.png?width=180&height=32&name=NW%20Logo%20(2).png){kind=small}
How to reprovision an existing core host to higher version of NW node zero in RSA NetWitness Platform 11.x
Issue
This article explains how to reprovision an existing core appliance to a higher version of NW node zero in RSA NetWitness Platform 11.x.In this article, I described reprovisioning steps in detail from 11.2.1.2 NW node zero to 11.3.2 NW node zero.
Notes: Keep in mind that this article is only meant for core-based appliances. Packet Hybrids and Log Hybrids can still follow this article.
Resolution
Follow the steps below to move the component host from the OLD version of nw-node-zero to the NEW higher version of nw-node-zero.- You must add the following repos to the new head server. (The old hosts are unable to "install" because the new head does not have the required repo files)
# mkdir -p /tmp/upgrade/11.2.0.0 && unzip netwitness-11.2.0.0.zip -d /tmp/upgrade/11.2.0.0
# mkdir -p /tmp/upgrade/11.2.1.0 && unzip netwitness-11.2.1.0.zip -d /tmp/upgrade/11.2.1.0
# mkdir -p /tmp/upgrade/11.2.1.1 && unzip netwitness-11.2.1.1.zip -d /tmp/upgrade/11.2.1.1
# mkdir -p /tmp/upgrade/11.2.1.2 && unzip netwitness-11.2.1.2.zip -d /tmp/upgrade/11.2.1.2
# upgrade-cli-client --init --version 11.2.1.2 --stage-dir /tmp/upgrade <-- This creates all the repos from the lower versions too.
# mkdir -p /tmp/upgrade/11.2.1.0 && unzip netwitness-11.2.1.0.zip -d /tmp/upgrade/11.2.1.0
# mkdir -p /tmp/upgrade/11.2.1.1 && unzip netwitness-11.2.1.1.zip -d /tmp/upgrade/11.2.1.1
# mkdir -p /tmp/upgrade/11.2.1.2 && unzip netwitness-11.2.1.2.zip -d /tmp/upgrade/11.2.1.2
# upgrade-cli-client --init --version 11.2.1.2 --stage-dir /tmp/upgrade <-- This creates all the repos from the lower versions too.
- Follow the steps in article 000036443.
- Update /var/netwitness/config-management/cookbooks/nw-base/libraries/global.rb as shown below in the component host.
# Get the deployment userid
def self.get_deployment_userid
return "deploy_admin"
if Chef.node['global'] && Chef.node['global']['platform'] && Chef.node['global']['platform']['deployment']
Chef.node['global']['platform']['deployment']['userid']
else
get_config_server_property('nw.security-client', 'platform.deployment.userid')
end
end
# Get the deployment password
def self.get_deployment_password
return "<deploy_admin_password_of_new_head_node>"
if Chef.node['global'] && Chef.node['global']['platform'] && Chef.node['global']['platform']['deployment']
Chef.node['global']['platform']['deployment']['password']
else
get_config_server_property('nw.security-client', 'platform.deployment.password')
end
end
def self.get_deployment_userid
return "deploy_admin"
if Chef.node['global'] && Chef.node['global']['platform'] && Chef.node['global']['platform']['deployment']
Chef.node['global']['platform']['deployment']['userid']
else
get_config_server_property('nw.security-client', 'platform.deployment.userid')
end
end
# Get the deployment password
def self.get_deployment_password
return "<deploy_admin_password_of_new_head_node>"
if Chef.node['global'] && Chef.node['global']['platform'] && Chef.node['global']['platform']['deployment']
Chef.node['global']['platform']['deployment']['password']
else
get_config_server_property('nw.security-client', 'platform.deployment.password')
end
end
If you do not update the global.rb, you may see the following error message in chef-solo.log as it is not getting the proper deployment_username and password.
ERROR: nw_pki_certificate[/etc/pki/nw/rabbitmq/rabbitmq-server-cert.pem] (nw-pki::certificates line 11) had an error.
- When you try to install the service from UI, you may receive the following UI error "Failed to get available services from this category." Corresponding to the error in /var/log/netwitness/orchestration-server/orchestration-server.log: " API|Failure /rsa/orchestration/deployment/get-deployment-host-meta [counter=8 reason=IllegalArgumentException::Version '11.2.0.1' is not supported]"
FIX) cp /tmp/upgrade/11.2.1.2/nw-component-descriptor.json /etc/netwitness/component-descriptor/descriptor/11.2.1.2/
- Install the service from UI or from CLI with orchestration-cli-client --install and update the host.
- Run /opt/rsa/saTools/bin/set-deploy-admin-password to set the new NW node 0 deploy_admin password (The patch in step 3 not change rabbitmq-server deploy_admin password).
- ONLY for VLC: After reprovisioning, when you try to remove an old destination group the error message "Failed to delete remote destination: Invalid or missing address: '172.16.1.103' Try adding the device to SA if not already added" is raised.
FIX) Take note of the destination group (i.e Default) and go to Log Collector -> Explore -> Event Broker -> Destination (Properties ) -> remove name=Default
Internal Comments
We have verified these steps only from 11.2.1.2 to 11.3.2. In case of other versions, it may be slightly different.
Product Details
RSA Product Set: RSA NetWitness Logs & NetworkRSA Product/Service Type: Core Appliance
RSA Version/Condition: 11.2.1.2
Platform: CentOS
O/S Version: 7
Approval Reviewer Queue
RSA NetWitness Suite Approval Queue