Upgrade the Data Indexer in a DR Deployment
Configure a Proxy Connection for Indexer Upgrades
If your Linux Data Indexer sits behind a proxy server, you need to add the proxy address and optional username and password to the yum configuration file on the Indexer from which you are running the upgrade.
To configure proxy options in yum.conf:
- Log on to your Indexer appliance or server as logrhythm.
To open the file for editing, type:
CODEsudo vi /etc/yum.conf
- To enter INSERT mode, type i.
Add the following lines to the file:
proxy=<proxyURL:port>
proxy_username=<username>
proxy_password=<password>
EXAMPLE
proxy=http://my.proxyaddress.com:9999/
proxy_username=myloginID
proxy_password=mypassword
- Press Esc.
- To exit and save yum.conf type
:wq
Configure Upgrades Without Internet Access (Dark Sites)
If your Linux Data Indexer does not have access to the Internet (for example, in a restricted environment or at a dark site), you may need to modify CentOS-Base.repo so that repositories are skipped if they are unavailable.
CentOS-Base.repo contains the base, updates, extras, and centosplus repositories. By default, updates to centosplus are disabled (i.e., enabled is set to 0). For base, updates, and extras, you will need to add a line that will skip updates if the repo is unavailable.
To configure repository options in CentOS-Base.repo:
- Log in to your Indexer appliance or server as logrhythm.
To open the file for editing, type:
CODEsudo vi /etc/yum.repos.d/CentOS-Base.repo
- To enter INSERT mode, type i.
Within each of the three repository sections — base, updates, and extras — add the following line:
CODEskip_if_unavailable=true
- Press Esc.
- To exit and save CentOS-Base.repo type
:wq
Upgrade a Single-node Cluster
Before starting the Data Indexer installation or upgrade, ensure that firewalld is running on all cluster nodes. To do this, log on to each node and run: sudo systemctl start firewalld
- Log on to your Indexer appliance or server as logrhythm.
Change to the /home/logrhythm/Soft directory where you copied the updated installation or upgrade script.
If you need to create a hosts file, use
vi
to create a file in /home/logrhythm/Soft called hosts.If you are creating a new file, ensure that you specify the current Data Indexer hostname.The hosts file must follow a defined pattern of {IPv4 address}, {hostname}, {boxtype}(optional) on each line. You must separate the address and hostname with a space. The file might look like the following:
10.1.23.91 LRLinux1 hot
If you do not specify a boxtype here, it will assume it is a hot node. This means the warm node configuration may be lost if you do not update the hosts file prior to running the upgrade.Do not use fully qualified domain names for Indexer hosts. For example, use only LRLinux1 instead of LRLinux1.myorg.com.
The following command sequence illustrates how to create and modify a file with vi:
- To create the hosts file and open for editing, type vi hosts.
- To enter INSERT mode, type i.
- Enter the IPv4 address, hostname to use for the Indexer, and box type, separated by a space.
- Press Esc.
- To exit and save your hosts file type:
:wq
To install DX and make the machine accessible without a password, download the DataIndexerLinux.zip file from the Documentation & Downloads section of the LogRhythm Community, extract the PreInstall.sh file to /home/logrhythm and execute the script.
This cannot be run assudo
or the DX Installer will fail.CODEsh ./PreInstall.sh
Run the installer with the hosts file argument:
CODEsudo sh LRDataIndexer-<version>.centos.x86_64.run --hosts <absolute path to .hosts file> --plan /home/logrhythm/Soft/plan.yml
Press Tab after starting to type out the installer name, and the filename autocompletes for you.
If prompted for the SSH password, enter the password for the logrhythm user.
The script installs or upgrades the Data Indexer.This process may take up to 10 minutes.When the installation or upgrade is complete, a confirmation message appears.
Check the status of services by typing sudo systemctl at the prompt, and then look for failed services.
