Run Pre-Upgrade Checks

You must run the pre-upgrade checks before you upgrade to NetWitness Platform 12.3.1.0 to identify any issues that may result in upgrade failure.

To run the pre-upgrade checks:

  1. SSH to Admin Server.

  2. Using the Upgrade Precheck tool, run the following commands:

    • nw-precheck-tool upgrade-checklist: This command allows the Upgrade Precheck tool to perform sanity checks for the list of probes in the Upgrade Checklist.

    • nw-precheck-tool network-checklist: This command allows the Upgrade Precheck tool to perform sanity checks for the list of probes in the Network Checklist.

    • nw-precheck-tool cert-checklist: This command allows the Upgrade Precheck tool to perform sanity checks for the list of probes in the Certificate Checklist.

    Upgrade Checklist

    The Upgrade Precheck tool performs the sanity checks for the following list of probes in the upgrade checklist:

  • Security Client File Check: Ensures security-client-amqp.yml file is not present.

  • Node-0 NW Service-id Status Check: Ensures all the service-id is intact with all the different services in Node 0.

  • Broker Service Trustpeer Symlink File Check: Ensures Broker Service Trustpeer Symlink file (/etc/netwitness/ng/broker/trustpeers/) is not broken.

  • Node-0 NW Services Status Check: Checks the status of all the services in Node 0.

  • Yum External Repo Check: Ensures external repos are not available and not enabled.

  • Node-0 RPM DB Index Check: Checks if the RPM DB is corrupted or not.

  • Salt Master Communication Check: Verifies the salt communication from Node 0 to all the Nodes.

  • Node-0 Certificates Check: Checks if any certificates are missing, expired, or invalid issuer type.

  • Mongo Authentication: Validates the deploy_admin credentials fetched from security-cli-client using Mongo client.

  • Rabbitmq Authentication: Validates the deploy_admin credentials fetched from security-cli-client using RabbitMQ.

  • (Component Hosts) Node X NW Service Status Check: Verifies the status of services (Active or Inactive) on all the Node X.

  • (Component Hosts) Node X Certificates Check: Checks the certificate expiry, missing, corrupted, and issuer mismatch in all the categories of Node X.

  • Provide Nodes CPU-Memory Info: Provides CPU and Memory details of all the nodes along with the real-time available memory.

  • (Admin Server) Node 0 File System Utilization Check: Verifies the disk partition utilization of /var/netwitness/mongo, /var/netwitness, and root on Node 0.

  • (Component Hosts) Node X File System Utilization Check: Verifies the disk partition utilization of /var/netwitness/mongo, /var/netwitness, and root for ESA Primary and Endpoint Log Hybrid services on Node X.

  • Mongo File (ESAPrimary) Permission Mode Check: Checks the ESA Primary node in the system or stack and verifies the permission mode of Mongo file.

  • Orchestration Server Normal Mode Check: Checks if the orchestration service is running in normal or safe mode.

  • (Admin Server) Node 0 Init status Check: Checks if there are any issues that might fail init process.

  • Fips Mode Check: Checks to ensure that the Fips mode is disabled (set to false) before and after upgrade.

  • Node-X RPM DB Index Check: Checks for the status of RPM DB on Node-X to make sure it is not corrupted.

  • Node-Z Yum Proxy Check: Checks for the existence of yum.conf file and availability of proxy within the file on Node -Z.

  • Node-X Yum Proxy Check: Checks for the existence of yum.conf file and availability of proxy within the file on Node -X.

  • Host Info Check Probe: Checks if the required fields of information of all the hosts in the system (Host IP, Hostname, Installed Services, and Raw Version) are available.

  • Node-Z Cipher Check Probe: Checks if the required ciphers are available in the location /etc/rabbitmq/rabbitmq.config on Node-0.

  • Node-X Cipher Check Probe: Checks if the required ciphers are available in the location /etc/rabbitmq/rabbitmq.config on all Node-X.

  • Node-X Hardware Version Check Probe: Checks for the hardware version of all reachable Node-X.

  • Node-Z Hardware Version Check Probe: Checks for the hardware version of the Admin server.

  • PuppetCA Certificates Check Probe: Checks if the stale puppet CA certificates are present in the location /etc/pki/nw/trust/truststore.pem.

  • AdminCertCheck Probe: Verifies if the admin-certs across all the nodes are the same as the admin-certs on the Admin Server.

  • NTP Probe: Checks all the nodes to ensure they are in sync with the NTP server.

  • StaleCerts Check Probe: Checks the mongo and warns if there are any unused stale certificates in it.

  • NodeCertIDCheck Probe: Checks the subject field of the node-cert and ensures that it is the same as the node-ID of the host.

  • Deploy Admin password expiry check Probe: Verifies if the deploy_admin password is expired on Node-0.

Network Checklist

The Upgrade Precheck tool performs the sanity checks for the following list of probes in the network checklist:

  • (Admin Server) Node 0 closed ports Check: Checks if the service ports required for NetWitness services are open and listening on Node 0.

  • (Component Hosts) Node X closed ports Check: Checks if the service ports required for NetWitness services are open and listening on Node X.

Certificate Checklist

The Upgrade Precheck tool performs the sanity checks for the following list of probes in the Certificate checklist:

  • Node 0 Service Certificates Validity Check: Checks the validity of service certificates in the location /etc/pki/nw/service/ on Node-0.

  • Node X Service Certificates Validity Check: Checks the validity of service certificates in the location /etc/pki/nw/service/ on Node-X.

  • Node Certificates Validity Check on Node-0: Checks the validity of node certificates in the location /etc/pki/nw/service on Node-0.

  • Root CA Certificates Validity Check: Checks the validity of Root CA certificates in the location /etc/pki/nw/ca.