ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.
Replace a Malware Appliance Hard Disk
Article ID: 168925
Updated On:
Products
Malware Analysis Software - MA
Issue/Introduction
This article describes steps to be taken to replace a hard disk in a Malware Analysis appliance. You may want to replace a disk due to either of the following:
- Faulty disk (see How to check RAID status on Malware Analysis Appliance)
- Maintenance activity, such as replacing a disk because it is near warranty expiration, or which is showing early signs of failure
This process applies to both S400 and S500 appliances.
All existing profiles will remain after completing this procedure.
Resolution
Prerequisites
-
Command Line Shell in serial console or SSH access
- Replacement disk(s)
Before You Begin - Maintenance Activity
If the disk is not faulty, you must first mark the disk as faulty before removing it from RAID (for /dev/sdc). Run the following command:
[email protected]:~$ sudo mdadm --manage /dev/md127 --fail /dev/sdc1
mdadm: set /dev/sdc1 faulty in /dev/md127
Procedure
Follow these steps to replace a Malware Analysis appliance hard disk.
- Run raidcheck to remove the disk (or faulty disk) from RAID, and to identify the disk's bay number in the appliance. For an S500, you will see output like this:
[email protected]:~$ sudo python /opt/mag2/usr/share/mag2/pyscripts/raidcheck.pyc
Bay Device State
1 /dev/sdc1 faulty spare
2 /dev/sdd1 active sync
3 /dev/sde1 active sync
4 /dev/sdf1 active sync
5 /dev/sdg1 active sync
6 /dev/sdh1 active sync
/dev/sdc1 is marked as faulty and needs to be removed from the RAID array.
Continue to remove faulty disk? [y/N] y
mdadm: hot removed /dev/sdc1 from /dev/md127
Instructions:
- Shut down the system and replace the faulty disk in bay 1.
Done.
[email protected]:~$
- Shut down the appliance.
- On the web console, go to System Settings > Restart Showdown.
- On the console menu, go to 5. Shutdown / reboot
Note: If you are running a software version earlier than 4.2.8, unplug the power cables; otherwise, it will automatically restart after a few seconds.
- Replace the hard disk, then power on the appliance.
- Once the Malware Analysis appliance is up, run raidcheck to add the new disk to RAID and perform RAID resync. Here is an example:
[email protected]:~$ sudo python /opt/mag2/usr/share/mag2/pyscripts/raidcheck.pyc
[sudo] password for g2:
Bay Device State
1 /dev/sdc1 removed?
2 /dev/sdd1 active sync
3 /dev/sde1 active sync
4 /dev/sdf1 active sync
5 /dev/sdg1 active sync
6 /dev/sdh1 active sync
Replacement disk /dev/sdc found.
Continue to partition the new disk? [y/N] y
Checking that no-one is using this disk right now ...
OK
sfdisk: ERROR: sector 0 does not have an msdos signature
/dev/sdc: unrecognized partition table type
No partitions found
Warning: partition 1 does not end at a cylinder boundary
Warning: no primary partition is marked bootable (active)
This does not matter for LILO, but the DOS MBR will not boot this disk.
If you created or changed a DOS partition, /dev/foo7, say, then use dd(1)
to zero the first 512 bytes: dd if=/dev/zero of=/dev/foo7 bs=512 count=1
(See fdisk(8).)
mdadm: added /dev/sdc1
Waiting until all RAID tasks are done: /dev/sdc1: spare rebuilding
Note: The RAID resync will take seven to eight hours to complete on an S500. It will take less time on an S400.
When the resync has completed, you will see a Done message.
S500 Example
[email protected]:~$ sudo python /opt/mag2/usr/share/mag2/pyscripts/raidcheck.pyc
Bay Device State
1 /dev/sdc1 active sync
2 /dev/sdd1 active sync
3 /dev/sde1 active sync
4 /dev/sdf1 active sync
5 /dev/sdg1 active sync
6 /dev/sdh1 active sync
Done.
S400 Example
[email protected]:~$ sudo python /opt/mag2/usr/share/mag2/pyscripts/raidcheck.pyc
Bay Device State
1 /dev/sda1 active sync
2 /dev/sdc1 active sync
Done.
Feedback
Yes
No
Powered by
