You can upgrade both Sentinel and the SLES operating system through the Appliance Update Channel or Subscription Management Tool (SMT). You must first complete the prerequisites listed in Prerequisites for Upgrading the Appliance and then upgrade the appliance.
You can upgrade Sentinel by using Zypper. Zypper is a command line package manager that allows you to perform an interactive upgrade of appliance. In instances where user interaction is required to complete the upgrade, such as an end user license agreement update, you must upgrade the Sentinel appliance using Zypper.
To upgrade the appliance from the command prompt:
Back up your configuration, then create an ESM export.
For more information, see Backing Up and Restoring Data
in the Sentinel Administration Guide.
(Conditional) If you have customized the configuration settings in the server.xml, collector_mgr.xml, or correlation_engine.xml files, ensure that you have created appropriate properties files named with the obj-component id to ensure that the customizations are retained after the upgrade. For more information, see Maintaining Custom Settings in XML Files
in the Sentinel Administration Guide.
Log in to the appliance machine and open a command prompt as the root user.
Run the following commands from the command prompt:
IMPORTANT:Ignore the reboot message/prompt until Step 6. It is important to start Sentinel (Step 4c) before rebooting the machine.
zypper -v patch
zypper up
Enter Y to proceed.
(Conditional) Before the upgrade, if event visualization is enabled, after upgrading to Sentinel 8.4.0.0, Elasticsearch stops as it is enabled with X-Pack security plug-in, to start Elasticsearch follow the procedure in Settings in Elasticsearch for Secure Cluster Communication.
rcsentinel start
Open the/etc/sysctl.conf file and search for # Added by sentinel vm.max_map_count. Move this setting to the next line as follows:
Change
net.core.wmem_max = 67108864# Added by sentinel vm.max_map_count : 65530 vm.max_map_count = 262144
to
net.core.wmem_max = 67108864 # Added by sentinel vm.max_map_count : 65530 vm.max_map_count = 262144
Reboot the appliance.
(Conditional) If Sentinel is installed on a custom port or if the Collector Manager or the Correlation Engine is in FIPS mode, run the following command:
/opt/novell/sentinel/setup/configure.sh
Clear your web browser cache to view the latest Sentinel version.
(Conditional) If the PostgreSQL database has been upgraded to a major version (for example, 8.0 to 9.0 or 9.0 to 9.1), clear the old PostgreSQL files from the PostgreSQL database. For information about whether the PostgreSQL database was upgraded, see the Sentinel Release Notes.
Switch to novell user.
su novell
Browse to the bin folder:
cd /opt/novell/sentinel/3rdparty/postgresql/bin
Delete all the old postgreSQL files by using the following command:
./delete_old_cluster.sh
(Conditional) To upgrade the Collector Manager or the Correlation Engine, follow Step 3 through Step 7.
(Conditional) If you are running Sentinel in an HA environment, repeat these steps on all nodes in the cluster.
Restart Sentinel.
Log in to Sentinel and verify if you are able to see the migrated data such as alerts, Security Intelligence data, and so on.
The data in MongoDB is now redundant because Sentinel 8.3 and later will store data only in PostgreSQL. To clear up the disk space, delete this data. For more information, see Removing Data from MongoDB.
To upgrade the appliance through Sentinel Appliance Manager:
Launch the Sentinel appliance by doing either of the following:
Log in to Sentinel. Click Sentinel Main > Appliance.
Specify the following URL in your web browser: https://<IP_address>:9443.
Log in either as a vaadmin or a root user.
(Conditional) Register for updates if you have not done it earlier. For more information, see Registering for Updates.
NOTE:For the Sentinel 8.3.1, apart from Step 4 and Step 5 an additional Step 6 is required.
Click Online Update.
NOTE:Do not reboot the system, until all the below steps are completed.
To install the displayed updates, click Update Now > OK.
Run the following command from the command prompt:
IMPORTANT:Ignore the reboot message/prompt until Step 7. It is important to start Sentinel before rebooting the machine.
zypper up
(Conditional) Before the upgrade, if event visualization is enabled, after upgrading to Sentinel 8.4.0.0, Elasticsearch stops as it is enabled with X-Pack security plug-in, to start Elasticsearch follow the procedure in Settings in Elasticsearch for Secure Cluster Communication.
rcsentinel start
To apply the installed updates, click Reboot.
Log in to Sentinel and verify if you are able to see the migrated data such as alerts, Security Intelligence data, and so on.
The data in MongoDB is now redundant because Sentinel 8.3 and later will store data only in PostgreSQL. To clear up the disk space, you can delete this data. For more information, see Removing Data from MongoDB.
