Bug ID 904593: Configuration overwritten when using Cloud Auto Scaling template and ASM Automatic Live Update enabled

Last Modified: Nov 07, 2022

Bug Tracker

Affected Product:  See more info
BIG-IP ASM(all modules)

Known Affected Versions:
14.1.0, 14.1.0.1, 14.1.0.2, 14.1.0.3, 14.1.0.5, 14.1.0.6, 14.1.2, 14.1.2.1, 14.1.2.2, 14.1.2.3, 14.1.2.4, 14.1.2.5, 14.1.2.6, 15.0.0, 15.0.1, 15.0.1.1, 15.0.1.2, 15.0.1.3, 15.0.1.4, 15.1.0, 15.1.0.1, 15.1.0.2, 15.1.0.3, 15.1.0.4, 16.0.0, 16.0.0.1, 16.0.1, 16.0.1.1, 16.0.1.2

Fixed In:
16.1.0, 15.1.0.5, 14.1.2.7

Opened: Apr 28, 2020
Severity: 2-Critical

Symptoms

When a Cloud Auto Scaling deployment is set up using F5's Auto Scale Template, and ASM Live Update is configured with Automatic Download enabled, the configuration may be overwritten during a scale out event when a new host joins the sync cluster. This is caused by a config sync from the new device to the primary device, before the primary has a chance to sync the configuration to the new device, causing the configuration in the primary device to be overwritten.

Impact

Configuration of all devices in the Auto Scale group is overwritten.

Conditions

-- Using F5's Auto Scaling template. -- Auto Scale script is configured with --block-sync (which is the default). -- ASM Live Update is configured with Automatic Download enabled. -- A scale out event occurs.

Workaround

Disable ASM Live Update Automatic Download. This can be done by disabling the liveupdate.autodownload DB variable using the onboard.js script, and adding '-d liveupdate.autodownload:disable'. For example: /usr/bin/f5-rest-node /config/cloud/aws/node_modules/@f5devcentral/f5-cloud-libs/scripts/onboard.js --log-level silly --signal ONBOARD_DONE -o /var/log/cloud/aws/onboard.log --host localhost --port 8443 -d tm.tcpudptxchecksum:software-only -d liveupdate.autodownload:disable --ping -d tm.tcpudptxchecksum:software-only -d liveupdate.autodownload:disable

Fix Information

None

Behavior Change