Bug ID 1085805: UCS restore with SSL Orchestrator deployed fails due to multiple iFiles and incorrect iFile reference.

Last Modified: Mar 26, 2023

Affected Product(s):
BIG-IP TMOS(all modules)

Fixed In:
17.1.0

Opened: Mar 09, 2022

Severity: 2-Critical

Symptoms

The UCS restore process with SSL Orchestrator deployment fails due to multiple iFiles. This happens because the UCS restore process does not clean up the existing iFile belonging to SSL Orchestrator. On restore, the BIG-IP system contains two iFiles, one created as a part of the UCS and the other existing iFile belonging to SSL Orchestrator. Additionally, the path in the rest storage referencing the iFile object does not get updated. In the bigip.conf, the iFile version does not point to the iFile that is restored as part of the UCS restore process. To check the reference in restDB use the following https://<<MGMT-IP>>/mgmt/tm/sys/file/ifile/~Common~ssloF_global.app~SSL OrchestratoriFile?options=-hidden. A new bug was created (ID 1185001) for the iFile reference issue in bigip.conf file. The issue is caused by save/sys/config call triggered from SSL Orchestrator code base.

Impact

-- Error in the SSL Orchestrator UI. -- You are unable to make changes through the SSL Orchestrator UI.

Conditions

-- UCS contains SSL Orchestrator deployment -- iFile version number in the UCS and on the BIG-IP before restoring the UCS is different. -- Multiple iFile which belongs to SSL Orchestrator after restore. This can be verified by executing the below command on the box ll /config/filestore/files_d/Common_d/ifile_d/ | grep SSL Orchestrator

Workaround

Mitigation depends on the user state. State 1: when you know that a restore will cause multiple iFile creation, use the following. Before restoring the UCS file, perform the following steps: a) Delete the iFile object using the following command. Do not create any configuration using SSL Orchestrator UI after deleting the iFile. tmsh delete sys application service ssloF_global.app/ssloF_global b) Restore the UCS. State 2: when you already tried the UCS restore and it is in an error state, use the following a) On UCS restore when the system is in an error state, use the following command to verify multiple files: ll /config/filestore/files_d/Common_d/ifile_d/ | grep SSL Orchestrator b) Use the following commands, to delete the multiple iFiles: tmsh delete sys application service ssloF_global.app/ssloF_global rm -fr /config/filestore/files_d/Common_d/ifile_d/\:Common\:ssloF_global.app\:SSL OrchestratoriFile_* c) Restore the UCS

Fix Information

None

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips