Upgrading ESM and the Active-Passive High Availability Module

This information guides you through the process of upgrading both ESM and the APHA module running on a two-system cluster. The APHA module version, ESM version, and operating system version must be compatible. For version compatibility, see the Technical Requirements on the ESM documentation page.

The following upgrade paths are supported:

• If you are running version 7.3 of ESM and the APHA module, you can upgrade directly to version 7.5.

• If you are running version 7.2 of ESM and the APHA module, you must upgrade to version 7.3 or 7.4 of the APHA module before you can upgrade to version 7.5 of the module.

• If you are running version 7.2 Service Pack 1 of ESM and the APHA module, you must upgrade ESM and the APHA module to version 7.3 before you can upgrade the module to version 7.5.

• If you are running version 7.0 of ESM, you must upgrade ESM to version 7.0 Patch 2 before you can upgrade to version 7.2. After you upgrade to version 7.2, you can upgrade to version 7.3 and then to version 7.5. If you are running version 7.0 of the APHA module, you can upgrade the module directly to version 7.2. After you upgrade the module to version 7.2, you can upgrade to version 7.3 and then to version 7.5.

• If you are running version 7.0 Patch 1 or Patch 2 of ESM, you can upgrade ESM directly to version 7.2. After you upgrade to version 7.2, you can upgrade to version 7.5. If you are running version 7.0 Patch 1 of the APHA module, you can upgrade the module directly to version 7.2. After you upgrade the module to version 7.2, you can upgrade to version 7.5.

Upgrade ESM and the APHA module on the primary system only. After the upgrade is complete, the APHA module synchronizes the secondary system with the primary system.

Before you begin the upgrade, review Configuring the Active-Passive High Availability System - All Scenarios.

Understanding How ESM Maintains High Availability During Upgrade

The upgrade process requires running a pre-upgrade script (preUpgrade.sh) and an upgrade script (upgrade.sh). This section describes the operations that these scripts perform and how ESM keeps track of the state of the primary and secondary systems during upgrade.

The preUpgrade.sh script validates whether the upgrade is likely to succeed. If so, it stops the cluster on the node where it is running and uninstalls Pacemaker and Corosync software. It does not uninstall DRBD software. Typically, you run preUpgrade.sh first on the secondary system to start the upgrade while ESM continues to run on the primary system. When the operating system upgrade is complete on the secondary system (if needed), you shut down ESM on the primary system and run preUpgrade.sh there.

The upgrade.sh script performs upgrade tasks on both the primary and secondary systems. The primary system is the server on which you run the script. When performing upgrade tasks on the secondary system, the script uses passwordless SSH.

upgrade.sh performs the following steps:

1. Installs new Pacemaker and Corosync RPMs.
2. Upgrades DRBD RPMs.
3. Starts the cluster.

4. Places the secondary system in offline mode.

   Note: upgrade.sh takes the secondary system offline during the upgrade process to ensure that it remains the secondary system and that ESM runs on the primary system.
5. Rebuilds the Pacemaker configuration based on the information that you specified during installation.
6. Places the secondary system in online mode.

The state of the disks are stored in DRBD metadata that DRBD uses to determine which disk is more up-to-date and which parts of the disks are synchronized. Typically, the server on which you run upgrade.sh is the primary system and the server where you first run preUpgrade.sh becomes the secondary system. However, if the other server is more up-to-date than the server on which you run upgrade.sh, DRBD forces the more up-to-date server to be the primary system.

DRBD ensures that a split-brain situation is practically impossible during upgrade. A communications failure between the primary and secondary systems can result in a split-brain situation, but this is rare.

To upgrade ESM and the APHA module:

1. From the Licensing and Downloads site, download ArcSight-ActivePassiveHighAvailability-7.5.0.xxxx.tar and ArcSightESMSuite-7.5.0.xxxx.tar to the primary system (where xxxx is the build number).

   Do NOT place the installation binary or unpacked content on the shared disk partition (usually /opt/arcsight). The upgrade process might unmount the shared disk partition.

2. As user arcsight, untar ArcSight-ActivePassiveHighAvailability-7.5.0.xxxx.tar.
   

3. Copy the preUpgrade.sh file to the secondary system.
4. As user root, run preUpgrade.sh on the secondary system. 

5. If an operating system upgrade is required, upgrade the operating system version on the secondary system.

   If this is a software installation, see the operating system vendor documentation for upgrade instructions.

   Note: If you are upgrading from SUSE Linux Enterprise Server (SLES) 12.5 to SLES 15.1, contact Technical Support before you start the upgrade.

   If you upgrade the operating system, download the APHA support packages for that operating system and install them.

6. If you upgraded the operating system on software ESM, reboot the secondary system.

   Note: This is not necessary on an appliance. The appliance will automatically reboot.
7. On the primary system, as user arcsight, untar ArcSightESMSuite-7.5.0.xxxx.tar.
8. On the primary system, as user root, run Tools/stop_services.sh to shut down ESM.
9. As user root, run preUpgrade.sh on the primary system. 

10. If an operating system upgrade is required, upgrade the operating system version on the primary system.

    If this is a software installation, see the operating system vendor documentation for upgrade instructions.

    If you upgrade the operating system, download the APHA support packages for that operating system and install them.

11. If you are running RHEL or CentOS, in /etc/yum.conf and all files in /etc/yum.repos.d on both the primary and the secondary systems, delete each instance of the following line:

    exclude=heartbeat* corosync* pacemaker* drbd* resource-agents clusterglue*

12. If you upgraded the operating system on software ESM, reboot the primary system.

    Note: This is not necessary on an appliance. The appliance will automatically reboot.
13. If you have not already done so, disable SELinux and then reboot the primary and secondary systems.
14. On the primary system, as user arcsight, run ArcSight-ActivePassiveHighAvailability-7.5.0.xxxx.x.bin to start the APHA Module Installation Wizard.

15. On the primary system, as user root, run the following command:

    /usr/lib/arcsight/highavail/install/upgrade.sh

    The log file for the APHA module upgrade is located at: /usr/lib/arcsight/highavail/logs/upgrade.log.
    

16. On the primary system, upgrade to the supported ESM version.

    For detailed instructions, see the ESM Upgrade Guide. Because you have already stopped the ArcSight services, you do not need to run Tools/stop_services.sh.

    IMPORTANT: The APHA module must be running before you begin upgrading ESM.

    After the ESM upgrade is complete, the APHA module synchronizes the primary system and the secondary system.

17. As user root, start the ArcSight services:

    /opt/arcsight/manager/bin/setup_services.sh

18. Ensure that the ArcSight services are running:

    /etc/init.d/arcsight_services status

19. If you have not already done so, use the ArcSight Console to activate the ArcSight ESM APHA Monitoring Foundation Package.

    For more information, see the ArcSight Administration and ArcSight System Standard Content Guide.

When the upgrade is complete, perform post-upgrade tasks as described in the ESM Upgrade Guide, and then continue to Verifying the Active-Passive High Availability Module and ESM Upgrade.