system will not be part of the capture.
The default mode when no "--dls" option is specified is "--dls false", which has no issue
Conditions:
The 'DLS' feature of tcpdump is turned on by explicitly invoking packet capture with the non-default mode "--dls true"
Impact:
Capture will not be complete and will not contain the egressing broadcast and multicast packets.
Workaround:
Use the default mode ( i.e no "--dls option specified) or explicitly turn off dls mode ("--dls false")
1039085 : Partition config restore operation can cause the system to stop processing fdbs.
Links to More Info: BT1039085
Component: F5OS-C
Symptoms:
In rare cases, a partition config-restore operation can cause a race condition that locks up a platform component. This causes fdbs to no longer be processed, and can affect traffic processing.
Conditions:
Issuing a config-restore operation on the partition cli. This issue is more likely to occur when the number of tenants increases.
Impact:
Fdbs will no longer be processed. Traffic processing can be impacted due to missing fdbs.
Workaround:
First, restart the network manager on both controllers:
- "docker restart partition<partition_number>_network_manager"
Second, redeploy all tenants.
1038557-1 : Partition merged stats only reflect one blade when tmstat-rsync service moves to other blade
Component: F5OS-C
Symptoms:
A few show stats commands such as 'show qos state' that report stats for all blades in a partition could report only the stats from a single blade when the tmstat-rsync service moves from the blade is was on initially to another blade.
Conditions:
The tmstat-rsync service has moved to a blade other than the initial blade it was running on and a show command that combines stats from all the blades in a partition is run.
Impact:
A few show stats commands will only report data from a single blade.
Workaround:
Restart the tmstat-rsync service so it runs back on the initial blade.
1037749 : Switch daemon crashes occasionally on shutdown.
Links to More Info: BT1037749
Component: F5OS-C
Symptoms:
Shutting down the system sometimes causes the switch daemon to crash.
Conditions:
This occurs rarely during system shutdown.
Impact:
A core file is saved to /var/shared/core/container/.
Workaround:
None.
Fix:
This has been fixed in 1.2.2 and 1.3.
1037673 : Vcc-lacpd on a system controller can crash and leave a core file while restarting.
Links to More Info: BT1037673
Component: F5OS-C
Symptoms:
Vcc-lacpd on a system controller crashes, leaving behind a core file and a system log indicating a crash occurred. After the crash, the daemon recovers within a few seconds.
Conditions:
The crash only occurs during a restart of vcc-lacpd. Most commonly, a restart will occur during a system controller software update, using the "go-standby" command, or from a fatal error.
Impact:
The internal mgmt network to all blades may go down for a few seconds. Traffic running on tenants will be unaffected.
Workaround:
Limit failover scenarios on the system controllers, like use of the system controller "go-standby" command or system controller software updates.
Fix:
Vcc-lacpd no longer leaves a core file under these conditions.
1037525 : Some of the PCie AER severity and types are incorrect in the diagnostic monitoring.
Links to More Info: BT1037525
Component: F5OS-C
Symptoms:
Some of AER error type and severity events are displayed incorrectly in the diagnostics monitoring.
Conditions:
If an AER (Advanced Error Reporting) error occurs the decoding of the error type and severity as reported in the diagnostic could be incorrect.
Impact:
AER errors in diagnostic monitoring could be interpreted incorrectly as a 'Fatal' error.
Workaround:
As there is not a complete mitigation for this, the AER errors are correctly logged in the system logs and can be confirmed by timestamp and device to obtain the correct information
Fix:
Fixed an issue with incorrect diagnostics reporting.
1035353-1 : Missing controller images in show image controller CLI operation
Component: F5OS-C
Symptoms:
After software upgrade, the controller images in display of "show image controller" shows only active controller images. The standby controller images are missing in "show image controller" CLI command. This is very occasional and won't happen always.
Conditions:
Using CLI/RESTCONF command operations for show image controller
Impact:
User won't see the standby controller images in "show image controller"
Workaround:
The reboot of standby controller using the CLI operation "system reboot controllers controller standby" would resolve the issue and bring the controller images back into CLI display.
