Last Modified: Aug 01, 2024
Affected Product(s):
F5OS Velos
Fixed In:
F5OS-A 1.7.0, F5OS-A 1.5.0
Opened: Mar 31, 2023 Severity: 1-Blocking Related Article:
K000133379
When upgrading to a new version (such as 1.4.0), automatic firmware updates occur, and these interfere with the encryption key retrieval, causing a new key to be generated, which blocks api-service-gateway.
The api-service-gateway container does not come up and there is no communication with the tenant.
Upgrading to a new version where automatic firmware updates get started at boot-up.
docker exec -it system_manager bash /confd/bin/confd_cmd -c "mdel /tenants/platform-self-signed-cert/self-signed-key" /confd/bin/confd_cmd -c "mdel /tenants/platform-self-signed-cert/self-signed-cert"
The encryption key will not generate a new key unless the TPM module has none. The code will continue to retry until it succeeds or ConfD timeout occurs (300 seconds).