Migrate a Splunk SOAR (On-premises) install from RHEL 7 or CentOS 7 to RHEL 8
Support for Red Hat Enterprise Linux 8 (RHEL) was added with the release of Splunk SOAR (On-premises) version 5.5.0. This topic provides a high-level overview of the process for migrating your Splunk SOAR (On-premises) host's operating system to RHEL 8.
Before you begin
Before you migrate your Splunk SOAR (On-premises) deployment from RHEL 7 or CentOS 7 to RHEL 8, make a full backup of of your Splunk SOAR (On-premises) current release deployment. See Splunk SOAR (On-premises) backup and restore overview.
Now migrate your operating system using one of these methods:
- Upgrade the operating system in place on the Splunk SOAR (On-premises) host. See Upgrade the Splunk SOAR (On-premises) host operating system in place.
- Upgrade the operating system on a new Splunk SOAR (On-premises) host, use backup and restore to transfer your information to the new host. See See Upgrade the Splunk SOAR (On-premises) to a new RHEL 8 host by using backup and restore.
Upgrade the Splunk SOAR (On-premises) host operating system in place
This method converts and upgrades the operating system on your Splunk SOAR (On-premises) deployment in place.
Operating system migrations paths:
- RHEL 7 upgrade to RHEL 8
- CentOS 7 convert to RHEL 7, then upgrade to RHEL 8
Convert CentOS 7 to RHEL 7
Before your CentOS 7 operating system can be upgraded to RHEL 8, you must convert it to RHEL 7.
Follow Red Hat's instructions for converting CentOS 7 to RHEL 7. See Converting CentOS Linux to Red Hat Enterprise Linux on the Red Hat site.
Upgrade from RHEL 7 to RHEL 8
Follow Red Hat's instructions for upgrading RHEL 7 to RHEL 8. See the Upgrading from RHEL 7 to RHEL 8 on the Red Hat site.
Upgrade to the latest version of Splunk SOAR (On-premises)
Once you have upgraded the operating system on your Splunk SOAR (On-premises) deployment in place, upgrade Splunk SOAR (On-premises) to the current release. See Splunk SOAR (On-premises) upgrade overview and prerequisites.
Upgrade the Splunk SOAR (On-premises) host operating system for a cluster in place
This method converts and upgrades the operating system on your Splunk SOAR (On-premises) deployment for clusters in place. Before you begin, ensure that all cluster nodes are using a Splunk SOAR (On-premises) version 5.5.0 or higher.
- Upgrade the cluster nodes, one at a time. Note: If you are upgrading from CentOS 7, deactivate cron jobs for the duration of the upgrade.
- Upgrade Splunk SOAR (On-premises) to the current release. See Splunk SOAR (On-premises) upgrade overview and prerequisites.
Upgrade the Splunk SOAR (On-premises) to a new RHEL 8 host by using backup and restore
This method involves creating a new RHEL 8 system for your Splunk SOAR (On-premises) and restoring your existing Splunk SOAR (On-premises) to the new host.
Operating system migrations paths:
- RHEL 7 upgrade to RHEL 8
- CentOS 7 to RHEL 8
Do the following tasks.
- Delete all libssl* and libcrypto* files from the directory <$PHANTOM_HOME>/usr/lib64.
cd /opt/phantom/usr/lib64 rm libssl* rm libcrypto* - If you have not already done so, upgrade your current Splunk SOAR (On-premises) deployment to the current release. See Splunk SOAR (On-premises) upgrade overview and prerequisites.
- After your upgrade to Splunk SOAR (On-premises) the current release is complete, make a full backup of of your Splunk SOAR (On-premises) current release deployment. See Back up a Splunk SOAR (On-premises) deployment.
- Create a new instance of the current Splunk SOAR (On-premises) where the operating system is RHEL 8. See Install Splunk SOAR (On-premises) as an unprivileged user.
- Use the backup created earlier to restore the original deployment to the new deployment. See Restore Splunk SOAR (On-premises) from a backup.