|
|
@@ -16,28 +16,6 @@ TODO: Switch to a non-root installation! Future Upgrade may force us to switch.
|
|
|
# Upgrade Steps
|
|
|
See Splunk docs!
|
|
|
|
|
|
-## Take a backup
|
|
|
-
|
|
|
-> :warning: Silence Phantom Sensu checks
|
|
|
-
|
|
|
-Stop Phantom
|
|
|
-`/opt/phantom/bin/stop_phantom.sh`
|
|
|
-
|
|
|
-Take an AWS snapshot OF ALL DRIVES in addition to the automatic snapshots! Phantom uses the /tmp directory in addition to the /opt directory. Be sure to include the EBS volume that is storing the /opt data. It is 500 GB volume ( prod ) or a 60 GB volume ( TEST ).
|
|
|
-```
|
|
|
-Naming Scheme: phantom-pre-upgrade-backup-<current-version>
|
|
|
-phantom-pre-upgrade-backup-4.10.6
|
|
|
-```
|
|
|
-
|
|
|
-Take a full phantom backup while phantom is running. NOTE: to restore a phantom backup you must restore it to the same version of Phantom on a different server! You CAN skip the ibackup if you have a good snapshot!
|
|
|
-`/opt/phantom/bin/start_phantom.sh`
|
|
|
-`/opt/phantom/bin/phenv ibackup --setup`
|
|
|
-`/opt/phantom/bin/phenv ibackup --backup`
|
|
|
-
|
|
|
-## Prerequisites
|
|
|
-Be sure you have enough space!
|
|
|
-`df -h | grep opt`
|
|
|
-
|
|
|
## Prep
|
|
|
|
|
|
Calendar Invite for PROD Phantom Upgrade. Coordinate with James Kerr and Greg Rivas for a time that works with the SOC.
|
|
|
@@ -69,6 +47,28 @@ Post to xdr-soc
|
|
|
Phantom is shutting down for an update in 5 minutes!
|
|
|
```
|
|
|
|
|
|
+## Take a backup
|
|
|
+
|
|
|
+> :warning: Silence Phantom Sensu checks
|
|
|
+
|
|
|
+Stop Phantom
|
|
|
+`/opt/phantom/bin/stop_phantom.sh`
|
|
|
+
|
|
|
+Take an AWS snapshot OF ALL DRIVES in addition to the automatic snapshots! Phantom uses the /tmp directory in addition to the /opt directory. Be sure to include the EBS volume that is storing the /opt data. It is 500 GB volume ( prod ) or a 60 GB volume ( TEST ).
|
|
|
+```
|
|
|
+Naming Scheme: phantom-pre-upgrade-backup-<current-version>
|
|
|
+phantom-pre-upgrade-backup-4.10.4-2
|
|
|
+```
|
|
|
+
|
|
|
+Take a full phantom backup while phantom is running. NOTE: to restore a phantom backup you must restore it to the same version of Phantom on a different server! You CAN skip the ibackup if you have a good snapshot!
|
|
|
+`/opt/phantom/bin/start_phantom.sh`
|
|
|
+`/opt/phantom/bin/phenv ibackup --setup`
|
|
|
+`/opt/phantom/bin/phenv ibackup --backup`
|
|
|
+
|
|
|
+## Prerequisites
|
|
|
+Be sure you have enough space!
|
|
|
+`df -h | grep opt`
|
|
|
+
|
|
|
|
|
|
1. Stop Phantom
|
|
|
`/opt/phantom/bin/stop_phantom.sh`
|
|
|
@@ -84,10 +84,12 @@ grep archive_mode /opt/phantom/data/db/postgresql.phantom.conf
|
|
|
|
|
|
4. install updates excluding nginx.
|
|
|
|
|
|
-> :warning: Watch out for the phantom_repo package being updated! Do not update phantom_repo, yet. If phantom is not running i don't think the package upgrade succeeds. Reboot if kernal is updated.
|
|
|
+> :warning: Watch out for the phantom_repo package being updated! Do not update phantom_repo, yet. If phantom is not running i don't think the package upgrade succeeds. Reboot if kernal is updated or just reboot for funzies.
|
|
|
`yum update --exclude=nginx --disablerepo phantom-base`
|
|
|
`shutdown -r now`
|
|
|
|
|
|
+`ping phantom-0`
|
|
|
+
|
|
|
5. Start Phantom ( should be already started due to reboot )
|
|
|
`/opt/phantom/bin/start_phantom.sh`
|
|
|
|
Brad Poulton