After the future removal of the classic playbook editor, your existing classic playbooks will continue to run, However, you will no longer be able to visualize or modify existing classic playbooks.
For details, see:
Migrate a Splunk SOAR (On-premises) install from CentOS 7 to Oracle Linux 8
In order to upgrade beyond Splunk SOAR (On-premises) 6.3.0 you must ensure it is running on a supported operating system. See System requirements for production use in Install and Upgrade Splunk SOAR (On-premises) for a list of supported operating systems.
- CentOS Linux 7 reached end of life (EOL) on June 30, 2024. See What to know about CentOS Linux EOL on https://www.redhat.com.
- Support was added for Oracle Linux in Splunk SOAR (On-premises) release 6.3.0.
Migrate CentOS 7 to Oracle Linux 8
You can migrate from CentOS 7 to Oracle Linux 8 on your existing server.
Oracle has published a blog containing instructions at Migrate and Upgrade: CentOS 7 to Oracle Linux 8 in one step on https://blogs.oracle.com/.
Before you begin the migration
Do these tasks before beginning your migration to Oracle Linux 8.
- If you have not already done so, upgrade your current deployment to release 6.3.0. See Splunk SOAR (On-premises) upgrade overview and prerequisites.
- After your upgrade to the current release is complete, make a full backup of of your current release deployment. See Back up a Splunk SOAR (On-premises) deployment.
- Stop all Splunk SOAR services. /<$PHANTOM_HOME>/bin/stop_phantom.shDo not restart Splunk SOAR until the migration is complete.
- Delete all libssl* and libcrypto* files from the directory <$PHANTOM_HOME>/usr/lib64.
These libraries are provided by the operating system in Oracle Linux 8. Deleting the copies in the SOAR distribution prevents conflicts, making the original CentOS 7 installation Oracle Linux 8 compatible.
cd /opt/phantom/usr/lib64 rm libssl* rm libcrypto*
- Conditional: If you are migrating systems which host a Splunk SOAR (On-premises) cluster, you must unmount the GlusterFS fileshares before you can migrate the operating system.
- You will need root or sudo access to edit the fstab file.
- Repeat this step on each cluster node host you intend to migrate.
sed -i -e '/glusterfs/ s/^#*/#/' /etc/fstab umount /opt/phantom/vault umount /opt/phantom/apps umount /opt/phantom/scm umount /opt/phantom/tmp/shared umount /opt/phantom/local_data/app_states
- Install the Elevate package. sudo yum install -y http://repo.almalinux.org/elevate/elevate-release-latest-el$(rpm --eval %rhel).noarch.rpm
- Install the Leapp and Leapp Oracle Linux migration data packages. sudo yum install -y leapp-upgrade leapp-data-oraclelinux
Migrate the operating system from CentOS 7 to Oracle Linux 8
Now that your Splunk SOAR (On-premises) deployment's host is ready to migrate, follow the guide from Oracle at Migrate and Upgrade: CentOS 7 to Oracle Linux 8 in one step on https://blogs.oracle.com/.
You must run the leapp pre-upgrade check and address any issues it reports.
Restart Splunk SOAR (On-premises)
Once you have completed all the steps in the migration from the Oracle article, you can restart Splunk SOAR.
- Conditional: If you are migrating a clustered deployment, and dismounted your GlusterFS fileshares earlier, remount those fileshares. You will need sudo or root access to modify the fstab file.
sed -i -e '/glusterfs/ s/#//' /etc/fstab mount -a
- As the SOAR user, run: /<$PHANTOM_HOME>/bin/start_phantom.sh
| Migrate a Splunk SOAR (On-premises) install from RHEL 7 or CentOS 7 to RHEL 8 | Migrate from Splunk SOAR (On-premises) to Splunk SOAR (Cloud) |
This documentation applies to the following versions of Splunk® SOAR (On-premises): 6.3.0, 6.3.1
Download manual
Feedback submitted, thanks!