Update
As soon as a new on-premises version is available, you will receive an e-mail from us. In the email, you can get the current version numbers. You will also get the latest versions from Github.
Make sure to also keep the installed software components Pulsar Agent, Watchdog, Hacktor and Observer up to date. You can execute the updates directly in the platform. Click here for instructions.
Enginsight Application
Automatic update (recommended)
We recommend to use our update script to automatically install the latest version of Enginsight.
1.Make sure that you have root privileges. If this is not the case, log in as superuser.
su - root
2. Navigate to the directory of your installation and run the update script.
cd /opt/enginsight/enterprise
chmod +x update.sh && ./update.sh
Creating a cronjob
Alternatively, you can have the update executed automatically via a cronjob.
1. Execute the following command to add a cronjob.
su - root
chmod +x /opt/enginsight/enterprise/update.sh
crontab -e
2. Copy the following line into the document, edit the execution time according to your needs and save the document.
0 04 * * 0 cd /opt/enginsight/enterprise && ./update.sh
In this example, the update is performed weekly on every Sunday 4:00 AM.
Manual update
If you want to manually update software modules to special versions, use the following procedure.
1. Make sure that you have root privileges. If this is not the case, log in as superuser.
su - root
2. Navigate to /opt/enginsight/enterprise
cd /opt/enginsight/enterprise
3. Adjust the image versions of the various Docker services.
nano docker-compose.yml
Example of services, ui-m1:
ui-m1:
image: enginsightonpremise/ui-m1:<version>
...
Save the docker-compose.yml
5. Execute the setup script and confirm all prompts.
./setup.sh
Software Components
You can update our four software components directly in the Enginsight platform.
Pulsar Agent
The best way is to update the Pulsar agent on all hosts at the same time.
Go to Hosts → Overview.
Click on the "Update Agents" button. You will find it above the list of your hosts.
Click Refresh. If all agents are up to date, you will receive a message.
Observer
Go to Endpoints → Observers and check if all version numbers are up to date.
If an observer does not have the current version number, click the update icon in the right column at Actions.
Watchdog
Go to Discoveries → Watchdogs and check if all version numbers are up to date.
If a watchdog does not have the current version number, click the update icon in the right column at Actions.
Hacktor
Go to Penetration Testing → Hacktors and check if all version numbers are up to date.
If a hacktor does not have the current version number, click the update icon in the right column at Actions.
SIEM Update
The following instructions explain the procedure for updating the Docker containers for Zookeeper, Solr and Traicer. It is imperative that you follow the instructions to prevent errors!
First run the central update script.
curl -sSL https://get.enginsight.com/siem/scripts/update.sh | sudo -E bash -s update
Make absolutely sure that the sequence described below is followed - especially for Zookeeper and Solr.
Zookeeper Update Avoid automatic updates for Zookeeper, or make sure that Zookeeper is fully started before the Solr update starts.
Solr Update Solr requires a running Zookeeper instance to start. If Solr is started before Zookeeper, there may be connection problems that can only be resolved by restarting Solr manually.
Traicer Update The Traicer container can be updated independently, without any special dependencies.
Part Offline and Pulsar updates
These instructions describe how to carry out updates in a partially offline scenario, in which the app server temporarily receives an internet connection in order to download updates. The downloaded data can then be transferred to other hosts without an internet connection. The focus here is on updates to the Enginsight components, in particular the Pulsar component.
Update-Prozess bei eingeschränkter Konnektivität
Internet aktivieren Activate the internet connection on the app server to be able to download the updates.
execute
update.sh
Execute the update scriptupdate.sh
on the app server. To do this, follow the steps in the update instructions above.Checking and updating the software components
After completing the update, check all relevant components, including Pulsar, Watchdog, Observer and Hacktor. To ensure that the updates are cached correctly, update at least one installation of each component. Further details can be found in the instructions under Software components.
Deactivating the Internet connection Once the updates are complete, disconnect the app server from the Internet.
Pulsar-Download-Script
If an update is required for the Pulsar component, proceed as follows:
Zum Enterprise-Verzeichnis wechseln Navigate to the directory
/opt/enginsight/enterprise
:sudo cd /opt/enginsight/enterprise
Download new script
Download the latest Pulsar update script from the official repository:
sudo wget https://raw.githubusercontent.com/enginsight/enterprise/master/scripts/fixed/pulsar.sh
Make script executable Grant the downloaded script the necessary execution rights:
sudo chmod +x pulsar.sh
Execute script Execute the script to download the current version of the Pulsar in all variants:
sudo ./pulsar.sh
Finalize setup Start the setup script to finalize the changes:
sudo ./setup.sh
Anpassung in der docker-compose.yml
docker-compose.yml
Adjust the configuration of the docker-compose.yml
for the server-m2
service to mount the Pulsar directory correctly:
server-m2:
...
- "./pulsar:/opt/enginsight/server-m2/pulsar"
After the adjustment, restart the affected service to apply the changes:
sudo docker-compose up -d server-m2
After completing the steps described above, all relevant components should be updated to the latest version. Make sure that all services are running properly and that the system is stable.
External Components
Mongo DB Upgrade
Backup of the MongoDB-configuration The Configuration in
/etc/mongod.conf
gets deleted during the upgrade. It must therefore be backed up beforehand.
To do this, change to the installation directory and stop the Enginsight environment:
cd /opt/enginsight/enterprise
sudo docker compose down
This step ensures that all running services are properly stopped before the upgrade.
Creation of a database dump Basic command:
mongodump --host "rs0/<ipOfTheDBAsUsedByTheApi>:27017" --db enginsight
With RBAC (user name/password) Add the following parameters:
--username mongoDefaultUser --password $(</etc/enginsight/mongoDefaultUserPassword) --authenticationDatabase "enginsight"
With TLS Add the following parameters:
--ssl --sslCAFile /etc/enginsight/ssl/mongodbCA.crt --sslPEMKeyFile /etc/enginsight/ssl/mongodb.pem
A complete dump command with an example IP for a database without TLS and RBAC looks like this:
mongodump --host "rs0/192.168.180.38:27017" --db enginsight
A complete dump command with an example IP for a database with TLS and RBAC looks like this:
mongodump --host "rs0/192.168.180.38:27017" --username mongoDefaultUser --password $(</etc/enginsight/mongoDefaultUserPassword) --authenticationDatabase "enginsight" --ssl --sslCAFile /etc/enginsight/ssl/mongodbCA.crt --sslPEMKeyFile /etc/enginsight/ssl/mongodb.pem --db enginsight
Deinstallation of MongoDB 5
systemctl stop mongod
apt remove mongodb-org
apt autoremove
Deleting database remnants
rm -rf /var/lib/mongodb
Upgrade of the Debian-system Perform the upgrade with the plugin listed here. The MongoDB repository is automatically updated to version 8.0. A restart of the system is mandatory.
MongoDB reinstallation After a system restart:
apt install mongodb-org
MongoDB setup
Restoring the configuration Now restore the backup of the
/etc/mongod.conf
file.Updating the configuration syntax Due to a change in the configuration syntax, an adjustment is required. The
storage
section previously looked like this:# Where and how to store data. storage: dbPath: /var/lib/mongodb journal: enabled: true # engine: # mmapv1: # wiredTiger:
The
journal
key is no longer supported and must be removed along with its suboptions. The section should then look like this:# Where and how to store data. storage: dbPath: /var/lib/mongodb # engine: # mmapv1: # wiredTiger:
Temporarily deactivating authentication Temporarily comment out the
security
: section in the/etc/mongod.conf
file if it exists. This applies to the entire section including sub-items, i.e. the indented options undersecurity:
!Start the Mongo DB
