Upgrade Metron

After you shut down Metron and all of its services, you must uninstall Metron and then reinstall the newest version of Metron.

You must upgrade to HDP 3.1.4 prior to upgrading Metron. For more information about upgrading to HDP 3.1.4, see the HDP 3.1.4 Upgrade documentation.
Although the product has been rebranded to Cloudera Cybersecurity Platform (CCP), the repository, mpack, and directory names currently remain hcp.
  1. Back up your Metron configuration:
    1. Create an upgrade folder:
      mkdir HCP200-Upgrade
      cd HCP200-Upgrade/
    2. Copy your Metron configuration into the upgrade folder:
      cp -rp /usr/hcp/current/metron/config metron-config
    3. Download the ZooKeeper configuration into the upgrade folder:
      source /etc/default/metron
      /usr/hcp/current/metron/bin/zk_load_configs.sh -z $ZOOKEEPER -m PULL -o zk-config
    4. Ensure that the upgrade folder contains your Metron and ZooKeeper configurations:
      ls -l
      You should see something similar to the following:
    5. If you have created custom components in Metron, copy the contents of /usr/hcp/current/metron/parser_contrib to the upgrade folder:
      cp -rp /usr/hcp/current/metron/parser_contrib/ parser_contrib
    6. Confirm that the parser_contrib information was copied correctly:
      ls -l parser_contrib/
      You should see something similar to the following:
  2. In Ambari, stop all Metron Services.
  3. Stop all Storm Metron topologies and confirm all are stopped.
    1. List all topologies in Storm.
      storm list
      If any topologies are running, your output should look similar to the following:
      Running: /usr/jdk64/jdk1.8.0_112/bin/java -Ddaemon.name= -Dstorm.options= 
      -Dstorm.home=/usr/hdp/ -Dstorm.log.dir=/var/log/storm 
      -Dstorm.conf.file= -cp /usr/hdp/
      /ojdbc6.jar:/usr/hdp/current/storm-supervisor/conf:/usr/hdp/ org.apache.storm.command.list
      2670 [main] INFO  o.a.s.u.NimbusClient - Found leader nimbus : node1:6627
      Topology_name        Status     Num_tasks  Num_workers  Uptime_secs
      enrichment           ACTIVE     8          1            49253
      bro__snort__yaf      ACTIVE     7          1            48749
      batch_indexing       ACTIVE     5          1            48613
      pcap                 ACTIVE     3          1            49140
      profiler             ACTIVE     7          1            49001
      random_access_indexing ACTIVE     5          1            48493
    2. Stop all of the Metron Storm topologies:
      storm kill <TOPOLOGY_NAME>
    3. Confirm that all of the Metron Storm topologies are stopped:
      storm list
      You should see No topologies running.
  4. Uninstall Metron.
    1. In Ambari, select Metron, then under the Service Actions menu, click Delete Service.
    2. At the bottom of the Delete Service window, click Delete.
    3. When prompted, enter "delete" then click the Delete button to confirm deleting the service.
      Ambari displays a confirmation window stating "Service Metron was successfully deleted."
  5. Remove all of the rpms from the old Metron version.
    1. From the Ambari node, enter the following to list all of the Metron packages:
      rpm -qa | grep metron
      You should see input similar to the following:
    2. Using the metron-config information you received from the input in the previous step, enter the following to remove all of the Metron packages:
      sudo rpm -q --scripts metron-config-0.7.1-201904012257.noarch
      You should see output similar to the following:
      chkconfig --add metron-management-ui
      chkconfig --add metron-alerts-ui
      preuninstall scriptlet (using /bin/sh):
      chkconfig --del metron-management-ui
      chkconfig --del metron-alerts-ui
  6. Remove older Metron rpms on other nodes.
    rpm -qa | grep metron
  7. In Ambari, update the Repo version.
    To navigate to the Repositories page, from the admin menu, choose Manage Ambari, click Versions, then click REGISTER VERSION.
  8. Uninstall the old HCP mpack version:
    ambari-server uninstall-mpack --mpack-name=metron-ambari.mpack --verbose
  9. Install the current HCP mpack repo from Release Notes.
    wget http://public-repo-1.hortonworks.com/HCP/centos7/1.x/updates/ 
    ambari-server install-mpack --force --mpack=/${MPACK_DOWNLOAD_DIRECTORY}/ccp-ambari-mpack- --verbose
  10. Restart the Ambari server.
    ambari-server restart
  11. Re-open Ambari and add the updated Metron version.
    From the Actions menu, click Add Service, then click Metron from the Choose Services page. Ensure Metron is the updated version.
    Ambari lists each service on which Metron is dependent.
  12. Click yes to add each dependency.
  13. In Ambari, add back your Metron configuration information in the Property fields.
    Do not copy and paste into the Metron property fields. You can inadvertently add a special character.
  14. Click Deploy to start the Metron set up.
    The process to install, start, and test Metron will take a while.
  15. Restart the Metron services:
    • Metron REST
    • Metron Management UI
    • Metron Alerts UI
    • Indexing
  16. In the Management UI, restart the Metron Parsers including Enrichment, Bro, Snort, Yaf, and any other parsers you added previously.

  17. Check the status of the parsers in the Storm UI.