000038221 - Guide for replacing the entire chassis on an RSA NetWitness Series 5 Appliance on CentOS 7

Document created by RSA Customer Support Employee on Dec 20, 2019
Version 1Show Document
  • View in full screen mode

Article Content

Article Number000038221
Applies To
 RSA Product Set: RSA NetWitness Platform
   RSA Product/Service Type: Series 5 Hardware
   Operating System:  CentOS 7
IssueThis document will discuss how someone after receiving an RMA-ed appliance as a replacement for an existing appliance can swap the drives from one chassis to another and resume operations.
TasksSwapping the Hardware:
  1. Label each drive denoting which bay it is installed in on the existing Core or Hybrid appliance. 
  2. Label each drive denoting which bay it is installed on the new Core or Hybrid appliance. 
  3. Remove the drives from the new Core or Hybrid and set aside. 
  4. Install the drives from the existing Core or Hybrid into the same drive bay in the new Core or Hybrid appliance. 
  5. Remove the existing appliance from the rack. 
  6. Install the new appliance in the rack. 
  7. Connect power, network, SAS, and iDRAC cables. 
  8. Turn on the appliance.  
  9. If prompted for a BIOS password, use the default "rsabios" password. 
  10. During POST, if you encounter drives found in a "foreign" configuration, import those drives when prompted on the POST screen which may look like the following.  You can press 'F' when prompted with the below.

Import Foreign Drives

  1. Reboot the new appliance and ensure it boots. There is a chance that if you have other media that are attached to the device (Examples include DACs, Powervaults, USB devices) that the device may boot into the wrong device. If so, access the BIOS to change the boot order accordingly to boot from the Internal Raid Controller. This will be the F11 key or whatever key is designated to access the Boot Manager. When selecting a device on a Series 5 appliance, this is usually the PERC 730 while the DACs/Powervaults are attached to the H830. In general, numerically, the internal RAID controller is the smaller of the two numbers.
Once you have completed the above, the hardware swap itself should be complete but additional steps must be performed in order to restore some core functionality to resume operations. The networking portion for the device may not start up so you may must make corrections to the various /etc/sysconfig/network-script files that exist in the box. This is because of the hard-coded MAC address in those files.

  1. Log in to the device from your crash cart or iDRAC, if available.
Run ip addr to identify what interfaces are recognized and what their MAC address is. Now, if you noticed before you did an RMA, you see that the interfaces are no longer em1 to em4. Instead, we now have eth0-eth3. The following steps allow your interfaces to work and rename back to the expected values. Take a screenshot/picture or write down the MAC addresses presented for each interface. For example, for eth0, the MAC address is 24:6e:96:77:0c:94.                                                                                                                                                                                                                                              ip addr example

  1. Now, we must modify all the ifcfg-emX script files to correct the MAC address value as they have the values from the box you swapped the drives out of. Use vi to edit the files in question starting with em1.

    vi /etc/sysconfig/network-scripts/ifcfg-em1

  2. Now, usually but not guaranteed to be all, you can map the new MAC address sequentially to the corresponding devices. To put it another way is to say that the MAC address value of eth0 should map to em1 as they are the first interface listed. The second would go from eth1 to em2. The third would go from eth2 to em3. The fourth would go from eth3 to em4. Thus, when editing /etc/sysconfig/network-scripts/ifcfg-emX you should be able to correspond the values like such:
    The MAC Address Value of the displayed InterfaceShould be used in this file:

    Thus, in /etc/sysconfig/network-scripts/ifcfg-em1, I use the value that is displayed in my ip addr value to update the line that beings with HWID.
  3. When you take the example above from ip addr and apply it, you will make the following changes. We only care about the contents of the HWID field as selected below. The value that exists there now should be from the old chassis.

    # Generated by NetWitness netconfig

    Take this value and change it to reflect the present interfaces on the device as dictated before in our ip addr output and then save the file. Since eth0 is 24:6e:96:77:0c:94, I will change this em1 file to reflect that then save the file.


  4. Repeat these steps for em2-4. Once you feel you are done, reboot the device. When it comes back, you should have em1, em2, em3, and em4 back up and the management interface itself should be to access the network.
  5. Verify after this that the device is functioning normally for whatever its role might be. Examples: If it is a log decoder, ensure that it is capturing logs. If it is a Concentrator, be sure it is aggregating, etc.
NotesIf you encounter an issue while performing the steps detailed in this KB article, please open a case with RSA Support and quote this article to receive further assistance.