Jump to content

Unable to remove DCD Listeners

Cowboy Denny

Recommended Posts

REFERENCE: https://support.f5.com/csp/article/K63534030

  1. Please run validation scripts using following steps: 
    1. Download Scripts

      Follows the steps under Step 1: Download and Prepare Scripts under the Recommended Actions section.

    2. Validate each of the following services by running the downloaded diagnostic scripts on a command shell:

      Access/APM service: sh RepairService.sh access -validate > ValidationOutput.txt
      IPSec service: sh RepairService.sh ipsec -validate > ValidationOutput.txt
      DoS Protection service: sh RepairService.sh dos -validate > ValidationOutput.txt
      Web Application Security (ASM) service: sh RepairService.sh asm -validate > ValidationOutput.txt
      Network Security (AFM) service: sh RepairService.sh afm -validate > ValidationOutput.txt
      Fraud Protection (WebSafe) service: sh RepairService.sh websafe -validate > ValidationOutput.txt

    3. Search for errors in the output:

      cat ValidationOutput.txt | grep "ERROR"

    4. If above command prints ERROR in the output then you are impacted by this issue and need to run the repair process under the Recommended Actions section.


Recommended Actions

Step 1: Download and Prepare Scripts

Find the scripts and deploy as follows on the BIG-IQ CM device:

  • Go to the F5 Downloads portal.
  • Select Find a Download > BIG-IQ Centralized Management > 8.1.0 > Utilities.
  • Download the ElasticsearchTools-vxxxxx.tar.gz file and transfer to the /shared/tmp directory on the BIG-IQ CM device.
    For information on transferring files to the BIG-IQ CM device, refer to K175: Transferring files to or from an F5 system.
  • Extract the ElasticsearchTools.tar.gz on the BIG-IQ CM device:

    cd /shared/tmp
    tar -xzvf ElasticsearchTools-vxxxxx.tar.gz
    cd /shared/tmp/ElasticsearchTools-vxxxxx/ 

Step 2: Repair Services

Repair the impacted service(s) and its Elasticsearch indices by running below repair process on any node in Elasticsearch cluster.
Note: It needs to be run only once from one node, unless explicitly stated.

Repairing Access (APM) service:

Note: Repeat step A/B for each node in cluster, but C/D only needs to be done once from any node in cluster.

A. Backup Access files in system folder on device:

mkdir /var/config/rest/access/config/scripts/elasticsearch/backup/
cp /var/config/rest/access/config/scripts/elasticsearch/*.painless  /var/config/rest/access/config/scripts/elasticsearch/backup/

B. Update Access files in system folder on device:

/bin/cp -f  *.painless /var/config/rest/access/config/scripts/elasticsearch/

C. Update Access .painless scripts:

sh PushAPMScriptsToES.sh

D. Update Access template files:

sh RepairService.sh access

Repairing IPSec service: 

sh RepairService.sh ipsec

Repairing DoS Protection service:

sh RepairService.sh dos

Repairing Web Application Security (ASM) service:

sh RepairService.sh asm 

Repairing Network Security (AFM) service:

sh RepairService.sh afm

Repairing Fraud Protection (WebSafe) service:

sh RepairService.sh websafe

Step 3: Validate Repair Process

  • Please repeat validation found at top of this article. Save output to a new text tile (for example, ValidationOutputAfterRepair.txt). Examine the console output. 
  • If you see errors (tag ERROR) then it's possible that you may have encountered transitionary errors (for example, incorrect credentials or intermittent errors). If so, you can try repeating STEP TWO under Recommended Actions (save console output to RepairAttempt2.txt) followed again by validation at the beginning. 
  • If errors persist, please use -forcereset at the end of the command line used in STEP TWO under Recommended Actions (save console output to ForceResetAttempt1.txt)and again followed by validation at the top of the page

Step 4: Restart Services

  • Deactivate and reactivate the impacted service/listener for the DCD on BIG-IQ CM GUI.
  • Once done confirm that corresponding statistics show up as expected on BIG-IQ GUI.
Link to comment
Share on other sites

  • Create New...