Last Modified: Mar 21, 2019
See more info
Known Affected Versions:
13.1.0, 188.8.131.52, 184.108.40.206, 220.127.116.11, 18.104.22.168, 22.214.171.124, 126.96.36.199, 188.8.131.52, 184.108.40.206, 13.1.1, 220.127.116.11, 18.104.22.168, 22.214.171.124, 126.96.36.199, 14.0.0, 188.8.131.52, 184.108.40.206, 220.127.116.11, 18.104.22.168, 14.1.0, 22.214.171.124, 126.96.36.199, 188.8.131.52
Opened: May 14, 2018
Related AskF5 Article: K43503050
There are multiple symptoms that a BIG-IP system shows when affected by this issue: -- License fails on bootup with the following error : halGetDossier returned error (7): Dossier generation failed. -- Failover between BIG-IP instances fails abruptly with the following error: Unable to retrieve domain name from ec2 metadata.
- License inoperable after bootup. - Failover between BIG-IP systems does not complete successfully.
-- Both the licensing and Failover/HA in AWS depends on access to the instance metadata provided by the EC2 cloud via the http endpoint at 169.254.169.254. -- The default gateway provided by AWS through DHCP ensures access to this metadata endpoint without any additional configuration. However, when using a custom default gateway, the access to the instance metadata endpoint might not work.
Configure a route for 169.254.169.254/32 to get to the AWS subnet default gateway. And then run a startup script after mcpd is up to reload the license. The workaround has two parts. WORKAROUND: ---------- Before upgrade: Part 1: ------- On the BIG-IP system, create a management-route for the link-local destination 169.254.169.254. 1) Set db key to allow route for link-local address: tmsh modify sys db config.allow.rfc3927 value enable 2) Create management-route for 169.254.169.254/32 that points to the AWS-provided subnet default gateway: tmsh create sys management-route meta-endpoint network 169.254.169.254/32 gateway <AWS subnet GW IP> 3) Save the config: tmsh save sys config 4) Create a qkview: qkview -f /var/tmp/before_upgrade PART 2 ------- Workaround: ---------- Reload the license by running a script once the system is up. (This process is fully documented in K11948: Configuring the BIG-IP system to run commands or scripts upon system startup :: https://support.f5.com/csp/article/K11948.)