Updating Smart Monitor
This instruction describes the process of updating Smart Monitor from version 4.1.* to 4.2.*.
Information
Conditional designations:
SM_INSTALLER- directory where theSmart Monitorversion 4.2 installation package is unpackedUSER- system user with administrator rights, usuallyadminOPENSEARCH_HOME- OpenSearch home directory, usually/app/opensearch/OPENSEARCH_DATA- directory where indexed data is stored, usually/app/data/OSD_HOME- OpenSearch Dashboards home directory, usually/app/opensearch-dashboards/PATH_SSL- location of certificate, privateadminkey, and alsoca-cert, usually coincides with/app/opensearch/config/
The primary step for updating is determining the currently installed version of Smart Monitor. This can be done by viewing module versions on the main page or executing a command in the command line:
curl https://127.0.0.1:9200/_cat/plugins -k -u $USER
After entering this command, you will need to enter the password for the $USER account. It is recommended to use the admin user.
A detailed list of new features can be viewed in the article What's New in Smart Monitor 4.2.
Let's consider the procedure for updating each component. The 4.2 installer needs to be unpacked into a directory, for example, /app/distr/.
Before starting work, it is strictly recommended to make a backup of the main configuration files and Security settings.
Recommended actions
It is recommended to create a directory, for example, /app/backup, where you should save:
-
configdirectory, usually$OPENSEARCH_HOME/configor$OSD_HOME/config -
systemdfiles, usually/etc/systemd/system/opensearch.serviceand/etc/systemd/system/opensearch-dashboards.service,/etc/systemd/system/sme-re.service -
file
/etc/sysctl.d/00-opensearch.conf -
copy of Security settings, this needs to be done once, for which you will need the certificate and private key of admin user (the command below will create a directory with the current date with OpenSearch security settings)
chmod +x $OPENSEARCH_HOME/plugins/opensearch-security/tools/securityadmin.sh
JAVA_HOME=$OPENSEARCH_HOME/jdk/ $OPENSEARCH_HOME/plugins/opensearch-security/tools/securityadmin.sh -backup /app/backup/security_$(date +%Y%m%d) \
-icl \
-nhnv \
-cacert $OPENSEARCH_HOME/config/ca-cert.pem \
-cert $OPENSEARCH_HOME/config/admin-cert.pem \
-key $OPENSEARCH_HOME/config/admin-key.pem
Disabling Inventory Processor
Significant changes were made to the internal document storage structure of Inventory in version 4.2. To prevent Inventory Processor from terminating with an error during its operation, it is recommended to disable it.
Disabling Inventory Processor must be performed before carrying out the main update. These actions need to be performed once.
Usually Inventory Processor runs on a single instance on the first Smart Monitor Data Storage node with long-term data storage (routing mode cold) using crond according to schedule. You can view the list of crond jobs with the command below.
crontab -l
Comment out the execution of Inventory Processor and save the changes in crond.
If Inventory Processor is launched not from the standard location $OPENSEARCH_HOME/utils/inventory/moduleInventory, then after updating you need to replace the Inventory Processor executable file manually.
Updating OpenSearch
The Smart Monitor 4.2 installer needs to be unpacked into a directory, for example, /app/distr/. Mark where you unpack the contents of the archive as $SM_INSTALLER.
SM_INSTALLER=/app/distr/sm_4.2
For clusters consisting of multiple nodes, it is recommended to disable allocation before updating through the developer console (Navigation Menu - System Settings - Developer Console) by executing the command:
PUT _cluster/settings
{
"persistent": {
"cluster.routing.allocation.enable": "none"
}
}
You can do the same thing from the terminal with the following command:
curl -XPUT -k -u admin "https://127.0.0.1:9200/_cluster/settings?pretty" -H "Content-Type: application/json" -d '{"persistent":{"cluster.routing.allocation.enable": "none"}}'
When updating cluster nodes, do not use allocation disabling with the update script. After updating all cluster nodes, enable allocation:
PUT _cluster/settings
{
"persistent": {
"cluster.routing.allocation.enable": "all"
}
}
You can do the same thing from the terminal with the following command:
curl -XPUT -k -u admin "https://127.0.0.1:9200/_cluster/settings?pretty" -H "Content-Type: application/json" -d '{"persistent":{"cluster.routing.allocation.enable": "all"}}'
Automatic mode
For the script to work, the following pre-installed packages are required:
curlzipunzip
If at the end you don't see the inscription that Smart Monitor has been updated, don't run the update script again, take a screenshot of where the script stopped and contact technical support.
