Release Notes : BIG-IQ Cloud, 4.5.0

Applies To:

Show Versions Show Versions

BIG-IQ Cloud

  • 4.5.0
Release Notes
Original Publication Date: 12/18/2015 Updated Date: 04/18/2019

Summary:

This release note documents version 4.5.0 of BIG-IQ Cloud.

Contents:

Product description

Cloud administrators can use BIG-IQ Cloud to supply tenants with on-demand access to resources such as networks, servers, storage, applications, and services. These cloud resources can be located on BIG-IP devices in a private local network, a public third-party cloud service, or a combination of both.

Tenants have restricted and dedicated access to resources based on their unique tenant role and user account. Cloud space can be expanded, retracted, and reallocated to tenants as needed, providing flexible resource balancing.

Screen resolution requirement

To properly display, the BIG-IQ system requires that your screen resolution is set to 1280x1024 or higher.

Browser support

BIG-IQ Cloud supports the following browsers and versions:

  • Microsoft Internet Explorer version 9 and later
  • Mozilla Firefox version 29.x and later
  • Google Chrome version 34.x and later

Supported BIG-IP versions

SOL14592 provides a summary of version compatibility for specific features between the BIG-IQ system and BIG-IP releases.

User documentation for this release

For a comprehensive list of documentation that is relevant to this release, refer to the BIG-IQ Cloud version 4.5.0 documentation page.

Software installation

For procedures about specifying network options and performing initial configuration, refer to the BIG-IQ System: Licensing and Initial Configuration guide.

Upgrading BIG-IQ Cloud

Before you can upgrade the BIG-IQ system, you must perform the following tasks:

  • Download the .iso file for the upgrade from F5 Downloads to /shared/images on the BIG-IQ system. If you need to create this directory, use the exact name /shared/images.
  • Select a disk volume on which to install the upgrade. You must install the BIG-IQ software on an available volume.
  • Locate the user configuration set (UCS) in the /var/local/ucs directory on the source installation location, and copy the UCS file to another system for safe keeping.
Warning: These procedures require that the BIG-IQ system is temporarily unavailable and unable to manage BIG-IP devices until the upgrade is complete. BIG-IP devices can continue to manage traffic during this time.

If you have configured the BIG-IQ system in a high availability cluster, perform these steps on each BIG-IQ system in the cluster in immediate succession. It is important to get the cluster members on the same software version as quickly as possible to avoid potential user experience issues.

For specific instructions about upgrading the BIG-IQ system, refer to the BIG-IQ System: Licensing and Initial Configuration guide.

New features

Cisco APIC controller integration

Full integration with Cisco APIC controller allows you to perform BIG-IP device provisioning, capacity management, and multi-tenancy access control directly through BIG-IQ Cloud.

Support for LDAP authentication

You can now use established LDAP authentication to map existing users and groups to tenant roles in BIG-IQ Cloud. Tenants can use existing shared login information, without requiring a new set of credentials specifically for BIG-IQ Cloud.

Support for vCMP

This release includes a vCMP cloud connector, which allows you to discover devices in a vCMP environment and monitor those devices from BIG-IQ Cloud.

Enhanced integration with VMware vCloud Director

You can automatically create tenants in BIG-IQ Cloud and associate them with tenant user accounts that exist in vCloud Director.

Support for using existing BIG-IP devices in a VMware NSX environment

The BIG-IQ Cloud NSX connector now allows you to use, and deploy configurations to, existing standalone BIG-IP devices in a VMware NSX environment.

Fixes

Issue Description
ID 474147 It previously took up to 30 seconds for a new administrative user to appear in the list of users after you added it. Now a new administrative user appears in the list immediately.
ID 474827 After you upgrade the BIG-IQ system to version 4.5.0, any user interface preferences you previously specified (such as panel widths, panel order, and hidden panels) now persist.
ID 475766 Previously, a BIG-IQ system in a high availability group sometimes displayed a warning status for an unhealthy peer (displaying a yellow triangle in the BIG-IQ Systems panel) with no additional information supplied. This no longer occurs.
ID 482453 The ShellShock bash vulnerability is now fixed, and this release includes patches for CVE-2014-6271, CVE-2014-6277, CVE-2014-6278, CVE-2014-7169, CVE-2014-7186, and CVE-2014-7187.
ID 486246 Creating a large file, such as a UCS archive file, no longer results in an increase in CPU utilization.

Known issues

Issue Description Workaround (if available)
ID 416114 When deploying an application from VMware vShield, the name in the tenant ID field must match the (case sensitive) tenant name that was specified on BIG-IQ Cloud. If the same (case sensitive) name is not used, the application fails to deploy. Use the exact same (case sensitive) name for the VMware vShield tenant ID and the tenant on BIG-IQ Cloud.
ID 416870 If a vShield Manager or vCloud Director user explicitly removes the BIG-IQ Cloud registration, the VMware cloud connector for that VMware product continues to display in the Connector panel, but as unhealthy. Log in to BIG-IQ Cloud as administrator, navigate to the properties screen for the VMware connector, and click the Delete button.
ID 417165 If the health of a cloud connector changes, BIG-IQ Cloud does not immediately display the change in the Connector panel. Health monitoring works as designed through the API. To view the current health of a cloud connector, refresh your browser.
ID 417179 If an application shares a server, and you select an application from the Application panel, the associated Servers do not display properly in the Server panel. To avoid this issue, do not share servers between multiple applications.
ID 417871 When logged in as administrator, newly-deployed VMware vShield applications do not display in the BIG-IQ Cloud Application panel, and the associated servers do not appear in the Servers panel. Refresh the BIG-IQ Cloud browser twice; the first refresh updates the Application panel, the second refresh updates the Servers panel.
ID 417874 If a tenant does not remove all applications from a device before an administrator deletes the device, those applications remain associated with that device. If the device is re-discovered, the applications persist and display for the tenant, but are not available for deployment. You cannot remove these applications through the user interface. To remove orphaned applications, log in to the managed device with the administrator user name and password, and delete them. To avoid this situation, administrators must first request that tenants remove applications before they delete a device on which those applications exist.
ID 426951 The Amazon EC2 connector reports an UnknownHostException error when trying to resolve the region endpoint DNS name. This issue occurs if you have not specified a DNS look up server for BIG-IQ System. To resolve this issue, you must specify the DNS settings and restart restjavad. 1) Log in to BIG-IQ System, click the name of the group for which you want to configure DNS, click Services, and specify the DNS settings. 2) From the command line, use SSH to access the BIG-IQ management IP address, log in as root user, and type: bigstart restart restjavad .
ID 431398 While booting, the BIG-IQ system may display the following warning in the console or logs: "SKIPPING unix_config_httpd: /defaults/config/templates/xui.tmpl doesn't exist!!!" This message has no impact on the BIG-IQ system's functionality. You can ignore this benign message.
ID 435629 When two BIG-IQ 7000 Platform devices are configured in a high availability pair, communication might work in only one direction between the two devices. When this occurs, Device A is marked as standby, and reports its peer as active. Device B is marked as active, and reports its peer as down. When this happens, Device B always assumes Device A is down, and always remains active. Re-initialize the certificates. Alternatively, if resetting the configuration to factory settings is an option, type the following commands on each BIG-IQ system: bigstart stop restjavad; rm -rf /shared/em/ssl.crt/*.*; rm -rf /shared/em/ssl.key/*.*; rm -rf /var/config/rest/storage; rm -rf /var/config/rest/index/; bigstart start restjavad . If resetting the configuration is not an option, perform the following steps on each device: 1) On the High Availability panel, delete the HA peer and any associated devices. 2) From the command line, type the following command to delete the local device: curl -X DELETE http://localhost:8100/shared/resolver/device-groups/cm-shared-all-big-iqs/devices . 3) To remove the existing certificates and restart the service, type the following commands on each device: bigstart stop restjavad; rm -rf /shared/em/ssl.crt/*.*; rm -rf /shared/em/ssl.key/*.*;bigstart start restjavad"
ID 440333 If you delete a BIG-IQ peer from a high availability active-active pair, then add the same BIG-IQ system back to the same (or to another) high availability pair, data between the devices no longer synchronizes. After you delete a BIG-IQ system from a high availability active-active pair, create a backup of the BIG-IQ system. Then reset the system to factory settings by typing the following command on that BIG-IQ system: bigstart stop restjavad && rm -rf /var/config/rest && bigstart start restjavad. Then, you can add it as a new backup in a high availability pair, and they properly synchronize.
ID 441278 The elasticity settings and pool license features introduced in this release do not support BIG-IP versions 11.4.1 and older.  
ID 449063 After upgrading or restarting a BIG-IQ system, the login screen displays with a message that your user credentials are invalid and does not allow you to log in. Clear the browser cache and refresh. (You may have to refresh several times.) When the login screen properly displays the host name of the BIG-IQ system, you can successfully log in.
