Upgrading ESA to v10.2.0

• 1: Upgrading ESA from v9.1.0.x
• 2: Upgrading ESA from v9.2.0.x
• 3: Upgrading ESA from v10.0.x
• 4: Verifying the ESA Patch Installation
• 5: Verifying the health of Trusted Appliance Cluster

1 - Upgrading ESA from v9.1.0.x

When ESA is upgraded from v9.1.0.x, then the process is completed over two phases.
During Phase 1, the Kernel, OS, and other components are upgraded. After the Phase 1 is completed, the system restarts automatically.

After the system restarts, Phase 2 begins automatically and the critical components of ESA are upgraded.

It is recommended to wait for a few minutes before logging in to the ESA using SSH, to view the upgrade progress.

If logging into the system using SSH is attempted immediately after the system restarts, then an error with Invalid Credentials appears. This may occur while LDAP upgrade is in process.

After the upgrade is successful, the system restarts automatically. After the system restarts, log in to the ESA using the CLI Manager or Web UI. When using the SSH, it is recommended to wait for a few minutes before logging in to the ESA.

While upgrading the ESA from v9.1.0.x, the entire process takes approximately 45 minutes. A temporary downtime is expected, resulting in limited access or intermittent interruptions.
Additionally, the time taken for creating the backup depends on the actual size of the data which is being backed up. The time taken for the backup is excluded from the upgrade process.

Uploading the patch using the CLI Manager

Perform the following steps to upload the patch from the CLI Manager:

1. Log in to the ESA CLI Manager with administrator credentials.
2. Navigate to Administration > OS Console to upload the patch.
3. Enter the root password and click OK.
4. Upload the patch to the /products/uploads directory using the FTP or SCP command.

The patch file is uploaded.

Installing the ESA patch from CLI Manager

Before you begin

• When upgrading nodes in an Audit Store cluster, if cluster-related checks pass on one node, you can safely ignore similar errors on the other nodes.

• While upgrading multiple nodes in the Audit Store cluster, the post-upgrade steps are completed successfully only after all cluster nodes are upgraded. A success message is then logged and shown to the user as a notification message, both, in the ESA UI and the CLI. Investigate post-upgrade errors only after all nodes are upgraded.

Perform the following steps to install the patch from the CLI Manager:

1. Log in to the ESA CLI Manager with administrator credentials.

2. Navigate to Administration > Patch Management to install the patch.

3. Enter the root password and click OK.

4. Select Install a Patch.

5. Select the ESA_PAP-ALL-64_x86-64_10.2.0.UP.2631.pty patch file and select Install.
   

6. After Phase 1 is installed, following screen appears.

   

7. After the reboot is successful, Phase 2 begins automatically.

8. After Phase 2 is completed, a message for System going down for reboot now appears.
   After the reboot is successful, then the patch is installed successfully.

The patch is installed successfully and the ESA is upgraded to v10.2.0.

After upgrading the system successfully on v10.2.0, when using the SSH, it is recommended to wait for a few minutes before logging in to the ESA.

After succesfully upgrading the ESA to v10.2.0, apply the ESA 10.2.1 HF patch. This patch contains various vulnerability fixes, package updates, and bug fixes.

2 - Upgrading ESA from v9.2.0.x

When ESA is upgraded from v9.2.0.x, then the upgrade process happens in a single phase.

During the upgrade, the system displays the upgrade progress which appears on the ESA CLI Manager. After the upgrade is successful, the system restarts automatically.
After the system restarts, log in to the ESA using the CLI Manager or Web UI.

While upgrading the ESA from v9.2.0.x, the entire process takes approximately 30 minutes. A temporary downtime is expected, resulting in limited access or intermittent interruptions.
Additionally, the time taken for creating the backup depends on the actual size of the data which is being backed up. The time taken for the backup is excluded from the upgrade process.

Uploading the patch using the CLI Manager

Perform the following steps to upload the patch from the CLI Manager:

1. Log in to the ESA CLI Manager with administrator credentials.
2. Navigate to Administration > OS Console to upload the patch.
3. Enter the root password and click OK.
4. Upload the patch to the /products/uploads directory using the FTP or SCP command.

The patch file is uploaded.

Installing the ESA patch from CLI Manager

Before you begin

• When upgrading nodes in an Audit Store cluster, if cluster-related checks pass on one node, you can safely ignore similar errors on the other nodes.

• While upgrading multiple nodes in the Audit Store cluster, the post-upgrade steps are completed successfully only after all cluster nodes are upgraded. A success message is then logged and shown to the user as a notification message, both, in the ESA UI and the CLI. Investigate post-upgrade errors only after all nodes are upgraded.

Perform the following steps to install the patch from the CLI Manager:

1. Log in to the ESA CLI Manager with administrator credentials.

2. Navigate to Administration > Patch Management to install the patch.

3. Enter the root password and click OK.

4. Select Install a Patch.

5. Select the ESA_PAP-ALL-64_x86-64_10.2.0.UP.2631.pty patch file and select Install.
   

6. After the patch is installed, select Reboot Now.

   

   This screen has a timeout of 60 seconds. If Reboot Now is not selected manually, then the system automatically reboots after 60 seconds.