1034993-1 : Key-migrationd service can crash if server elements are incomplete
Component: F5OS-C
Symptoms:
The key-migrationd service crashes after defining some server-group information for radius/ldap servers.
Conditions:
After defining system->aaa->server-groups->server-group but not fully defining the item, and then attempting to read the item.
Impact:
Core file is created and key-migration malfunctions.
Workaround:
Remove the partially-defined server group or fully define all server-group items.
Fix:
The key-migration works without crashing.
1034481 : When using IPv6 on mgmt-floating and dhcp, it is possible to get different ip addresses on failover
Component: F5OS-C
Symptoms:
When running IPv6 and using dhcp to assign the mgmt-floating address, a chassis failover can cause the ip address to be changed.
Conditions:
Running IPv6, using dhcp for mgmt-floating and failing over a system controller. IPv4 is unaffected as is IPv6 statically assigned addresses.
Impact:
Services wont be available on mgmt-floating as expected until the user finds the interface on an unexpected IPv6 address
Workaround:
None
1034169 : Qkview reports status of "partial file recorded" when out of disk space
Component: F5OS-C
Symptoms:
When qkview attempts to create a qkview file and there is insufficient disk space, the status recorded is "partial file recorded". The actual cause is low disk space, and no qkview is collected in this case. The recorded status should indicate so.
Conditions:
Run the qkview collection with less than 1 GB of available disk.
Impact:
Cosmetic.
Fix:
The status now indicates: Out-of-disk. Unable to create Qkview file.
1033817 : GUI effected due to /api/data/f5-cluster:cluster/nodes/node taking more than 25 seconds to complete
Component: F5OS-C
Symptoms:
The 'show cluster nodes node' command takes more than 25 seconds to complete.
Conditions:
This happens on a chassis that is not fully populated.
Impact:
The get api /api/data/f5-cluster:cluster/ takes more time, resulting in slow page load times.
Workaround:
None
Fix:
Modified diag-agent partition to check the blade ready status before contacting it for disk-usage information. This is reduce the timeouts
1033813 : Partition 'show interfaces' command can be slow
Links to More Info: BT1033813
Component: F5OS-C
Symptoms:
A 'show interfaces' command or the corresponding RESTCONF API request that includes 'show interfaces interface state counters' or 'show interfaces interface ethernet state counters' can take a long time to execute.
Conditions:
If a blade was present in the partition, but is either physically removed or powered off, but the slot is not removed from the partition configuration.
If a 'show interfaces interface state counters' query is issued for an aggregate (trunk), a delay will also be observed.
Impact:
UI screen refresh is slow (2 to 8 seconds per missing blade), or the CLI 'show' command take a long time to return.
Workaround:
Use the system controller UI or CLI to remove the non-existent blade from the partition.
Fix:
Fixed an issue causing the show interfaces command to be slow when a blade is removed.
1032697 : File delete operation throws an improper message
Component: F5OS-C
Symptoms:
A file delete operation has a confusing error message:
syscon-1-active# file delete file-name log/host/ansible.log
Only /mnt/var/confd/configs/ /var/shared/ configs/ diags/shared/ paths are allowed for Delete file operation on Controller
ConfD.
Conditions:
Attempting a file delete operation from a directory which does not have delete permission
Impact:
The error message lists the actual paths along with the virtual paths on which delete is supported.
Workaround:
None
Fix:
On file delete operation, it only list virtual paths
1032341 : Confd Encryption key gets rewritten intermittently
Links to More Info: BT1032341
Component: F5OS-C
Symptoms:
The key should always return the same value and hash, unless it is changed via key-migration.
The reading of memory (EEPROM) will sometimes return "resource temporarily unavailable" which is treated as an error instead of simply doing a retry.
Conditions:
The EEPROM might be busy because of use by other components.
Impact:
The encryption key changes, thus invalidating all currently encrypted items, thus requiring re-entry of these.
