Last Modified: Jul 12, 2023
Affected Product(s):
BIG-IP vCMP
Known Affected Versions:
12.0.0, 11.6.1, 11.6.0
Fixed In:
12.1.0
Opened: Aug 18, 2015 Severity: 3-Major
The block-device-image and block-device-hotfix components allow a vCMP guest to view and install TMOS images located on the vCMP host, if permitted by the host. When the redirect-http-to-https setting is enabled on a vCMP guest, the set of host-provided images visible to the guest may be inconsistent with what is actually present on the host. If a guest tries to install an image that is present in its block-device-image or block-device-hotfix lists, but not present on the host, the installation will fail. Similarly, if a guest tries to install an image that is not present in its block-device-image or block-device-hotfix lists, but present on the host, the installation will fail.
The vCMP guest may not be able to list or install one or more block-device-images or block-device-hotfixes provided by the vCMP host. The guest will still be able to install images and hotfixes on its own filesystem.
The issue occurs when the redirect-http-to-https setting is enabled on the vCMP guest. This setting can be viewed with "tmsh list sys httpd redirect-http-to-https". It is disabled by default.
The issue can be worked around by disabling the redirect-http-to-https setting with "tmsh modify sys httpd redirect-http-to-https disabled". Shortly after disabling this setting, the set of block-device-images and block-device-hotfixes visible to the guest will synchronize with what is present on the host.
Enabling the redirect-http-to-https setting on a vCMP guest no longer causes the block-device-images and block-device-hotfixes visible to the guest become inconsistent with what is present on the vCMP host.