ID 449892 Certificates for managed BIG-IP devices become invalid after upgrading from BIG-IQ Cloud version 4.1 to 4.3 and the devices become unavailable. 1) Log in to BIG-IQ Cloud and delete the managed devices from the Devices panel. 2) Log in to the BIG-IP Cloud command line and type the following command: bigstart stop restjavad; rm -rf /var/config/rest; bigstart restjavad . 3) Log in to BIG-IQ Cloud and rediscover the BIG-IP devices from the BIG-IQ Cloud > Devices panel.
ID 468029 If you set a BIG-IP device's load balancing method (pool__lb_method) without setting ssl_encryption_questions__advanced to "yes", the BIG-IP device does not use the specified load balancing method.  
ID 468310 If you configure a user with multiple attributes on the RADIUS server (such as Class <value>), the BIG-IQ system returns an error when that user attempts to log in. To resolve this issue, edit the configuration file on the RADIUS server so the user has only a single instance of each specific attribute name.
ID 471515 You cannot create a second VMware NSX connector from BIG-IQ Cloud if you deleted the service manager associated with the first connector from the VMware NSX user interface. To delete a provisioned resource on NSX, you should delete the connector from BIG-IQ Cloud, rather than deleting the service manager associated with the connect from VMware NSX. If you delete the service manager from VMware NSX, you must clear it from BIG-IQ Cloud storage. To do this, log in to the command line and type the following command: bigstart stop restjavad; rm -rf /var/config/rest; bigstart start restjavad
ID 474096 You cannot access the BIG-IQ system's user interface using Mozilla Firefox version 31 or later. This issue is caused because of security changes in Firefox. You can view more specific information here: https://blog.mozilla.org/security/2014/04/24/exciting-updates-to-certificate-verification-in-gecko/ . This workaround has security implications. To work around this issue: 1) Type about:config in the navigation bar of the Firefox browser. 2) Double-click "security.use mozillapix verification" to set it to false.
ID 474767 After you delete a BIG-IP device from the BIG-IQ system, associated objects (such as interfaces, self IP addresses, and VLANs) might continue to display in the BIG-IQ system user interface for up to 5 minutes. After that time, they no longer display.  
ID 475095 When discovering a BIG-IP device running version 11.3.x or 11.4.x with a BIG-IQ system running version 4.2 or later, the process might fail with the error message You must update the device's framework before you can manage. Delete the file /config/f5-rest-device-id from the BIG-IP device, discover the device again, select the Auto Update Framework check box, and provide the admin and root credentials.
ID 481010 Auto-provisioning a BIG-IP device in an NSX environment fails with an Unhandled exception java error, because the same IP pool was used for the discovery vNIC and for auto-provisioning. To avoid this issue, use the discovery IP pool only for vNIC discovery.
ID 482080 When you deploy two BIG-IQ Cloud applications that share the same virtual IP address, the second application fails. This occurs because the TCP port is being used by the first application.  
ID 485346 When using Mozilla Firefox 33, the BIG-IQ system user interface might freeze and not allow you to view the log in screen. In Mozilla Firefox, open a new tab and in to the browser bar, type "about:support", then click the Reset Firefox button. Alternatively, use Google Chrome version 34.x or later to access the BIG-IQ system.
ID 489584 After upgrading the BIG-IQ system from version 4.3.0 to version 4.5.0, rediscovery of a previously managed BIG-IP device running version 11.5.1-HF6 BIG-IP software might fail. Update the BIG-IP device using the update_bigip.sh script, and then re-import and DMA the version 11.5.1-HF6 BIG-IP device.
ID 490343 The framework upgrade process on a BIG-IP vCMP guest that spans multiple slots on the host system fails with the following error: "Discovery Failed: Failed to upgrade REST framework on 172.27.78.240: java.lang.IllegalStateException: One or more slot upgrades failed." Run the following commands to manually update the framework: /usr/lib/dco/packages/upd-adc/update_bigip.sh and ./update_bigip.sh
ID 497373 When the BIG-IQ system discovers or re-discovers a multi-slot BIG-IP VIPRION device, it prompts the device to upgrade its framework, regardless of its current version. You can upgrade devices with multiple active slots only through the command line. The BIG-IQ system cannot currently validate the existing framework revision with this technique. Always allow discovery to upgrade framework, even in cases where it seems unnecessary. You can upgrade devices with multiple active slots only through the command line. The BIG-IQ system cannot currently validate the existing framework revision with this technique.
ID 499273 When managing a large number (dozens to hundreds) of devices, you might notice the memory utilization for the BIG-IQ system is high and reports OutOfMemory exceptions in the /var/log/restjavad.*.log or /var/tmp/restjavad.out file. If you cannot communicate with the managed BIG-IP devices, attempt to fix any network communication problems by pinging or routing the BIG-IP device from the BIG-IQ system, and then restart the restjavad process on the BIG-IQ system by typing the following command: # bigstart restart restjavad

