Updating SEAL Elastic Stack¶

Overview¶

The update consists of a server and a client part which you have to update separately.

Server:

The server part includes Elasticsearch and Kibana. You have to update it on the management server.
Client:

The client part contains Filebeat. You have to update it on the PLOSSYS 5 server.

Hint - changes in the Delete phase

Concerning the Delete phase of accounting and audit data, the storage period default of the corresponding lifecycle policy has been significantly enhanced from 7 to 365 days. This way these data are stored in the Elasticsearch database in this period between 365 and 395 days.

As during updates, our configuration script leaves settings of index policies untouched, the new default only affects new installations.

If you need changes concerning the long term storage, you have to adjust the settings manually.

Manual Steps Before Updating from 7.16.2 and Previous Versions to SEAL Elasticstack 7.17.0¶

Elasticsearch is set up as a separate service like Kibana and Filebeat.

Therefore the directory structure of Elasticsearch changes.
The content of the current database is transferred automatically during the update.
The name of the corresponding service changes from elasticsearch to seal-elasticsearch.

We strongly recommend you to

back up the Elasticsearch database as described in Source System: Creating Complete Snapshots/Backups and
make screenshots of the dashboards and indices in the discover view.

This allows a quick overview whether the update succeeded.

Management Server¶

In a browser, log on to the SEAL Systems delivery platform with your logon data:

https://delivery.sealsystems.de

Hint - logon data

You receive the logon data from your Technical Project Manager at SEAL Systems.
Download the SEAL Elastic Stack - 7.17.4.303 - rpm folder. It is saved as SEAL Elastic Stack - 7.17.4.303 - rpm.zip.

Extract SEAL Elastic Stack - 7.17.4.303 - rpm.zip:

unzip "SEAL Elastic Stack - 7.17.4.303 - rpm.zip"

Change to the SEAL Elastic Stack - 7.17.4.303 - rpm/server directory and start installing the packages:
```
cd "SEAL Elastic Stack - 7.17.4.303 - rpm/server"
```
```
sudo sh install.sh
```
Open the required firewall ports for necessary services:
```
sudo sh firewall.sh
```
Check the configuration files:

The installation script also checks for the presence of *.rpmnew and *.rmpsave files.
- *.rpmnew files contain the latest default configurations of the updated software.
- *.rmpsave files are configuration files that are kept after the old software is uninstalled. You can use them to restore the configuration of the previous version after you have installed the new package.
You have to transfer the configuration settings from these files manually.
Change to the configuration directory of seal-elasticsearch:
```
cd /opt/seal/etc/config/seal-elasticsearch
```
In an editor, compare the new elasticsearch.yml configuration file to the old elasticsearch.yml.install-bak configuration file.

Add your customer-specific changes, e. g. path.repo or xpack.security.enabled.

For details on the general configuration, see Configuring Elasticsearch.
Change to the common configuration directory:
```
cd /opt/seal/etc/config
```
In an editor, compare the new kibana.yml configuration file to the old kibana.yml.install-bak configuration file.

Add your customer-specific changes, e. g. elasticsearch.username or elasticsearch.password.

For details on the general configuration, see Configuring Kibana.

Start Elasticsearch:

sudo systemctl start seal-elasticsearch

Start Kibana:
```
sudo systemctl start seal-kibana
```
Caution - long duration

If you start Kibana for the first time after the update this may take very long. Do not stop the starting process, just wait until it is finished.
Update the necessary database configuration as described in Configuration via Script.

PLOSSYS 5 Server¶

Caution - SEAL Elastic Stack incompatible to seal-elk

SEAL Elastic Stack contains the new version of Elasticsearch and Kibana and replaces seal-elk. Before installing SEAL Elastic Stack, you have to uninstall seal-elk:

RHEL:
```
sudo yum --assumeyes remove seal-elk
```

SLES:

sudo zypper --non-interactive remove seal-elk

In a browser, log on to the SEAL Systems delivery platform with your logon data:

https://delivery.sealsystems.de

Hint - logon data

You receive the logon data from your Technical Project Manager at SEAL Systems.
Download the SEAL Elastic Stack - 7.17.4.303 - rpm folder. It is saved as SEAL Elastic Stack - 7.17.4.303 - rpm.zip.