If the installation or upgrade fails with the error — failed to connect to the firewalld daemon — ensure that firewalld is running on all cluster nodes and start this procedure again. To do this, log in to each node and run the following command:sudo systemctl start firewalld
Once the cluster restarts, there will be a short period of downtime as the DX update finalizes.
Upgrade a Multi-node Cluster
Before starting the Data Indexer installation or upgrade, ensure that firewalld is running on all cluster nodes. To do this, log in to each node and run the following command: sudo systemctl start firewalld
- Log on to your Indexer appliance or server as logrhythm.
Change to the /home/logrhythm/Soft directory where you copied the script.
You should have a file named hosts in the /home/logrhythm/Soft directory that was used during the original installation. The hosts file must follow a defined pattern of {IPv4 address}, {hostname}, {boxtype}(optional) on each line. You must separate the address and hostname with a space.
The contents of the file might look like the following:10.1.23.65 LRLinux1 hot
10.1.23.67 LRLinux2 warm
10.1.23.91 LRLinux3 warmThe box type parameter is optional in the hosts file, if you do not specify a boxtype here, it will assume it is a hot node. This means the warm node configuration may be lost if you do not update the hosts file prior to running the upgrade.If you need to create a hosts file, use
vi
to create a file in /home/logrhythm/Soft called hosts.Do not use fully qualified domain names for Indexer hosts. For example, use only LRLinux1 instead of LRLinux1.myorg.com.
The following command sequence illustrates how to create and modify a file with
vi
:- To create the hosts file and open for editing, type
vi hosts
. - To enter INSERT mode, type i.
- Enter the IPv4 address, the hostname to use for the Indexer, and the box type, separated by spaces.
- Press Esc.
- To exit and save your hosts file type
:wq
.
- To create the hosts file and open for editing, type
To install DX and make the machine accessible without a password, download the DataIndexerLinux.zip file from the Documentation & Downloads section of the LogRhythm Community, extract the the PreInstall.sh file to /home/logrhythm and execute the script.
This cannot be run assudo
or the DX Installer will fail.CODEsh ./PreInstall.sh
If there are any changes in the plan file, you must copy the new plan file at /home/logrhythm/Soft.Run the installer using the original or updated hosts file:
CODEsudo sh LRDataIndexer-<version>.centos.x86_64.run --hosts <absolute path to .hosts file> --plan /home/logrhythm/plan.yml
Press Tab after starting to type out the installer name, and the filename autocompletes for you.
If prompted for the SSH password, enter the password for the logrhythm user.
The script installs or upgrades the Data Indexer on each of the DX machines.This process may take up to 30 minutes.When the installation or upgrade is complete, a confirmation message appears.
Check the status of services by typing
sudo systemctl
at the prompt, looking for “failed” services.If the installation or upgrade fails with the error — failed to connect to the firewalld daemon — ensure that firewalld is running on all cluster nodes and start the installation again. To do this, log in to each node and run the following command:sudo systemctl start firewalld
Once the cluster restarts, there will be a short period of downtime as the DX update finalizes.
Validate the Linux Indexer Upgrade
To validate a successful upgrade of the Linux Indexer, check the following logs in /var/log/persistent:
- ansible.log echoes console output from the upgrade, and should end with details about the number of components that upgraded successfully, as well as any issues (unreachable or failed)
- logrhythm-node-install.sh.log lists all components that were installed or updated, along with current versions
- logrhythm-cluster-install.sh.log should end with a message stating that the Indexer was successfully installed
Additionally, you can issue the following command and verify the installed version of various LogRhythm services, tools, and libraries, as well as third party tools:
sudo yum list installed | grep -i logrhythm
- Verify that the following LogRhythm services are at the same version as the main installer version:
- Bulldozer
- Carpenter
- Columbo
- GoMaintain
- Transporter
- Watchtower
- Verify that the following tools/libraries have been updated to the version matching the installer name:
- Cluster Health
- Conductor
- Persistent
- Silence
- Unique ID
- Upgrade Checker
- Verify the following versions of these services and third party tools:
- elasticsearch 6.8.3