For details, see:
Migrate a Splunk SOAR (On-premises) install from CentOS 7 to Oracle Linux 8
In order to upgrade beyond Splunk SOAR (On-premises) 6.3.0 you must ensure it is running on a supported operating system. See System requirements for production use in Install and Upgrade Splunk SOAR (On-premises) for a list of supported operating systems.
- CentOS Linux 7 reached end of life (EOL) on June 30, 2024. See What to know about CentOS Linux EOL on https://www.redhat.com.
- Support was added for Oracle Linux in Splunk SOAR (On-premises) release 6.3.0.
Migrate CentOS 7 to Oracle Linux 8
You can migrate from CentOS 7 to Oracle Linux 8 on your existing server.
Oracle has published a blog containing instructions at Migrate and Upgrade: CentOS 7 to Oracle Linux 8 in one step on https://blogs.oracle.com/.
Before you begin the migration
Do these tasks before beginning your migration to Oracle Linux 8.
- If you have not already done so, upgrade your current deployment to release 6.3.0. See Splunk SOAR (On-premises) upgrade overview and prerequisites.
- After your upgrade to the current release is complete, make a full backup of of your current release deployment. See Back up a Splunk SOAR (On-premises) deployment.
- Stop all Splunk SOAR services. /<$PHANTOM_HOME>/bin/stop_phantom.shDo not restart Splunk SOAR until the migration is complete.
- Delete all libssl* and libcrypto* files from the directory <$PHANTOM_HOME>/usr/lib64.
These libraries are provided by the operating system in Oracle Linux 8. Deleting the copies in the SOAR distribution prevents conflicts, making the original CentOS 7 installation Oracle Linux 8 compatible.
cd /opt/phantom/usr/lib64 rm libssl* rm libcrypto*
- Conditional: If you are migrating systems which host a Splunk SOAR (On-premises) cluster, you must unmount the GlusterFS fileshares before you can migrate the operating system.
- You will need root or sudo access to edit the fstab file.
- Repeat this step on each cluster node host you intend to migrate.
sed -i -e '/glusterfs/ s/^#*/#/' /etc/fstab umount /opt/phantom/vault umount /opt/phantom/apps umount /opt/phantom/scm umount /opt/phantom/tmp/shared umount /opt/phantom/local_data/app_states
- Install the Elevate package. sudo yum install -y http://repo.almalinux.org/elevate/elevate-release-latest-el$(rpm --eval %rhel).noarch.rpm
- Install the Leapp and Leapp Oracle Linux migration data packages. sudo yum install -y leapp-upgrade leapp-data-oraclelinux
Migrate the operating system from CentOS 7 to Oracle Linux 8
Now that your Splunk SOAR (On-premises) deployment's host is ready to migrate, follow the guide from Oracle at Migrate and Upgrade: CentOS 7 to Oracle Linux 8 in one step on https://blogs.oracle.com/.
You must run the leapp pre-upgrade check and address any issues it reports.
Restart Splunk SOAR (On-premises)
Once you have completed all the steps in the migration from the Oracle article, you can restart Splunk SOAR.
- Conditional: If you are migrating a clustered deployment, and dismounted your GlusterFS fileshares earlier, remount those fileshares. You will need sudo or root access to modify the fstab file.
sed -i -e '/glusterfs/ s/#//' /etc/fstab mount -a
- As the SOAR user, run: /<$PHANTOM_HOME>/bin/start_phantom.sh
| Migrate a Splunk SOAR (On-premises) install from RHEL 8 to RHEL 9 | Migrate a Splunk SOAR (On-premises) install from Oracle Linux 8 to Oracle Linux 9 |
This documentation applies to the following versions of Splunk® SOAR (On-premises): 6.4.0
Download manual
Feedback submitted, thanks!