This article describes steps to be taken to replace a hard disk in a Malware Analysis appliance. You may want to replace a disk due to either of the following:

• Faulty disk (see How to check RAID status on Malware Analysis Appliance)
• Maintenance activity, such as replacing a disk because it is near warranty expiration,  or which is showing early signs of failure

This process applies to both S400 and S500 appliances.
All existing profiles will remain after completing this procedure.

 

 

Prerequisites

• Command Line Shell in serial console or SSH access

• Replacement disk(s)

Before You Begin - Maintenance Activity
If the disk is not faulty, you must first mark the disk as faulty before removing it from RAID (for /dev/sdc). Run the following command:

[email protected]:~$ sudo mdadm --manage /dev/md127 --fail /dev/sdc1
mdadm: set /dev/sdc1 faulty in /dev/md127

Procedure
Follow these steps to replace a Malware Analysis appliance hard disk.

1. Run raidcheck to remove the  disk (or faulty disk) from RAID, and to identify the disk's bay number in the appliance. For an S500, you will see output like this:

[email protected]:~$ sudo python /opt/mag2/usr/share/mag2/pyscripts/raidcheck.pyc

 Bay  Device     State

   1  /dev/sdc1  faulty spare

   2  /dev/sdd1  active sync

   3  /dev/sde1  active sync

   4  /dev/sdf1  active sync

   5  /dev/sdg1  active sync

   6  /dev/sdh1  active sync
 

 /dev/sdc1 is marked as faulty and needs to be removed from the RAID array.

 Continue to remove faulty disk? [y/N] y

 mdadm: hot removed /dev/sdc1 from /dev/md127

Instructions:

  - Shut down the system and replace the faulty disk in bay 1.

Done.

 [email protected]:~$ 

2. Shut down the appliance.

• On the web console, go to System Settings > Restart Showdown.
• On the console menu, go to 5. Shutdown / reboot

3. Replace the hard disk, then power on the appliance.
4. Once the Malware Analysis appliance is up, run raidcheck to add the new disk to RAID and perform RAID resync. Here is an example:

 [email protected]:~$ sudo python /opt/mag2/usr/share/mag2/pyscripts/raidcheck.pyc

 [sudo] password for g2: 

 Bay  Device     State

   1  /dev/sdc1  removed?

   2  /dev/sdd1  active sync

   3  /dev/sde1  active sync

   4  /dev/sdf1  active sync

   5  /dev/sdg1  active sync

   6  /dev/sdh1  active sync

 Replacement disk /dev/sdc found.

 Continue to partition the new disk? [y/N] y

 Checking that no-one is using this disk right now ...

 OK

 sfdisk: ERROR: sector 0 does not have an msdos signature

  /dev/sdc: unrecognized partition table type

 No partitions found

 Warning: partition 1 does not end at a cylinder boundary

 Warning: no primary partition is marked bootable (active)

 This does not matter for LILO, but the DOS MBR will not boot this disk.

 If you created or changed a DOS partition, /dev/foo7, say, then use dd(1)

 to zero the first 512 bytes:  dd if=/dev/zero of=/dev/foo7 bs=512 count=1

 (See fdisk(8).)

 mdadm: added /dev/sdc1

 Waiting until all RAID tasks are done: /dev/sdc1: spare rebuilding

[email protected]:~$ sudo python /opt/mag2/usr/share/mag2/pyscripts/raidcheck.pyc

 Bay  Device     State

   1  /dev/sdc1  active sync

   2  /dev/sdd1  active sync

   3  /dev/sde1  active sync

   4  /dev/sdf1  active sync

   5  /dev/sdg1  active sync

   6  /dev/sdh1  active sync

 Done.

S400 Example

 [email protected]:~$ sudo python /opt/mag2/usr/share/mag2/pyscripts/raidcheck.pyc

 Bay  Device     State

   1  /dev/sda1  active sync

   2  /dev/sdc1  active sync

 Done.