Last Modified: Apr 28, 2025
Affected Product(s):
BIG-IP vCMP
Known Affected Versions:
11.5.2, 11.5.2 HF1, 11.5.3, 11.5.3 HF1, 11.5.3 HF2, 11.5.4, 11.5.4 HF1, 11.5.4 HF2, 11.5.4 HF3, 11.5.4 HF4, 11.5.5, 11.5.6, 11.5.7, 11.5.8, 11.5.9, 11.5.10
Opened: May 03, 2018 Severity: 3-Major
vCMP guests (ALL Guests) fail to load after reboot of hypervisor when the host master-key is changed and then the guests' master-keys are changed before first rebooting the hypervisor.
Deployed guests cannot decrypt their configurations and so are inoperative.
-- Issue the following command on vCMP Host hypervisor system: $ tmsh modify sys crypto master-key prompt-for-password -- Issue the following command on guests deployed on this hypervisor, before rebooting the hypervisor: $ tmsh modify sys crypto master-key prompt-for-password
In order to change the host master-key without causing service interruption to deployed vCMP guests (except for the necessary reboot): 1. On the host and with guests deployed, issue the following command: $ tmsh modify /sys crypto master-key prompt-for-password 2. After this interactive command completes, again on the host issue the following command: $ tmsh save sys config && tmsh reboot 3. Wait for the host and guests to come back up, then issue the following command on each guest: $ tmsh modify /sys crypto master-key prompt-for-password
None