Bug ID 592647: Thales client install requires an SSH username, and always attempts to SSH into the RFS

Last Modified: Nov 07, 2022

Affected Product(s):
BIG-IP GTM, LTM(all modules)

Known Affected Versions:
11.5.1, 11.5.1 HF1, 11.5.1 HF10, 11.5.1 HF11, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.10, 11.5.2, 11.5.2 HF1, 11.5.3, 11.5.3 HF1, 11.5.3 HF2, 11.5.4, 11.5.4 HF1, 11.5.4 HF2, 11.5.4 HF3, 11.5.4 HF4, 11.5.5, 11.5.6, 11.5.7, 11.5.8, 11.5.9, 11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4, 11.6.0 HF5, 11.6.0 HF6, 11.6.0 HF7, 11.6.0 HF8, 11.6.1, 11.6.1 HF1, 11.6.1 HF2, 11.6.2, 11.6.2 HF1, 11.6.3, 11.6.3.1, 11.6.3.2, 11.6.3.3, 11.6.3.4, 11.6.4, 11.6.5, 11.6.5.1, 11.6.5.2, 11.6.5.3, 12.0.0, 12.0.0 HF1, 12.0.0 HF2, 12.0.0 HF3, 12.0.0 HF4, 12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2, 12.1.2, 12.1.2 HF1, 12.1.2 HF2, 12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 12.1.3.4, 12.1.3.5, 12.1.3.6, 12.1.3.7, 12.1.4, 12.1.4.1, 12.1.5, 12.1.5.1, 12.1.5.2, 12.1.5.3, 12.1.6, 13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1

Fixed In:
13.1.0

Opened: May 11, 2016

Severity: 4-Minor

Related Article: K58112012

Symptoms

The Thales client installation operation always attempts to SSH into the RFS machine as part of the install script, and always requires an ssh-login.

Impact

The BIG-IP user must supply the script with an SSH login name, even if it is expected that the command will fail. Thales client installation fails otherwise.

Conditions

-- A BIG-IP user installing Thales nethsm client software. -- The BIG-IP user does not have an SSH login to the RFS server.

Workaround

As long as the RFS user can run the following command, the existing script will work, even if the user is non-root: /opt/nfast/bin/rfs-setup --force -g --write-noauth <BIG-IP IP address> If the BIG-IP system cannot log into the RFS at all, you must supply a dummy login for the RFS, because the unpatched script requires an SSH username, and will always attempt to log into the RFS. With a dummy login, although this step fails, the script attempts to recover as follows: -- Instructs the user to run the following command manually on the RFS: /opt/nfast/bin/rfs-setup --force -g --write-noauth <BIG-IP IP address> -- Asks whether the command completed successfully. As long as someone runs that command on the RFS before attempting or continuing Thales installation, the operation should complete without issue. Note: It is possible to run this command on the RFS before even attempting to run the Thales installation script on the BIG-IP system.

Fix Information

Thales install now works with a non-root login to the RFS server or with no login at all.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips