17.4 Upgrading ESM for Fusion

After upgrading the CDF and ESM, you can upgrade ESM for Fusion.

NOTE:For the upgrade, you must have at least temporary access to the configuration properties on the installed cluster. The upgrade process requires you to accept a certificate for the Configuration page in Step 4. Otherwise, you might encounter certificate errors during the upgrade.

  1. Open a new tab in a supported web browser.

  2. Specify the URL for the CDF Management Portal:

    https://<Fusion-server>:5443

    Use the fully-qualified domain name of the host that you specified in the Connection step during the CDF configuration. Usually, this is the master node’s FQDN.

  3. Log in to the CDF Management Portal with the credentials of the administrative user that you provided during installation.

  4. To accept the Configuration page certificate, complete the following steps:

    1. Select Deployment > Deployments > > Reconfigure.

    2. Accept the certificate.

  5. Switch to the CDF Management Portal.

  6. Click Deployment > Metadata.

  7. Click +ADD on the top-right and add the installer metadata file.

  8. Click Deployment > Deployments.

    Under Update, you will see a notification that indicates there are updates available to components in your cluster.

    NOTE:If you know that there are updates but the Portal fails to provide a notification, we recommend that you clear the browser cache then refresh the page. Alternatively, you could change to private mode in the browser.

  9. Click the notification icon, and then click the installer metadata link .

  10. Since you have already downloaded the required files for upgrade, continue to click Next until you are in the Import suite images screen.

  11. Launch a terminal session, then log in to the master node as root or as a sudo user.

  12. Change to the following directory:

    cd $K8S_HOME/scripts

    For example:

    cd /opt/arcsight/kubernetes/scripts

  13. To upload the required images to the local registry, enter the following command:

    ./uploadimages.sh -d /<fusion_download_directory>/suite_images

    When prompted for a password, enter the administrator password for the CDF Management Portal.

  14. To ensure that the images have been uploaded, switch to the CDF Management Portal, then click CHECK AGAIN.

  15. Click Next until you get the Apply update screen.

  16. To apply the updates under Fusion, complete the following steps:

    1. In Cluster Configuration, change Search Engine Replicas to 0.

    2. In Database Configuration, disable Enable Database.

    3. (Conditional) Update the ArcSight ESM Host Configuration details if configured before upgrade.

  17. Select Deployment > Metadata, and then delete the metadata file that is not in use.

  18. To label the Fusion node, complete the following steps:

    1. Select Cluster > Nodes.

    2. In Predefined Labels, specify fusion:yes label and click +.

      NOTE:Labels are case-sensitive. Ensure that you enter the values correctly.

    3. (Conditional) Remove the obsolete analytics:yes label.

      NOTE:This label will not be visible in the UI if you installed Fusion 1.0 using the script.

    4. (Conditional) For single-node deployment, drag the newly added labels to the worker node.

    5. (Conditional) For multi-node deployment, drag-and-drop the new label from the predefined set to each of the worker nodes based on your workload sharing configuration.

  19. To configure ArcSight Command Center, complete the following steps:

    1. Select Deployment > Deployments > > Change.

    2. In the Capabilities page, select ArcSight Command Center.

    3. (Conditional) If you are using the Active List widget from the Fusion 1.0 release, select Layered Analytics.

      NOTE:To use this capability, you must deploy both ArcSight Interset and ESM for Fusion in the same cluster.

    4. Click Next until you reach the Configuration Complete page.

    5. Click Next after all the pods in the Configuration Complete page are displayed in green.

  20. Check the upgrade status by monitoring the pods’ status:

    1. Click Cluster > Dashboard.

    2. In the left pane, switch to the arcsight-installer-<XXXX> Namespace.

    3. Go to the Pods section and continue reloading the page until you see the status for all the pods as Running. On the Status column, sort the pod status to see if any pod is not running. Once the status for all the pods is changed to Running, the upgrade is complete.

  21. To determine whether the upgrade is successful, complete the following steps:

    1. Select Deployment > Deployments.

    2. Under the Version column, you will see the new version of the suite.

      Also, under the Update column, you will see zero, which indicates there are no updates available for components in your cluster.

  22. To reload CDF images that the upgrade process removed, complete the following steps:

    1. Change to the following directory:

      cd $K8S_HOME/scripts

      For example:

      cd /opt/kubernetes/scripts

    2. Run the following command:

      ./uploadimages.sh -d /<fusion_download_directory>/installers/cdf-2020.05.00100-2.3.0.7/cdf/images/

      For example:

      ./uploadimages.sh -d /esm-cmd-center-installer-for-fusion-x.x.x.x/installers/cdf-2020.05.00100-2.3.0.7/cdf/images/

      When prompted for a password, use the administrator password for the CDF Management Portal.