Removing BIG-IQ system services from a BIG-IP device

To manage a BIG-IP device using the BIG-IQ system, you must install specific BIG-IQ system components onto that device using the procedure outlined in the Device Resource Management chapter of the BIG-IQ Cloud: Cloud Management guide. In the event that you have to remove these services for any reason, use this procedure.
  1. Log in to the command line of the BIG-IP device.
  2. Stop any running BIG-IQ system services.
    Note: The msgbusd service might not be installed. You can use the bigstart status command to see if it is running.

    $ bigstart stop restjavad

    $ bigstart stop msgbusd

  3. Remove the RPM packages related to the BIG-IQ system:

    mount -o remount,rw /usr

    rpm -qa | grep f5-rest-java | xargs rpm -e --nodeps

    rpm -qa | grep msgbusd | xargs rpm -e  --nodeps

    mount -o remount,ro /usr

    This removes the BIG-IQ system components from the BIG-IP device, including the F5-contributed cloud connector iApp template (cloud_connector.tmpl).

  4. Optional: Reinstall the F5-contributed cloud connector iApp template:
    1. Download the cloud_connector.tmpl iApp template from F5 DevCentral, https://devcentral.f5.com/wiki/iApp.Cloud_Connector_iApp_Template.ashx.
      Note: You need an account to access the DevCentral site.
    2. Unzip the file, and on the BIG-IP system, upload the file to the /var/local/app_template directory.
    3. Install the template with this command: tmsh load / sys application template cloud_connector.tmpl

Contacting F5 Networks

Phone: (206) 272-6888
Fax: (206) 272-6802
Web: http://support.f5.com
Email: support@f5.com

For additional information, please visit http://www.f5.com.

Additional resources

You can find additional support resources and technical documentation through a variety of sources.

F5 Networks Technical Support

Free self-service tools give you 24x7 access to a wealth of knowledge and technical support. Whether it is providing quick answers to questions, training your staff, or handling entire implementations from design to deployment, F5 services teams are ready to ensure that you get the most from your F5 technology.

AskF5

AskF5 is your storehouse for thousands of solutions to help you manage your F5 products more effectively. Whether you want to search the knowledge base periodically to research a solution, or you need the most recent news about your F5 products, AskF5 is your source.

F5 DevCentral

The F5 DevCentral community helps you get more from F5 products and technologies. You can connect with user groups, learn about the latest F5 tools, and discuss F5 products and technology.

AskF5 TechNews

Weekly HTML TechNews
The weekly TechNews HTML email includes timely information about known issues, product releases, hotfix releases, updated and new solutions, and new feature notices. To subscribe, click TechNews Subscription, complete the required fields, and click the Subscribe button. You will receive a confirmation. Unsubscribe at any time by clicking the Unsubscribe link at the bottom of the TechNews email.
Periodic plain text TechNews
F5 Networks sends a timely TechNews email any time a product or hotfix is released. (This information is always included in the next weekly HTML TechNews email.) To subscribe, send a blank email to technews-subscribe@lists.f5.com from the email address you are using to subscribe. Unsubscribe by sending a blank email to technews-unsubscribe@lists.f5.com.

Legal notices