Knowledge Search


×
 

[SRX/IDP] Troubleshooting security-package download/install issues

  [KB28004] Show Article Properties


Summary:

This article explains the issues observed when an administrator tries to download or install the IDP security package. This happens when the storage capacity /cf/var/log of the disk is full. A procedure is given on how to clear up the system storage and run the download/install command again.

Symptoms:

When an administrator tries to download or install the IDP security package, these messages can be observed:


root# run request security idp security-package install status
Done;Unable to open database for updating. Aborted install...!

root# run request security idp security-package download status
Done;Uncompressing SignatureUpdate_tmp.xml.gz failed, error: 256

root# run request security idp security-package install status
Done;Failed in updating [SignatureUpdate.xml]
Cause:
root# run request security idp security-package install status
Done;Unable to open database for updating. Aborted install...!


Logs from IDP trace:

Jul 12 12:07:11 Installing AI is done
Jul 12 12:07:11 [set_secupdate_cb_status] state change from 0x108 to 0x102
Jul 12 12:07:11 [idpd_load_secpack]:InitDB </var/db/idpd/db>. updateType<base>
Jul 12 12:07:11 [idpd_create_zone_name_id_map]Zone name(trust), id(6)
Jul 12 12:07:11 [idpd_create_zone_name_id_map]Zone name(junos-host), id(7)
Jul 12 12:07:11 [../../../../../src/junos/secure/usr.sbin/idp-confd/idpd_secdb.c]get_secpack_version_of_installed() failed. Still can proceed
Jul 12 12:07:12 Database '/var/db/idpd/db.new/secdb_03.db' open failed. No space left on device

Jul 12 12:07:12 [get_secupdate_cb_status] state = 0x380
Jul 12 12:07:12 Got signal SIGCHLD....



root# run request security idp security-package download status
Done;Uncompressing SignatureUpdate_tmp.xml.gz failed, error: 256



Logs from IDP trace:

Jul 12 12:31:05 [is_deltadownload_avail_cond]d_ret=(0),detector versions=>in use=(12.6.160130325), saved in IDP Security DB =(12.6.160130325)
Jul 12 12:31:27 [download_unzip]fetching cmd(/usr/sbin//idp_fetch -T 57 -o /var/tmp//sec-download/sub-download/SignatureUpdate_tmp.xml.gz "https://services.netscreen.com/cgi-bin/index.cgi?device=jsrx650&feature=idp&os=11.4&detector=12.6.160130325&from=&to=latest&type=update") done
Jul 12 12:31:32 Uncompressing SignatureUpdate_tmp.xml.gz failed, error: 256
Solution:

All three instances are seen when the storage capacity /cf/var/log of disk is full.


root@SRX# run show system storage
Filesystem     Size      Used     Avail      Capacity    Mounted on
/dev/ad0s2a     621M     143M     429M        25%             /
devfs           1.0K     1.0K      0B         100%            /dev
/dev/md0        368M     368M      0B         100%            /junos
/cf             621M     143M     429M        25%             /junos/cf
devfs           1.0K     1.0K      0B         100%            /junos/dev/
procfs          4.0K     4.0K      0B         100%            /proc
/dev/bo0s3e     49M      46K       45M        0%              /config
/dev/bo0s3f     616M     616M      -48.7M     109%            /cf/var
/dev/md1        336M     17M       292M       6%              /mfs
/cf/var/jail    616M     616M      -48.7M     109%            /jail/var
/cf/var/log     616M     616M      -48.7M     109%            /jail/var/log
devfs           1.0K     1.0K       0B        100%            /jail/dev
/dev/md2        63M      4.0K      58M        0%              /mfs/var/run/utm
/dev/md3        1.8M     170K      1.5M       10%             /jail/mfs


Clear up the system storage and run the download/install command again.


root# run request system storage cleanup dry-run

This will only list the files and not delete them.

In order to delete:


root# run request system storage cleanup

After this is finished, download/install the security package again.


Related Links: