Upgrading CDF

Follow the Checklist: Upgrading Your Environment to ensure a successful upgrade.

As part of the process, you must upgrade CDF, the following options available.

Upgrading CDF Automatically
Upgrading CDF Manually

We recommend using the automatic installation, as it is easy to use. However, if the automatic installation method does not met your needs, you can upgrade manually.

If you installed your environment with the ignore-swap flag before, swap space needs to be disabled before you start the upgrade. Otherwise, the upgrade will fail, with first master not starting up. For more information see, Disabling Swap Space.

Upgrading CDF Automatically

No preparation is necessary but should be run from one of the cluster node

The automated upgrade of CDF is performed using a single command and requires no interaction until completion of each phase. Typically, each automated upgrade phase takes around 1 hour for a cluster with 3 master nodes and 3 worker nodes.

Preparing the Upgrade Manager
Configuring Passwordless Communication
Downloading the Upgrade File
Performing the CDF Automatic Upgrade
Removing the Auto-upgrade Temporary Directory from UM

Preparing the Upgrade Manager

Automatic upgrade should be run from a host (for purposes of these instructions, known as the upgrade manager).

The upgrade manager (UM) may be one of the following host types:

One of the cluster nodes
A host outside the cluster (a secure network location)

The following uses the cluster master node1 as an example.

Configuring Passwordless Communication

You must configure passwordless SSH communication between the UM and all the nodes in the cluster.

Run the following command on the UM to generate key pair.
```
ssh-keygen -t rsa
```
Run the following command on the UM to copy the generated public key to every node of your cluster.
```
ssh-copy-id -i ~/.ssh/id_rsa.pub root@<node_fqdn_or_ip>
```

Downloading the Upgrade File

Download the upgrade files for CDF to a download directory (referred to as <download_directory>) on the UM.

There are three directories involved in the auto-upgrade process:

An auto-upgrade directory /tmp/autoUpgrade will be auto generated on the UM. It will store the upgrade process steps and logs.
A backup directory /tmp/CDF_202005_upgrade will be auto generated on every node (approximate size 1.5 GB).
A working directory will be auto generated on the UM and every node at the location provided by the - dparameter The upgrade package will be copied to this directory. (approximate size 9 GB). The directory will be automatically deleted after the upgrade.
The working directory can be created manually on UM and every node and then passed as -d parameter to the auto-upgrade script. If you are a non-root user on the nodes inside the cluster, make sure you have permission to this directory.

Performing the CDF Automatic Upgrade

Navigate to {unzipped-installer-dir} and run the command ./arcsight-install --cmd upgrade to upgrade.

As an alternative, you can use this manual procedure.

Change to the following directory:

{unzipped-installer-dir}/installers/cdf/

Run the following command:

./autoUpgrade -d /path/to/working_directory -n {any_cluster_node_adress_or_ip}

For example:

./autoUpgrade -d /tmp/upgrade -n yourdomain-masternode1.yourenterprise.net

Removing the Auto-upgrade Temporary Directory from UM

The auto-upgrade temporary directory contains the upgrade steps and logs.

To upgrade another cluster from the same UM, remove that directory using the following.

rm -rf /tmp/autoUpgrade

Upgrading CDF Manually

Beginning with the master node1, upgrade your CDF infrastructure on every node of the cluster. Run the following process on each node.

Run the following command:
```
mkdir /tmp/upgrade-download
```
From the Downloading the Installation Packages section, copy the CDF bits.
```
arcsight-platform-installer-<version>.zip to /tmp/upgrade-download
```

Unzip the upgrade package by running these commands.

cd /tmp/upgrade-download
unzip arcsight-platform-installer-<version>.zip

Run the following commands on each node (follow this pattern: master1, master2, master3, to worker1, worker2, worker3, etc.).
```
cd /tmp/upgrade-download/arcsight-platform-installer-<version>/installers/cdf
```
```
./upgrade.sh -i
```

On the initial master node1, run the following commands to upgrade CDF components.

cd /tmp/upgrade-download/arcsight-platform-installer-<version>/installers/cdf

./upgrade.sh -u

Clean the unused docker images by running the following commands on all nodes (masters and workers). This can be executed simultaneously.
```
cd /tmp/upgrade-download/arcsight-platform-installer-<version>/installers/cdf
```
```
./upgrade.sh -c
```
To verify the cluster status, complete the following steps:
1. Check the CDF version on each node by running the command:
```
cat ${K8S_HOME}/version.txt
```
2. Check the status of CDF on each node by running these commands:
```
cd ${K8S_HOME}/bin
./kube-status.sh
```

To avoid possible "incorrect API route" error message while accessing IdM administration execute following line as root user on your master node:

kubectl patch ing idm-admin -ncore --type json -p '[{"op":"add","path":"/spec/rules/0/host","value":"'$(kubectl get cm -ncore base-configmap -ojsonpath='{.data.EXTERNAL_ACCESS_HOST}')'"}]'