The automatic update script allows automating actions during updating and is located at $SM_INSTALLER/opensearch/update.sh. When calling the script, you can specify the configuration file $SM_INSTALLER/opensearch/example_config_opensearch.yaml. The YAML file format is similar to the configuration file during installation.
The update script supports the following startup parameters:
-c, --config <path_to_config_file_yaml>- specify configuration file for updating-h, --help- displays help on available commands
Start updating with nodes without the master role, data nodes can connect to older versions of master nodes, but not vice versa.
To start the update, run the script:
$SM_INSTALLER/opensearch/update.sh
After running the script, it will automatically find the paths of the main directories:
OpenSearch Home Directory- OpenSearch installation directory, usually/app/opensearchOpenSearch Conf Directory- OpenSearch configuration files directory, usually/app/opensearch/config/OpenSearch Data Directory- data directory, usually/app/data/OpenSearch Logs Directory- logs directory, usually/app/logs/
The update script does not perform any actions with the data and logs directories, and the configuration files directory and systemd files will be saved to the temporary directory $SM_INSTALLER/opensearch/staging/.
If you run the script again, the staging directory will be cleared.
================================================================================
SMART MONITOR UPDATE SCRIPT - OPENSEARCH
================================================================================
Current working directory: /app/distr/sm_4.2/opensearch
Current name of install's archive: opensearch-2.13.0-linux-x64.tar.gz
New version OpenSearch: 2.13.0
================================================================================
-- STEP 1. INSTALLATION DIRECTORIES
opensearch.service file found. Will get necessary paths from there
Final Opensearch home directory: /app/opensearch
Final Opensearch conf directory: /app/opensearch/config
Final Opensearch data directory: /app/data/opensearch
Final Opensearch logs directory: /app/logs/opensearch
Is this correct? [y/n]:
After entering the directories, you need to confirm the automatically found data by pressing y, or enter your own directories manually by pressing n.
At the second step, you need to answer the question about allocation. If you enter y, the script will disable allocation before updating and enable it at the end of the script's work.
-- STEP 2. CONFIGURE ALLOCATION
Do you want to disable allocation during update? [y/N]: n
You don't want to disable allocation: n
Is this correct? [y/n]:
At the third step, you will need to enter the password from admin user. The password will not be displayed when entering.
-- STEP 3. GET ADMIN PASSWORD
Enter password for user "admin":
If you enter an incorrect password, allocation will not be disabled even if you select it in the previous step, and information about the current node will not be displayed, but the update will not be interrupted.
Then preparatory actions will be performed before updating, before applying the update a question about continuing will be asked, until this moment no actions are performed in the system. Also, some information about the current node and the cluster as a whole will be displayed.
get current list of plugins
sm-core
sm-im
sm-inventory
sm-ism-action-clickhouse
sm-job-scheduler
sm-job-scheduler-actions-incident
sm-job-scheduler-actions-mitre
sm-knowledge-center
sm-mitre
sm-mssp
sm-rsm
sm-uba
sme
opensearch-security
Information about current node OpenSearch:
{
"name" : "smos-node-00",
"cluster_name" : "smos-cluster",
"cluster_uuid" : "yKPPDCHGSA6rHQT948jokQ",
"version" : {
"distribution" : "opensearch",
"number" : "2.11.1",
"build_type" : "tar",
"build_hash" : "6b1986e964d440be9137eba1413015c31c5a7752",
"build_date" : "2023-11-29T21:43:10.135035992Z",
"build_snapshot" : false,
"lucene_version" : "9.7.0",
"minimum_wire_compatibility_version" : "7.10.0",
"minimum_index_compatibility_version" : "7.0.0"
},
"tagline" : "The OpenSearch Project: https://opensearch.org/"
}
!!! AT THIS POINT WE START TO MAKE CHANGES IN OPERATING SYSTEM !!!
