After the future removal of the classic playbook editor, your existing classic playbooks will continue to run, However, you will no longer be able to visualize or modify existing classic playbooks.
For details, see:
Upgrade a privileged cluster
When you upgrade your Splunk SOAR (On-premises) clustered deployment to release 5.4.0 your privileged deployment is automatically converted to an unprivileged one. For more information on this conversion, see Convert a privileged deployment to an unprivileged deployment.
Perform the following tasks to upgrade your cluster. These tasks apply to privileged clusters running on local hardware, or privileged clusters running in Amazon Web Services.
Before you begin
Before you begin to upgrade your cluster, do the following steps:
- Read upgrade overview and prerequisites.
- Prepare your cluster's server node or load balancer, if the load balancer is separate from your cluster's server node.
- Log in to the operating system of your server node or load balancer as either the root user or a user with sudo privileges.
- Update the firewalld rules to allow the custom HTTPS port for .
firewall-cmd --permanent --add-port=8443/tcp
- Reload firewalld.
fireall-cmd --reload
- Configure haproxy (or other load balancer) to add the custom HTTPS port. On in /etc/haproxy/haproxy.cfg, copy the entry that looks like this:
bind *:443 ssl crt /etc/haproxy/certificates no-sslv3 no-tlsv10 ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-DSS-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:DHE-DSS-AES128-SHA256:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256
Add a copy of that entry, edited with your custom HTTPS port:
bind *:8443 ssl crt /etc/haproxy/certificates no-sslv3 no-tlsv10 ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-DSS-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:DHE-DSS-AES128-SHA256:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256
- Reload haproxy. or
systemctl reload haproxy
systemctl reload rh-haproxy18-haproxy
If you use a load balancer other than haproxy, you need to do the equivalent of these steps for that load balancer.
Upgrade the cluster nodes
For each SOAR node, follow the upgrade instructions, one node at a time:
The same TAR file is used for install and upgrade processes. The file detects the presence of SOAR and installs or upgrades accordingly.
- Restart the operating system if you did not recently restart it as part of the prerequisites.
This step is required to ensure that the upgrade completes successfully and efficiently.
As the root user:reboot
- After the system restarts, log in to the operating system as either the root user or a user with sudo privileges.
- Download the privileged installer from the Splunk SOAR site. The installer is packaged with static versions of the product's dependencies when the product is built. The installer is named in the format
splunk_soar-priv-<major>.<minor>.<patch>.<build>-<commit_short_sha>-el7-x86_64.tgz
. - Extract the TGZ file you downloaded using
tar -xf <installer>.tgz
into the /opt/phantom directory. - The installer package you extracted creates a file called soar-install in the <$PHANTOM_HOME>/splunk-soar directory. Run that as root:
sudo <$PHANTOM_HOME>/splunk-soar/soar-install --upgrade --with-apps
You can see the full list of arguments for the soar-install script by using the --help
option.
Upgrade a Splunk SOAR (On-premises) instance | Upgrade an unprivileged cluster |
This documentation applies to the following versions of Splunk® SOAR (On-premises): 5.4.0
Feedback submitted, thanks!