Last Modified: Sep 13, 2023
Affected Product(s):
BIG-IP LTM
Known Affected Versions:
12.1.0, 12.1.1, 12.1.2, 12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 12.1.3.4, 12.1.3.5, 12.1.3.6, 12.1.3.7, 12.1.4, 12.1.4.1, 12.1.5, 12.1.5.1, 12.1.5.2, 12.1.5.3, 12.1.6
Fixed In:
13.0.0
Opened: Sep 30, 2016 Severity: 3-Major
After BIG-IP upgrading in the multi-blade platform configured with Thales, the secondary platform fails to carry over Thales configuration. When running enquiry at primary slot, you will get response about Thales config. At secondary slot, you will not be able to run "enquiry".
Secondary slot doesn't have Thales HSM configured.
Thales installed on chassis.
Wait for csynced finish syncing /shared/nfast from primary slot to the secondary slot. Then run "clsh bigstart restart pkcs11d". While waiting, run this command to compare the folder size of /shared/nfast/. [root@localhost:/S1-green-P:Active:Standalone] config # clsh "du -sh /shared/nfast/" === slot 2 addr 127.3.0.2 color green === 220M /shared/nfast/ === slot 3 addr 127.3.0.3 color red === === slot 4 addr 127.3.0.4 color blue === === slot 1 addr 127.3.0.1 color green === 220M /shared/nfast/ Another workaround(maybe faster) is to reinstall Thales after upgrading. Csyncd could take 10+ minutes to finish sync'ing. A third workaround is to scp /shared/nfast/ from primary slot to secondary slot. After that, run "bigstart restart pkcs11d" e.g., [root@localhost:/S1-green-P:Active:Standalone]scp -r /shared/nfast/ slot2:/shared/
None