Last Modified: Nov 07, 2022
Affected Product:
See more info
BIG-IP vCMP
Known Affected Versions:
11.5.1, 11.5.1 HF1, 11.5.1 HF10, 11.5.1 HF11, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.10, 11.5.2, 11.5.2 HF1, 11.5.3, 11.5.3 HF1, 11.5.3 HF2, 11.5.4, 11.5.4 HF1, 11.5.4 HF2, 11.5.4 HF3, 11.5.4 HF4, 11.5.5, 11.5.6, 11.5.7, 11.5.8, 11.5.9
Opened: May 03, 2018
Severity: 3-Major
vCMP guests (ALL Guests) fail to load after reboot of hypervisor when the host master-key is changed and then the guests' master-keys are changed before first rebooting the hypervisor.
Deployed guests cannot decrypt their configurations and so are inoperative.
-- Issue the following command on vCMP Host hypervisor system: $ tmsh modify sys crypto master-key prompt-for-password -- Issue the following command on guests deployed on this hypervisor, before rebooting the hypervisor: $ tmsh modify sys crypto master-key prompt-for-password
In order to change the host master-key without causing service interruption to deployed vCMP guests (except for the necessary reboot): 1. On the host and with guests deployed, issue the following command: $ tmsh modify /sys crypto master-key prompt-for-password 2. After this interactive command completes, again on the host issue the following command: $ tmsh save sys config && tmsh reboot 3. Wait for the host and guests to come back up, then issue the following command on each guest: $ tmsh modify /sys crypto master-key prompt-for-password
None
