After the future removal of the classic playbook editor, your existing classic playbooks will continue to run, However, you will no longer be able to visualize or modify existing classic playbooks.
For details, see:
Prepare your Splunk SOAR (On-premises) deployment for upgrade
Before you upgrade , you will need to prepare your instance or your cluster nodes by updating the operating system and any installed installed packages.
The installation TAR file used for upgrades contains all the required dependencies for .
Update the operating system and installed packages
Follow these steps to update the operating system and otherwise prepare your deployment for the upgrade.
For a clustered deployment, prepare cluster nodes in a rolling fashion, one cluster node at a time.
- Log in to the instance's operating system.
- For unprivileged deployments, log in as the user account that runs .
- If you use a warm standby or use ibackup.pyc for backups, you must disable those features before proceeding. If you are not using either of those features, you may skip these sub-steps.
- On a single instance deployment of , disable warm standby. See Upgrade or maintain warm standby instances in Administer .
- If you are using automation to run ibackup.pyc to make backups, cancel backups that could run during your upgrade window. For example, if you have configured a cron job to run ibackup.pyc, disable that cron job.
- Stop all services. For example:
/<$PHANTOM_HOME>/bin/stop_phantom.sh
- Clear the YUM caches. As the root user:
yum clean all
- Update the installed software packages and apply operating system patches. As the root user:
yum update
- Restart the operating system. As the root user:
reboot
- After the system restarts, log in to the operating system as either the root user or a user with sudo privileges.
- The install script requires the ability to create jobs in cron. See System requirements for production use. Check that the cron daemon is running.
ps -ef | grep crond
- If the cron daemon is not running, start it.
systemctl start crond.service
- If the cron daemon is not running, start it.
- With a text editor, update
install_common.py
.
On or around line 208, modify theGLUSTER_RPM_SOURCE_BASE_URL_EL8
declaration. Change the word "mirror" in the URL to the word "vault."GLUSTER_RPM_SOURCE_BASE_URL_EL8 = ("https://vault.centos.org/centos/8-stream/storage/x86_64/gluster-9/Packages/")
The mirror for GlusterFS packages has moved, changing the URL Splunk SOAR (On-premises) uses download those packages. You will need to update the file install_common.py
before you can build or upgrade a clustered deployment, or use a GlusterFS external fileshare.
Run the soar-prepare-system script
To finish preparing to upgrade , run the soar-prepare-system script. This script will check for and install any missing dependencies and check to make sure that all required system-level options are properly set.
You can supply any of the optional arguments for the script listed in soar-prepare-system.sh in the Reference section of this manual.
Upgrade Splunk SOAR (On-premises)
When you are ready to upgrade , follow one of these sets of instructions, based on your deployment type:
Upgrade path for Splunk SOAR (On-premises) unprivileged installations | Convert a privileged Splunk SOAR (On-premises) deployment to an unprivileged deployment |
This documentation applies to the following versions of Splunk® SOAR (On-premises): 6.1.1, 6.2.0, 6.2.1
Feedback submitted, thanks!