Do you want to continue? [y/N]:
If you press Enter - the update will be interrupted, to continue you need to press y.
Upon successful completion of the update, you should see the inscription SMART MONITOR SUCCESSFULLY UPDATED!, preliminary information about the cluster and current node will be displayed.
-- STEP 10. PRINT INFORMATION
current state of cluster
{
"cluster_name" : "smos-cluster",
"status" : "yellow",
"timed_out" : false,
"number_of_nodes" : 1,
"number_of_data_nodes" : 1,
"discovered_master" : true,
"discovered_cluster_manager" : true,
"active_primary_shards" : 50,
"active_shards" : 50,
"relocating_shards" : 0,
"initializing_shards" : 0,
"unassigned_shards" : 15,
"delayed_unassigned_shards" : 0,
"number_of_pending_tasks" : 0,
"number_of_in_flight_fetch" : 0,
"task_max_waiting_in_queue_millis" : 0,
"active_shards_percent_as_number" : 76.92307692307693
}
current state clusters nodes
172.16.0.27 14 99 8 1.47 0.63 0.26 dim data,ingest,master * smos-node-00
Information about current node OpenSearch:
{
"name" : "smos-node-00",
"cluster_name" : "smos-cluster",
"cluster_uuid" : "yKPPDCHGSA6rHQT948jokQ",
"version" : {
"distribution" : "opensearch",
"number" : "2.13.0",
"build_type" : "tar",
"build_hash" : "7ec678d1b7c87d6e779fdef94e33623e1f1e2647",
"build_date" : "2024-03-26T00:02:39.659767978Z",
"build_snapshot" : false,
"lucene_version" : "9.10.0",
"minimum_wire_compatibility_version" : "7.10.0",
"minimum_index_compatibility_version" : "7.0.0"
},
"tagline" : "The OpenSearch Project: https://opensearch.org/"
}
The following plugins cannot be installed:
-- sm-job-scheduler-actions-incident
-- sm-job-scheduler-actions-mitre
================================================================================
-- SMART MONITOR SUCCESSFULLY UPDATED!
================================================================================
If for some reason the update script could not update some plugins, then it will additionally display information about these plugins at the end, as in the example above (the text The following plugins cannot be installed).
It should be noted that the update script takes into account the current list of installed plugins on OpenSearch nodes, if you need to install some plugin additionally, then the action should be performed manually at the end of updating the node.
Updating OpenSearch Dashboards
For the script to work, the following pre-installed packages are required:
curlzipunzip
The automatic update script allows automating actions during updating and is located at $SM_INSTALLER/opensearch-dashboards/update.sh. When calling the script, you can specify the configuration file $SM_INSTALLER/opensearch-dashboards/example_config_dashboards.yaml. The YAML file format is similar to the configuration file during installation.
The update script supports the following startup parameters:
-c, --config <path_to_config_file_yaml>- specify configuration file for updating-h, --help- displays help on available commands
When working, the script will make a backup copy of the systemd service file, opensearch-dashboards.yml and the configuration directory to the temporary directory $SM_INSTALLER/opensearch-dashboards/staging/.
The update script does not perform any actions with the data and logs directories, and the configuration directory and systemd files will be saved to the temporary directory $SM_INSTALLER/opensearch-dashboards/staging/.
If you run the script again, the staging directory will be cleared.
