commit issues

L1 Bithead

commit issues

Anyone else getting:

 

Error: Error reading tom data
failed to handle CONFIG_UPDATE_START
(Module: device)
Commit failed

 

Issue been logged with Palo for a month now and still not solved

 

I was running 8.0.3 when it happen and rolled back to 8.0.1 and still have the issue

Community Team Member

Re: commit issues

Hi @DavidBleek,

 

I've seen this in relation to having a large number of custom URLs.

If that's the case could you cut down the number of these ?

 

Cheers !

-Kim. 

L1 Bithead

Re: commit issues

@kiwi Thanks, The Palo engineer checked the url count via cli and said the count was ok.

Community Team Member

Re: commit issues

Hi @DavidBleek,

 

The number custom urls is limited by the config memory available.  

This can be very different depending on your platform.

 

You can verify the config memory usage with this command :

 

debug dataplane show cfg-memstat statistics

 

I'm not saying you're hitting this exact issue but I've seen this when memory allocation errors occur during commit (seen in devsrv.log or ms.log).

 

Cheers !

-Kiwi.

L1 Bithead

Re: commit issues

@kiwi I get this output from that command

 

Current config memory usage
Misc : 2688 KB (Actual 2519 KB)
Custom URL : 12800 KB (Actual 12714 KB)
Global : 41856 KB (Actual 39320 KB)
vsys1 : 512 KB (Actual 289 KB)

Last config memory usage
Misc : 256 KB (Actual 138 KB)
Custom URL : 1024 KB (Actual 0 KB)
Global : 42112 KB (Actual 39468 KB)

 

I assume that means 0 memory available then?

L0 Member

Re: commit issues

I know this is almost a year later but what was the fix. I assume you were running at 100% Config Allocator Usage. We have the same thing going on right now and suspect that we need to greatly reduce the number of EDL, custom URLs, custom objects, etc.

L1 Bithead

Re: commit issues

@rgarner Yes it was. We had to wait for a fix from palo which took months. The fixed it in release 8.0.7.

 

To get up a running we wiped our backup 3020 as we was desperate and didnt set any  EDL for DNS sinkholes etc and only set custom URL whitelist so we wouldnt fill the cache and made that the primary. We disabled all the ports on the network apart from the mgt to stop spilt brain happening and waited for a fix from palo. 

 

I logged it with palo who took copies of our config and managed to make it happen in there lab but it took months before a fix was made. 

 

let me know if you need any more help / advice

L0 Member

Re: commit issues

Glad you got it resolved. Unfortunately, we are already on 8.0.7. PAN is handcuffed because we can't upload any configs and only segments of logs (after they have been sanitized). So, I suppose we will have to greatly reduce our EDLs and URL and see what that does.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!