Bug ID 797829: The BIG-IP system may fail to deploy new iApps or to reconfigure existing iApps.

Last Modified: Sep 27, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP TMOS(all modules)

Known Affected Versions:
12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2, 12.1.2, 12.1.2 HF1, 12.1.2 HF2, 12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 12.1.3.4, 12.1.3.5, 12.1.3.6, 12.1.3.7, 12.1.4, 12.1.4.1, 12.1.5, 13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1, 13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5, 13.1.0.6, 13.1.0.7, 13.1.0.8, 13.1.1, 13.1.1.1, 13.1.1.2, 13.1.1.3, 13.1.1.4, 13.1.1.5, 13.1.3, 14.0.0, 14.0.0.1, 14.0.0.2, 14.0.0.3, 14.0.0.4, 14.0.0.5, 14.0.1, 14.1.0, 14.1.0.1, 14.1.0.2, 14.1.0.3, 14.1.0.4, 14.1.0.5, 14.1.0.6, 14.1.2, 14.1.2.1, 15.0.0, 15.0.1

Opened: Jun 25, 2019
Severity: 3-Major

Symptoms

The BIG-IP system may fail to deploy new iApps or to reconfigure existing iApps. When this happens, a long error message is displayed in the GUI that begins with: script did not successfully complete: ('source-addr' unexpected argument while executing The message is also logged to /var/log/audit by scriptd with a severity of 'notice'. The unexpected argument mentioned in the error varies depending on the iApp being deployed and on the settings you configure. You may also see 'snatpool', 'ldap', etc.

Impact

New iApps cannot be deployed. Existing iApps cannot be re-configured.

Conditions

This issue occurs when: -- The BIG-IP system is configured with multiple users of varying roles. -- The scriptd daemon has already spawned the maximum number (5) of allowed child processes to serve its queue, and all the processes were assigned a low 'security context'. This can happen, for instance, if a low-privileged user (such as an Auditor) has been looking at the configuration of iApps using the GUI a lot. -- Subsequentially, a high-privileged user (such as an Administrator) attempts to deploy a new iApp or reconfigure an existing one. Note: You can inspect the number of child processes already created by scriptd by running the following command: pstree -a -p -l | grep scriptd | grep -v grep However, it is not possible to determine their current 'security context'.

Workaround

Restart scriptd. To restart scriptd, run: bigstart restart scriptd Running this command has no negative impact on the system. The workaround is not permanent; the issue may occasionally recur depending on your system usage.

Fix Information

None

Behavior Change