cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1718
Views
3
Helpful
11
Replies

disable app validation for app-hosting

mario.jost
Level 3
Level 3

We get following error while installing iperf as a container on a IOS XE 17.9.02 9300L switch:

Jul 18 11:13:28.063: %IOXCAF-6-INSTALL_MSG: Switch 1 R0/0: ioxman: app-hosting: Failed to install iPerf: App signature validation is required. App signature file package.cert or package.sign not found in pac

The thing is, we already have switches with that exact IOS XE version running that exact container. So some switches seem to validate App signatures and some switches dont. Question: how can we disable app validation?

There is a similar question already here: https://community.cisco.com/t5/edge-computing-infrastructure/application-deployment-failed-package-signature-file-not-found/td-p/3485586

But this seems to be another platform as i could not find a CLI equivalent of disabling the app validation.

1 Accepted Solution

Accepted Solutions

To disable validation, enter conf t mode and enter the command
no app-hosting signed-verification

View solution in original post

11 Replies 11

pieterh
VIP
VIP

best way seems to me to convert your container to a signed container, not seeking how to disable this validation step
Container Image Signing: A Practical Guide - Aqua (aquasec.com)

Hello!

You can disable this over the GUI on the switch. Go to the SWITCH GUI:

1) Log into IOX Manager

2) System Settings -> Application Signature Validation -> Uncheck "Enabled"

BR

****Kindly rate all useful posts*****

To disable validation, enter conf t mode and enter the command
no app-hosting signed-verification

In my case, by disabling signed-verification allow you to install properly the appid, but the command:

#app-hosting activate appid iperf

failed with the following error:

Missing mandatory file

/mnt/sd3/iox_alt_hdd_mount_dir/iox/repo/iperf/extract_archive/package.cert

Hello,

Try doing it over GUI:

You can disable this over the GUI on the switch. Go to the SWITCH GUI:

1) Log into IOX Manager

2) System Settings -> Application Signature Validation -> Uncheck "Enabled"

BR

****Kindly rate all useful posts*****

Many thanks, no way.

Same error message if I try to activate appid over the gui

Did you try upgrading? Do you have the issue also with other apps, I can see you are trying iperf here.

BR

****Kindly rate all useful posts*****

you are hijacking an existing thread.
your problem is not necessarily the same as the original poster's

the messages say the file does not exist, 
does the folder/directory exist ? that is: is it created after installing the .tar file?
if yes, what files DO exist in the folder

did you perform the deploy step on this page ?
 Cisco IOx Local Manager Reference Guide, Release 1.7 - Cisco IOx Local Manager Workflows [Cisco IOx] - Cisco

Appid (iperf) was successfully installed, but it is in DEPLOYED state; tarball has been saved in the flash device of 9300 switch (issued: app-hosting install appid iperf package flash:iperf3.tar)

I do not know any idea where the tarball files have been copied; that FS mentioned above is totally missing in the flash.

Many thanks for the shared cisco doc that I want to read carefully.

I tried that command, did not help. 

The crazy thing is, my installation was working fine 24 hours before, and then the sign package error.

9300-1#show app-hosting list
App id State
---------------------------------------------------------
iperf3 RUNNING

-9300-1#!
-9300-1#!
-9300-1#!
-9300-1#!
-9300-1#
-9300-1#show app-hosting detail appid iperf3
App id : iperf3
Owner : iox
State : RUNNING
Application
Type : docker
Name : mlabbe/iperf3
Version : latest
Description :
Path : usbflash1:iperf.tar
URL Path :
Activated profile name : default

Resource reservation
Memory : 409 MB
Disk : 10 MB
CPU : 1480 units
CPU-percent : 20 %
VCPU : 1

Attached devices
Type Name Alias
---------------------------------------------
serial/shell iox_console_shell serial0
serial/aux iox_console_aux serial1
serial/syslog iox_syslog serial2
serial/trace iox_trace serial3

Network interfaces
---------------------------------------
eth0:
MAC address : 52:54:dd:5e:c2:75
IPv4 address : 172.17.7.101
IPv6 address : ::
Network name : mgmt-bridge-v999


Docker
------
Run-time information
Command :
Entry-point : iperf3 -s
Run options in use :
Package run options :
Application health information
Status : 0
Last probe error :
Last probe output :

Spend too days working with TAC, found the solution.. same mine worked for two days then stop with the verification error..  see the correct command below --- 

switchname#app-hosting verification disable
App signature verification disabled successfully

switchname#show app-hosting infra
IOX version: 2.5.0.0
App signature verification: disabled
Internal working directory: /vol/usb1/iox

Application Interface Mapping
AppGigabitEthernet Port # Interface Name Port Type Bandwidth
1 AppGigabitEthernet1/0/1 KR Port - Internal 1G

CPU:
Quota: 25(Percentage)
Available: 25(Percentage)
Quota: 7400(Units)
Available: 7400(Units)

switchname#app-hosting install appid iperf package usbflash1:iperf.tar
Installing package 'usbflash1:iperf.tar' for 'iperf'. Use 'show app-hosting list' for progress.

switchname#
Sep 14 12:48:15.507: %IM-6-INSTALL_MSG: Switch 1 R0/0: ioxman: app-hosting: Install succeeded: iperf installed successfully Current state is DEPLOYED
switchname#

switchname#sh app-hosting list
App id State
---------------------------------------------------------
iperf DEPLOYED

 

Review Cisco Networking for a $25 gift card