Migrate a Splunk SOAR (On-premises) install from RHEL 8 to RHEL 9

Support for Red Hat Enterprise Linux 9 (RHEL) was added with the release of version 6.4.0. This topic provides a high-level overview of the process for migrating your host's operating system to RHEL 9.

This article focuses on the current Splunk SOAR (On-premises) release. You can upgrade to any Splunk SOAR (On-premises) release 6.4.0 or higher.

Operating system upgrade or migration checklist

Use this table as a guide to migrating or upgrading your Splunk SOAR (On-premises) host or cluster node hosts to Red Hat Enterprise Linux 9.

Upgrade Splunk SOAR (On-premises) packages for your new operating system

Once you have upgraded the operating system on your deployment in place, you will need to run the upgrade for to apply operating system dependent updates.

1. Download the Splunk SOAR (On-premises) installation TAR file for your new operating system. See Get Splunk SOAR (On-premises).
2. Extract the TAR file you downloaded into the Splunk SOAR (On-premises) installation directory.

   tar -xvf <installer>.tgz -C <$PHANTOM_HOME>

   Extracting the TAR file this way creates a new directory in the Splunk SOAR (On-premises) home directory, <$PHANTOM_HOME>/splunk-soar.
3. Re-run the install script using the --dist-upgrade option.

   <$PHANTOM_HOME>/splunk-soar/soar-install --dist-upgrade

Before you can use the --dist-upgrade option, you must already have upgraded Splunk SOAR (On-premises) to release 6.4.0.

Upgrade the operating system for Splunk SOAR (On-premises) clusters

There are two methods you can use to upgrade the operating system on a Splunk SOAR (On-premises) cluster:

• Upgrade the operating system for each cluster node.
• Create new Splunk SOAR (On-premises) release 6.4.0 nodes for your cluster on the desired operating system, add them to your cluster, then decommission nodes running the previous operating system.

Upgrade the operating system for each Splunk SOAR (On-premises) cluster node

This method converts and upgrades the operating system on your deployment for clusters in place. Before you begin, ensure that all cluster nodes are using a release 6.4.0.

You can upgrade cluster nodes in a rolling fashion by doing the following steps:

1. Upgrade the cluster nodes, one at a time to release 6.4.0. See Splunk SOAR (On-premises) upgrade overview and prerequisites.
2. On each cluster node, one at a time, upgrade the installed operating system from RHEL 8 to RHEL 9, following Red Hat's instructions for upgrading RHEL 8 to RHEL 9. See Upgrading from RHEL 8 to RHEL 9 on the Red Hat site.
3. Download the Splunk SOAR (On-premises) installation TAR file for your new operating system, and copy it to each cluster node. See Get Splunk SOAR (On-premises).
4. On each cluster node, one at a time, extract the TAR file you downloaded into the Splunk SOAR (On-premises) installation directory.

   tar -xvf <installer>.tgz -C <$PHANTOM_HOME>

   Extracting the TAR file this way creates a new directory in the Splunk SOAR (On-premises) home directory, <$PHANTOM_HOME>/splunk-soar.
5. On each cluster node, one at time, re-run the install script using the --dist-upgrade option.

   <$PHANTOM_HOME>/splunk-soar/soar-install --dist-upgrade

Before you can use the --dist-upgrade option, you must already have upgraded Splunk SOAR (On-premises) to release 6.4.0.

Upgrade the Splunk SOAR (On-premises) cluster by adding and removing cluster nodes

If you prefer, you can upgrade your cluster by building new cluster nodes, adding them to your cluster, then decommissioning cluster nodes running earlier versions of Splunk SOAR (On-premises). For information on adding or removing cluster nodes from your Splunk SOAR (On-premises) cluster, see Add or remove a cluster node from Splunk SOAR (On-premises).