You can upgrade to Sentinel from Sentinel 8.2 or later. You can upgrade both Sentinel and the SLES Operating System through the Sentinel Appliance Manager or Zypper (Appliance Update Channel).
Sentinel now uses PostgreSQL instead of MongoDB to store Security Intelligence data and alerts data. Before you upgrade the appliance on the active node, you must first migrate your data from MongoDB to PostgreSQL. You will be able to upgrade the appliance only if you have successfully migrated your data to PostgreSQL.
You must register all the appliance nodes through Sentinel Appliance Manager before the upgrade. For more information, see Registering for Updates. If you do not register the appliance, Sentinel displays a yellow warning.
Enable the maintenance mode on the cluster.
crm configure property maintenance-mode=true
Maintenance mode helps you to avoid any disturbance to the running cluster resources while you update the Sentinel software. You can run this command from any cluster node.
Verify whether the maintenance mode is active.
crm status
The cluster resources should appear in the unmanaged state.
Upgrade the passive cluster node:
Stop the cluster stack.
rcpacemaker stop
Stopping the cluster stack ensures that the cluster resources remain inaccessible and avoids fencing of nodes.
Complete prerequisites 1 and 2 listed in Prerequisites for Upgrading the Appliance
Download the updates for Sentinel.
zypper -v patch
(Conditional) If the installer displays a message that you must resolve dependency for the OpenSSH package, enter the appropriate option to downgrade the OpenSSH package.
(Conditional) If the installer displays a message that indicates change in the ncgOverlay architecture, enter the appropriate option to accept the architecture change.
(Conditional) If the installer displays a message that you must resolve dependency for some appliance packages, enter the appropriate option to uninstall the dependent packages.
After the upgrade is complete, start the cluster stack.
rcpacemaker start
Repeat Step 3 for all the passive cluster nodes.
Upgrade the active cluster node:
Back up your configuration, then create an ESM export.
For more information on backing up data, see Backing Up and Restoring Data
in the Sentinel Administration Guide.
Stop the cluster stack.
rcpacemaker stop
Stopping the cluster stack ensures that the cluster resources remain inaccessible and avoids fencing of nodes.
Complete the prerequisites listed in Prerequisites for Upgrading the Appliance.
Download the updates for Sentinel.
To upgrade Sentinel:
zypper -v patch
(Conditional) If the installer displays a message that you must resolve dependency for the OpenSSH package, enter the appropriate option to downgrade the OpenSSH package.
(Conditional) If the installer displays a message that indicates change in the ncgOverlay architecture, enter the appropriate option to accept the architecture change.
(Conditional) If the installer displays a message that you must resolve dependency for some appliance packages, enter the appropriate option to uninstall the dependent packages.
After the upgrade is complete, start the cluster stack.
rcpacemaker start
Run the following command to synchronize any changes in the configuration files:
csync2 -x -v
Disable the maintenance mode on the cluster.
crm configure property maintenance-mode=false
You can run this command from any cluster node.
Verify whether the maintenance mode is inactive.
crm status
The cluster resources should appear in the Started state.
(Optional) Verify whether the upgrade is successful:
rcsentinel version
Log in to Sentinel and verify if you are able to see the migrated data such as alerts, Security Intelligence dashboards, and so on.
The data in MongoDB is now redundant because Sentinel 8.3 and later will store data only in PostgreSQL. To clear up the disk space, delete this data. For more information, see Removing Data from MongoDB.
To upgrade through the Sentinel Appliance Management Console:
(Conditional) If you have already installed Sentinel 8.2 and sentinel_sles_iso_os_post_upgrade-release-73.tar.gz, you will need to reinstall a few RPMs that were uninstalled by the sentinel_sles_iso_os_post_upgrade-release-73.tar.gz installer. For more information about installing these RPMs, see Knowledge Base Article 7023543.
Run the following command on the active node or a passive node in the cluster, to enable maintenance mode:
crm configure property maintenance-mode=true
Maintenance mode helps you to avoid any disturbance to the running cluster resources while you update Sentinel.
Run the following command to verify whether the maintenance mode is active:
crm status
The cluster resources should be displayed in the unmanaged state.
Upgrade all the passive cluster nodes first:
Run the following command to stop the cluster stack:
rcpacemaker stop
Stopping the cluster stack ensures that the cluster resources remain inaccessible and avoids fencing of nodes.
Run the following command to verify whether the 9443 port is listening on the active node to access appliance:
netstat –na | grep 9443
(Conditional) Run the following command if the 9443 port is not listening:
systemctl restart vabase vabase-jetty vabase-datamodel
Complete prerequisites 1 and 2 listed in Prerequisites for Upgrading the Appliance
Launch the appliance by doing either of the following:
Log in to Sentinel. Click Sentinel Main > Appliance.
Specify the following URL in your web browser: https://<IP_address>:9443.
(Conditional) If you are unable to launch Sentinel Appliance Management Console:
Go to /var/opt/novell in the active node and copy the following files to /var/opt/novell/ in each passive node:
datamodel-service
ganglia
jetty
python
va
In each passive node, set the file permission as vabase-jetty for the files in the jetty folder:
Go to /var/opt/novell/jetty.
Run the following command:
chown -R vabase-jetty:vabase-jetty *
Run the following command to restart the vabase services:
systemctl start vabase-jetty vabase-datamodel vabase
Run the following command to verify that port 9443 is listening in all the available nodes:
netstat -na | grep 9443
Log in as vaadmin.
Click Online Update.
(Conditional) Register for updates if you have not done it earlier. For more information, see Registering for Updates.
To install the displayed updates for Sentinel and the operating system, click Update Now > OK.
To apply the installed updates, click Reboot.
After reboot, check the version on the top right corner of the screen to verify if the upgrade is successful.
After the upgrade is complete, restart the cluster stack.
rcpacemaker start
Upgrade the active cluster node.
Complete the prerequisites listed in Prerequisites for Upgrading the Appliance.
Repeat Step 3 for the active cluster node.
Run the following command on the active node or a passive node in the cluster to disable maintenance mode:
crm configure property maintenance-mode=false
Run the following command on the active node or a passive node in the cluster to verify if maintenance mode is not active:
crm status
Log in to Sentinel and verify if you are able to see the migrated data such as alerts, Security Intelligence dashboards, and so on.
The data in MongoDB is now redundant because Sentinel 8.3 and later will store data only in PostgreSQL. To clear up the disk space, delete this data. For more information, see Removing Data from MongoDB.