Migrate a Splunk SOAR (On-premises) install from CentOS 7 to Oracle Linux 8

In order to upgrade beyond Splunk SOAR (On-premises) 6.3.0 you must ensure it is running on a supported operating system. See System requirements for production use in Install and Upgrade Splunk SOAR (On-premises) for a list of supported operating systems.

  • CentOS Linux 7 reached end of life (EOL) on June 30, 2024. See What to know about CentOS Linux EOL on https://www.redhat.com.
  • Support was added for Oracle Linux in Splunk SOAR (On-premises) release 6.3.0.

Migrate CentOS 7 to Oracle Linux 8

You can migrate from CentOS 7 to Oracle Linux 8 on your existing server.

Oracle has published a blog containing instructions at Migrate and Upgrade: CentOS 7 to Oracle Linux 8 in one step on https://blogs.oracle.com/.

Before you begin the migration

Do these tasks before beginning your migration to Oracle Linux 8.

  1. If you have not already done so, upgrade your current Splunk SOAR (On-premises) deployment to release 6.3.0. See Splunk SOAR (On-premises) upgrade overview and prerequisites.
  2. After your upgrade to Splunk SOAR (On-premises) the current release is complete, make a full backup of of your Splunk SOAR (On-premises) current release deployment. See Back up a Splunk SOAR (On-premises) deployment.
  3. Stop all Splunk SOAR services. 
    /<$PHANTOM_HOME>/bin/stop_phantom.sh
    Do not restart Splunk SOAR until the migration is complete.
  4. Delete all libssl* and libcrypto* files from the directory <$PHANTOM_HOME>/usr/lib64. 
    cd /opt/phantom/usr/lib64
rm libssl*
rm libcrypto*
  5. Conditional: If you are migrating systems which host a Splunk SOAR (On-premises) cluster, you must unmount the GlusterFS fileshares before you can migrate the operating system.
    • You will need root or sudo access to edit the fstab file.
    • Repeat this step on each cluster node host you intend to migrate.
    sed -i -e '/glusterfs/ s/^#*/#/' /etc/fstab
umount /opt/phantom/vault
umount /opt/phantom/apps
umount /opt/phantom/scm
umount /opt/phantom/tmp/shared
umount /opt/phantom/local_data/app_states
  6. Install the Elevate package. 
    sudo yum install -y http://repo.almalinux.org/elevate/elevate-release-latest-el$(rpm --eval %rhel).noarch.rpm
  7. Install the Leapp and Leapp Oracle Linux migration data packages. 
    sudo yum install -y leapp-upgrade leapp-data-oraclelinux

Migrate the operating system from CentOS 7 to Oracle Linux 8

Now that your Splunk SOAR (On-premises) deployment's host is ready to migrate, follow the guide from Oracle at Migrate and Upgrade: CentOS 7 to Oracle Linux 8 in one step on https://blogs.oracle.com/.

CAUTION: You must run the leapp pre-upgrade check and address any issues it reports.

Restart Splunk SOAR (On-premises)

Once you have completed all the steps in the migration from the Oracle article, you can restart Splunk SOAR.

  1. Conditional: If you are migrating a clustered deployment, and dismounted your GlusterFS fileshares earlier, remount those fileshares. You will need sudo or root access to modify the fstab file.
    sed -i -e '/glusterfs/ s/#//' /etc/fstab
mount -a
  2. As the SOAR user, run: 
    /<$PHANTOM_HOME>/bin/start_phantom.sh