How to Migrate EDR on RHEL/CentOS 7 to a New Server on EL8.
search cancel

How to Migrate EDR on RHEL/CentOS 7 to a New Server on EL8.

book

Article ID: 285647

calendar_today

Updated On:

Products

Carbon Black EDR (formerly Cb Response)

Issue/Introduction

How to migrate the EDR application installed on RHEL/CentOS 7 to a new server with EL 8.

Environment

  • EDR Server: 7.x
  • RHEL/CentOS: 7.x
  • RHEL: 8.x

Resolution

 

  1. Confirm the OS version is supported Operating Environment Requirements for EDR 7.8.0 (OER).  
  2. Review the VMware Carbon Black EDR Server/Cluster Management Guide.  Specifically the Backup, Install and Restore sections. 
  3. Confirm the backup directory has enough disk space for Cb configuration files, Postgres database, Solr data and optionally Solr cbevents.
  4. Backup the EDR 7.8 files on the RHEL 7.x server according to the Guide p. 72. 
      • Stop EDR services.
      • Change directories to store the backup files (i.e. /root/RHEL7/).  Confirm there is enough disk space for the complete backup.
      • Issue commands to back up critical files.
        • cd /root/RHEL7/
          cp /etc/hosts .
          tar -P --selinux -cvf cbssh.tar /etc/ssh/
          tar -P --selinux -cvf cbconfig.tar /etc/cb/
          tar -P --selinux -cvf cbrootauthkeys.tar /root/.ssh/authorized_keys
          tar -P --selinux -cvf cbinstallers.tar /usr/share/cb/coreservices/installers/
          tar -P --selinux -cvf cbcrons.tar /etc/cron.d/cb
      • Issue commands to perform a full backup or skip the event core backups. (See Guide for additional information)
        • tar -P --selinux -cvf cbdata.tar /var/cb/
          OR backup without event data
          tar --exclude=/var/cb/data/solr?/cbevents/* -P --selinux -cvf cbdata.tar /var/cb
      • See Guide for backing up custom changes for syslog and syslog templates.

  5. Create a second server with RHEL 8.x installed and registered.  Confirm the RHEL8 resources follow the OER.
  6. Configure the RHEL 8.x server's hostname, IP address and DNS server to match the EDR 7.x server.  
    vi /etc/hosts
vi /etc/sysconfig/network-scripts/ifcfg-<interface>
  7. Install the instance's rpm on the RHEL 8 server. 
    rpm -ivh <your instance>.rpm
  8. Follow the Guide p16.  Disable a few modules prior to the cb-enterprise install.
    yum module disable -y postgresql redis python39
  9. Install cb-enterprise on the RHEL 8.x server. 
    yum install cb-enterprise
  10. Initialize the RHEL 8.x cb-enterprise, but do not start the services.  
    /usr/share/cb/cbinit
    • cbinit will go through the normal setup and will ask for username, email, password etc. Fill this out, it can be fake info as you will be restoring the old info in step 10.
  11. Copy the EDR 7.x backup tar files to the RHEL 8.x server.
  12. Follow the Guide p73-74 to restore the tar files on the RHEL 8.x server. 
      • Remove data from the fresh install:
        rm -rf /etc/cb
rm -rf /var/cb
      • Restore items from the tar files (from the backup directory):
        for f in *.tar; do tar -P -xvf "$f"; done
      • Set SE LInux permissions:
        chcon -R system_u:object_r:rabbitmq_var_lib_t:s0 /var/cb/data/rabbitmq/
chcon -R system_u:object_r:var_log_t:s0 /var/log/cb/redis
chcon -R system_u:object_r:redis_log_t:s0 /var/log/cb/redis/*.log && chcon -R system_u:object_r:redis_log_t:s0 /var/log/cb/redis/*.log-*
chcon -R system_u:object_r:var_log_t:s0 /var/log/cb/redis/*
  13. Check the hostname, IP address and DNS one more time.  
    cat /etc/hosts
cat /etc/sysconfig/network-scripts/ifcfg-<interface>
  14. Disable the RHEL 7.x server's interface.  
    ifdown <interface>
  15. Reboot the RHEL 8.x server with EDR 7.x installed and restored. The sensors will start reporting to the new server.  Connect to the EDR 7.x UI on the RHEL 8 server.

Additional Information

Powered by Wolken Software