000026956 - How to perform a CentOS 6 kernel upgrade to 2.6.32-358.18.1 and update network drivers

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 5Show Document
  • View in full screen mode

Article Content

Article Number000026956
Applies ToRSA Security Analytics
RSA Security Analytics Decoder
RSA Security Analytics Log Decoder
RSA Security Analytics Concentrator
RSA Security Analytics Hybrid
RSA Security Analytics Broker
RSA Security Analytics Server
RSA NetWitness NextGen
IssueHow to perform a CentOS 6 kernel upgrade to 2.6.32-358.18.1 and update network drivers.
How do I upgrade the kernel on my appliance running CentOS6 to the latest RSA NetWitness recommended version?
Resolution

To perform a kernel upgrade and update the network drives on an RSA Security Analytics or RSA NetWitness appliance running CentOS 6, follow the steps below.


  1. Check kernel version to make sure CentOS6 (el6) already:
         # uname -r

         Example output:
         2.6.32-358.11.1.el6.x86_64
     
  2. Check using 'rpm -qa' that the Broadcom (tg3) and Intel (ixgbe) drivers RPMs are installed:
        $ rpm -qa | grep ixgbe
         Example output:
         ixgbe-3.15.1-18.el6.x86_64

         $ rpm -qa | grep tg3
         Example output:
         tg3-3.129d-358.18.x86_64

         If 'ifconfig -a' shows interfaces start with em1 then can check if tg3 driver is in-use using:  ethtool -i em1
     
  3. Download the following files, transfer to appliance and unpack:  a64260_kernel-update-2.6.32-358.18.1.el6.tar.bz2

         $ tar xvf a64260_kernel-update-2.6.32-358.18.1.el6.tar.bz2
         This should extract the following 5 files:
            - bfa-firmware-3.0.3.1-1.el6.noarch.rpm
            - ixgbe-3.15.1-18.el6.x86_64.rpm
            - kernel-2.6.32-358.18.1.el6.x86_64.rpm
            - kernel-firmware-2.6.32-358.18.1.el6.noarch.rpm
            - tg3-3.129d-358.18.x86_64.rpm
     
  4. Stop the appliance services.  e.g. On decoder this would be:
         stop nwdecoder
         stop nwappliance

     
  5. Backup /etc/fstab with the following command:  cp /etc/fstab /etc/fstab.old
     
  6. Edit /etc/fstab to comment out all lines which mount to /var/netwitness by adding # to start of line.
     
  7. Restart the appliance.
     
  8. SSH back to appliance and change directory to location to which the files were uploaded.
     
  9. Update Kernel Firmware first (takes < 1 min).
    rpm -Uvh kernel-firmware-2.6.32-358.18.1.el6.noarch.rpm
     
  10. Install the Kernel package (this is slower then Step 9)
    rpm -ivh kernel-2.6.32-358.18.1.el6.x86_64.rpm
     

    1. If Step 10 produces the error:
        error: Failed dependencies:
                  bfa-firmware < 3.0.3.1 conflicts with kernel-2.6.32-358.18.1.el6.x86_64
       
        Upgrade this package dependency using the following command:
        rpm -Uvh bfa-firmware-3.0.3.1-1.el6.noarch.rpm 
       
        Then repeat Step 10.
         
  11. Backup grub.conf with the following command:  cp /boot/grub/grub.conf /boot/grub/grub.conf.old
     
  12. Issuethe ls /boot -al command and note the filename of vmlinuz & initramfs.
    # ls /boot -al
    -rw-r--r--.  1 root root      171 Jun 12  2013 .vmlinuz-2.6.32-358.11.1.el6.x86_64.hmac
    -rw-r--r--.  1 root root      171 Jun 12 13:59 .vmlinuz-2.6.32-358.18.1.el6.x86_64.hmac
    -rw-r--r--.  1 root root   104086 Jun 12  2013 config-2.6.32-358.11.1.el6.x86_64
    -rw-r--r--.  1 root root   104086 Jun 12 13:59 config-2.6.32-358.18.1.el6.x86_64
    -rw-r--r--.  1 root root   185867 Jun 12  2013 symvers-2.6.32-358.11.1.el6.x86_64.gz
    -rw-r--r--.  1 root root  2407976 Jun 12  2013 System.map-2.6.32-358.11.1.el6.x86_64
    -rw-r--r--.  1 root root  2407976 Jun 12 13:59 System.map-2.6.32-358.18.1.el6.x86_64
    -rw-r--r--.  1 root root 15452929 Sep  6 23:09
    initramfs-2.6.32-358.18.1.el6.x86_64.img
    -rw-r--r--.  1 root root 18452912 Sep  4 13:49 initramfs-2.6.32-358.11.1.el6.x86_64.img
    -rwxr-xr-x.  1 root root  4046224 Jun 12  2013 vmlinuz-2.6.32-358.11.1.el6.x86_64
    -rwxr-xr-x.  1 root root  4046224 Jun 12 13:59 vmlinuz-2.6.32-358.18.1.el6.x86_64
    drwxr-xr-x.  2 root root     4096 Sep  6 23:11 grub
    drwxr-xr-x.  3 root root     4096 May  9 05:37 efi

