Bug ID 858173: SSL Orchestrator RPM not installed on HA-peer after upgrade from 14.1.2.1

Last Modified: Dec 13, 2023

Affected Product(s):
BIG-IP Install/Upgrade, SSLO(all modules)

Known Affected Versions:
14.1.2, 14.1.2.1, 14.1.2.2, 14.1.2.3, 14.1.2.4, 14.1.2.5, 14.1.2.6, 14.1.2.7, 14.1.2.8, 14.1.3, 14.1.3.1, 14.1.4, 14.1.4.1, 14.1.4.2, 14.1.4.3, 14.1.4.4, 14.1.4.5, 14.1.4.6, 14.1.5, 14.1.5.1, 14.1.5.2, 14.1.5.3, 14.1.5.4, 14.1.5.6, 15.0.0, 15.0.1, 15.0.1.1, 15.0.1.2, 15.0.1.3, 15.0.1.4, 15.1.0, 15.1.0.1, 15.1.0.2, 15.1.0.3, 15.1.0.4, 15.1.0.5, 15.1.1, 15.1.2, 15.1.2.1, 15.1.3, 15.1.3.1, 15.1.4, 15.1.4.1, 15.1.5, 15.1.5.1, 15.1.6, 15.1.6.1, 15.1.7, 15.1.8, 15.1.8.1, 15.1.8.2, 15.1.9, 15.1.9.1, 15.1.10, 15.1.10.2, 15.1.10.3

Fixed In:
16.0.0

Opened: Dec 06, 2019

Severity: 1-Blocking

Symptoms

With BIG-IP devices configured in high availability (HA) mode, with SSL Orchestrator configured, when upgrading from v14.1.2 to v15.1.x or newer, the SSL Orchestrator configuration is not synced properly across the high availability (HA) configuration. This problem is caused by a REST framework sync issue between the devices in the high availability (HA) pair.

Impact

SSL Orchestrator configuration not syncing across the BIG-IP high availability (HA) pair.

Conditions

-- BIG-IP devices configured in high availability (HA) mode. -- SSL Orchestrator configured. -- Upgrading from v14.1.2 to v15.1.x or newer.

Workaround

The following steps are required on both high availability (HA) peers, first on the active and then on the standby BIG-IP device. 1. Open a terminal session with admin/root level access. 2. Run the following commands, in the order specified: bigstart stop restjavad rm -rf /shared/em/ssl.crt/* bigstart start restjavad restcurl -X DELETE shared/resolver/device-groups/tm-shared-all-big-ips/devices restcurl -X DELETE shared/gossip-conflicts restcurl -X DELETE shared/device-certificates restcurl -X POST -d '{"generateKeyPair": true}' shared/device-key-pair bigstart restart restjavad restnoded

Fix Information

The following procedure is always required when upgrading from 14.1.2: Perform the following on both high availability (HA) peers, first on the active and then on the standby BIG-IP device. 1. Open a terminal session with admin/root level access on BIG-IP. 2. Run the following commands, in the order specified: bigstart stop restjavad rm -rf /shared/em/ssl.crt/* bigstart start restjavad restcurl -X DELETE shared/resolver/device-groups/tm-shared-all-big-ips/devices restcurl -X DELETE shared/gossip-conflicts restcurl -X DELETE shared/device-certificates restcurl -X POST -d '{"generateKeyPair": true}' shared/device-key-pair bigstart restart restjavad restnoded

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips