40.3 Upgrading a Sentinel HA Appliance Installation

You can upgrade to Sentinel from Sentinel 8.2 or later. You can upgrade both Sentinel and the SLES Operating System through the Sentinel Appliance Manager or Zypper (Appliance Update Channel).

Sentinel 8.3.0.0 onwards it uses PostgreSQL instead of MongoDB to store Security Intelligence data and alerts data. Before you upgrade the appliance on the active node, you must first migrate your data from MongoDB to PostgreSQL. You will be able to upgrade the appliance only if you have successfully migrated your data to PostgreSQL.

  • You must have SLES 12 SP3 or SLES 12 SP4 installed.

    1. (Conditional) If you are on SLES 11 SP4 with Sentinel 8.2.0.0, it is recommended to get all the channel updates on SLES 11. Then upgrade the OS to SLES 12 SP3. For more information about upgrading the SLES operating system, see Upgrading the Operating System to SLES 12 SP3. Download and execute the post upgrade utility from the Micro Focus Patch Finder website.

    2. (Conditional) If you are on SLES 12 SP3 with Sentinel 8.2.0.0 and executed the post upgrade utility sentinel_sles_iso_os_post_upgrade-release-73.tar.gz, then you have to download and execute post upgrade utility sentinel_sles_iso_os_post_upgrade-release-85.tar.gz from Micro Focus Patch Finder website.

    3. (Conditional) If you are on SLES 12 SP3 with Sentinel 8.2.0.0 and executed the post upgrade utility sentinel_sles_iso_os_post_upgrade-release-85.tar.gz from Micro Focus Patch Finder website, then follow the steps from Upgrading the Appliance.

40.3.1 Upgrading through the Zypper patch

You must register all the appliance nodes through Sentinel Appliance Manager before the upgrade. For more information, see Registering for Updates. If you do not register the appliance, Sentinel displays a yellow warning.

  1. Enable the maintenance mode on the cluster.

    crm configure property maintenance-mode=true

    Maintenance mode helps you to avoid any disturbance to the running cluster resources while you update the Sentinel software. You can run this command from any cluster node.

  2. Verify whether the maintenance mode is active.

    crm status

    The cluster resources should appear in the unmanaged state.

  3. Upgrade the passive cluster node:

    1. Stop the cluster stack.

      rcpacemaker stop

      Stopping the cluster stack ensures that the cluster resources remain inaccessible and avoids fencing of nodes.

    2. Complete prerequisites 1 and 2 listed in Prerequisites for Upgrading the Appliance

    3. Download the updates for Sentinel:

      NOTE:For the Sentinel 8.3.1, zypper -v patch and zypper up commands are necessary as both updated rpm and new rpm are required for the appliance.

      • zypper -v patch

        NOTE:After patch, message is displayed to reboot the system. Ignore the reboot until the next step zypper up is completed.

      • zypper up

    4. After the upgrade is complete, start the cluster stack.

      rcpacemaker start

  4. Repeat Step 3 for all the passive cluster nodes.

  5. Upgrade the active cluster node:

    1. Back up your configuration, then create an ESM export.

      For more information on backing up data, see Backing Up and Restoring Data in the Sentinel Administration Guide.

    2. Stop the cluster stack.

      rcpacemaker stop

      Stopping the cluster stack ensures that the cluster resources remain inaccessible and avoids fencing of nodes.

    3. Complete the prerequisites listed in Prerequisites for Upgrading the Appliance.

    4. Download the updates for Sentinel.

      To upgrade Sentinel, run the following commands from the command prompt:

      • zypper -v patch

        NOTE:Once you run the above command, message is displayed to reboot the system. Ignore the reboot until Step 8 is completed.

      • zypper up

      • (Conditional) Before the upgrade, if event visualization is enabled, after upgrading to Sentinel 8.4.0.0, Elasticsearch stops as it is enabled with X-Pack security plug-in, to start Elasticsearch follow the procedure in Settings in Elasticsearch for Secure Cluster Communication.

    5. After the upgrade is complete:

      • (Conditional) If Sentinel is not started automatically, start the Sentinel database:

        rcsentinel startdb

      • Start the cluster stack:

        rcpacemaker start

    6. Run the following command to synchronize any changes in the configuration files:

      csync2 -x -v

  6. Disable the maintenance mode on the cluster.

    crm configure property maintenance-mode=false

    You can run this command from any cluster node.

  7. Verify whether the maintenance mode is inactive.

    crm status

    The cluster resources should appear in the Started state.

