Symptoms

In 12.1.0, a new tmsh object 'sys global-settings file-whitelist-path-prefix' controls the path from which config can be loaded. To be allowed as a config storage location, the path must exist in file-whitelist-path-prefix. Because /usr/libexec/ is not part of the path, loading auto-scaling and CloudWatch iCall configuration files from /usr/libexec/aws/ fails.

Impact

AWS auto-scaling-related automation and CloudFormation Templates (CFTs) for deploying BIG-IP will not work because 'sys global-settings file-whitelist-path-prefix' disallows /usr/libexec/aws/ is disallowed as legitimate config location.

Conditions

The issue occurs with AWS auto-scaling- and CloudWatch-related configuration files in TMOS v12.1.0.

Workaround

To work around this, add /usr/libexec/aws/ into the 'sys global-settings file-whitelist-path-prefix'. To do so, run the following tmsh command: tmsh modify sys global-settings file-whitelist-path-prefix "{/var/local/scf} {/tmp/} {/shared/} {/config/} {/usr/libexec/aws}".

Fix Information

Starting in 12.1.0-HF1, F5 Networks has changed the paths from which configuration files related to AWS autoscaling and CloudWatch can be loaded. This necessitates an extra step in the Custom AMI generation for Auto Scaling. Configuration files related to AWS auto scaling and CloudWatch have been moved to the /usr/share/aws/ directory. This change was made because the system no longer allows /usr/libexec/aws as a config file storage and load location. 12.1.0 and earlier Auto Scaling-related automation and CFT configurations must be modified to point to the new locations. The new locations for the Auto Scaling and CloudWatch config files are: The new locations for these config files are: -- /usr/share/aws/autoscale/aws-autoscale-icall-config. -- /usr/share/aws/metrics/aws-cloudwatch-icall-metrics-config.

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips