|
|
@@ -1,6 +1,6 @@
|
|
|
# Phantom Upgrade Notes
|
|
|
|
|
|
-IMPORTANT NOTE: During the mgiration to GovCloud, we had to use the limited offline rpms. This changes the upgrade process. The notes below may be outdated. Reference https://docs.splunk.com/Documentation/Phantom/4.9/Install/UpgradeOffline
|
|
|
+IMPORTANT NOTE: During the migiration to GovCloud, we had to use the limited offline rpms. This changes the upgrade process. The notes below may be outdated. Reference https://docs.splunk.com/Documentation/Phantom/4.9/Install/UpgradeOffline
|
|
|
|
|
|
Recommend you see the installation notes in `Phantom Notes.md`
|
|
|
|
|
|
@@ -13,6 +13,15 @@ BE SURE TO HAVE AT MOST 55% FREE space ( 45% used space)
|
|
|
backup docs
|
|
|
https://docs.splunk.com/Documentation/Phantom/4.10.2/Admin/Restorefromabackup
|
|
|
|
|
|
+# 4.10
|
|
|
+05/2021
|
|
|
+
|
|
|
+Follow Splunk Docs!
|
|
|
+Switched XDR from offline RPM install to Phantom repo install
|
|
|
+I had to upgrade to latest version in 4.9 before upgrading to 4.10
|
|
|
+Use tmux to avoid SSH timeout during upgrade
|
|
|
+
|
|
|
+
|
|
|
# 4.9
|
|
|
08/2020
|
|
|
|
|
|
@@ -27,9 +36,12 @@ Stop Phantom
|
|
|
Clean yum
|
|
|
`yum clean all`
|
|
|
|
|
|
-Take an AWS snapshot in addition to the automatic snapshots!
|
|
|
+Take an AWS snapshot in addition to the automatic snapshots! should be for a 60 GB volume
|
|
|
Naming Scheme: phantom-pre-upgrade-backup-<current-version>
|
|
|
|
|
|
+Run a backup!
|
|
|
+`sudo phenv python ibackup.pyc --backup`
|
|
|
+
|
|
|
Update OS & reboot (only if kernel updated)
|
|
|
`yum update --exclude=nginx`
|
|
|
|
|
|
@@ -42,13 +54,22 @@ Disable WAL
|
|
|
restart postgres
|
|
|
```
|
|
|
# 2021-04-12: While troubleshooting a problem, noticed we're on postgres11 now.
|
|
|
-#/opt/phantom/bin/phsvc restart postgresql-9.4
|
|
|
/opt/phantom/bin/phsvc restart postgresql-11
|
|
|
```
|
|
|
|
|
|
Install new repo and keys
|
|
|
`rpm -Uvh https://repo.phantom.us/phantom/4.9/base/7Server/x86_64/phantom_repo-4.9.35731-1.x86_64.rpm`
|
|
|
|
|
|
+Centos7 (Caasp)
|
|
|
+`rpm -Uvh https://repo.phantom.us/phantom/4.10/base/7/x86_64/phantom_repo-4.10.3.51237-1.x86_64.rpm`
|
|
|
+
|
|
|
+Troubleshooting
|
|
|
+Error: Error - Phantom requires that the user 'phantom' has access to cron.
|
|
|
+Solution: `vim /etc/cron.allow` and add phantom
|
|
|
+
|
|
|
+Error! It looks like you don't have enough space in your /tmp directory
|
|
|
+Your /tmp directory must have a capacity of at least 5GB
|
|
|
+If you would like to ignore this check, please re-run with the option --no-space-check
|
|
|
## Upgrade
|
|
|
|
|
|
Upgrade script
|
|
|
@@ -57,6 +78,7 @@ Upgrade script
|
|
|
Post Upgrade (Run IF the upgrade script produces the message!)
|
|
|
`su - postgres -c '/usr/pgsql-11/bin/vacuumdb -h /tmp --all --analyze-in-stages'`
|
|
|
|
|
|
+Run this to re-setup or backups
|
|
|
`phenv python3 /opt/phantom/bin/ibackup.pyc --setup`
|
|
|
|
|
|
Verify postgres version
|
|
|
@@ -64,7 +86,8 @@ Verify postgres version
|
|
|
|
|
|
Login into web to accept EULA
|
|
|
|
|
|
-After the upgrade is complete, from Main Menu > Administration > Administration Settings > Search Settings, select Playbooks from the drop-down menu, then click the Reindex Search Data button.
|
|
|
+Administration > Product Settings > Telemetry > OFF
|
|
|
+
|
|
|
|
|
|
Post Upgrade Steps
|
|
|
1. Review System Health
|
Brad Poulton