32.2 Upgrading the Appliance

You can upgrade both Sentinel and the SLES operating system through the Sentinel Appliance Manager, Appliance Update Channel, or Subscription Management Tool (SMT). You must first complete the prerequisites listed in Prerequisites for Upgrading the Appliance and then upgrade the appliance.

32.2.1 Upgrading through the Appliance Update Channel

You can upgrade Sentinel by using Zypper. Zypper is a command line package manager that allows you to perform an interactive upgrade of appliance. In instances where user interaction is required to complete the upgrade, such as an end user license agreement update, you must upgrade the Sentinel appliance using Zypper.

To upgrade the appliance through the Appliance update channel:

  1. Back up your configuration, then create an ESM export.

    For more information, see Backing Up and Restoring Data in the Sentinel Administration Guide.

  2. (Conditional) If you have customized the configuration settings in the server.xml, collector_mgr.xml, or correlation_engine.xml files, ensure that you have created appropriate properties files named with the obj-component id to ensure that the customizations are retained after the upgrade. For more information, see Maintaining Custom Settings in XML Files in the Sentinel Administration Guide.

  3. Log in to the appliance console as the root user.

  4. Run the following command:

    /usr/bin/zypper patch

  5. (Conditional) If the installer displays a message that you must resolve dependency for the OpenSSH package, enter the appropriate option to downgrade the OpenSSH package.

  6. (Conditional) If the installer displays a message that indicates change in the ncgOverlay architecture, enter the appropriate option to accept the architecture change.

  7. (Conditional) If the installer displays a message that you must resolve dependency for some appliance packages, enter the appropriate option to deinstall the dependent packages.

  8. Enter Y to proceed.

  9. Enter yes to accept the license agreement.

  10. Open the/etc/sysctl.conf file and search for # Added by sentinel vm.max_map_count. Move this setting to the next line as follows:

    Change

    net.core.wmem_max = 67108864# Added by sentinel vm.max_map_count : 65530
vm.max_map_count = 262144

    to

    net.core.wmem_max = 67108864
# Added by sentinel vm.max_map_count : 65530
vm.max_map_count = 262144

  11. Restart the Sentinel appliance.

  12. (Conditional) If Sentinel is installed on a custom port or if the Collector Manager or the Correlation Engine is in FIPS mode, run the following command:

    /opt/novell/sentinel/setup/configure.sh

  13. Clear your web browser cache to view the latest Sentinel version.

  14. (Conditional) If the PostgreSQL database has been upgraded to a major version (for example, 8.0 to 9.0 or 9.0 to 9.1), clear the old PostgreSQL files from the PostgreSQL database. For information about whether the PostgreSQL database was upgraded, see the Sentinel Release Notes.

    1. Switch to novell user.

      su novell

    2. Browse to the bin folder:

      cd /opt/novell/sentinel/3rdparty/postgresql/bin

    3. Delete all the old postgreSQL files by using the following command:

      ./delete_old_cluster.sh

  15. (Conditional) To upgrade the Collector Manager or the Correlation Engine, follow Step 3 through Step 12.

  16. (Conditional) If you are running Sentinel in an HA environment, repeat these steps on all nodes in the cluster.

  17. Restart Sentinel.

  18. Log in to Sentinel and verify if you are able to see the migrated data such as alerts, Security Intelligence data, and so on.

  19. The data in MongoDB is now redundant because Sentinel 8.3 and later will store data only in PostgreSQL. To clear up the disk space, delete this data. For more information, see Removing Data from MongoDB.

32.2.2 Upgrading through SMT

In secured environments where the appliance must run without direct internet access, you can configure the appliance with Subscription Management Tool (SMT) that allows you upgrade the appliance to the latest available versions.

To upgrade the appliance through SMT:

  1. Ensure that the appliance is configured with SMT.

    For more information, see Configuring the Appliance with SMT.

  2. Back up your configuration, then create an ESM export.

    For more information, see Backing Up and Restoring Data in the Sentinel Administration Guide.

  3. (Conditional) If you have customized the configuration settings in the server.xml, collector_mgr.xml, or correlation_engine.xml files, ensure that you have created appropriate properties files named with the obj-component id to ensure that the customizations are retained after the upgrade. For more information, see Maintaining Custom Settings in XML Files in the Sentinel Administration Guide.

  4. Log in to the appliance console as the root user.

  5. Refresh the repository for upgrade:

    zypper ref -s

  6. Check whether the appliance is enabled for upgrade:

    zypper lr

  7. (Optional) Check the available updates for the appliance:

    zypper lu

  8. (Optional) Check the packages that include the available updates for the appliance:

    zypper lp -r SMT-http_<smt_server_fqdn>:<package_name>

  9. Update the appliance:

    zypper up -t patch -r SMT-http_<smt_server_fqdn>:<package_name>

  10. Open the/etc/sysctl.conf file and search for # Added by sentinel vm.max_map_count. Move this setting to the next line as follows:

    Change

    net.core.wmem_max = 67108864# Added by sentinel vm.max_map_count : 65530
vm.max_map_count = 262144

    to

    net.core.wmem_max = 67108864
# Added by sentinel vm.max_map_count : 65530
vm.max_map_count = 262144

  11. Restart the appliance.

    rcsentinel restart

  12. (Conditional) If Sentinel is installed on a custom port or if the Collector Manager or the Correlation Engine is in FIPS mode, run the following command:

    /opt/novell/sentinel/setup/configure.sh

  13. (Conditional) To upgrade the Collector Manager or the Correlation Engine, follow Step 4 through Step 12.

  14. (Conditional) If you are running Sentinel in an HA environment, repeat these steps on all nodes in the cluster.

  15. Restart Sentinel.

  16. Log in to Sentinel and verify if you are able to see the migrated data such as alerts, Security Intelligence data, and so on.

  17. The data in MongoDB is now redundant because Sentinel 8.3 and later will store data only in PostgreSQL. To clear up disk space, you can delete this data. For more information, see Removing Data from MongoDB.

32.2.3 Upgrading through Sentinel Appliance Manager

To upgrade the appliance through Sentinel Appliance Manager:

  1. Launch the Sentinel appliance by doing either of the following:

    • Log in to Sentinel. Click Sentinel Main > Appliance.

    • Specify the following URL in your web browser: https://<IP_address>:9443.

  2. Log in either as a vaadmin or a root user.

  3. (Conditional) Register for updates if you have not done it earlier. For more information, see Registering for Updates.

  4. Click Online Update.

  5. To install the displayed updates, click Update Now > OK.

  6. To apply the installed updates, click Reboot.

  7. Log in to Sentinel and verify if you are able to see the migrated data such as alerts, Security Intelligence data, and so on.

  8. The data in MongoDB is now redundant because Sentinel 8.3 and later will store data only in PostgreSQL. To clear up the disk space, you can delete this data. For more information, see Removing Data from MongoDB.