31.2 Upgrading the Appliance

You can upgrade both Sentinel and the SLES operating system through the Appliance Update Channel or Subscription Management Tool (SMT). You must first complete the prerequisites listed in Prerequisites for Upgrading the Appliance and then upgrade the appliance.

31.2.1 Upgrading through the Appliance Update Channel

You can upgrade Sentinel by using Zypper. Zypper is a command line package manager that allows you to perform an interactive upgrade of appliance. In instances where user interaction is required to complete the upgrade, such as an end user license agreement update, you must upgrade the Sentinel appliance using Zypper.

To upgrade the appliance from the command prompt:

  1. Back up your configuration, then create an ESM export.

    For more information, see Backing Up and Restoring Data in the Sentinel Administration Guide.

  2. (Conditional) If you have customized the configuration settings in the server.xml, collector_mgr.xml, or correlation_engine.xml files, ensure that you have created appropriate properties files named with the obj-component id to ensure that the customizations are retained after the upgrade. For more information, see Maintaining Custom Settings in XML Files in the Sentinel Administration Guide.

  3. Log in to the appliance machine and open a command prompt as the root user.

  4. Run the following commands from the command prompt:

    IMPORTANT:Ignore the reboot message/prompt until Step 6. It is important to start Sentinel (Step 4c) before rebooting the machine.

    1. zypper -v patch

    2. zypper up

      1. Enter Y to proceed.

    3. (Conditional) Before the upgrade, if event visualization is enabled, after upgrading to Sentinel 8.4.0.0, Elasticsearch stops as it is enabled with X-Pack security plug-in, to start Elasticsearch follow the procedure in Settings in Elasticsearch for Secure Cluster Communication.

    4. rcsentinel start

  5. Open the/etc/sysctl.conf file and search for # Added by sentinel vm.max_map_count. Move this setting to the next line as follows:

    Change

    net.core.wmem_max = 67108864# Added by sentinel vm.max_map_count : 65530
    vm.max_map_count = 262144 

    to

    net.core.wmem_max = 67108864
    # Added by sentinel vm.max_map_count : 65530
    vm.max_map_count = 262144 
  6. Reboot the appliance.

  7. (Conditional) If Sentinel is installed on a custom port or if the Collector Manager or the Correlation Engine is in FIPS mode, run the following command:

    /opt/novell/sentinel/setup/configure.sh
  8. Clear your web browser cache to view the latest Sentinel version.

  9. (Conditional) If the PostgreSQL database has been upgraded to a major version (for example, 8.0 to 9.0 or 9.0 to 9.1), clear the old PostgreSQL files from the PostgreSQL database. For information about whether the PostgreSQL database was upgraded, see the Sentinel Release Notes.

    1. Switch to novell user.

      su novell
    2. Browse to the bin folder:

      cd /opt/novell/sentinel/3rdparty/postgresql/bin
    3. Delete all the old postgreSQL files by using the following command:

      ./delete_old_cluster.sh
  10. (Conditional) To upgrade the Collector Manager or the Correlation Engine, follow Step 3 through Step 7.

  11. (Conditional) If you are running Sentinel in an HA environment, repeat these steps on all nodes in the cluster.

  12. Restart Sentinel.

  13. Log in to Sentinel and verify if you are able to see the migrated data such as alerts, Security Intelligence data, and so on.

  14. The data in MongoDB is now redundant because Sentinel 8.3 and later will store data only in PostgreSQL. To clear up the disk space, delete this data. For more information, see Removing Data from MongoDB.

To upgrade the appliance through Sentinel Appliance Manager:

  1. Launch the Sentinel appliance by doing either of the following:

    • Log in to Sentinel. Click Sentinel Main > Appliance.

    • Specify the following URL in your web browser: https://<IP_address>:9443.

  2. Log in either as a vaadmin or a root user.

  3. (Conditional) Register for updates if you have not done it earlier. For more information, see Registering for Updates.

    NOTE:For the Sentinel 8.3.1, apart from Step 4 and Step 5 an additional Step 6 is required.

  4. Click Online Update.

    NOTE:Do not reboot the system, until all the below steps are completed.

  5. To install the displayed updates, click Update Now > OK.

  6. Run the following command from the command prompt:

    IMPORTANT:Ignore the reboot message/prompt until Step 7. It is important to start Sentinel before rebooting the machine.

    • zypper up

    • (Conditional) Before the upgrade, if event visualization is enabled, after upgrading to Sentinel 8.4.0.0, Elasticsearch stops as it is enabled with X-Pack security plug-in, to start Elasticsearch follow the procedure in Settings in Elasticsearch for Secure Cluster Communication.

    • rcsentinel start

  7. To apply the installed updates, click Reboot.

  8. Log in to Sentinel and verify if you are able to see the migrated data such as alerts, Security Intelligence data, and so on.

  9. The data in MongoDB is now redundant because Sentinel 8.3 and later will store data only in PostgreSQL. To clear up the disk space, you can delete this data. For more information, see Removing Data from MongoDB.