Workaround:
The only workaround is to re-enter all encrypted items and hope that the "resource temporarily unavailable" does not occur.
Fix:
Fixed an issue where the system no longer considers "resource temporarily unavailable" as an error unless it happens 10 times in a row. The system does a retry and if that works, the system avoids setting a new key.
1029561 : GNOME GLib vulnerability CVE-2021-27219
Links to More Info: K82112489
1022729 : Management port issues with instance names containing lacpd, lldpd, stpd, or tmstat-rsync
Component: F5OS-C
Symptoms:
The management port stops working when instance names contain any of the following: lacpd, lldpd, stpd, or tmstat-rsync
Conditions:
Instances whose names include any of the following:
lacpd
lldpd
stpd
tmstat-rsync
Impact:
Management port no longer works.
Workaround:
Avoid naming instances using any of the following:
lacpd
lldpd
stpd
tmstat-rsync
Fix:
You can now successfully name instances using strings containing the following:
lacpd
lldpd
stpd
tmstat-rsync
1022589 : New blank blades inserted into system can wind up in a reboot loop and possibly be damaged
Component: F5OS-C
Symptoms:
Blades fresh from manufacturing do not contain an OS image. If not made part of a partition with an os image defined, when inserted, they will wind up in a continuous reboot loop. There is potential that this may cause damage to blade components if allowed to continue for an extensive period of time.
As systems shipped from factory include all slots in the default partition and that partition is set up with a partition image already configured, this condition should only be possible when blades are added in the field and the site has added partition definitions which do not have OS images set.
Conditions:
Freshly manufactured blade installed in a system slot which is not part of a partition with a defined iso image
Impact:
Potential drive media damage if the reboot loop is allowed to continue for an extended period of time.
Workaround:
Options to mitigate:
1--Install an OS image on the new blade
2--Power down the blade using AOM until ready to load an image
The simplest method to install an os image is to be sure the installation slot is part of a partition definition which includes a set os image. By default the blade will pxeboot that image.
1008549 : iHealth indicates multiple unhealthy and critical states for un-inserted PSUs.
Component: F5OS-C
Symptoms:
The component health for PSUs that are not inserted in the VELOS chassis is shown as unhealthy along with an iHealth critical severity.
Conditions:
This issue occurs on a VELOS chassis that has one or more PSUs not populated.
Impact:
The chassis health of these non-populated PSUs are shown has unhealthy in iHealth.
Fix:
Modified diag-agent service so that it does not mark an unhealthy state for PSUs that are not present in the chassis.
1008433 : VQF hot signal asserted warnings
Links to More Info: BT1008433
Component: F5OS-C
Symptoms:
A PEL log entry occurs indicating an FPGA HOT signal asserted:
Warning | AOM | 5 | Na | VQF hot thermal event
Conditions:
This issue happens at system startup.
Impact:
If the issue occurs during system startup, it is an erroneous error message and can be safely ignored.
Workaround:
Fixed an erroneous FPGA HOT signal that occurs during system startup.
1005025 : Orchestration-manager core on standby controller during cluster bringup.
Links to More Info: BT1005025
Component: F5OS-C
Symptoms:
A core file from orchestration-manager may be created on the standby switch during cluster bringup.
Conditions:
This may occur intermittently during cluster bringup.
Impact:
A core file is generated, but orchestration-manager will restart and will not cause any issues with system function.
Workaround:
None
1004309 : NSS vulnerability CVE-2020-12403
Links to More Info: K61267093
1004305 : libxml2 2.9.10 vulnerability CVE-2020-7595
Links to More Info: K04460334
1004189 : libcroco vulnerability CVE-2020-12825
Links to More Info: K01074825
1004049 : Show system mgmt-ip displays "Application Timeout" on the Active system controller
Component: F5OS-C
Symptoms:
On a system where the standby system controller is rebooting, running the 'show system mgmt-ip' command in confd can display an "Application Iimeout" error.
Conditions:
-- Standby system controller is rebooting.
