Strona główna Odkrywaj Pomoc
Zarejestruj się Zaloguj się
AFS
/
infrastructure-notes
2
0
Forkuj 0
Pliki Problemy 0 Oczekujące zmiany 0 Wiki
Drzewo: f6f192312e
Gałęzie Tagi
infrastructure-...
/
Phantom Upgrade Notes.md

Phantom Upgrade Notes.md 2.6 KB
Historia Czysty

Phantom Upgrade Notes

General Notes

Use the Splunk Phantom repo not the msoc repo. BE SURE TO HAVE AT MOST 55% FREE space ( 45% used space)

backup docs https://docs.splunk.com/Documentation/Phantom/4.10.2/Admin/Restorefromabackup

4.9

08/2020

Prep Work

See Splunk docs!

Silence Phantom sensu checks

Stop Phantom /opt/phantom/bin/stop_phantom.sh

Clean yum yum clean all

Take an AWS snapshot in addition to the automatic snapshots! Naming Scheme: phantom-pre-upgrade-backup-

Update OS & reboot (only if kernel updated) yum update --exclude=nginx

Start Phantom /opt/phantom/bin/start_phantom.sh

Disable WAL sed -i -e 's/archive_mode = on/archive_mode = off/i' /opt/phantom/data/db/postgresql.phantom.conf

restart postgres /opt/phantom/bin/phsvc restart postgresql-9.4

Install new repo and keys rpm -Uvh https://repo.phantom.us/phantom/4.9/base/7Server/x86_64/phantom_repo-4.9.35731-1.x86_64.rpm

Upgrade

Upgrade script /opt/phantom/bin/phantom_setup.sh upgrade

Post Upgrade (Run IF the upgrade script produces the message!) su - postgres -c '/usr/pgsql-11/bin/vacuumdb -h /tmp --all --analyze-in-stages'

phenv python3 /opt/phantom/bin/ibackup.pyc --setup

Verify postgres version su - postgres -c '/usr/pgsql-11/bin/postgres --version'

Login into web to accept EULA

After the upgrade is complete, from Main Menu > Administration > Administration Settings > Search Settings, select Playbooks from the drop-down menu, then click the Reindex Search Data button.

Post Upgrade Steps

  1. Review System Health
    1. Administration -> System Health -> System Health

Have Phantom Administrator verify that email is working properly.

Clear Silence Done!

4.8

Vagrant VM Upgrade

vagrant phantom creds admin/password Password1 ssh use the brad user and ssh key

Test Upgrade

TEST

  1. Make snapshot

Prod Upgrade

PROD

stop phantom take snapshot of drive clean yum cache install RPM for repo upgrade phantom

Phantom Upgrade Steps Do not skip versions. Upgrade incrementally.

  1. Take a snapshot of the server
  2. Stop all services 2.1 /opt/phantom/bin/stop_phantom.sh
  3. Clear yum caches 3.1 yum clean all
  4. update the OS 4.1 yum update --exclude=nginx
  5. reboot if kernel was upgraded 5.1 reboot
  6. after reboot login and installed the phantom repo for the correct version of the software. 6.1 https://docs.splunk.com/Documentation/Phantom/4.8/Install/PhantomReposAndSigningKeys 6.2 rpm -Uvh https://repo.phantom.us/phantom/4.6/base/7Server/x86_64/phantom_repo-4.6.19142-1.x86_64.rpm 6.3 /opt/phantom/bin/phantom_setup.sh upgrade

Post Upgrade Steps

  1. Review System Health
    1. Administration -> System Health -> System Health