Original Publication Date: 06/08/2015
This release note documents version 4.5.0 of BIG-IQ Device.
As a network administrator, you can use BIG-IQ Device to centrally manage multiple physical and virtual BIG-IP devices. This management includes pool and utility license management, software image installation, back up and restoration of UCS files, and back up and restoration of specific configuration files to one or more BIG-IP devices. BIG-IQ Device also helps you with device inventory tasks by keeping you apprised of every detail about your managed devices, including health, and provides you with the infrastructure to use SNMP to manage system events and send email alerts.
To properly display, the BIG-IQ system requires that your screen resolution is set to 1280x1024 or higher.
BIG-IQ Device supports the following browsers and versions:
SOL14592 provides a summary of version compatibility for specific features between the BIG-IQ system and BIG-IP releases.
For a comprehensive list of documentation that is relevant to this release, refer to the BIG-IQ Device version 4.5.0 documentation page.
For procedures about specifying network options and performing initial configuration, refer to the BIG-IQ System: Licensing and Initial Configuration guide.
Before you can upgrade the BIG-IQ system, you must perform the following tasks:
If you have configured the BIG-IQ system in a high availability cluster, perform these steps on each BIG-IQ system in the cluster in immediate succession. It is important to get the cluster members on the same software version as quickly as possible to avoid potential user experience issues.
|ID 437741||BIG-IP devices no longer populate the restjavad.o.logs with repeated messages from the IdentifiedDeviceWorker when the BIG-IQ system discovers the BIG-IP device on a VLAN other than a VLAN named internal.|
|ID 474147||It previously took up to 30 seconds for a new administrative user to appear in the list of users after you added it. Now a new administrative user appears in the list immediately.|
|ID 474827||After you upgrade the BIG-IQ system to version 4.5.0, any user interface preferences you specified (such as panel widths, panel order, and hidden panels) now persist.|
|ID 474728||BIG-IQ Device no longer allows you to deploy incompatible tasks that previously resulted in an error.|
|ID 475470||Template objects now properly appear after you expand a template node in the Device Templates panel.|
|ID 475766||Previously, a BIG-IQ system in a high availability group sometimes displayed a warning status for an unhealthy peer (displaying a yellow triangle in the BIG-IQ Systems panel) with no additional information supplied. This no longer occurs.|
|ID 482453||The ShellShock bash vulnerability is now fixed, and this release includes patches for CVE-2014-6271, CVE-2014-6277, CVE-2014-6278, CVE-2014-7169, CVE-2014-7186, and CVE-2014-7187.|
|ID 486246||Creating a large file, such as a UCS archive file, no longer results in an increase in CPU utilization.|
|Issue||Description||Workaround (if available)|
|ID 428383||When you use the search field to filter for a number or phrase associated with a particular BIG-IP device, you may get some unexpected results. This occurs because BIG-IQ Device filters on all fields, not just those displayed in the Devices panel.|
|ID 431398||While booting, the BIG-IQ system may display the following warning in the console or logs: "SKIPPING unix_config_httpd: /defaults/config/templates/xui.tmpl doesn't exist!!!"||This message has no impact on the BIG-IQ system's functionality. You can ignore this benign message.|
|ID 435629||When two BIG-IQ 7000 Platform devices are configured in a high availability pair, communication might work in only one direction between the two devices. When this occurs, Device A is marked as standby, and reports its peer as active. Device B is marked as active, and reports its peer as down. When this happens, Device B always assumes Device A is down, and always remains active."||Re-initialize the certificates. Alternatively, if resetting the configuration to factory settings is an option, type the following commands on each BIG-IQ system: bigstart stop restjavad; rm -rf /shared/em/ssl.crt/*.*; rm -rf /shared/em/ssl.key/*.*; rm -rf /var/config/rest/storage; rm -rf /var/config/rest/index/; bigstart start restjavad . If resetting the configuration is not an option, perform the following steps on each device: 1) On the High Availability panel, delete the HA peer and any associated devices. 2) From the command line, type the following command to delete the local device: curl -X DELETE http://localhost:8100/shared/resolver/device-groups/cm-shared-all-big-iqs/devices . 3) To remove the existing certificates and restart the service, type the following commands on each device: bigstart stop restjavad; rm -rf /shared/em/ssl.crt/*.*; rm -rf /shared/em/ssl.key/*.*;bigstart start restjavad"|
|ID 440333||If you delete a BIG-IQ peer from a high availability active-active pair, then add the same BIG-IQ system back to the same (or to another) high availability pair, data between the devices no longer synchronizes.||After you delete a BIG-IQ system from a high availability active-active pair, create a backup of the BIG-IQ system. Then reset the system to factory settings by typing the following command on that BIG-IQ system: bigstart stop restjavad && rm -rf /var/config/rest && bigstart start restjavad Then, you can add it as a new backup in a high availability pair, and they properly synchronize.|
|ID 449063||After upgrading or restarting a BIG-IQ system, the login screen displays with a message that your user credentials are invalid and does not allow you to log in.||Clear the browser cache and refresh. (You may have to refresh several times.) When the login screen properly displays the host name of the BIG-IQ system, you can successfully log in.|
|ID 450658||If you deploy a job to perform a "Factory Install" to a physical BIG-IP device, and specify configuration files to deploy as part of that job, the job might fail unexpectedly and display the following message in the log file: /var/log/restjavad.0.log on the target machine: com.f5.rest.workers.autodeploy.ConfigInstallTaskWorker$ProcessTaskException: Failed to run command: [tmsh, -a, load, sys, config] Followed by several lines that appear similar to: 01070605:3: Cannot delete IP 10.10.0.1 because it would leave a pool member (pool /Common/Pool34-b) unreachable.||To avoid this, the name field of the self IP address must equate to the address field (excluding the netmask). For example, if the address field is "22.214.171.124/15", the name field must be "126.96.36.199". If the job failed due to this issue, you can complete the job by running the command tmsh load sys config on the target BIG-IP device.|
|ID 455957||If the icrd log file contains "RestServer, SEVERE,accept(...) returned unknown errno 24" and iControl REST calls are timing out|
|ID 468310||If you configure a user with multiple attributes on the RADIUS server (such as Class <value>), the BIG-IQ system returns an error when that user attempts to log in.||To resolve this issue, edit the configuration file on the RADIUS server so the user has only a single instance of each specific attribute name.|
|ID 472377||When manually activating a pool registration key with two or more offering licenses, BIG-IQ Device does not verify that the license matches the offering SKU. For example, if you mean to activate offering SKU for "X" and paste the license into BIG-IQ where offering SKU "Y" is expected, BIG-IQ Device does not detect the discrepancy. If this occurs, and you deploy that license to a BIG-IP device, BIG-IQ Device applies the incorrect license and the BIG-IP device might not have the expected features enabled.||If this occurs in your environment, re-active the pool registration key, taking care to paste the correct license text for each offering SKU license.|
|ID 474096||You cannot access the BIG-IQ system's user interface using Mozilla Firefox version 31 or later.||This issue is caused because of security changes in Firefox. You can view more specific information here: https://blog.mozilla.org/security/2014/04/24/exciting-updates-to-certificate-verification-in-gecko/ . This workaround has security implications. To work around this issue: 1) Type about:config in the navigation bar of the Firefox browser. 2) Double-click "security.use mozillapix verification" to set it to false.|
|ID 474767||After you delete a BIG-IP device from the BIG-IQ system, associated objects (such as interfaces, self IP addresses, and VLANs) might continue to display in the BIG-IQ system user interface for up to 5 minutes. After that time, they no longer display.|
|ID 475095||When discovering a BIG-IP device running version 11.3.x or 11.4.x with a BIG-IQ system running version 4.2 or later, the process might fail with the error message. You must update the device's framework before you can manage it.||Delete the file /config/f5-rest-device-id from the BIG-IP device, discover the device again, select the Auto Update Framework check box, and provide the admin and root credentials.|
|ID 483739||You can create deployment jobs (Apply Config, Upgrade Software, License Device) only for devices that belong to the Managed BIG-IPs group. You cannot create a deployment job for devices in any other group.||Add the device, for which you want to create a deployment job, to the Managed BIG-IPs group.|
|ID 485346||When using Mozilla Firefox 33, the BIG-IQ system user interface might freeze and not allow you to view the log in screen.||In Mozilla Firefox, open a new tab and in to the browser bar, type "about:support", then click the Reset Firefox button. Alternatively, use Google Chrome version 34.x or later to access the BIG-IQ system.|
|ID 489584||After upgrading the BIG-IQ system from version 4.3.0 to version 4.5.0, rediscovery of a previously managed BIG-IP device running version 11.5.1-HF6 BIG-IP software might fail.||Update the BIG-IP device using the update_bigip.sh script, and then reimport and DMA the version 11.5.1-HF6 BIG-IP device.|
|ID 490343||The framework upgrade process on a BIG-IP vCMP guest that spans multiple slots on the host system fails with the following error: "Discovery Failed: Failed to upgrade REST framework on 172.27.78.240: java.lang.IllegalStateException: One or more slot upgrades failed."||Run the following commands to manually update the framework: /usr/lib/dco/packages/upd-adc/update_bigip.sh and ./update_bigip.sh|
|ID 490976||Deploying a configuration template to a BIG-IP device occasionally fails and the BIG-IQ system returns a JSON configuration error. This occurs because configuration templates may support attributes that are not supported by the version of the managed BIG-IP device.||If the error occurred because the configuration template includes a BIG-IP object attribute that does not exist in the targeted BIG-IP version, you may be able to work around the issue by editing the template through the REST API and removing the incompatible field. You cannot perform this change from the user interface. Note that the template API is not a supported API, and is subject to change or removal without notice. Templates are stored in a collection at the path /mgmt/cm/autodeploy/simple-templates. To make this change, perform a GET to retrieve the current state, edit that state, then perform a PUT or PATCH to apply the updated state. You need to edit only the content field.|
|ID 497002||If you discover a BIG-IP device from BIG-IQ Security and then later attempt to discover that same BIG-IP device from BIG-IQ Device, you might receive a duplicate item error.||Discover the BIG-IP device again from BIG-IQ Security, and then again from BIG-IQ Device.|
|ID 499273||When managing a large number (dozens to hundreds) of devices, you might notice the memory utilization for the BIG-IQ system is high and reports OutOfMemory exceptions in the /var/log/restjavad.*.log or /var/tmp/restjavad.out file.||If you cannot communicate with the managed BIG-IP devices, attempt to fix any network communication problems by pinging or routing the BIG-IP device from the BIG-IQ system, and then restart the restjavad process on the BIG-IQ system by typing the following command: # bigstart restart restjavad|
|ID 509028||When a BIG-IP Device Cluster is used with the F5 HNV Gateway Provider Plugin, and one device is unavailable, the F5 HNV Gateway Provider Plugin cannot apply configuration updates to the remaining devices.|
|ID 513613||If someone makes a modification to the certificate information on a managed device (for example, changing the certificate's canonical name), that device becomes unavailable to the BIG-IQ system managing it.||There are two workarounds for this situation. The first (A) is the recommended workaround: Workaround (A) With this solution, communication (and device discovery) is restored and socket reuse is disabled for the BIG-IQ system. Disabling reuse can impact performance, but future changes to the authentication certificate do not disable management for the device. 1. Using SSH, log in to the BIG-IQ system as root. 2. Stop restjavad by typing the command, bigstart stop restjavad 3. In /etc/bigstart/scripts/restjavad, edit ARGS="--port=8100 ..." to read as follows: ARGS="--port=8100 --isConnectionReUseDisabled=true ..." 4. Start restjavad by typing, bigstart start restjavad Workaround (B) With this solution, communication (and device discovery) is restored, but future changes to the managed device's authentication certificate again disables device management and requires a restjavad restart. 1. Using SSH, log in to the BIG-IQ system as root. 2. Start restjavad by typing the command, bigstart start restjavad.|
$ bigstart stop restjavad
$ bigstart stop msgbusd
mount -o remount,rw /usr
rpm -qa | grep f5-rest-java | xargs rpm -e --nodeps
rpm -qa | grep msgbusd | xargs rpm -e --nodeps
mount -o remount,ro /usr
This removes, from the BIG-IP device, the BIG-IQ system components, including the F5-contributed cloud connector iApp template (cloud_connector.tmpl).
For additional information, please visit http://www.f5.com.
You can find additional support resources and technical documentation through a variety of sources.
Free self-service tools give you 24x7 access to a wealth of knowledge and technical support. Whether it is providing quick answers to questions, training your staff, or handling entire implementations from design to deployment, F5 services teams are ready to ensure that you get the most from your F5 technology.
AskF5 is your storehouse for thousands of solutions to help you manage your F5 products more effectively. Whether you want to search the knowledge base periodically to research a solution, or you need the most recent news about your F5 products, AskF5 is your source.
The F5 DevCentral community helps you get more from F5 products and technologies. You can connect with user groups, learn about the latest F5 tools, and discuss F5 products and technology.