In secured environments where the appliance must run without direct internet access, you can configure the appliance with Subscription Management Tool (SMT) that allows you upgrade the appliance to the latest available versions.
To upgrade the appliance through SMT:
Ensure that the appliance is configured with SMT.
For more information, see Configuring the Appliance with SMT.
Back up your configuration, then create an ESM export.
For more information, see Backing Up and Restoring Data
in the Sentinel Administration Guide.
(Conditional) If you have customized the configuration settings in the server.xml, collector_mgr.xml, or correlation_engine.xml files, ensure that you have created appropriate properties files named with the obj-component id to ensure that the customizations are retained after the upgrade. For more information, see Maintaining Custom Settings in XML Files
in the Sentinel Administration Guide.
Log in to the appliance console as the root user.
Refresh the repository for upgrade:
zypper ref -s
Check whether the appliance is enabled for upgrade:
zypper lr
(Optional) Check the available updates for the appliance:
zypper lu
(Optional) Check the packages that include the available updates for the appliance:
zypper lp -r SMT-http_<smt_server_fqdn>:<package_name>
Update the appliance:
zypper up -t patch -r SMT-http_<smt_server_fqdn>:<package_name>
(Conditional) Before the upgrade, if event visualization is enabled, after upgrading to Sentinel 8.4.0.0, Elasticsearch stops as it is enabled with X-Pack security plug-in, to start Elasticsearch follow the procedure in Settings in Elasticsearch for Secure Cluster Communication.
Open the/etc/sysctl.conf file and search for # Added by sentinel vm.max_map_count. Move this setting to the next line as follows:
Change
net.core.wmem_max = 67108864# Added by sentinel vm.max_map_count : 65530 vm.max_map_count = 262144
to
net.core.wmem_max = 67108864 # Added by sentinel vm.max_map_count : 65530 vm.max_map_count = 262144
Restart the appliance.
rcsentinel restart
(Conditional) If Sentinel is installed on a custom port or if the Collector Manager or the Correlation Engine is in FIPS mode, run the following command:
/opt/novell/sentinel/setup/configure.sh
(Conditional) To upgrade the Collector Manager or the Correlation Engine, follow Step 4 through Step 13.
(Conditional) If you are running Sentinel in an HA environment, repeat these steps on all nodes in the cluster.
Restart Sentinel.
Log in to Sentinel and verify if you are able to see the migrated data such as alerts, Security Intelligence data, and so on.
The data in MongoDB is now redundant because Sentinel 8.3 and later will store data only in PostgreSQL. To clear up disk space, you can delete this data. For more information, see Removing Data from MongoDB.
You can perform an update by using an offline ISO file under the following conditions:
When there is no internet access or restricted network environment by which you cannot access the appliance channel.
To upgrade to an earlier version than the version available in the channel.
When the current version that you are running is incompatible with the latest version, download a version that is compatible and then upgrade it to the latest version.
While applying the patch if you encounter registry/repository issues, you can try clearing the registry and repository entries in your system.
To clean up the registration and repository details on the appliance, perform the following steps:
Take a backup of the files before clearing the registry entries:
Create a backup directory. For example:
mkdir /etc/zypp/backup
Copy the following registry files to the backup directory. For example:
cp /etc/zypp/credentials.d /etc/zypp/backup
cp /etc/zypp/repos.d/* /etc/zypp/backup
cp /etc/zypp/services.d/* /etc/zypp/ backup
Delete the following registry files:
rm -fr /etc/zypp/credentials.d
rm -fr /etc/zypp/repos.d/*
rm -fr /etc/zypp/services.d/*
Perform the following steps:
Download the patch ISO to a directory. For example: <directoryname>/PatchCD-Sentinel-Server-<version-build number>-SLES12-SP5-<datetime>.iso
Create a directory for mounting the patch ISO using the following command. For example:
mkdir -p /opt/trial
Mount the patch ISO locally using the following command. For example:
mount -o loop <directoryname>/PatchCD-Sentinel-Server-<version-build number>-SLES12-SP5-<datetime>.iso /opt/trial
Add the product and operating system repositories. For example:
zypper ar -c -t plaindir "/opt/trial/product-repo" "<product repository>"
zypper ar -c -t plaindir "/opt/trial/osupdate-repo" "<operating system repository>"
(Optional) Confirm if the repos are added successfully using the following command:
zypper repos
Check if the patches are bundled in the patch ISO using the following command:
zypper lp
Apply all the updates using the following commands:
zypper -v patch
zypper -v update
Clean up the repositories list using the following commands:
zypper rr "<product repository>"
zypper rr "<operating system repository>"
After the update is complete, reboot the machine using the following command:
reboot