  8. (Optional) Verify whether the upgrade is successful:

    rcsentinel version

  9. Reboot the system as per zypper patch message shown in Step 5d.

  10. Log in to Sentinel and verify if you are able to see the migrated data such as alerts, Security Intelligence dashboards, and so on.

  11. The data in MongoDB is now redundant because Sentinel 8.3 and later will store data only in PostgreSQL. To clear up the disk space, delete this data. For more information, see Removing Data from MongoDB.

40.3.2 Upgrading through the Sentinel Appliance Management Console

To upgrade through the Sentinel Appliance Management Console:

  1. Run the following command on the active node or a passive node in the cluster, to enable maintenance mode:

    crm configure property maintenance-mode=true

    Maintenance mode helps you to avoid any disturbance to the running cluster resources while you update Sentinel.

  2. Run the following command to verify whether the maintenance mode is active:

    crm status

    The cluster resources should be displayed in the unmanaged state.

  3. Upgrade all the passive cluster nodes first:

    1. Run the following command to stop the cluster stack:

      rcpacemaker stop

      Stopping the cluster stack ensures that the cluster resources remain inaccessible and avoids fencing of nodes.

    2. Run the following command to verify whether the 9443 port is listening on the active node to access appliance:

      netstat –na | grep 9443

    3. (Conditional) Run the following command if the 9443 port is not listening:

      systemctl restart vabase vabase-jetty vabase-datamodel

    4. Complete prerequisites 1 and 2 listed in Prerequisites for Upgrading the Appliance

    5. Launch the appliance by doing either of the following:

      • Log in to Sentinel. Click Sentinel Main > Appliance.

      • Specify the following URL in your web browser: https://<IP_address>:9443.

    6. (Conditional) If you are unable to launch Sentinel Appliance Management Console:

      1. Go to /var/opt/novell in the active node and copy the following files to /var/opt/novell/ in each passive node:

        • datamodel-service

        • ganglia

        • jetty

        • python

        • va

      2. In each passive node, set the file permission as vabase-jetty for the files in the jetty folder:

        1. Go to /var/opt/novell/jetty.

        2. Run the following command:

          chown -R vabase-jetty:vabase-jetty *

      3. Run the following command to restart the vabase services:

        systemctl start vabase-jetty vabase-datamodel vabase

      4. Run the following command to verify that port 9443 is listening in all the available nodes:

        netstat -na | grep 9443

    7. Log in as vaadmin.

    8. Click Online Update.

      1. (Conditional) Register for updates if you have not done it earlier. For more information, see Registering for Updates.

        NOTE:A message is displayed to reboot the system after Step 5h2, but ignore it until Step 5h3 is completed.

      2. To install the displayed updates for Sentinel and the operating system, click Update Now > OK.

      3. NOTE:For the Sentinel 8.3.1, in addition to Step 5h2, zypper up command is also necessary as both updated rpm and new rpm are required for the appliance.

        Run the following command from the command prompt to upgrade the rpm completely:

        zypper up

      4. To apply the installed updates, click Reboot.

      5. After reboot, check the version on the top right corner of the screen to verify if the upgrade is successful.

    9. After the upgrade is complete, restart the cluster stack.

      rcpacemaker start

  4. Upgrade the active cluster node.

    1. Complete the prerequisites listed in Prerequisites for Upgrading the Appliance.

    2. Repeat Step 5h1 to Step 5h3 for the active cluster node.

    3. (Conditional) If Sentinel is not started automatically, start the Sentinel:

      rcsentinel start

    4. After the upgrade is complete, restart the cluster stack:

      rcpacemaker start

  5. Run the following command on the active node or a passive node in the cluster to disable maintenance mode:

    crm configure property maintenance-mode=false

  6. Run the following command on the active node or a passive node in the cluster to verify if maintenance mode is not active:

    crm status

  7. (Conditional) Before the upgrade, if event visualization is enabled, after upgrading to Sentinel 8.4.0.0, Elasticsearch stops as it is enabled with X-Pack security plug-in, to start Elasticsearch follow the procedure in Settings in Elasticsearch for Secure Cluster Communication.

  8. Now reboot the system as per zypper patch message shown in Step 5h2.

  9. After you reboot, check the version on the top right corner of the screen to verify if the upgrade is successful.

  10. Log in to Sentinel and verify if you are able to see the migrated data such as alerts, Security Intelligence dashboards, and so on.

  11. The data in MongoDB is now redundant because Sentinel 8.3 and later will store data only in PostgreSQL. To clear up the disk space, delete this data. For more information, see Removing Data from MongoDB.