systemctl enable --now mongod
Setting up the replica set Basic command:
mongosh --host "<ipDerDBsoWieSieVonDerApiVerwendetWird>:27017" \ --eval "rs.initiate({ _id: \"rs0\", members: [{ _id: 0, host: \"<ipDerDBsoWieSieVonDerApiVerwendetWird>:27017\" }] })"
With TLS The following parameters must be added after the
--host
parameter:--tls --tlsCAFile /etc/enginsight/ssl/mongodbCA.crt --tlsCertificateKeyFile /etc/enginsight/ssl/mongodb.pem
Complete command with exemplary IP without TLS:
mongosh --host "192.168.180.38:27017" \ --eval "rs.initiate({ _id: \"rs0\", members: [{ _id: 0, host: \"192.168.180.38:27017\" }] })"
mongosh --host "192.168.180.38:27017" --tls --tlsCAFile /etc/enginsight/ssl/mongodbCA.crt --tlsCertificateKeyFile /etc/enginsight/ssl/mongodb.pem \ --eval "rs.initiate({ _id: \"rs0\", members: [{ _id: 0, host: \"192.168.180.38:27017\" }] })"
Restore user (if previously available) Basic commands:
mongosh --host "<ipOfTheDBAsUsedByTheApi>:27017" \ --eval "db.createUser({user:'mongoAdminUser',pwd:\"$(</etc/enginsight/mongoAdminUserPassword)\",roles:['userAdminAnyDatabase','clusterMonitor']})" admin mongosh --host "<ipOfTheDBAsUsedByTheApi>:27017" \ --eval "db.createUser({user:'mongoDefaultUser',pwd:\"$(</etc/enginsight/mongoDefaultUserPassword)\",roles:[{role:'readWrite',db:'enginsight'}]})" enginsight
With TLS The following parameters must be added after the
--host
parameter:--tls --tlsCAFile /etc/enginsight/ssl/mongodbCA.crt --tlsCertificateKeyFile /etc/enginsight/ssl/mongodb.pem
Complete commands with exemplary IP without TLS:
mongosh --host "192.168.180.38:27017" \ --eval "db.createUser({user:'mongoAdminUser',pwd:\"$(</etc/enginsight/mongoAdminUserPassword)\",roles:['userAdminAnyDatabase','clusterMonitor']})" admin mongosh --host "192.168.180.38:27017" \ --eval "db.createUser({user:'mongoDefaultUser',pwd:\"$(</etc/enginsight/mongoDefaultUserPassword)\",roles:[{role:'readWrite',db:'enginsight'}]})" enginsight
Complete commands with exemplary IP with TLS:
mongosh --host "192.168.180.38:27017" --tls --tlsCAFile /etc/enginsight/ssl/mongodbCA.crt --tlsCertificateKeyFile /etc/enginsight/ssl/mongodb.pem \ --eval "db.createUser({user:'mongoAdminUser',pwd:\"$(</etc/enginsight/mongoAdminUserPassword)\",roles:['userAdminAnyDatabase','clusterMonitor']})" admin mongosh --host "192.168.180.38:27017" --tls --tlsCAFile /etc/enginsight/ssl/mongodbCA.crt --tlsCertificateKeyFile /etc/enginsight/ssl/mongodb.pem \ --eval "db.createUser({user:'mongoDefaultUser',pwd:\"$(</etc/enginsight/mongoDefaultUserPassword)\",roles:[{role:'readWrite',db:'enginsight'}]})" enginsight
Reactivation of the authentication The lines commented out in step 7.3. must now be commented in again. MongoDB must then be restarted:
systemctl restart mongod
Importing the dump Basic command:
mongorestore --host "rs0/<ipDerDBsoWieSieVonDerApiVerwendetWird>:27017"
With RBAC (Username/Password)
Add these parameters:
--username mongoDefaultUser --password $(</etc/enginsight/mongoDefaultUserPassword) --authenticationDatabase "enginsight"
With TLS
Add these parameters:
--ssl --sslCAFile /etc/enginsight/ssl/mongodbCA.crt --sslPEMKeyFile /etc/enginsight/ssl/mongodb.pem
A complete dump command with an example IP for a database without TLS and RBAC looks like this:
mongorestore --host "rs0/192.168.180.38:27017"
A complete dump command with an example IP for a database with TLS and RBAC looks like this:
mongorestore --host "rs0/192.168.180.38:27017" --username mongoDefaultUser --password $(</etc/enginsight/mongoDefaultUserPassword) --authenticationDatabase "enginsight" --ssl --sslCAFile /etc/enginsight/ssl/mongodbCA.crt --sslPEMKeyFile /etc/enginsight/ssl/mongodb.pem
cd /opt/enginsight/enterprise
sudo docker compose up -d
This step ensures that all services run properly again after the upgrade.
Last updated
Was this helpful?