To update, run the script:
$SM_INSTALLER/opensearch-dashboards/update.sh
The script will automatically determine the main paths of the current server to the following directories:
OpenSearch Dashboards Home Directory- OpenSearch Dashboards installation directory, usually/app/opensearch-dashboardsOpenSearch Dashboards Conf Directory- OpenSearch Dashboards configuration files directory, usually/app/opensearch-dashboards/config/OpenSearch Dashboards Data Directory- data directory, usually/app/data/OpenSearch Dashboards Logs Directory- logs directory, usually/app/logs/
================================================================================
SMART MONITOR INSTALL SCRIPT - OPENSEARCH DASHBOARDS
================================================================================
Current working directory: /opt/sm_4.2/opensearch-dashboards
Current name of install's archive: opensearch-dashboards-2.13.0-linux-x64.tar.gz
Current version of OpenSearch-Dashboards: 2.13.0
================================================================================
-- STEP 1. INSTALLATION DIRECTORIES
opensearch-dashboards.service file found. Will get necessary paths from there
Final Opensearch Dashboards home directory: /app/opensearch-dashboards
Final Opensearch Dashboards conf directory: /app/opensearch-dashboards/config
Final Opensearch Dashboards data directory: /app/data/opensearch-dashboards
Final Opensearch Dashboards logs directory: /app/logs/opensearch-dashboards
Is this correct? [y/n]:
After entering the directories, you need to confirm the entered data by pressing y, or enter your own directories manually by pressing n.
Then preparatory actions will be performed before updating, before applying the update a question about continuing will be asked, until this moment no actions affecting system operability are performed. Also, some information about the current node and the cluster as a whole will be displayed.
Current list of plugins:
-- smartMonitor
-- smartMonitorColumnChart
-- smartMonitorCyberSecurity
-- smartMonitorDrawio
-- smartMonitorHeatmapChart
-- smartMonitorHtmlChart
-- smartMonitorIncidentManager
-- smartMonitorInventory
-- smartMonitorKnowledgeCenter
-- smartMonitorLineChart
-- smartMonitorLookupManager
-- smartMonitorMitreAttack
-- smartMonitorPDFExport
-- smartMonitorPieChart
-- smartMonitorSingleValue
-- smartMonitorTable
-- smartMonitorUserBehaviorAnalytics
Current version of OpenSearch-Dashboards: 2.13.0
!!! AT THIS POINT WE START TO MAKE CHANGES IN OPERATING SYSTEM !!!
Do you want to continue? [y/N]:
Upon successful completion of the update script, the corresponding text SMART MONITOR DASHBOARDS SUCCESSFULLY UPDATED will be displayed.
Updating tag color scheme format
Changes were made to the internal storage structure of tag colors in version 4.2. The installer includes a utility for migrating tags. The utility is located in the directory $SM_INSTALLER/utils/migrations_4.1-4.2/tags_colors_migrations/ and works on python. The main requirements of the utility:
- Python 3.8+
- plugin opensearch-py
The rest of the packages are included in the standard Python installation, a more detailed list of packages:
- certifi==2023.7.22
- charset-normalizer==3.3.2
- idna==3.4
- opensearch-py==2.3.2
- python-dateutil==2.8.2
- requests==2.31.0
- six==1.16.0
- urllib3==2.0.7
Python 3.8 with the required set of packages is included in the Smart Monitor 4.2 installer.
Configuration file
Before running the utility, configure the parameters in the file $SM_INSTALLER/utils/migrations_4.1-4.2/tags_colors_migrations/default.ini. An example configuration file is shown below:
[server]
host = 127.0.0.1
port = 9200
[user]
name = admin
pass = password
In the server.host parameter, you need to specify the IP address of any OpenSearch node, it is recommended to specify a node with the data role and routing_mode: hot attribute. If you omit the user.pass parameter, the utility will request the password from the AD in interactive mode.
