Bug ID 540530: vCMP guest with redirect-http-to-https enabled may see incorrect set of block-device-images and block-device-hotfixes.

Last Modified: May 01, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP vCMP(all modules)

Known Affected Versions:
11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4, 11.6.0 HF5, 11.6.0 HF6, 11.6.0 HF7, 11.6.0 HF8, 11.6.1, 11.6.1 HF1, 11.6.1 HF2, 11.6.2, 11.6.2 HF1, 11.6.3, 11.6.3.1, 11.6.3.2, 11.6.3.3, 11.6.3.4, 11.6.4, 12.0.0, 12.0.0 HF1, 12.0.0 HF2, 12.0.0 HF3, 12.0.0 HF4, 13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5, 13.1.0.6, 13.1.0.7, 13.1.0.8, 13.1.1, 13.1.1.1, 13.1.1.2, 13.1.1.3, 13.1.1.4, 13.1.1.5

Fixed In:
12.1.0

Opened: Aug 18, 2015
Severity: 3-Major

Symptoms

The block-device-image and block-device-hotfix components allow a vCMP guest to view and install TMOS images located on the vCMP host, if permitted by the host. When the redirect-http-to-https setting is enabled on a vCMP guest, the set of host-provided images visible to the guest may be inconsistent with what is actually present on the host. If a guest tries to install an image that is present in its block-device-image or block-device-hotfix lists, but not present on the host, the installation will fail. Similarly, if a guest tries to install an image that is not present in its block-device-image or block-device-hotfix lists, but present on the host, the installation will fail.

Impact

The vCMP guest may not be able to list or install one or more block-device-images or block-device-hotfixes provided by the vCMP host. The guest will still be able to install images and hotfixes on its own filesystem.

Conditions

The issue occurs when the redirect-http-to-https setting is enabled on the vCMP guest. This setting can be viewed with "tmsh list sys httpd redirect-http-to-https". It is disabled by default.

Workaround

The issue can be worked around by disabling the redirect-http-to-https setting with "tmsh modify sys httpd redirect-http-to-https disabled". Shortly after disabling this setting, the set of block-device-images and block-device-hotfixes visible to the guest will synchronize with what is present on the host.

Fix Information

Enabling the redirect-http-to-https setting on a vCMP guest no longer causes the block-device-images and block-device-hotfixes visible to the guest become inconsistent with what is present on the vCMP host.

Behavior Change