Migrate a Splunk SOAR (On-premises) install from RHEL 8 to RHEL 9

Use this table as a guide to migrating or upgrading your Splunk SOAR (On-premises) host or cluster node hosts to Red Hat Enterprise Linux 9.

To upgrade a Splunk SOAR (On-premises) cluster, see Upgrade the operating system for Splunk SOAR (On-premises) clusters.

Prerequisites:

• Already installed or upgraded to SOAR (On-premises) 6.4.0 or higher

• Red Hat Enterprise Linux 8 installed

After you have upgraded the operating system on your Splunk SOAR (On-premises) deployment in place, run the upgrade for Splunk SOAR (On-premises) to apply operating system dependent updates.

For clustered deployments, see the next section, Upgrade the operating system for Splunk SOAR (On-premises) clusters

1. Download the Splunk SOAR (On-premises) installation TAR file for your new operating system. See Get Splunk SOAR (On-premises).
2. Extract the TAR file you downloaded into the Splunk SOAR (On-premises) installation directory.
   CODECopy

   tar -xvf <installer>.tgz -C <$PHANTOM_HOME>

   tar -xvf <installer>.tgz -C <$PHANTOM_HOME>

3. Re-run the install script using the --dist-upgrade option.
   CODECopy

   <$PHANTOM_HOME>/splunk-soar/soar-install --dist-upgrade

   <$PHANTOM_HOME>/splunk-soar/soar-install --dist-upgrade

   CAUTION: Before you can use the --dist-upgrade option, you must have already upgraded Splunk SOAR (On-premises) to release 6.4.0 or higher.

There are two methods you can use to upgrade the operating system on a Splunk SOAR (On-premises) cluster.

Each method requires that your nodes are using Splunk SOAR (On-premises) version 6.4.0 or higher.

• Upgrade the operating system for each cluster node.
• Create new Splunk SOAR (On-premises) nodes for your cluster on the desired operating system, add them to your cluster, then decommission nodes running the previous operating system.