Upgrading Deployed Capabilities on AWS

Follow the Checklist: Upgrading Your AWS Environment to ensure a successful upgrade.

As part of the upgrade process, you must upgrade your deployed capabilities using the CDF Management Portal.

1. Understanding the Upgrade Prerequisites
2. Accepting the Certificate
3. Upload the Upgrade Bits
4. Upgrading Deployed Capabilities

Understanding the Upgrade Prerequisites

Before upgrading, ensure these requirements are met.

• If you are using custom data identifiers for Intelligence, ensure that you back up the logstash-config-pipeline config map that is accessible through the Kubernetes dashboard.

• Ability to access the management portal on port 5443.

• The AWS client is configured.

• The Kubernetes command line tool (kubectl) is installed on the bastion and connected to your cluster.

• Run kubectl get pods -A to ensure all pods are running.

• Download the installation packages.

• Before performing a suite upgrade, ensure any existing suite-upgrade-pod-arcsight-installer deployment has been deleted using the following command:
  kubectl delete deployment suite-upgrade-pod-arcsight-installer -n $(kubectl get namespaces | grep arcsight-installer | awk ' {print $1} ')

Accepting the Certificate

1. Browse to the management portal at https://<virtual_FQDN>:5443.
2. Click DEPLOYMENT, and select Deployments.
3. Click the Three Dots  (Browse) on the far right and choose Reconfigure.
4. Accept the certificate.

Upload the Upgrade Bits

1. Upload the metadata for the upgrade version to your bastion host.

   arcsight-installer-metadata-uv.x.tar.gz

   For example: arcsight-installer-metadata-22.1.0.37.tar

2. Upload offline images of the upgrade version to your bastion host.

   {product}-uv.x.tgz

   For example: transformationhub-3.6.0.37.tar

3. Unpack the Arcsight Platform Cloud Installer. For example, this unpacks the installer in the /tmp folder.

cd /tmp

unzip arcsight-platform-cloud-installer-<VERSION>.zip

4. Unpack aws-scripts.zip from Arcsight Platform Cloud Installer using these commands:

cd arcsight-platform-cloud-installer-<VERSION>

unzip aws-scripts.zip

Upgrading Deployed Capabilities

1. Log in to the bastion where you downloaded the upgrade files.
2. Change to the following directory.

cd arcsight-platform-cloud-installer-<VERSION>/aws-scripts/scripts

3. Run the following commands to upload the images to the local Docker Registry. Use the -F <image file> option on the command line multiple times for each image to upload. Adjust the -c 2 option up to half of your CPU cores in order to increase the speed of the upload.

   ./upload_images_to_ECR  -o {organization} -c 2 -F {unzipped-installer-dir}/images/fusion-x.x.x.x.tar -F {unzipped-installer-dir}/images/recon-x.x.x.x.tar

4. Add new metadata.
   Make sure to copy the arcsight-installer-metadata-x.x.x.x.tar to the system where your web browser is running before performing the process below.
5. Browse to the management portal at https://<virtual_FQDN>:5443.
   1. Click DEPLOYMENT>Metadata and click + Add.
   2. Select arcsight-installer-metadata-x.x.x.x.tar from your system. The new metadata is added to the system.
6. If Intelligence is deployed, you must label the worker nodes again. The interset label is now intelligence, the interset-datanode label is now intelligence-datanode, the interset-namenode label is now intelligence-namenode, and the interset-spark label is now intelligence-spark.
7. Start the upgrade process.
   1. Go to DEPLOYMENT > Deployments. Notice the number 1 in the red circle in the Update column.
   Minor version changes do not display like regular updates. (For example: 22.1.0.15 -> 22.1.0.16.)
   2. Click the red circle and select your recently added metadata to initiate the upgrade.
8. From the Update to page, click NEXT until you reach the Import suite images page.
   When prompted to download or transfer images, you can simply click Next to skip the steps. You performed these steps earlier.
9. Ensure that the validation results of container images show a complete number of files.
   When you arrive at the Import suite images page, the images should already be imported, as you performed these steps earlier.
   

10. (Conditional) If you’ve deployed Transformation Hub, perform the following action:

    On the Transformation Hub tab, select whether you want to enable the generation of verification events for parsed field integrity checks used by Recon. If enabled, set the verification event size accordingly (default value is recommended).

    For more information about how the Event Integrity feature works, see Stream Processor Groups.

    When enabling the generation of verification events for parsed field integrity checks feature, consider the guidelines in Adjusting the Partition Count for New Kafka Topics.
    
11. Optionally, execute the following command to update your RE certificates:

    ./cdf-updateRE.sh write --re-ca=/tmp/latest/ca.cert.pem --re-key=/tmp/latest/intermediate.key.pem --re-crt=/tmp/latest/intermediate.cert.pem

    For more information, see Updating RE Certificates.

12. Click NEXT until you reach the Upgrade Complete page.

    If it has been more that 12 hours since the cluster was installed, you will need to refresh the ECR credentials. See Refresh the ECR credentials in the K8s.