07-18-2023 02:29 AM
We get following error while installing iperf as a container on a IOS XE 17.9.02 9300L switch:
Jul 18 11:13:28.063: %IOXCAF-6-INSTALL_MSG: Switch 1 R0/0: ioxman: app-hosting: Failed to install iPerf: App signature validation is required. App signature file package.cert or package.sign not found in pac
The thing is, we already have switches with that exact IOS XE version running that exact container. So some switches seem to validate App signatures and some switches dont. Question: how can we disable app validation?
There is a similar question already here: https://community.cisco.com/t5/edge-computing-infrastructure/application-deployment-failed-package-signature-file-not-found/td-p/3485586
But this seems to be another platform as i could not find a CLI equivalent of disabling the app validation.
Solved! Go to Solution.
07-19-2023 05:46 AM
To disable validation, enter conf t mode and enter the command
no app-hosting signed-verification
07-19-2023 03:04 AM
best way seems to me to convert your container to a signed container, not seeking how to disable this validation step
Container Image Signing: A Practical Guide - Aqua (aquasec.com)
07-19-2023 03:10 AM
Hello!
You can disable this over the GUI on the switch. Go to the SWITCH GUI:
1) Log into IOX Manager
2) System Settings -> Application Signature Validation -> Uncheck "Enabled"
BR
07-19-2023 05:46 AM
To disable validation, enter conf t mode and enter the command
no app-hosting signed-verification
08-24-2023 12:00 AM
In my case, by disabling signed-verification allow you to install properly the appid, but the command:
#app-hosting activate appid iperf
failed with the following error:
Missing mandatory file
/mnt/sd3/iox_alt_hdd_mount_dir/iox/repo/iperf/extract_archive/package.cert
08-24-2023 12:13 AM
Hello,
Try doing it over GUI:
You can disable this over the GUI on the switch. Go to the SWITCH GUI:
1) Log into IOX Manager
2) System Settings -> Application Signature Validation -> Uncheck "Enabled"
BR
08-24-2023 12:17 AM
Many thanks, no way.
Same error message if I try to activate appid over the gui
08-24-2023 01:01 AM
Did you try upgrading? Do you have the issue also with other apps, I can see you are trying iperf here.
BR
08-24-2023 02:35 AM - edited 08-24-2023 02:43 AM
you are hijacking an existing thread.
your problem is not necessarily the same as the original poster's
the messages say the file does not exist,
does the folder/directory exist ? that is: is it created after installing the .tar file?
if yes, what files DO exist in the folder
did you perform the deploy step on this page ?
Cisco IOx Local Manager Reference Guide, Release 1.7 - Cisco IOx Local Manager Workflows [Cisco IOx] - Cisco
08-24-2023 05:27 AM
Appid (iperf) was successfully installed, but it is in DEPLOYED state; tarball has been saved in the flash device of 9300 switch (issued: app-hosting install appid iperf package flash:iperf3.tar)
I do not know any idea where the tarball files have been copied; that FS mentioned above is totally missing in the flash.
Many thanks for the shared cisco doc that I want to read carefully.
09-10-2023 03:21 AM
I tried that command, did not help.
The crazy thing is, my installation was working fine 24 hours before, and then the sign package error.
9300-1#show app-hosting list
App id State
---------------------------------------------------------
iperf3 RUNNING
-9300-1#!
-9300-1#!
-9300-1#!
-9300-1#!
-9300-1#
-9300-1#show app-hosting detail appid iperf3
App id : iperf3
Owner : iox
State : RUNNING
Application
Type : docker
Name : mlabbe/iperf3
Version : latest
Description :
Path : usbflash1:iperf.tar
URL Path :
Activated profile name : default
Resource reservation
Memory : 409 MB
Disk : 10 MB
CPU : 1480 units
CPU-percent : 20 %
VCPU : 1
Attached devices
Type Name Alias
---------------------------------------------
serial/shell iox_console_shell serial0
serial/aux iox_console_aux serial1
serial/syslog iox_syslog serial2
serial/trace iox_trace serial3
Network interfaces
---------------------------------------
eth0:
MAC address : 52:54:dd:5e:c2:75
IPv4 address : 172.17.7.101
IPv6 address : ::
Network name : mgmt-bridge-v999
Docker
------
Run-time information
Command :
Entry-point : iperf3 -s
Run options in use :
Package run options :
Application health information
Status : 0
Last probe error :
Last probe output :
09-14-2023 05:56 AM
Spend too days working with TAC, found the solution.. same mine worked for two days then stop with the verification error.. see the correct command below ---
switchname#app-hosting verification disable
App signature verification disabled successfully
switchname#show app-hosting infra
IOX version: 2.5.0.0
App signature verification: disabled
Internal working directory: /vol/usb1/iox
Application Interface Mapping
AppGigabitEthernet Port # Interface Name Port Type Bandwidth
1 AppGigabitEthernet1/0/1 KR Port - Internal 1G
CPU:
Quota: 25(Percentage)
Available: 25(Percentage)
Quota: 7400(Units)
Available: 7400(Units)
switchname#app-hosting install appid iperf package usbflash1:iperf.tar
Installing package 'usbflash1:iperf.tar' for 'iperf'. Use 'show app-hosting list' for progress.
switchname#
Sep 14 12:48:15.507: %IM-6-INSTALL_MSG: Switch 1 R0/0: ioxman: app-hosting: Install succeeded: iperf installed successfully Current state is DEPLOYED
switchname#
switchname#sh app-hosting list
App id State
---------------------------------------------------------
iperf DEPLOYED
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide