000031750 - How to rollback an undesired kernel upgrade on an RSA Security Analytics 10.5 appliance

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 3Show Document
  • View in full screen mode

Article Content

Article Number000031750
Applies ToRSA Product Set: Security Analytics
RSA Product/Service Type: Core Appliance
RSA Version/Condition: 10.5.x
Platform: CentOS
O/S Version: EL6
IssueWhen trying to upgrade a device from 10.5.0 to 10.5.1 you may encounter the following issue:
Pre-Update Check Error
Cannot start the Update.
Resolve the following errors and try again.
Kernel version on the host is newer than the version 2.6.32-504.1.3 supported by Security Analytics. Contact Customer Care

User-added image

In this specific situation, kernel-firmware-2.6.32-504.8.1.el6.x86_64 (not supported by Security Analytics) was installed on the system by mistake. 
CauseThis issue may be caused by upgrading a device when the CentOS repositories are enabled by mistake.
The CentOS repository may, in fact, contain versions of packages that are newer that those used by Security Analytics.
Beginning with Security Analytics 10.4 there is a scheduled job which checks to ensure that the CentOS repositories are disabled.
A useful command to make sure the Centos repositories are disabled is the following:

sed -i 's/enabled=1/enabled=0/g' /etc/yum.repos.d/CentOS-*

Resolution1. Access the appliance through the console. (e.g. iDRAC console , physically, etc...)
2. Boot to an older kernel. (In this example kernel-2.6.32-431.29.2.el6.x86_64 was chosen)
 User-added image
3. After login to the appliance, make sure that the old kernel is loaded (uname -r should show the kernel loaded: kernel-2.6.32-431.29.2.el6.x86_64)
4. List the installed kernels with the command below.
rpm -qa | grep kernel

5. Remove the unsupported kernel by executing the commands below.
rpm -e kernel-firmware-2.6.32-504.8.1.el6.x86_64
rpm -e kernel-firmware-2.6.32-504.8.1.el6.x86_64.noarch

6. List the installed kernels again with the command in Step 4 and make sure that the unsupported kernel is removed. (All the RPMs including kernel-debug-2.6.32-504.8.1.el6.x86_64 if it exists.)
7. Verify that /etc/grub.conf file does not have entries related to the above kernel. (mentioned in Step 5) 
    Open the file with a text editor such as vi. In this case you would remove the entry in yellow in the screenshot below.
User-added image
8) Reboot the appliance and it should show the following:
User-added image
You can either press enter or wait to boot with the supported Kernel loaded. 

NotesExecute the steps carefully otherwise you may not be able to access the system.

If you are unsure of any of the steps above or experience any issues, contact RSA Support and quote this article number for further assistance.