Bug ID 467256: Deleting OPSWAT/Epsec packages from GUI does not delete files from disk causing UCS packages to bloat

Last Modified: Feb 13, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP APM(all modules)

Known Affected Versions:
11.5.1, 11.5.1 HF1, 11.5.1 HF10, 11.5.1 HF11, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.2, 11.5.2 HF1, 11.5.3, 11.5.3 HF1, 11.5.3 HF2, 11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4, 11.6.0 HF5, 11.6.0 HF6, 11.6.0 HF7, 11.6.0 HF8

Fixed In:
12.1.0, 12.0.0, 11.6.1, 11.5.4

Opened: Jun 13, 2014
Severity: 3-Major
Related AskF5 Article:
K25633150

Symptoms

If there were multiple EPSEC packages installed on a BIG-IP system and if a UCS backup is taken subsequently, that UCS backup will contain all the files causing the UCS to become huge. Installing this UCS may fail due to disk space limitations.

Impact

UCS fails to install due to its large size.

Conditions

For this issue, multiple EPSEC packages have to be installed in the system and the UCS of this system is created.

Workaround

One can do the following: 1. Delete the EPSEC package from the GUI. 2. Then go the /config/filestore/files_d/Common_d/epsec_package_d/ Find the extra files for which there is no corresponding entry in /config/bigip.conf. 3. Delete those extraneous files manually using rm.

Fix Information

When you delete EPSEC packages using the GUI, APM now correctly deletes the corresponding EPSEC ISO file from the filestore (/config/filestore/files_d/Common_d/epsec_package_d/). Before creating archives, administrators are now required to delete non-active EPSEC packages using the GUI to make sure that non-active EPSEC ISO files are not included in the archives. Although this issue has been resolved for newly downloaded EPSEC ISO files, you might still need to perform some cleanup: 1. You must remove previous leftover EPSEC ISO files as follows: a. Delete the EPSEC package from the GUI: Select System > Software Management > Antivirus Check Updates; select an existing EPSEC package from the list and click Delete. b. Go to /config/filestore/files_d/Common_d/epsec_package_d/ and find files for which there is no corresponding entry in /config/bigip.conf. c. Delete those extraneous files manually using the rm command. 2. You cannot import huge previously created UCS archives. Instead, you should delete non-active EPSEC packages prior to creating a UCS. 3. If you want to include only one (active) EPSEC ISO in a UCS archive, you must first delete non-active EPSEC packages using the GUI.

Behavior Change