Bug ID 1161913: Upgrade from 15.1.8 or 15.1.8.1 to 16.x or 17.x fails, and leaves device INOPERATIVE

Last Modified: Mar 22, 2023

Bug Tracker

Affected Product:  See more info
BIG-IP All, Install/Upgrade, TMOS(all modules)

Known Affected Versions:
16.1.0, 16.1.1, 16.1.2, 16.1.2.1, 16.1.2.2, 16.1.3, 16.1.3.1, 16.1.3.2, 16.1.3.3, 17.0.0, 17.0.0.1, 17.0.0.2

Opened: Sep 28, 2022
Severity: 1-Blocking

Symptoms

Loading configuration process fails after an upgrade from 15.1.8 or 15.1.8.1 to any release 16.0 or above. The system posts errors similar to the following: -- crit tmsh[16188]: 01420001:2: Can't load keyword definition (vlan.dag_adjustment) : framework/SchemaCmd.cpp, line 825 -- crit tmsh[25644]: 01420001:2: Can't load keyword definition (vlan.nti) : framework/SchemaCmd.cpp, line 825 -- Can't find matched schema tag for association's attribute fw_zone_log_profile.pzname during loading cli version syntax: 15.1.8 -- Can't find matched schema tag for association's attribute fw_protected_zone.pzname during loading cli version syntax: 15.1.8 -- Unexpected Error: "Can't load keyword definition (vlan.dag_adjustment)" -- fatal: (Can't load keyword definition (vlan.nti)) (framework/SchemaCmd.cpp, line 825), exiting... -- emerg load_config_files[16186]: "/usr/bin/tmsh -n -g -a load sys config partitions all base " - failed. -- Loading schema version: 15.1.8 -- err mcpd[10702]: 01070422:3: Base configuration load failed.

Impact

After upgrade, config does not load. The system hangs at the base configuration load failure status. The system is inoperative.

Conditions

Upgrade from one of the following releases: -- v15.1.8 or later in the v15.1.x branch. to any of the following releases: -- v16.0 through v16.1.3.3 -- v17.0 through v17.0.0.2

Workaround

It is not possible to avoid running into a config load failure when attempting the upgrade or restoring a UCS archive from v15.1.8 or v15.1.8.1 on one of the listed versions. However, as long as the system is not using the ZBDDOS AFM functionality, it is possible to load the configuration after the upgrade via a manual workaround: 1. While the system is inoperative, log into the system as root or an administrative user and launch bash. 2. Copy and paste the following series of commands and run them in bash ### BEGIN COMMANDS (shopt -s nullglob; sed -E -i.workaround.bak -e '/dag-adjustment /d' /config/bigip_base.conf /config/partitions/*/bigip_base.conf) sed -E -i -e '/^KEYWORD dag-adjustment/d' -e '/^KEYWORD nti/d' /var/libdata/tmsh/syntax/15.1.8*/auto_schema_data_net_cli.dat for dir in /var/libdata/tmsh/syntax/15.1.8*; do mv "$dir"/auto_schema_data_security_cli.dat{,.workaround.bak} awk ' /^<REF_CMD fw-protected-zone / { refcmd=1; depth=1; next } /^<CMD fw-protected-zone/ { cmd=1; depth=1; next } /^<ASSOCIATION.*fw-protected-zone/ { depth=depth+1; next } /^>/ { if (refcmd || cmd) { if (!--depth) { refcmd = 0; cmd = 0; } next; } } /.?/ { if (refcmd || cmd) next print }' < "$dir"/auto_schema_data_security_cli.dat.workaround.bak > "$dir"/auto_schema_data_security_cli.dat rm "$dir"/auto_schema_data_security_cli.dat.workaround.bak done ### END COMMANDS 3. Load the configuration again: tmsh load sys config 4. If the config loads successfully, save it once: tmsh save sys config

Fix Information

None

Behavior Change