Migrate a Splunk SOAR (On-premises) install from Oracle Linux 8 to Oracle Linux 9
Support for Oracle Linux 9 was added with the release of Splunk SOAR (On-premises) version 6.4.0. This topic provides a high-level overview of the process for migrating your Splunk SOAR (On-premises) host's operating system to Oracle 9.
Operating system upgrade or migration checklist
Use this table as a guide to migrating or upgrading your Splunk SOAR (On-premises) host or cluster node hosts to Oracle Linux 9.
To upgrade a Splunk SOAR (On-premises) cluster, see Upgrade the operating system for Splunk SOAR (On-premises) clusters.
Prerequisites:
-
Already installed or upgraded to SOAR (On-premises) 6.4.0 or higher
-
Oracle Linux 8 installed
| Step | Description |
|---|---|
| 1 | Make a full backup of your existing Splunk SOAR (On-premises) host or cluster. See Splunk SOAR (On-premises) backup and restore overview. |
| 2 | Upgrade your Splunk SOAR (On-premises) hosts to Oracle Linux 9. See the article Oracle Linux 9: Upgrading Systems With Leapp on the Oracle docs site. |
| 3 | After you have upgraded your Splunk SOAR (On-premises) hosts to Oracle Linux 9, upgrade Splunk SOAR (On-premises) packages for the new operating system.
|
Upgrade Splunk SOAR (On-premises) packages for your new operating system
After you have upgraded the operating system on your Splunk SOAR (On-premises) deployment in place, run the upgrade for Splunk SOAR (On-premises) to apply operating system dependent updates.
For clustered deployments, see the next section, Upgrade the operating system for Splunk SOAR (On-premises) clusters.
- Download the Splunk SOAR (On-premises) installation TAR file for your new operating system. See Get Splunk SOAR (On-premises).
- Extract the TAR file you downloaded into the Splunk SOAR (On-premises) installation directory.
CODE
tar -xvf <installer>.tgz -C <$PHANTOM_HOME> - Re-run the install script using the
--dist-upgradeoption.CODE<$PHANTOM_HOME>/splunk-soar/soar-install --dist-upgradeCAUTION: Before you can use the--dist-upgradeoption, you must have already upgraded Splunk SOAR (On-premises) to release 6.4.0 or higher.
Upgrade the operating system for Splunk SOAR (On-premises) clusters
There are two methods you can use to upgrade the operating system on a Splunk SOAR (On-premises) cluster:
- Upgrade the operating system for each cluster node.
- Create new Splunk SOAR (On-premises) release 6.4.0 nodes for your cluster on the desired operating system, add them to your cluster, then decommission nodes running the previous operating system.
Upgrade the operating system for each Splunk SOAR (On-premises) cluster node
This method converts and upgrades the operating system on your Splunk SOAR (On-premises) deployment for clusters in place.
Prerequisite: All cluster nodes using Splunk SOAR (On-premises) release 6.4.0 or higher
To upgrade cluster nodes in a rolling fashion, follow these steps.
Perform the complete sequence of steps for one cluster node, then repeat the sequence for each additional cluster node.
- Upgrade the installed operating system from Oracle Linux 8 to Oracle 9, following Oracle's instructions for upgrading OL 8 to OL 9. See the article Oracle Linux 9: Upgrading Systems With Leapp on the Oracle docs site.
- Download the Splunk SOAR (On-premises) installation TAR file for your new operating system, and copy it to each cluster node. See Get Splunk SOAR (On-premises).
- Extract the TAR file you downloaded into the Splunk SOAR (On-premises) installation directory.
CODE
tar -xvf <installer>.tgz -C <$PHANTOM_HOME> - Re-run the install script using the
--dist-upgradeoption.CODE<$PHANTOM_HOME>/splunk-soar/soar-install --dist-upgrade
--dist-upgrade option, you must already have upgraded Splunk SOAR (On-premises) to release 6.4.0.
Upgrade the Splunk SOAR (On-premises) cluster by adding and removing cluster nodes
If you prefer, you can upgrade your cluster by building new cluster nodes, adding them to your cluster, then decommissioning cluster nodes running earlier versions of Splunk SOAR (On-premises). For information on adding or removing cluster nodes from your Splunk SOAR (On-premises) cluster, see Add or remove a cluster node from Splunk SOAR (On-premises).