Bug ID 556277: Config Sync error after hotfix installation (chroot failed rsync error)

Last Modified: Feb 13, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP Install/Upgrade, TMOS(all modules)

Known Affected Versions:
11.2.1, 11.4.1, 11.5.0, 11.5.1, 11.5.1 HF1, 11.5.1 HF10, 11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4, 11.6.0 HF5, 11.6.0 HF6, 11.6.0 HF7

Fixed In:
11.6.1 HF1, 11.6.0 HF8, 11.5.4 HF3, 11.5.1 HF11, 11.4.1 HF10

Opened: Nov 04, 2015
Severity: 3-Major
Related AskF5 Article:
K36285422

Symptoms

Once an installation has been booted into, applying a hotfix over that installation does not change the SELinux policy, but instead uses the previously installed SELinux policy.

Impact

Sync of file objects might fail with an error similar to the following: 01071488:3: Remote transaction for device group [name] to commit id [number] failed with error 01070712:3: Caught configuration exception (0), verify_sync_result:() :Failed to sync files. - sys/validation/FileObject.cpp, line 6276..

Conditions

This affects installations of a later hotfix atop an earlier hotfix, or onto a base build of the same software version. Installation onto a new volume is unaffected. To determine whether the configuration will experience this issue, use md5sum to see whether the following have the same checksums: -- /etc/selinux/targeted/modules/active/modules/f5_mcpd.pp -- /usr/share/selinux/targeted/f5_mcpd.pp. If the checksums are the same, the system will use the SELinux policy installed with the previous hotfix, and this issue will occur.

Workaround

Instead of installing the hotfix over an existing installation of the base build of that version (or an earlier hotfix), install the base ISO (for example 11.5.4) into a volume, and then install the hotfix onto that volume, without booting the volume in between.

Fix Information

Installing a hotfix over an existing base install now rebuilds the SELinux policy as expected.

Behavior Change