[Workaound] User required to manually start EPI and VPN in browsers
After upgrading to version 16.1.4 the users need to manually start the End Point Inspector and the Web Initiated VPN by clicking on a "Start" button. This is describe in this KB. I created a user-common.js that will automatically click on the start button for the user. However, please note that this workround works as of 3rd of November 2023, but might stop working in the future in different browsers. In order to activate the workaround you need to have an Access Policy of the Moden type. Then go to Customizations -> Advanced -> Acces Profiles -> <Your Access Profile> -> Common Add the followinf to the file user-common.js define(["require", "exports", "apmui"], function (require, exports, apmui_1) { "use strict"; Object.defineProperty(exports, "__esModule", { value: true }); var app = apmui_1.App.get(); app.subscribe(apmui_1.EventType.EPS_CHECK_PROGRESS, function (_, store) { var btns = document.getElementsByClassName("apmui-button"); if (btns.length == 0) { console.log("Failed to find button..."); return; } btns[0].click(); }); app.subscribe(apmui_1.EventType.DIALOG_OPEN, function (_, store) { setTimeout(function () { var dialog = document.getElementById("sna_auto_start_not_supported"); if (dialog == null) { console.log("Didn't find the right dialog"); return; } var btns = dialog.getElementsByClassName("apmui-button"); if (btns.length == 0) { console.log("Didn't find the start button"); return; } btns[0].click(); }, 100); }); }); If you have a better solution to this, please let me know. This was just what I came up with when asked by customers that the new "Start" button had created confusion among their users.Bug (ID 775845) Workaround; REST API httpd restart
So this is less of a question, but a post to help my fellow BIG-IP LTM administrators, since the solution I came up with is quite the hack, but it works for me, so your mileage may vary, and of course -- test in non-production environments. So some background: I am a F5 administrator and a automation engineer. My main focus is automating much of my work as an administrator to take mundane and repetitive tasks out of my and my colleagues/organizations workflow. So, when it came time to renew the device certificates for my F5 VMs and hosts, combined with the most recently reduction in SSL certificate term length and guidance to renew certs often, I set forth to automate the entire stack of processes that are required to renew device certificates (create key/csr, submit csr to CA and obtain cert, upload cert to F5 and restart the httpd service to read in the new certificates). I was able to script everything using Python and REST API calls to the F5s and InCommon CA to get the certificates created and put on the F5s. The problem I ran into was the feature to restart the httpd service via a REST API call was broken (aka Bug ID 775845). I tried using the REST API call: /tm/sys/service -X POST -d '{"name":"httpd", "command":"restart"}' I also attempted to use the bash command call: /mgmt/tm/util/bash -X POST -d "{ "command": "run", "utilCmdArgs": "-c 'service httpd restart'" } NONE worked, as documented in the is KB article: https://support.f5.com/csp/article/K13292945 So I needed a workaround, and my solution incorporates a batch script that basically preemptively kills off httpd and then restarts it (as you see in the KB shows as a fix). First, you need the following bash script (which is actually incorporated into the script below so one can ensure that it always present on the F5 VM or host that needs to have the httpd daemon restarted). #/bin/bash # Pause, restart httpd # Greg Jewett, 2021-08-26, jewettg@austin.utexas.edu # # A known bug (Bug ID 775845) when using the REST API to restart the httpd service. # The pause is to allow the REST API call to complete, as script will be launched # in background, and should have successful exit code. This script provides an # immediate fix to bring environment back up, without manually restarting the # httpd daemon on each VM or host. service httpd status | logger -p local0.notice -t RST_HTTPD logger -p local0.notice -t RST_HTTPD Waiting 2 seconds... sleep 2s logger -p local0.notice -t RST_HTTPD Restarting httpd daemon thepids=`pgrep -d " " -f "/usr/sbin/httpd"` echo "httpd pids are: $thepids" for aPid in $thepids; do echo "Killing PID $aPid" kill -9 $aPid done service httpd start | logger -p local0.notice -t RST_HTTPD service httpd status | logger -p local0.notice -t RST_HTTPD logger -p local0.notice -t RST_HTTPD Done NOTE: I am having to attach the rest of my solution via comments, as the platform was allowing me to post a big chuck of text (>10k chars). See below.
Bug ID 1182613 - New Workaround
I found a new workaround for the following bug, that fills up /var/log dir: Bug ID 1182613: BIG-IP Version 15.1.8 installed as a tenant on CX410 or rSeries systems see continuous 'Unable to Notify Tenant stats' log in /var/log/ltm Instead of requesting and installing an engineering hotfix to address the problem, I suggest to simply add a log filter with the following details: - Severity: Warning - Source: all - Message ID:01d50005 - Log Publisher: None Hope that helps to address the issue.
