32.1 Prerequisites for Upgrading the Appliance

Before you upgrade, complete the following prerequisites:

  1. You must have Sentinel 8.2 or later installed.

  2. You must have SLES 12 SP3 or SLES 12 SP4 installed.

    1. (Conditional) If you have SLES 11 SP4, you must upgrade to SLES 12 SP3. For more information about upgrading the SLES operating system, see Upgrading the Operating System to SLES 12 SP3.

    2. (Conditional) If you have upgraded to SLES 12 SP3 earlier, you must download the latest version of the post upgrade utility and run it. This is important to ensure that the upgrade works fine.

      Download and run the latest utility from Sentinel Appliance 8.2 SLES11SP4 to SLES12SP3 Migration Tools B in the Micro Focus Patch Finder website.

  3. Migrate Security Intelligence data, alerts data, and so on from MongoDB to PostgreSQL. You can perform this only after completing the previous prerequisites. For more information about migrating data, Migrating Data from MongoDB to PostgreSQL.

    You must run the migration script even when you do not have data to migrate because the migration script generates a cleanup script. You can use the cleanup script to remove MongoDB data, which will be redundant after you upgrade Sentinel.

32.1.1 Upgrading the Operating System to SLES 12 SP3

You must upgrade the operating system because:

  • Sentinel is now available only on the SLES 12 channel. Therefore, to continue receiving Sentinel and operating system updates, you must first upgrade the operating system to SLES 12 SP3 before you upgrade Sentinel.

  • You can leverage Sentinel Appliance Manager capabilities. Sentinel Appliance Manager provides a simple Web-based user interface that helps you to configure and manage the appliance.

To upgrade the operating system and configure the appliance:

  1. Stop the Sentinel services:

    rcsentinel stop

  2. (Conditional) If Sentinel was in FIPS mode before the operating system upgrade, NSS database files must be manually upgraded by running the following command:

    certutil -K -d sql:/etc/opt/novell/sentinel/3rdparty/nss -X

    Follow the on-screen instructions to upgrade the NSS database.

    Give full permissions to novell user for the following files:

    cert9.db
key4.db 
pkcs11.txt

  3. (Conditional) If you are using Mozilla Network Security Services (NSS) 3.29, two dependent RPM files libfreebl3-hmac and libsoftokn3-hmac are not installed. Manually install the following RPM files: libfreebl3-hmac and libsoftokn3-hmac.

  4. Download the SLES 12 SP3 installer and the post-upgrade utility from the Micro Focus Patch Finder website. For Sentinel HA, download the SLES 12 SP3 HA file as well.

  5. Follow the installation prompts to upgrade the operating system. For Sentinel HA, when prompted to install additional add-on products, select the location where you have downloaded the SLES 12 SP3 HA file and proceed with the upgrade.

    For more information about upgrading to SLES 12 SP3, see the SLES documentation.

    IMPORTANT:You will be prompted to register for SLES 12 SP3 during the upgrade. However, skip the registration. Registering for updates in this screen will only register for SLES 12 SP3 updates from the SUSE Customer Channel, which is not supported. Also, you will not receive Sentinel updates. Therefore, register for updates only after completing Step 9 to receive both Sentinel and SLES 12 SP3 updates from the Sentinel appliance update channel.

  6. During the upgrade process, SLES renames the /etc/sysctl.conf file to /etc/sysctl.conf.rpmsave as a back up and creates a new /etc/sysctl.conf file. After you upgrade, copy the contents of the /etc/sysctl.conf.rpmsave file to the /etc/sysctl.conf file. Open the sysctl.conf file and search for # Added by sentinel vm.max_map_count. Move this setting to the next line as follows:

    Change

    net.core.wmem_max = 67108864# Added by sentinel vm.max_map_count : 65530
vm.max_map_count = 262144

    to

    net.core.wmem_max = 67108864
# Added by sentinel vm.max_map_count : 65530
vm.max_map_count = 262144

  7. (Conditional) For Sentinel HA, complete the steps mentioned in the following sections:

  8. To configure the appliance, run the post-upgrade utility from the command prompt:

    1. Untar the file:

      tar -xvf <post upgrade utility installer filename>.tar.gz

    2. Change to the directory where you extracted the utility:

      cd <post upgrade utility installer filename>

    3. To configure the appliance, run the following script:

      ./appliance_SLESISO_post_upgrade.sh

      NOTE:Do not run this script remotely since this script involves network reconfiguration.

    4. Follow the on-screen instructions to complete the configuration.

      This script reconfigures the installed packages and configures packages for managing appliance.

  9. Using your existing registration code, register for updates again to receive Sentinel and latest operating system updates. For more information, see Registering for Updates.

32.1.2 Migrating Data from MongoDB to PostgreSQL

You must migrate Security Intelligence data, alerts data, and so on from MongoDB to PostgreSQL by running the migration script.

The migration script does the following:

  • Migrates Security Intelligence data and alerts data to PostgreSQL.

  • Generates a cleanup script that you can use to remove data and MongoDB related RPMs from MongoDB.

WARNING:After you migrate data, you must upgrade Sentinel before you start or restart Sentinel. This is to ensure that there is no loss of data coming to Sentinel.

To migrate data:

  1. Download Mongo_To_PostgreSQL_Migration_Utility_8.3.0.0-5575.tar.gz from the Download Website website.

  2. Untar the files.

  3. Log in to the appliance console as a novell user.

    IMPORTANT:Run the migration script from terminal of the machine. Do not use an emulation terminal software like PuTty or MobaXterm.

  4. Run the following script: mongo_to_pgsql_migration.sh.

  5. Select the migration option as per your requirements.

    WARNING:Ensure that you select the appropriate option because you cannot repeat this procedure after the migration is successful.

    If your data is migrated successfully, a confirmation message will be displayed on the screen. You can now upgrade the appliance.

  6. (Conditional) If the data migration is not successful:

    1. Clean up the migrated data. For more information, see Cleaning Up Data From PostgreSQL When Migration Fails.

    2. Repeat this procedure to migrate data.

  7. (Conditional) If you see the following error when running the migration script, complete the tasks mentioned in Unable to Run the Migration Script:

     
 8101server:/opt # su novell
novell@8101server:/opt>
novell@8101server:/opt> ./mongo_to_pgsql_migration.sh
./mongo_to_pgsql_migration.sh: line 25: /bin/setenv.sh: No such file or directory
Cannot execute ./mongo_to_pgsql_migration.sh as novell
novell@8101server:/opt>
novell@8101server:/opt> exit
exit
8101server:/opt #
8101server:/opt # ./mongo_to_pgsql_migration.sh
./mongo_to_pgsql_migration.sh: line 25: /bin/setenv.sh: No such file or directory
Cannot execute ./mongo_to_pgsql_migration.sh as root