     
  13. Add entries to /boot/grub/grub.conf to refer to new kernel version 2.6.32-358.18.1, make sure new entry is above old entry (or change default entry from 0 to 1)
    **Caution : Any mistakes in this step could cause the box not to boot correctly, which may require a full build-stick of the appliance to recover**

    /boot/grub/grub.conf BEFORE:
    # grub.conf generated by anaconda
    #
    # Note that you do not have to rerun grub after making changes to this file
    # NOTICE:  You do not have a /boot partition.  This means that
    #          all kernel and initrd paths are relative to /, eg.
    #          root (hd0,0)
    #          kernel /boot/vmlinuz-version ro root=/dev/sda1
    #          initrd /boot/initrd-[generic-]version.img
    #boot=/dev/sda
    default=0
    timeout=5
    #splashimage=(hd0,0)/boot/grub/splash.xpm.gz
    #hiddenmenu
    title CentOS (2.6.32-279.11.1.el6.x86_64)
            root (hd0,0)
            kernel /boot/vmlinuz-2.6.32-279.11.1.el6.x86_64 ro root=UUID=47b608f7-c1ee-45ff-b5b4-125ab6343806 rd_NO_LUKS rd_NO_LVM LANG=en_US.UTF-8 rd_NO_MD SYSFONT=latarcyrheb-sun16 crashkernel=auto  KEYBOARDTYPE=pc KEYTABLE=us rd_NO_DM quiet
            initrd /boot/initramfs-2.6.32-279.11.1.el6.x86_64.img


    Note: You may or may not have references to debug versions of kernels.


    /boot/grub/grub.conf AFTER:
    # grub.conf generated by anaconda
    #
    # Note that you do not have to rerun grub after making changes to this file
    # NOTICE:  You do not have a /boot partition.  This means that
    #          all kernel and initrd paths are relative to /, eg.
    #          root (hd0,0)
    #          kernel /boot/vmlinuz-version ro root=/dev/sda1
    #          initrd /boot/initrd-[generic-]version.img
    #boot=/dev/sda
    default=0
    timeout=5
    #splashimage=(hd0,0)/boot/grub/splash.xpm.gz
    #hiddenmenu
    title CentOS (2.6.32-358.18.1.el6.x86_64)
            root (hd0,0)
            kernel /boot/vmlinuz-2.6.32-358.18.1.el6.x86_64 ro root=UUID=47b608f7-c1ee-45ff-b5b4-125ab6343806 rd_NO_LUKS rd_NO_LVM LANG=en_US.UTF-8 rd_NO_MD SYSFONT=latarcyrheb-sun16 crashkernel=auto  KEYBOARDTYPE=pc KEYTABLE=us rd_NO_DM quiet
            initrd /boot/initramfs-2.6.32-358.18.1.el6.x86_64.img
    title CentOS (2.6.32-279.11.1.el6.x86_64)
            root (hd0,0)
            kernel /boot/vmlinuz-2.6.32-279.11.1.el6.x86_64 ro root=UUID=47b608f7-c1ee-45ff-b5b4-125ab6343806 rd_NO_LUKS rd_NO_LVM LANG=en_US.UTF-8 rd_NO_MD SYSFONT=latarcyrheb-sun16 crashkernel=auto  KEYBOARDTYPE=pc KEYTABLE=us rd_NO_DM quiet
            initrd /boot/initramfs-2.6.32-279.11.1.el6.x86_64.img

     
  14. Reboot appliance and check using 'uname -r' the kernel version to ensure this has changed.
     
  15. Install ixgbe driver for new kernel.
    If Step2 revealed that ixgbe driver was installed in old kernel:
    rpm -Uvh ixgbe-3.15.1-18.el6.x86_64.rpm
     
  16. Install tg3 driver for new kernel

    If Step2 revealed that tg3 driver was installed in old kernel, upgrade rpm:
    rpm -Uvh tg3-3.129d-358.18.x86_64.rpm

    If Step2 revealed that tg3 driver was in-use but the rpm was not installed, install rpm:
    rpm -ivh tg3-3.129d-358.18.x86_64.rpm
     
  17. Edit /etc/fstab to comment lines back in by removing # from start of lines which mount to /var/netwitness
    (This can be accomplished by restoring the backed up file in Step 5)
         cd /etc
         cp -f fstab.old fstab
     
  18. Reboot appliance again.
     
  19. Once decoder has fully loaded, check it is capturing.
     

If either ixgbe or tg3 drivers were updated, refer to the knowledgebase article Fragmented packets/frames are being merged prior to capture in RSA NetWitness Decoder and Hybrid appliances to disable GRO on all interfaces.  If the appliance is a decoder, refer to the knowledgebase article How to set correct capture packet/frame size (snaplen) on RSA NetWitness decoders when data is missing from end of packets to calculate snaplen.

Notes

To limit service outages, RSA recommends that onsite support be available when performing this procedure in case of the following scenarios:


  • An appliance fails to shutdown (and so needs to be powercycled)
  • After applying new kernel, the appliance fails to boot (recovery needs to either be done locally using Linux single user mode or a factory reset done using a buildstick).
Legacy Article IDa64260

Attachments

    Outcomes