Migrate a Splunk SOAR (On-premises) install from RHEL 7 or CentOS 7 to RHEL 8
Support for Red Hat Enterprise Linux 8 (RHEL) was added with the release of Splunk SOAR (On-premises) version 5.5.0. This topic provides a high-level overview of the process for migrating your Splunk SOAR (On-premises) host's operating system to RHEL 8.
Before you begin
Before you migrate your Splunk SOAR (On-premises) deployment from RHEL 7 or CentOS 7 to RHEL 8, make a full backup of of your Splunk SOAR (On-premises) current release deployment. See Splunk SOAR (On-premises) backup and restore overview.
Now migrate your operating system using one of these methods:
- Upgrade the operating system in place on the Splunk SOAR (On-premises) host. See Upgrade the Splunk SOAR (On-premises) host operating system in place.
- Upgrade the operating system on a new Splunk SOAR (On-premises) host, use backup and restore to transfer your information to the new host. See See Upgrade the Splunk SOAR (On-premises) to a new RHEL 8 host by using backup and restore.
Upgrade the Splunk SOAR (On-premises) host operating system in place
This method converts and upgrades the operating system on your Splunk SOAR (On-premises) deployment in place.
Operating system migrations paths:
- RHEL 7 upgrade to RHEL 8
- CentOS 7 convert to RHEL 7, then upgrade to RHEL 8
Convert CentOS 7 to RHEL 7
Before you can convert your CentOS 7 operating system to RHEL 8, you must convert it to RHEL 7.
Follow Red Hat's instructions for converting CentOS 7 to RHEL 7. See Converting CentOS Linux to Red Hat Enterprise Linux on the Red Hat site.
Upgrade from RHEL 7 to RHEL 8
To upgrade Red Hat Enterprise Linux 7 to Red Hat Enterprize Linux 8, perform the following steps:
- Delete all libssl* and libcrypto* files from the directory <$PHANTOM_HOME>/usr/lib64.
CODE
cd /opt/phantom/usr/lib64 rm libssl* rm libcrypto* -
Follow Red Hat's instructions for upgrading RHEL 7 to RHEL 8. See the Upgrading from RHEL 7 to RHEL 8 on the Red Hat site.
Upgrade to the latest version of Splunk SOAR (On-premises)
After you have upgraded the operating system on your Splunk SOAR (On-premises) deployment in place, upgrade Splunk SOAR (On-premises) to the current release. See Splunk SOAR (On-premises) upgrade overview and prerequisites.
Upgrade the Splunk SOAR (On-premises) host operating system for a cluster in place
This method converts and upgrades the operating system on your Splunk SOAR (On-premises) deployment for clusters in place.
Before you begin, ensure that all cluster nodes are using a Splunk SOAR (On-premises) version 5.5.0 or higher.
To upgrade the operating system on your clusters, upgrade each cluster node, one at a time. No further action is required.
Upgrade the Splunk SOAR (On-premises) to a new RHEL 8 host by using backup and restore
This method involves creating a new RHEL 8 system for your Splunk SOAR (On-premises) and restoring your existing Splunk SOAR (On-premises) to the new host.
Operating system migrations paths:
- RHEL 7 upgrade to RHEL 8
- CentOS 7 to RHEL 8
Prerequisite: Ensure that your deployment is using SOAR (On-premises) 5.50 or higher
- Make a full backup of of your Splunk SOAR (On-premises) current release deployment. See Back up a Splunk SOAR (On-premises) deployment.
- Create a new instance of the current Splunk SOAR (On-premises) where the operating system is RHEL 8. See Install Splunk SOAR (On-premises) as an unprivileged user.
- Use the backup created earlier to restore the original deployment to the new deployment. See Restore Splunk SOAR (On-premises) from a backup.