After Upgrade and Reboot with Install Configuration Set to Yes, the BIG-IP
Total Page:16
File Type:pdf, Size:1020Kb
K33233632: After upgrade and reboot with Install Configuration set to Yes, the BIG-IP appears to have hung or lost all configuration and mcpd, gtmd, named and others are in a restart loop Support Solution Original Publication Date: Jan 28, 2020 Update Date: Mar 25, 2021 Details Description After you upgrade the BIG-IP system to BIG-IP 14.1.2 and later, certain daemons (e.g. mcpd, gtmd, and named) may be in a restart loop and the BIG-IP appears to have hung or lost all configuration. Additionally, the device may exhibit the following symptoms: You observe error messages similar to the following in /var/log/ltm (below is an example of an mcpd restart loop): err mcpd[8710]: 01070734:3: Configuration error: MCPProcessor::initializeDB: can't chmod for directory (/config/filestore/files_d/<directory_names>) err (Permission denied). err mcpd[8710]: 01070596:3: An unexpected failure has occurred, can't chmod for directory (/config /filestore/files_d/<directory_names>) err (Permission denied). - sys/validation/FileObject.cpp, line 612, exiting... You observe error messages similar to the following in /var/log/ltm: 01420006:3: Loading configuration process failed. You observe error messages similar to the following in /var/log/auditd/audit.log (below is an example for an mcpd restart loop): Note: The message contains denied and unlabeled_t shown in bold below. type=AVC msg=audit(day_time): avc: denied { setattr } for pid=13624 comm="mcpd" name=" external_monitor_d" dev="dm-11" ino=307 scontext=system_u:system_r:mcpd_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=dir The Configuration utility displays the following: The configuration has not yet loaded. If this message persists, it may indicate a configuration problem. Environment BIG-IP 14.1.2 and later A BIG-IP Upgrade Cause The issues described in this article are caused by broken SELinux permissions due to Bug ID 862937 Recommended Actions Choose one of the following: Perform the workaround in Bug ID 862937. Prior to upgrading to BIG-IP 14.1.2 and later, check the BigDB value is enabled for liveinstall. moveconfig and liveinstall.saveconfig with the following command: tmsh list sys db liveinstall.moveconfig liveinstall.saveconfig Then boot to the newly installed software by setting Install Configuration to No. When the Live Install BigDB settings are enabled, the configuration is automatically copied to the new boot location during upgrade. Setting the Install Configuration option to Yes is for situations when you've made changes to the configuration between the time you install the software and when you boot to the new boot location. For more information about the Live Install BigDB settings and how to modify them refer to, K13438: Controlling configuration import when performing software installations Additional Information Any BIG-IP daemon can be affected by this unlabeling issue. You can check which have not been labeled properly by running the command below: ls -laRZ / 2> /dev/null | grep unlabel Related Content K24925704: Configuration load fails with error 01070734:3: Configuration error: undefined error at authz/ConfigWriter.cpp Applies to: Product: BIG-IP 16.0.X, 15.1.X, 15.0.X, 14.1.X.