Upgrade the Multi-Tenant Installation - Installation Guide - 6.8 - Cortex XSOAR - Cortex - Security Operations

Cortex XSOAR Installation Guide

Product
Cortex XSOAR
Version
6.8
Creation date
2022-09-02
Last date published
2024-02-04
End_of_Life
EoL
Category
Installation Guide

The upgrade process makes changes to the data in the database which can introduce version incompatibility between the Cortex XSOAR service version and the database version during upgrade. To maintain version compatibility at any point, make sure to do the following during the upgrade process:

  • Stop the main server before starting the host server(s) upgrades.

  • Upgrade one host server at a time. Other host servers can continue to run while each host upgrades.

Note

Cortex XSOAR v6.5 and later with Elasticsearch requires one additional index per tenant, host group, and main account. If you are using Elasticsearch, verify you have sufficient available shards before upgrading to Cortex XSOAR v6.5 or later.

Upgrade Multi-Tenant with High Availability

To make sure at any given moment that the Cortex XSOAR services in the same High Availability (HA) group and the database version are compatible you need to:

  • Stop the main server(s) before starting the host upgrades. Do not restart the main server until all hosts are upgraded.

  • You can upgrade all the HA groups in parallel or one at a time.

  • Stop all host servers in the same HA group before starting the upgrade to avoid old host processes using the newer database version. Host servers in other HA groups can continue to run, and their tenants can be accessed directly through the host.

Upgrade Multi-Tenant with Disaster Recovery

For Disaster Recovery (DR), you have primary servers for the main and host servers and secondary (backup) servers for the main and host servers. The secondary (backup) servers need to be up and running when the primary servers are in upgrade, so you should always upgrade the secondary (backup) servers before the primary servers. The order for upgrade is therefore:

  • Stop the main primary server.

  • Stop the main secondary (backup) server.

  • For each host, stop the primary host server, stop the secondary (backup) host server, upgrade the secondary host server and then upgrade the primary host server.

  • Upgrade the main secondary (backup) server and then upgrade the main primary server.

  1. Prepare for Upgrade.

    1. Back up your data.

    2. Download the new installer and copy it to all the servers that will be upgraded by running the following command.

      wget -O demisto.sh "<downloadLink>"

      Note

      You can use the original URL that was sent to you when installing Cortex XSOAR by changing it to the following:

      • Change download.demisto.works to download.demisto.com

      • If you want a specific version (other than a general available release), add &downloadName=<version>_<latest or build number> to the end of the URL.

        For example, to upgrade to the latest v6.8 release, type https://download.demisto.com/download-params/?token=xxxxxxx&email=user@paloaltonetworks.com&downloadName=6_8_latest&eula=accept

      If you do not have the original URL, open a Customer Support ticket and select the Download Link option. The link is then sent automatically.

    3. Run the following command to allow the .sh file to run as an executable file.

      chmod +x demisto.sh

  2. Stop the main server.

    sudo service demisto stop

    For multi-tenant HA, stop all the main app servers.

    For multi-tenant DR, after stopping the main primary server, stop the main secondary (backup) server.

  3. Upgrade the host servers.

    Repeat this step for all host servers.

    (Multi-tenant HA) Repeat this step for all HA groups.

    1. Stop the host server(s).

      sudo service demisto stop

      (Multi-tenant HA) Stop all host servers in the same HA group.

      (Multi-tenant DR) Stop host secondary (backup) servers.

    2. Run the installer.

      sudo ./demisto.sh -- -multi-tenant

      Cortex XSOAR uses the /tmp folder for installation. If the folder is blocked by policy, you need to specify a new directory or use /var/tmp directory by adding the -target argument to installation before any other flag. For example, sudo ./demisto.sh -target /var/tmp --multi-tenant

      (Multi-tenant HA) Choose a host server in the HA group and run the installer on it. After checking the host is up and running, repeat on all host servers in the same HA group.

      (Multi-tenant DR) Run the installer on the host secondary (backup) server. After checking the host secondary server is up and running, run the installer on the host primary server.

  4. Upgrade the main servers.

    sudo ./demisto.sh -- -multi-tenant

    (Multi-tenant HA) Choose a main app server and run the installer on it. After checking the main app server is up and running, run the installer on the other main app servers.

    (Multi-tenant DR) Run the installer on the main secondary (backup) server. After checking the main secondary (backup) server is up and running, run the installer on the main primary server.

  5. Validate the upgrade.

    1. (Multi-tenant HA) Check that the server is accessible through the load balancer as before upgrade.

    2. Check that all tenants are accessible through the main server.