Last Modified: Jan 30, 2025
Affected Product(s):
F5OS F5OS-C, Install/Upgrade
Known Affected Versions:
F5OS-C 1.6.0, F5OS-C 1.6.1, F5OS-C 1.6.2
Fixed In:
F5OS-C 1.8.0
Opened: Sep 05, 2024 Severity: 1-Blocking
There is a potential for the default partition to incorrectly initialize the partition primary key at initial startup. If this happens the API gateway on the blades will log this error message and secure tenants will be unable to connect. 2024-09-05T17:05:18.626737+00:00 default api-svc-gateway[12]: nodename=blade-1(p1) priority="Err" version=1.0 msgid=0x5803000000000010 msg="Key header check failed" HEADER="????xg?A????j?8?????p?}=?ajT". Once the database & key are mismatched, the partition database is non-recoverable.
Tenant will be unable to connect to the API Gateway and start up correctly. Other encrypted fields will also be unable to be decoded.
This issue only affects the "default" partition, and only during initial database creation following either a USB install or resetting the system controller database using "system database config reset-default-config true". It does not affect any other partition. It does not occur if the controller database is reinitialized using "system database reset-to-default".
Before configuring and enabling the default partition, recreate the default partition using the following command sequence. syscon-2-active# config Entering configuration mode terminal syscon-2-active(config)# no partitions partition default syscon-2-active(config)# validate Failed: illegal reference 'slots slot 1 partition' syscon-2-active(config)# partitions partition default ; exit syscon-2-active(config)# validate Validation complete syscon-2-active(config)# commit Commit complete. If the partition has ever been enabled, this sequence will not have the desired effect, and will not repair the partition.
The database startup initialization is fixed to ensure that the default partition primary key is correctly initialized.