Extract SEAL Elastic Stack - 7.17.4.303 - rpm.zip:

unzip "SEAL Elastic Stack - 7.17.4.303 - rpm.zip"

Change to the SEAL Elastic Stack - 7.17.4.303 - rpm/client directory and install the packages:
```
cd "SEAL Elastic Stack - 7.17.4.303 - rpm/client"
```
```
sudo sh install.sh
```
Change to the configuration directory:
```
cd /opt/seal/etc
```
Check the configuration files:

The installation script also checks for the presence of *.rpmnew and *.rmpsave files.
- *.rpmnew files contain the latest default configurations of the updated software.
- *.rmpsave files are configuration files that are kept after the old software is uninstalled. You can use them to restore the configuration of the previous version after you have installed the new package.
You have to transfer the configuration settings from these files manually.
In an editor, compare the latest filebeat.yml.rpmnew default configuration file to the current filebeat.yml configuration file.
Start SEAL Filebeat:
```
sudo systemctl start seal-filebeat
```

PLOSSYS 4 Server¶

In a browser, log on to the SEAL Systems delivery platform with your logon data:

https://delivery.sealsystems.de

Hint - logon data

You receive the logon data from your Technical Project Manager at SEAL Systems.
Download the SEAL Elastic Stack - 7.17.4.303 - rpm folder. It is saved as SEAL Elastic Stack - 7.17.4.303 - rpm.zip.

Extract SEAL Elastic Stack - 7.17.4.303 - rpm.zip:

unzip "SEAL Elastic Stack - 7.17.4.303 - rpm.zip"

Change to the SEAL Elastic Stack - 7.17.4.303 - rpm/client-p4 directory and start installing the packages:
```
cd "SEAL Elastic Stack - 7.17.4.303 - rpm/client-p4"
```
```
sudo sh install.sh
```
Change to the configuration directory:
```
cd /opt/seal/etc
```
Check the configuration files:

The installation script also checks for the presence of *.rpmnew and *.rmpsave files.
- *.rpmnew files contain the latest default configurations of the updated software.
- *.rmpsave files are configuration files that are kept after the old software is uninstalled. You can use them to restore the configuration of the previous version after you have installed the new package.
You have to transfer the configuration settings from these files manually.
In an editor, compare the latest filebeat-p4-accounting.yml.rpmnew default configuration file to the current filebeat-p4-accounting.yml configuration file.

Start SEAL Filebeat:

sudo systemctl start seal-p4-accounting-filebeat

SEAL Operator Server¶

In a browser, log on to the SEAL Systems delivery platform with your logon data:

https://delivery.sealsystems.de

Hint - logon data

You receive the logon data from your Technical Project Manager at SEAL Systems.
Download the SEAL Elastic Stack - 7.17.4.303 - rpm folder. It is saved as SEAL Elastic Stack - 7.17.4.303 - rpm.zip.

Extract SEAL Elastic Stack - 7.17.4.303 - rpm.zip:

unzip "SEAL Elastic Stack - 7.17.4.303 - rpm.zip"

Change to the SEAL Elastic Stack - 7.17.4.303 - rpm/client-operator directory and start installing the packages:
```
cd "SEAL Elastic Stack - 7.17.4.303 - rpm/client-operator"
```
```
sudo sh install.sh
```
Change to the configuration directory:
```
cd /opt/seal/etc
```
Check the configuration files:

The installation script also checks for the presence of *.rpmnew and *.rmpsave files.
- *.rpmnew files contain the latest default configurations of the updated software.
- *.rmpsave files are configuration files that are kept after the old software is uninstalled. You can use them to restore the configuration of the previous version after you have installed the new package.
You have to transfer the configuration settings from these files manually.
In an editor, compare the latest filebeat-operator.yml.rpmnew default configuration file to the current filebeat-operator.yml configuration file.

Start SEAL Filebeat:

sudo systemctl start seal-operator-filebeat

Manual Steps After Updating from 7.16.2 and Previous Versions to SEAL Elasticstack 7.17.0¶

Use your screenshots to check, whether the database content has been transferred successfully.
- If so, delete the old database directory. You have to delete it manually, as it not deleted by uninstalling the old elasticsearch service:
```
sudo rm -rf /var/lib/elasticsearch/nodes
```
- If not, you have to
  - delete the corrupted indices manually and
  - restore the data from the backup made before updating
    
    For details on the restoration, see Target system: Complete Recovery from a Full Backup.
Then check again, whether the database is ok.
Several configuration files are transferred automatically and saved in the new directory structure and named *.imported.

Check the configuration parameters mentioned in this documentation for correctness. The old and new configuration files differ especially under Windows.

For details on the configuration, see Configuring Elasticsearch.