Bug ID 439424: SafeNet HSM fails when installed on clustered chassis.

Last Modified: Feb 13, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP LTM, vCMP(all modules)

Known Affected Versions:
11.5.0, 11.5.1, 11.5.1 HF1, 11.5.1 HF10, 11.5.1 HF11, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5

Fixed In:
11.6.0, 11.5.1 HF6

Opened: Dec 02, 2013
Severity: 2-Critical
Related AskF5 Article:
K15997

Symptoms

Unable to correctly install and use SafeNet network HSM in cluster-mode on the BIG-IP system chassis such as VIPRION.

Impact

Unable to use SafeNet HSM with BIG-IP chassis system cluster-mode.

Conditions

Use SafeNet Network HSM with the BIG-IP chassis systems such as VIPRION or Victoria in cluster-mode.

Workaround

Follow manual install procedures for SafeNet install on each slot.

Fix Information

SafeNet HSM install now needs to be done only on the primary slot on the BIG-IP cluster-mode chassis systems such as VIPRION. A single install on the primary slot will take care of installing SafeNet on all active slots. On any already-open sessions to the BIG-IP slot(s), the PATH environment variable will need to be reloaded by executing 'source ~/.bash_profile' in order to be able to use SafeNet utilities. If at a later stage, a new blade is added or a disabled or powered-off blade is made active or is powered-on, the user will have to run 'safenet-sync.sh -p <HSM partition password>' *only* on the new secondary slot. If the new slot is made primary before running safenet-sync.sh on it, then the regular install procedure using nethsm-safenet-install.sh will be required on the new primary slot.

Behavior Change