DescriptionThis article will describe a way to recover the supervisor instance when the IP has been lost due to losing the network driver. This only effects Ec2 Instances
ScopeFortiSIEM EC2 Instace on 4.x
SolutionIf the instance has lost it's network driver (you can verify by attempting to ssh and ping the ip -- there will be no response) follow the directions below.
NOTE: the disk names may be different than what your environment may look like -- the drive names below only are a reference to follow, not the exact literal usage for the disks mapped names
Step 1: Original Supervisor
- Stop the instance
- find the root volume which is mounted as /dev/xvda1.
- Add a name tag to the volume so it doesn’t get lost
- detach the volume from the instance
Step 2: Find another Collector instance
- Spin up another instance #X using our collector AMI
- Stop the instance
- Attach the root volume of the super or worker instance which you just detached in step #1,
- Example: /dev/xvdh, then boot up this instance #X
- On the instance, an fdisk -l will display the above volume as /dev/xvdh
- Do a ‘mount /dev/xvdh3 /mnt’
- Find and Remove the file /mnt/etc/modprobe.d/ixgbevf.conf
- Stop the instance #X
- Detach volume /dev/xvdh
Step 3: Back on the original Supervisor
- Attach the instance back to your original super or worker as /dev/xvda1
- Boot up the instance, and it should boot up.
