Ensure that NTP synchronized your computer time with the network time. To upgrade the Change Guardian appliance complete the following steps:
After completing the upgrade, perform the post upgrade configurations.
The appliance configuration utility migrates alerts data from MongoDB to PostgreSQL
To run the utility:
Download the migration file change_guardian_appliance_configuration_utility-<version>.tar.gz from Downloads website.
Log in to the server as root.
Extract the files to your local server:
tar -zxvf change_guardian_appliance_configuration_utility-<version>.tar.gz
Change to the directory where the file was extracted.
Run the migration utility:
./cg6100_appliance_configuration.sh
To select the desired migration option, enter 1, 2, or 4.
Following options are displayed:
[1] --> Migrate both Alerts and Security Intelligence data (recommended) [2] --> Migrate only Alerts data [3] --> Migrate only Security Intelligence data [4] --> Only upgrade without migrating data
(Conditional) If data migration is not successful, clean up data from PostgreSQL.
(Conditional) The data in MongoDB is redundant because Change Guardian 6.0 stores data only in PostgreSQL. To remove redundant data from MongoDB, clear the disk space:
./mongodb_cleanup.sh
WARNING:After you migrate data, you must upgrade Change Guardian before you start or restart Change Guardian.
The following are the three methods in which you can apply updates:
To apply updates:
Get the Change Guardian and the operating system updates from the appliance update channel.
NOTE:Check whether the product and operating system repositories are available and are enabled. If the two repositories are not available, reregister the appliance.
Log in to the Change Guardian Appliance Console as vaadmin or root user using the following URL: https://IP_Address_Change_Guardian_server:9443.
Click Online Update.
Select Needed Patches from the drop-down list and click Update Now.
Select Needed Patches from the drop-down list to ensure that there are no pending updates.
Log in to the Change Guardian server as root.
Install the operating system package updates:
zypper up
Restart the Change Guardian services:
rcsentinel start
NOTE:If you receive an error message during the restart, see Applying Updates on Change Guardian Appliance Fails With an Error Message for troubleshooting steps.
Restart the Change Guardian server:
reboot
Zypper is a command-line package manager that allows you to perform an interactive upgrade of the Change Guardian appliance.
To update the appliance:
Get the Change Guardian and the operating system updates from the appliance update channel.
Log in to the Change Guardian server as root.
(Conditional) Check whether the product and operating system repositories are available and are enabled:
zypper lr
NOTE:If the two repositories are not available, reregister the appliance.
Check for available updates:
zypper lp
Run the following command:
zypper patch
This checks the installed packages and resolves any file conflicts.
Rerun the command to install appliance updates:
zypper patch
Install the operating system updates:
zypper up
Restart the Change Guardian services:
rcsentinel start
NOTE:If you receive an error message during the restart, see Applying Updates on Change Guardian Appliance Fails With an Error Message for troubleshooting step
Restart the Change Guardian appliance:
reboot
For more information about Zypper, see Zypper Cheat Sheet.
You can perform an update by using an offline ISO file under the following conditions:
When there is no internet access and you are unable to register the appliance.
When you prefer not to download the latest release available in the appliance download repository, but an earlier release. For more information, see Product Support Lifecycle.
When the current version that you are running is incompatible with the latest version, download a version that is compatible and then upgrade it to the latest version. For more information, see Product Support Lifecycle.
While applying the patch, if you encounter registry/repository issues, clear the registry and repository entries in your system.
To clean up the registration and repository details on the appliance:
Take a backup of the files before clearing the registry entries and create a backup directory. For example: mkdir /etc/zypp/backup
Copy the following registry files to the backup directory. For example:
cp /etc/zypp/credentials.d /etc/zypp/backup
cp /etc/zypp/repos.d/* /etc/zypp/backup
cp /etc/zypp/services.d/* /etc/zypp/backup
Delete the following registry files:
rm -fr /etc/zypp/credentials.d
rm -fr /etc/zypp/repos.d/*
rm -fr /etc/zypp/services.d/*
For more information, contact Technical Support.
Pre-requisites:
Download and run the utility change_guardian_appliance_configuration_utility-<version>.tar.gz from Change Guardian downloads page.
Download the patch to a directory. For example: <directoryname>/change_guardian_offline_appliance-<version>.iso
Create a directory for mounting the CD using a command. For example: mkdir -p /opt/trial
Mount the patch CD locally using a command. For example:
mount <directoryname>/change_guardian_offline_appliance-<version>.iso /opt/trial
Add the product and operating system repositories. For example:
zypper ar -c -t plaindir "/opt/trial/product-repo" "<product repository>"
zypper ar -c -t plaindir "/opt/trial/osupdate-repo" "<operating system repository>"
(Optional) Confirm if the repos are added successfully using the command: zypper repos
Check if the patches are bundled in the patch CD using the command: zypper lp
Run command zypper patch. This checks the installed packages and resolves any file conflicts.
Rerun the command to install appliance updates: zypper patch
Install the operating system updates: zypper up
Clean up the repositories list using the following command:
zypper rr "<product repository>"
zypper rr "<operating system repository>"
Start Change Guardian services before reboot: rcsentinel start
After the update is complete, reboot the machine using the command: reboot