Cowboy Denny Posted February 15 Share Posted February 15 REFERENCE: https://support.f5.com/csp/article/K63534030 Please run validation scripts using following steps: Download Scripts Follows the steps under Step 1: Download and Prepare Scripts under the Recommended Actions section. Validate each of the following services by running the downloaded diagnostic scripts on a command shell: Access/APM service: sh RepairService.sh access -validate > ValidationOutput.txt IPSec service: sh RepairService.sh ipsec -validate > ValidationOutput.txt DoS Protection service: sh RepairService.sh dos -validate > ValidationOutput.txt Web Application Security (ASM) service: sh RepairService.sh asm -validate > ValidationOutput.txt Network Security (AFM) service: sh RepairService.sh afm -validate > ValidationOutput.txt Fraud Protection (WebSafe) service: sh RepairService.sh websafe -validate > ValidationOutput.txt Search for errors in the output: cat ValidationOutput.txt | grep "ERROR" If above command prints ERROR in the output then you are impacted by this issue and need to run the repair process under the Recommended Actions section. ElasticsearchTools-v1.5.tar.gz Recommended Actions Step 1: Download and Prepare Scripts Find the scripts and deploy as follows on the BIG-IQ CM device: Go to the F5 Downloads portal. Select Find a Download > BIG-IQ Centralized Management > 8.1.0 > Utilities. Download the ElasticsearchTools-vxxxxx.tar.gz file and transfer to the /shared/tmp directory on the BIG-IQ CM device. For information on transferring files to the BIG-IQ CM device, refer to K175: Transferring files to or from an F5 system. Extract the ElasticsearchTools.tar.gz on the BIG-IQ CM device: cd /shared/tmp tar -xzvf ElasticsearchTools-vxxxxx.tar.gz cd /shared/tmp/ElasticsearchTools-vxxxxx/ Step 2: Repair Services Repair the impacted service(s) and its Elasticsearch indices by running below repair process on any node in Elasticsearch cluster. Note: It needs to be run only once from one node, unless explicitly stated. Repairing Access (APM) service: Note: Repeat step A/B for each node in cluster, but C/D only needs to be done once from any node in cluster. A. Backup Access files in system folder on device: mkdir /var/config/rest/access/config/scripts/elasticsearch/backup/ cp /var/config/rest/access/config/scripts/elasticsearch/*.painless /var/config/rest/access/config/scripts/elasticsearch/backup/ B. Update Access files in system folder on device: /bin/cp -f *.painless /var/config/rest/access/config/scripts/elasticsearch/ C. Update Access .painless scripts: sh PushAPMScriptsToES.sh D. Update Access template files: sh RepairService.sh access Repairing IPSec service: sh RepairService.sh ipsec Repairing DoS Protection service: sh RepairService.sh dos Repairing Web Application Security (ASM) service: sh RepairService.sh asm Repairing Network Security (AFM) service: sh RepairService.sh afm Repairing Fraud Protection (WebSafe) service: sh RepairService.sh websafe Step 3: Validate Repair Process Please repeat validation found at top of this article. Save output to a new text tile (for example, ValidationOutputAfterRepair.txt). Examine the console output. If you see errors (tag ERROR) then it's possible that you may have encountered transitionary errors (for example, incorrect credentials or intermittent errors). If so, you can try repeating STEP TWO under Recommended Actions (save console output to RepairAttempt2.txt) followed again by validation at the beginning. If errors persist, please use -forcereset at the end of the command line used in STEP TWO under Recommended Actions (save console output to ForceResetAttempt1.txt)and again followed by validation at the top of the page. Step 4: Restart Services Deactivate and reactivate the impacted service/listener for the DCD on BIG-IQ CM GUI. Once done confirm that corresponding statistics show up as expected on BIG-IQ GUI. Link to comment Share on other sites More sharing options...
Recommended Posts