Before you upgrade RHEL
The Rundoc-powered installation and upgrade script only supports:
Single machine installs.
Installations performed using the Intelligence Center (IC) install script.
If you are upgrading a distributed installation, you must perform the operation manually.
Before upgrading the Intelligence Center, we recommend that follow the instructions in this guide.
Contents
Disable rules
Disable all Intelligence Center rules:
Entity rules
Observable rules
Enrichment rules
Discovery rules
To disable rules:
Go to Data configuration ( ) > Rules.
For each of the rule types (Entity, Observable, Enrichment, Discovery), select its corresponding tab to open a list of those rules.
Select the checkbox to the left of the Rule name column to select all visible rules.
If you have more items than arevisible on the screen, you must either:
Increase the number of visible items per page and then select them.
Select Next page (>) and then select the newly selected items to add them to the list of currently selected items.
Select More ( ) > Disable from the list’s top-right corner to disable all selected rules.
To re-enable rules after finishing the upgrade:
Follow the steps above.
Instead of selecting More ( ) > Disable, select More ( ) > Enable.
Back up your data
Before proceeding to upgrade the platform or any of its third-party components, always back up your data.
Stop the Intelligence Center
Stop all backend services:
systemctl stop eclecticiq-platform-backend-services
Clear Celery queues
Use the redis-cli command to check that Celery queues are empty:
# Start redis-cli in interactive mode
redis
-
cli
# Run these commands in the redis-cli shell
llen enrichers
llen integrations
llen priority_enrichers
llen priority_providers
llen priority_utilities
llen providers
llen reindexing
llen utilities
If any of the queues are not empty, run the following commands to delete that queue:
# Launch redis-cli
$ redis
-
cli
# Delete the entity ingestion queue
$ >
del
"queue:ingestion:inbound"
# Delete the graph ingestion queue
$ >
del
"queue:graph:inbound"
# Delete the search indexing queue
$ >
del
"queue:search:inbound"
Stop the remaining Celery workers:
systemctl stop eclecticiq
-
platform
-
backend
-
worker
*
.service
Clean up PID files
Check that there are no leftover PID files
Check for running IC processes:
ps
auxf |
grep
beat
Run kill to stop any remaining IC processes.
Manually remove any leftover PID files with the rm command.
Usually, PID files are stored in /var/run.
Review configuration files
IC configuration files
The IC stores configuration files in /etc/eclecticiq/. Back up these files before performing an upgrade.
Release notes may instruct you to update these files for an upgrade.
Config file |
Description |
platform_settings.py |
Contains core platform settings such as:
|
opentaxii.yml |
Contains OpenTAXII configuration parameters such as:
|
Third party configuration files
After checking the platform configuration to make sure it correctly describes the upgraded environment, do the same with the configurations of third-party components and dependencies.
The IC stores IC-specific configuration files for third-party services in these locations:
/etc/eclecticiq-elasticsearch/
/etc/eclecticiq-kibana/
/etc/eclecticiq-neo4j/
/etc/eclecticiq-neo4jbatcher/
/etc/eclecticiq-nginx/
/etc/eclecticiq-postgres/
/etc/eclecticiq-redis/
Elasticsearch
About databases and network bindings
On a single machine installation, network interface bindings for services are set to 127.0.0.1 by default, except for PostgreSQL which has a different configuration.
Instructions may have asked you to change this to a more permissive binding in multi-machine installations, or you may be using an older installation where defaults were set to 0.0.0.0.
The table below shows a list of configuration files where network interface bindings are set for each service.
You may want to change these bindings to suit your environment.
Service name |
File path(s) |
Parameters |
Notes |
Elasticsearch |
/ etc / systemd / system / elasticsearch.service.d / 20 - eclecticiq.conf |
[Service] Environment = BINDING_ADDRESS = 127.0 . 0.1 |
For more information, see Elasticsearch’s documentation. |
Neo4j |
/ etc / eclecticiq - neo4j / neo4j.conf |
dbms.connector.bolt.listen_address = : 7687 dbms.connector.http.listen_address = : 7474 dbms.connector.https.listen_address = : 7473 dbms.connectors.default_listen_address is left unset, and defaults to 127.0.0.1. |
For more information, see Configure connectors and dbms.connectors.default_listen_address. |
PostgreSQL |
/ etc / eclecticiq - postgres / pg_hba.conf |
TYPE DATABASE USER ADDRESS METHOD local all postgres trust host all all samenet md5 host all all 0.0 . 0.0 / 0 password |
For more information, see The pg_hba.conf File. |
Redis |
/ etc / eclecticiq - redis / redis.conf |
bind 127.0 . 0.1 |
For more information, see Redis security and redis.conf. |