Upgrade an engine on Cortex XSOAR or directly on the remote machine.
Whenever there is a Cortex XSOAR major version change or a change in tenant-engine protocol version, your engines require an upgrade. On the Engines page, the Status column shows those engines that require upgrades. You can upgrade an engine by doing the following:
If you installed the engine using the Shell installer, you can upgrade the engine on the Engines page.
If you didn't install the engine using the Shell installer, you need to remove the engine and do a fresh install.
Upgrade an engine (shell installations)
You can upgrade the engine on the Engines page if you have installed the engine using the shell installer. The engine must be connected during the upgrade.
Customize upgrade variables
Before upgrading, we recommend you review the upgrade variables and verify if any need to be set in the /usr/local/demisto/upgrade.conf file on the engine. For environments with multiple engines, the file is located at /usr/local/demisto/<engine-name>/upgrade.conf. In some cases, usually related to a web proxy server or a custom directory, if you do not configure the upgrade.conf file, the upgrade will fail.
The option to set custom upgrade variables is only available for shell installation.
Note
The upgrade.conf file is available on the engine after it has been upgraded to Cortex XSOAR 8.9 Cloud. Any custom variables you add to the file are applied when you upgrade from Cortex XSOAR 8.9 Cloud to Cortex XSOAR 8.10 Cloud or later.
Variable | Description | Default |
|---|---|---|
https_proxy | The URL of a web proxy server to use when connecting with the server. The variable name is case sensitive. Other common proxy variables, such as | Not set |
SERVER_URLS | The URL to connect to for hash validation. Set this variable if your tenant address has changed. Use your tenant's API address, with the | Public tenant URL |
TRUST_ANY_CERTIFICATE | Determines whether the connection's SSL certificate must be trusted. This variable must be empty | -k |
XSOAR_ENGINE_AUTO_UPGRADE_TMP_DIR | Specifies a directory to use for extracting upgrade files and executing the upgrade. For example, | By default, a random directory under the |
Test upgrade connectivity
Test the upgrade connectivity by creating a mock
d1_upgrade.shfile :cd /usr/local/demisto echo test > d1_upgrade.sh
After you create the file, the upgrade cron job removes the file within one minute.
Check the upgrade log file
/var/log/demisto/demisto_install.logfor connection related errors. For hosts with multiple engines, the log file can be found at/tmp/<engine name>/demisto_install.log.If the test is successful, the following message appears at the end of the log file, with a recent timestamp:
Validation HTTPS request returned: false.If you find errors in the log, you may need to change the variables in the
upgrade.conffile or to change your network configuration.
On the Engines page, select the checkbox for the engine that requires an upgrade.
Click Upgrade Engine.
When the upgrade finishes, the version appears in the Cortex XSOAR Version column. The upgrade procedure can take several minutes.
Upgrade an engine (non-shell installations)
If you didn't use the Shell installer, you need to remove the engine and do a fresh install.
On the Engines page, locate the engine that requires an update.
In the Download link, click relevant Download files.
On the remote machine, do the following:
Remove the existing engine. For more information, see Remove an engine.
Install the engine you downloaded in step 2. For more information, see Install an engine.
When the upgrade finishes, the version appears in the Cortex XSOAR Version column. The upgrade procedure can take several minutes.