Utility startup parameters
The utility has the following startup parameters:
-c, --config- configuration file (Optional). Default -./default.ini-h, --help- display help
Running the utility
To perform migrations, run the utility with the command:
$SM_INSTALLER/utils/python/bin/python3 $SM_INSTALLER/utils/migrations_4.1-4.2/tags_colors_migrations/main.py -c $SM_INSTALLER/utils/migrations_4.1-4.2/tags_colors_migrations/default.ini
Updating Smart Monitor theme
The format for storing the Smart Monitor theme has changed in version 4.2. To migrate, open the developer console (Navigation Menu - System Settings - Developer Console).
Delete old style settings:
DELETE _core/settings/styles
Create a new style format:
POST /_core/settings/styles
{
"theme": "green",
"_meta": {
"id": "styles"
}
}
Updating Inventory asset configurations
The format for storing base and advanced fields in the Inventory configuration has changed in version 4.2. To migrate, open the developer console (Navigation Menu - System Settings - Developer Console).
To create a backup copy with Inventory configurations, execute in the developer console:
POST _reindex
{
"source": {
"index": ".sm_inv_config"
},
"dest": {
"index": "backup_20241001.sm_inv_config"
}
}
Then delete the index with Inventory configurations:
DELETE .sm_inv_config
Next, you need to perform migration of the old configuration format to the new data format, execute the command:
POST _reindex
{
"source": {
"index": "backup_20241001.sm_inv_config"
},
"dest": {
"index": ".sm_inv_config"
},
"script": {
"source": """def base = []; ctx._source.get("base").forEach(f -> base.add([ "name": f, "display_name": "", "weight": 1])); ctx._source.put("base", base); def advanced = []; ctx._source.get("advanced").forEach(f -> advanced.add(["name": f, "display_name": "", "weight": 0])); ctx._source.put("advanced", advanced);""",
"lang": "painless"
}
}
After executing the command above, you can enable Inventory Processor in crond. Usually Inventory Processor runs on a single instance on the first Smart Monitor Data Storage node with long-term data storage (routing mode cold).
If Inventory Processor is launched not from the standard location $OPENSEARCH_HOME/utils/inventory/moduleInventory, then after updating you need to replace the Inventory Processor executable file manually.
After successfully executing the previous command and checking that inventory is performed successfully - you can delete the backup copy:
DELETE backup_20241001.sm_inv_config
Updating Mitre role model
The format of the Mitre module role model has changed in version 4.2. To migrate, open the developer console (Navigation Menu - System Settings - Developer Console) and execute the command:
POST .sm_mitre_layers/_update_by_query
{
"query": {
"bool": {
"must_not": [
{
"exists": {
"field": "_permission"
}
}
]
}
},
"script": {
"source": """
void traverseMap(Map map, Map targetMap) {
for (entry in map.entrySet()) {
if (entry.getValue() instanceof Map && targetMap.containsKey(entry.getKey())
&& targetMap[entry.getKey()] != null) {
traverseMap(entry.getValue(), targetMap[entry.getKey()]);
} else {
if (entry.getValue() == null) {
targetMap.remove(entry.getKey());
} else {
targetMap[entry.getKey()] = entry.getValue();
}
}
}
}
traverseMap(params, ctx._source);""",
"params": {
"_permissions": {
"owner": "admin",
"read": {
"roles": [],
"users": []
},
"write": {
"roles": [],
"users": []
}
}
},
"lang": "painless"
}
}
Updating Incident Manager role model
The format of the Incident Manager module role model has changed in version 4.2. To migrate, open the developer console (Navigation Menu - System Settings - Developer Console) and execute the command:
PUT _core/im_settings/incident-manager-settings
{
"editFields": {
"reviewer" : {
"default_value": "empty",
"values": [
{
"text": "Not set",
"value": "empty"
}
]
}
}
}
Limiting lookup size in RAM
This action should be performed starting from SM 4.2.1, for 4.2.0 it is not required.
In version 4.2.1, limits were introduced on RAM usage by lookups when they are executed, to set the parameter open the developer console (Navigation Menu - System Settings - Developer Console) and execute the command:
PUT _core/limits_user/base_limit
{
"max_lookup_size": 500000000
}