31.2.2 Upgrading through SMT

In secured environments where the appliance must run without direct internet access, you can configure the appliance with Subscription Management Tool (SMT) that allows you upgrade the appliance to the latest available versions.

To upgrade the appliance through SMT:

  1. Ensure that the appliance is configured with SMT.

    For more information, see Configuring the Appliance with SMT.

  2. Back up your configuration, then create an ESM export.

    For more information, see Backing Up and Restoring Data in the Sentinel Administration Guide.

  3. (Conditional) If you have customized the configuration settings in the server.xml, collector_mgr.xml, or correlation_engine.xml files, ensure that you have created appropriate properties files named with the obj-component id to ensure that the customizations are retained after the upgrade. For more information, see Maintaining Custom Settings in XML Files in the Sentinel Administration Guide.

  4. Log in to the appliance console as the root user.

  5. Refresh the repository for upgrade:

    zypper ref -s
  6. Check whether the appliance is enabled for upgrade:

    zypper lr
  7. (Optional) Check the available updates for the appliance:

    zypper lu
  8. (Optional) Check the packages that include the available updates for the appliance:

    zypper lp -r SMT-http_<smt_server_fqdn>:<package_name>
  9. Update the appliance:

    zypper up -t patch -r SMT-http_<smt_server_fqdn>:<package_name>
  10. (Conditional) Before the upgrade, if event visualization is enabled, after upgrading to Sentinel 8.4.0.0, Elasticsearch stops as it is enabled with X-Pack security plug-in, to start Elasticsearch follow the procedure in Settings in Elasticsearch for Secure Cluster Communication.

  11. Open the/etc/sysctl.conf file and search for # Added by sentinel vm.max_map_count. Move this setting to the next line as follows:

    Change

    net.core.wmem_max = 67108864# Added by sentinel vm.max_map_count : 65530
    vm.max_map_count = 262144 

    to

    net.core.wmem_max = 67108864
    # Added by sentinel vm.max_map_count : 65530
    vm.max_map_count = 262144 
  12. Restart the appliance.

    rcsentinel restart
  13. (Conditional) If Sentinel is installed on a custom port or if the Collector Manager or the Correlation Engine is in FIPS mode, run the following command:

    /opt/novell/sentinel/setup/configure.sh
  14. (Conditional) To upgrade the Collector Manager or the Correlation Engine, follow Step 4 through Step 13.

  15. (Conditional) If you are running Sentinel in an HA environment, repeat these steps on all nodes in the cluster.

  16. Restart Sentinel.

  17. Log in to Sentinel and verify if you are able to see the migrated data such as alerts, Security Intelligence data, and so on.

  18. The data in MongoDB is now redundant because Sentinel 8.3 and later will store data only in PostgreSQL. To clear up disk space, you can delete this data. For more information, see Removing Data from MongoDB.

31.2.3 Performing Offline Updates

You can perform an update by using an offline ISO file under the following conditions:

  • When there is no internet access or restricted network environment by which you cannot access the appliance channel.

  • To upgrade to an earlier version than the version available in the channel.

  • When the current version that you are running is incompatible with the latest version, download a version that is compatible and then upgrade it to the latest version.

Updating Appliance Offline in Secure Environment

While applying the patch if you encounter registry/repository issues, you can try clearing the registry and repository entries in your system.

To clean up the registration and repository details on the appliance, perform the following steps:

  1. Take a backup of the files before clearing the registry entries:

    1. Create a backup directory. For example:

      mkdir /etc/zypp/backup
    2. Copy the following registry files to the backup directory. For example:

      cp /etc/zypp/credentials.d /etc/zypp/backup
      cp /etc/zypp/repos.d/*     /etc/zypp/backup
      cp /etc/zypp/services.d/*  /etc/zypp/ backup
  2. Delete the following registry files:

    rm -fr /etc/zypp/credentials.d
    rm -fr /etc/zypp/repos.d/*
    rm -fr /etc/zypp/services.d/*

Applying the ISO Patch

Perform the following steps:

  1. Download the patch ISO to a directory. For example: <directoryname>/PatchCD-Sentinel-Server-<version-build number>-SLES12-SP5-<datetime>.iso

  2. Create a directory for mounting the patch ISO using the following command. For example:

    mkdir -p /opt/trial
  3. Mount the patch ISO locally using the following command. For example:

    mount -o loop <directoryname>/PatchCD-Sentinel-Server-<version-build number>-SLES12-SP5-<datetime>.iso /opt/trial
  4. Add the product and operating system repositories. For example:

    zypper ar -c -t plaindir "/opt/trial/product-repo" "<product repository>"
    zypper ar -c -t plaindir "/opt/trial/osupdate-repo" "<operating system repository>"
  5. (Optional) Confirm if the repos are added successfully using the following command:

    zypper repos
  6. Check if the patches are bundled in the patch ISO using the following command:

    zypper lp
  7. Apply all the updates using the following commands:

    zypper -v patch
    zypper -v update
  8. Clean up the repositories list using the following commands:

    zypper rr "<product repository>"
    zypper rr "<operating system repository>"
  9. After the update is complete, reboot the machine using the following command:

    reboot