29.1 Upgrading to Sentinel 8.2

29.1.1 Upgrading Sentinel through the Appliance Update Channel

You can upgrade Sentinel by using Zypper. Zypper is a command line package manager that allows you to perform an interactive upgrade of appliance. In instances where user interaction is required to complete the upgrade, such as an end user license agreement update, you must upgrade the Sentinel appliance using Zypper.

To upgrade the appliance through the Appliance update channel:

  1. Back up your configuration, then create an ESM export.

    For more information, see Backing Up and Restoring Data in the Sentinel Administration Guide.

  2. (Conditional) If you have customized the configuration settings in the server.xml, collector_mgr.xml, or correlation_engine.xml files, ensure that you have created appropriate properties files named with the obj-component id to ensure that the customizations are retained after the upgrade. For more information, see Maintaining Custom Settings in XML Files in the Sentinel Administration Guide.

  3. Log in to the appliance console as the root user.

  4. Run the following command:

    /usr/bin/zypper patch

  5. (Conditional) If the installer displays a message that you must resolve dependency for the OpenSSH package, enter the appropriate option to downgrade the OpenSSH package.

  6. (Conditional) If the installer displays a message that indicates change in the ncgOverlay architecture, enter the appropriate option to accept the architecture change.

  7. (Conditional) If the installer displays a message that you must resolve dependency for some appliance packages, enter the appropriate option to deinstall the dependent packages.

  8. Enter Y to proceed.

  9. Enter yes to accept the license agreement.

  10. Open the/etc/sysctl.conf file and search for # Added by sentinel vm.max_map_count. Move this setting to the next line as follows:

    Change

    net.core.wmem_max = 67108864# Added by sentinel vm.max_map_count : 65530
vm.max_map_count = 262144

    to

    net.core.wmem_max = 67108864
# Added by sentinel vm.max_map_count : 65530
vm.max_map_count = 262144

  11. Restart the Sentinel appliance.

  12. (Conditional) If Sentinel is installed on a custom port or if the Collector Manager or the Correlation Engine is in FIPS mode, run the following command:

    /opt/novell/sentinel/setup/configure.sh

  13. Clear your web browser cache to view the latest Sentinel version.

  14. Clear the Java Web Start cache on the client computers to use the latest version of Sentinel applications.

    You can clear the Java Web Start cache by either using the javaws -clearcache command or by using Java Control Center. For more information, see http://www.java.com/en/download/help/plugin_cache.xml.

  15. (Conditional) If the PostgreSQL database has been upgraded to a major version (for example, 8.0 to 9.0 or 9.0 to 9.1), clear the old PostgreSQL files from the PostgreSQL database. For information about whether the PostgreSQL database was upgraded, see the Sentinel Release Notes.

    1. Switch to novell user.

      su novell

    2. Browse to the bin folder:

      cd /opt/novell/sentinel/3rdparty/postgresql/bin

    3. Delete all the old postgreSQL files by using the following command:

      ./delete_old_cluster.sh

  16. (Conditional) To upgrade the Collector Manager or the Correlation Engine, follow Step 3 through Step 12.

  17. (Conditional) If you are using Kerberos authentication enable AES256 in your Java Runtime Environment since the java folder is replaced with default files during upgrade. To enable AES256 in your Java Runtime Environment, complete the following steps:

    1. Download Java Cryptography Extension (JCE) 8 from the following location: http://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html

    2. Extract the two *.jar files and copy them to the /opt/novell/sentinel/jdk/jre/lib/security directory.

    3. Restart Sentinel.

  18. (Conditional) If you are running Sentinel in an HA environment, repeat these steps on all nodes in the cluster.

  19. (Conditional) To upgrade the operating system, see Upgrading the Operating System

  20. Restart Sentinel.

29.1.2 Upgrading Sentinel by Using SMT

In secured environments where the appliance must run without direct internet access, you can configure the appliance with Subscription Management Tool (SMT) that allows you upgrade the appliance to the latest available versions.

  1. Ensure that the appliance is configured with SMT.

    For more information, see Configuring the Appliance with SMT.

  2. Back up your configuration, then create an ESM export.

    For more information, see Backing Up and Restoring Data in the Sentinel Administration Guide.

  3. (Conditional) If you have customized the configuration settings in the server.xml, collector_mgr.xml, or correlation_engine.xml files, ensure that you have created appropriate properties files named with the obj-component id to ensure that the customizations are retained after the upgrade. For more information, see Maintaining Custom Settings in XML Files in the Sentinel Administration Guide.

  4. Log in to the appliance console as the root user.

  5. Refresh the repository for upgrade:

    zypper ref -s

  6. Check whether the appliance is enabled for upgrade:

    zypper lr

  7. (Optional) Check the available updates for the appliance:

    zypper lu

  8. (Optional) Check the packages that include the available updates for the appliance:

    zypper lp -r SMT-http_<smt_server_fqdn>:<package_name>

  9. Update the appliance:

    zypper up -t patch -r SMT-http_<smt_server_fqdn>:<package_name>

  10. Open the/etc/sysctl.conf file and search for # Added by sentinel vm.max_map_count. Move this setting to the next line as follows:

    Change

    net.core.wmem_max = 67108864# Added by sentinel vm.max_map_count : 65530
vm.max_map_count = 262144

    to

    net.core.wmem_max = 67108864
# Added by sentinel vm.max_map_count : 65530
vm.max_map_count = 262144

  11. Restart the appliance.

    rcsentinel restart

  12. (Conditional) If Sentinel is installed on a custom port or if the Collector Manager or the Correlation Engine is in FIPS mode, run the following command:

    /opt/novell/sentinel/setup/configure.sh

  13. (Conditional) To upgrade the Collector Manager or the Correlation Engine, follow Step 4 through Step 12.

  14. (Conditional) If you are using Kerberos authentication enable AES256 in your Java Runtime Environment since the java folder is replaced with default files during upgrade. To enable AES256 in your Java Runtime Environment, complete the following steps:

    1. Download Java Cryptography Extension (JCE) 8 from the following location: http://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html

    2. Extract the two *.jar files and copy them to the /opt/novell/sentinel/jdk/jre/lib/security directory.

    3. Restart Sentinel.

  15. (Conditional) If you are running Sentinel in an HA environment, repeat these steps on all nodes in the cluster.

  16. (Conditional) To upgrade the operating system, see Upgrading the Operating System.

  17. Restart Sentinel.