Bug ID 492369: vCMP guests fail the image verification check

Last Modified: Nov 12, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP vCMP(all modules)

Known Affected Versions:
11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4, 11.6.0 HF5, 11.6.0 HF6, 11.6.0 HF7, 11.6.0 HF8, 11.6.1, 11.6.1 HF1, 11.6.1 HF2, 11.6.2, 11.6.2 HF1, 11.6.3, 11.6.3.1, 11.6.3.2, 11.6.3.3, 11.6.3.4, 11.6.4, 11.6.5, 12.0.0, 12.0.0 HF1, 12.0.0 HF2, 12.0.0 HF3, 12.0.0 HF4, 12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2, 12.1.2, 12.1.2 HF1, 12.1.2 HF2, 12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 12.1.3.4, 12.1.3.5, 12.1.3.6, 12.1.3.7, 12.1.4, 12.1.4.1, 12.1.5, 13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1, 13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5, 13.1.0.6, 13.1.0.7, 13.1.0.8, 13.1.1, 13.1.1.1, 13.1.1.2, 13.1.1.3, 13.1.1.4, 13.1.1.5, 13.1.3, 13.1.3.1, 14.0.0, 14.0.0.1, 14.0.0.2, 14.0.0.3, 14.0.0.4, 14.0.0.5, 14.0.1, 14.0.1.1, 14.1.0, 14.1.0.1, 14.1.0.2, 14.1.0.3, 14.1.0.4, 14.1.0.5, 14.1.0.6, 14.1.2, 14.1.2.1, 15.0.0, 15.0.1

Opened: Nov 21, 2014
Severity: 4-Minor
Related AskF5 Article:
K33135278

Symptoms

IF BIG-IP image verification is enabled, vCMP guests may report that image verification has failed when you attempt to upgrade, even if you place the .sig file and .iso image on the vCMP guest.

Impact

The software install fails on the vCMP guests. Software install status is reported with the following message: failed (Repository must be a file for signature validation ; /tmp/lind_util.CIcASU.).

Conditions

-- BIG-IP image verification is enabled (sys db liveinstall.checksig value "enable"). -- vCMP guests exist. -- New BIG-IP .iso image and .sig file is uploaded to the host and to the guests, and an upgrade is triggered.

Workaround

To work around this issue: -- BIG-IP system without FIPS license: 1. Disable automatic image verification. 2. Perform image verification manually before installing. -- BIG-IP system with FIPS license: Remove all images and sig files from vHost. Impact of workaround: This will have no impact on the system. To disable automatic image verification, run the following tmsh command: tmsh modify sys db liveinstall.checksig value "disable" To manually verify the image, use the procedure described in K24341140: Verifying BIG-IP software images using .sig and .pem files, available at https://support.f5.com/csp/article/K24341140.

Fix Information

None

Behavior Change