-- The 'show system mgmt-ip' command is run in confd
Impact:
This problem is limited to system controller mgmt-ip only.
Workaround:
The command would fail very first time the command is executed while standby controller is rebooting. After it fails the first time, the command displays output in subsequent retries.
Fix:
The 'show system mgmt-ip' command now works while the standby system controller is rebooting.
1000453 : CVE-2019-25013: glibc vulnerability
Links to More Info: K68251873
Known Issues in F5OS-C v1.3.x
F5OS-C Issues
ID Number | Severity | Links to More Info | Description |
1038877 | 2-Critical | Last-change value does not display date of password change | |
1035589-2 | 3-Major | Source address for TACACS server group configuration does not work | |
1028385-1 | 3-Major | Link aggregation names should not contain spaces | |
1056273 | 4-Minor | Tcpdump log level is set to default {INFO} after upgrading. | |
1045261-1 | 4-Minor | Vcc-partition-software-manager logs extraneous partition update records |
Known Issue details for F5OS-C v1.3.x
1056273 : Tcpdump log level is set to default {INFO} after upgrading.
Component: F5OS-C
Symptoms:
Tcpdump log severity level is not retained after upgrading.
Conditions:
Tcpdump log severity is set to something other than INFORMATIONAL prior to upgrading.
Impact:
Severity level changes to INFO after upgrading.
Workaround:
Reset the severity level after upgrade.
controller-1(config)# system logging sw-components sw-component tcpdumpd-manager config severity DEBUG
controller-1(config-sw-component-tcpdumpd-manager)# commit
Commit complete.
1045261-1 : Vcc-partition-software-manager logs extraneous partition update records
Component: F5OS-C
Symptoms:
Following a fresh install, vcc-partition-software-manager repeatedly logs the following extraneous records:
********
<info> Dec 2 21:46:48 publish_image_thread: Controller-2 Images state not changed.
<notice> Dec 2 21:48:25 main: retrying after failed operation
<info> Dec 2 21:48:25 main: configuration updated; num_part: 2
<notice> Dec 2 21:48:26 main: cc.out_of_service_install(false) cc.install_stage(IDLE) ha_mode(HA_MASTER) skip_notify(true) last_failed(true)
********
Conditions:
This happens always, even on an idle system which has not been configured.
Impact:
There is no functional impact, as the partition configurations are not actually being changed or updated, but the lof records fill up the VELOS log over time with unnecessary noise.
Workaround:
These messages can be safely ignored.
1038877 : Last-change value does not display date of password change
Component: F5OS-C
Symptoms:
Last-change value is shown as days since 1970-01-01, which will reflect something like: 18970, it should be in date format, like: 2021-12-09,while running confd cmd: "show system aaa authentication users user"
Conditions:
When running confd cmd: "show system aaa authentication users user"
Impact:
Invalid value of last-change is displayed in "show system aaa authentication users
Workaround:
None
1035589-2 : Source address for TACACS server group configuration does not work
Component: F5OS-C
Symptoms:
Attempting to set the source-address for a TACACS server group configuration may fail or does not work as expected.
Conditions:
Attempt to configure source-address for tacacs server group
Impact:
No functional impact as the source-address isn't used.
Workaround:
Source-address is not used by tacacs client. Do not configure source-address.
1028385-1 : Link aggregation names should not contain spaces
Component: F5OS-C
Symptoms:
BIG-IP systems exhibit erroneous behavior for a LAG when it is created with a name that contains spaces.
Conditions:
The LAG name contains spaces.
Impact:
The system cannot successfully handle the LAG with spaces in the name. The LAG is not recognized by the system.
Workaround:
Refrain from using names with spaces.
★ This issue may cause the configuration to fail to load or may significantly impact system performance after upgrade
For additional support resources and technical documentation, see:
- The F5 Networks Technical Support web site: http://www.f5.com/support/
- The AskF5 web site: https://support.f5.com/csp/#/home
- The F5 DevCentral web site: http://devcentral.f5.com/