A new issue has been discovered where some devices will experience a kernel panic after upgrading to 12.4.1. This is due to kernel updates failing to generate the required initramfs and vmlinuz binaries which are the equivalent of the newest kernel. A kernel panic can occur if the node is rebooted without these files.
A HotFix is available. We recommend you upgrade to this HotFix considering the relevant scenario. Below are various scenarios to apply, prevent, or recover from the issue.
You can contact NetWitness Customer Support to download and apply this HotFix. You can also download the attached HotFix Release Notes to learn more about this HotFix and how to apply it.
For additional documentation, downloads, and more, visit the NetWitness Platform page.
Upgrades from NetWitness Platform 12.4.0.0 to NetWitness Platform 12.4.1.0
Follow the steps below based on the scenario that applies.
This section applies if you have not done an upgrade to 12.4.1.0 and provides the procedure to upgrade to NetWitness Platform 12.4.1.0 and apply the HotFix. You can upgrade with this HotFix only in CLI mode.
Note: This HotFix is only valid for upgrading the NetWitness Platform from 12.4.0.0 to 12.4.1.0. You cannot use it to upgrade from a version prior to 12.4.0.0.
upgrade-cli-client --init --version 12.4.1.0 --stage-dir <path of the staging directory>
rsa-nw-config-management-12.4.1.0-2407121516.5.76e0414.el8.noarch.rpm
cd /var/netwitness/common/repo
salt "*" cmd.run "wget --no-check-certificate https://nw-node- zero/nwrpmrepo/rsa-nw-config-management-12.4.1.0- 2407121516.5.76e0414.el8.noarch.rpm" >> cfg-mgmt_download.out
salt '*' cmd.run "yum update -y rsa-nw-config-management-12.4.1.0- 2407121516.5.76e0414.el8.noarch.rpm" >> cfg-mgmt_install.out
salt '*' cmd.run "rpm -q rsa-nw-config-management" >> cfg-mgmt_version.out
You can use this procedure to upgrade Node-x without getting the kernel-panic issue.
rsa-nw-config-management-12.4.1.0-2407121516.5.76e0414.el8.noarch.rpm
cd /var/netwitness/common/repo
salt "*" cmd.run "wget --no-check-certificate https://nw-node- zero/nwrpmrepo/rsa-nw-config-management-12.4.1.0- 2407121516.5.76e0414.el8.noarch.rpm" >> cfg-mgmt_download.out
salt '*' cmd.run "yum update rsa-nw-config-management-12.4.1.0- 2407121516.5.76e0414.el8.noarch.rpm" >> cfg-mgmt_install.out
salt '*' cmd.run "rpm -q rsa-nw-config-management" >> cfg-mgmt_version.out
You can use this procedure to regenerate initramfs files on upgraded systems and to upgrade Node-x without getting the kernel-panic issue.
rsa-nw-config-management-12.4.1.0-2407121516.5.76e0414.el8.noarch.rpm
cd /var/netwitness/common/repo
salt "*" cmd.run "wget --no-check-certificate https://nw-node- zero/nwrpmrepo/rsa-nw-config-management-12.4.1.0- 2407121516.5.76e0414.el8.noarch.rpm" >> cfg-mgmt_download.out
salt '*' cmd.run "yum update rsa-nw-config-management-12.4.1.0- 2407121516.5.76e0414.el8.noarch.rpm" >> cfg-mgmt_install.out
salt '*' cmd.run "rpm -q rsa-nw-config-management" >> cfg-mgmt_version.out
This section provides the procedure to recover a Node-0 or Node-x if you encounter a Kernel-Panic state and fail-to-boot error.
a. Select Start AlmaLinux Live 8.10 and click Enter.
a. Run lsblk to check the disks.
b. Assuming /dev/sda1 is the /boot partition and /dev/sda2 is the netwitness_vg00 volume, run the following commands:
Note: In the case of hybrids, this might change to /boot in /dev/sda2 and netwitness_vg00 vg in
/dev/sda3.
c. Verify that the required output is similar to that shown in the image. Otherwise, try mounting /dev/sda3 and check the files.
The output should be similar to that shown in the image otherwise, try with mounting /dev/sda2
c. Regenerate dracut files using - dracut -f --regenerate-all -v
d. Ensure that all the required boot files are created in /boot folder - initramfs, vmlinuz*, config* , System.map* and symvers* files.
e. Update the grub conf using - grub2-mkconfig -o /boot/grub2/grub.cfg
f. exit
g. umount /mnt/sysimage/boot
h. umount /mnt/sysimage