7. After the reboot is initiated, the message Patch has been installed successfully !! appears. Select Exit.

The patch is installed successfully and the ESA is upgraded to v10.2.0.

After upgrading the system successfully on v10.2.0, when using the SSH, it is recommended to wait for a few minutes before logging in to the ESA.

After succesfully upgrading the ESA to v10.2.0, apply the ESA 10.2.1 HF patch. This patch contains various vulnerability fixes, package updates, and bug fixes.

3 - Upgrading ESA from v10.0.x

When ESA is upgraded from v10.0.1 or v10.1.0, ensure to apply the hotfix patch before applying the v10.2.0 upgrade patch.

If upgrading ESA from v10.0.1 or v10.1.0, then the upgrade process happens in a single phase.

During the upgrade, the system displays the upgrade progress which appears on the ESA CLI Manager. After the upgrade is successful, the system restarts automatically.
After the system restarts, log in to the ESA using the CLI Manager or Web UI.

While upgrading the ESA from v10.0.1 or v10.1.0, the entire process takes approximately 30 minutes. A temporary downtime is expected, resulting in limited access or intermittent interruptions.
Additionally, the time taken for creating the backup depends on the actual size of the data which is being backed up. The time taken for the backup is excluded from the upgrade process.

Uploading the ESA patch

The ESA patch can be uploaded using the Web UI or the CLI Manager but the patch should only be installed using the CLI Manager.

Uploading the patch using the Web UI

Perform the following steps to upload the patch from the Web UI:

1. Log in to the ESA Web UI with administrator credentials.

2. Navigate to Settings > System > File Upload.
   The File Upload page appears.

3. In the File Selection section, click Choose File.
   The file upload dialog box appears.

4. Select the patch file and click Open.

   • Only the files with .pty and .tgz extensions can be uploaded.
     
   • If the file uploaded exceeds the Max File Upload Size, then a password prompt appears. Enter the password and click Ok.
     

     Only a user with the administrative role can perform this action.

   • By default, the Max File Upload Size value is set to 25 MB. To increase this value, refer Increasing Maximum File Upload Size.

5. Click Upload.
   

6. After the file is uploaded successfully, then from the Uploaded Files area, choose the uploaded patch.
   The information for the selected patch appears.

   

Uploading the patch using the CLI Manager

Perform the following steps to upload the patch from the CLI Manager:

1. Log in to the ESA CLI Manager with administrator credentials.
2. Navigate to Administration > OS Console to upload the patch.
3. Enter the root password and click OK.
4. Upload the patch to the /products/uploads directory using the FTP or SCP command.

The patch file is uploaded.

Installing the ESA patch from CLI Manager

Before you begin

• When upgrading nodes in an Audit Store cluster, if cluster-related checks pass on one node, you can safely ignore similar errors on the other nodes.

• While upgrading multiple nodes in the Audit Store cluster, the post-upgrade steps are completed successfully only after all cluster nodes are upgraded. A success message is then logged and shown to the user as a notification message, both, in the ESA UI and the CLI. Investigate post-upgrade errors only after all nodes are upgraded.

Perform the following steps to install the patch from the CLI Manager:

1. Log in to the ESA CLI Manager with administrator credentials.

2. Navigate to Administration > Patch Management to install the patch.

3. Enter the root password and click OK.

4. Select Install a Patch.

5. Select the ESA_PAP-ALL-64_x86-64_10.2.0.UP.2631.pty patch file and select Install.
   

6. After the patch is installed, select Reboot Now.

   

   This screen has a timeout of 60 seconds. If Reboot Now is not selected manually, then the system automatically reboots after 60 seconds.

7. After the reboot is initiated, the message Patch has been installed successfully !! appears. Select Exit.

The patch is installed successfully and the ESA is upgraded to v10.2.0.

After upgrading the system successfully on v10.2.0, when using the SSH, it is recommended to wait for a few minutes before logging in to the ESA.

After succesfully upgrading the ESA to v10.2.0, apply the ESA 10.2.1 HF patch. This patch contains various vulnerability fixes, package updates, and bug fixes.

4 - Verifying the ESA Patch Installation

Verifying the ESA version

Perform the following steps to verify the patch installation:

1. From the ESA Web UI, navigate to System > Information.
   The current patch installed on the ESA is displayed.
2. Navigate to the About page to view the current version of the ESA.

The ESA is upgraded to v10.2.0.

Verifying Upgrade Logs

During the upgrade process, logs describing upgrade process are generated. The logs describe the services that are initiated, restarted, or the errors generated.

To view the logs under the /var/log directory from the CLI Manager, navigate to CLI Manager > Administration > OS console.

5 - Verifying the health of Trusted Appliance Cluster

After upgrading all the ESAs in the Trusted Appliance Cluster to v10.2.0, ensure that all the nodes in the cluster are healthy.

Perform the following steps to verify health of ESAs in the TAC.

These steps must be performed individually on each ESA node in the Trusted Appliance Cluster.

1. From the ESA Web UI, navigate to System > Trusted Appliance Cluster.
2. Verify the details for each node in the TAC.
3. In the Status field, the ESA node must be Online.
4. In the Status Message field, no errors must be displayed.
5. In the Labels field, each node must be labeled as Consul Server or Consul Client.
   If the label for any ESA node is not Consul Server or Consul Client, then refer Common ESA Errors.