dcorwin25 Honored Contributor.
Honored Contributor.
610 views

Connector Appliance migration to ArcSight Management Center 2.0


We are looking to migrate our CX400 series connector appliances to ArcMC 2.0. Some of our devices are running RHEL 5.5 and others are running RHEL 6.1 or 6.2. The implementation steps that have are kind of all over the place, but I believe that I have it down. My question is, has anyone every performed a ConApp migration to ArcMC before? Unfortunately, our test environment does not have a CX400 series appliance to test this on and we are not sure what to expect. All we have to go by is the guide that HP provides.

0 Likes
Reply
6 Replies
Highlighted
Samour Absent Member.
Absent Member.

Re: Connector Appliance migration to ArcSight Management Center 2.0

Yeah first step is to make sure you have all the required files.

They are not all posted on the site and you probably need to engage HP Support or PreSales to provide them.

The migration itself works fine with the steps mentioned; however for us it messed up the permissions of the default groups (they had the same or less permission than the read-only group).

It took weeks for support to figure out what was wrong. So if the interface seems to be missing the Containers/SmartConnector Management tab, make sure you check the Group permissions in the System Admin menu.

Tested with CX400 on RHEL 5.5

Good luck!

Regards,

Samer

0 Likes
Reply
muratekren Super Contributor.
Super Contributor.

Re: Connector Appliance migration to ArcSight Management Center 2.0

Hi David,

The guide mentioned the files osupgrade_rhel6.5_<date><build>_.enc and arcmc-<build>.enc, did you find them anywhere in support site or did you get it from elsewhere ?

0 Likes
Reply
dcorwin25 Honored Contributor.
Honored Contributor.

Re: Connector Appliance migration to ArcSight Management Center 2.0

They are provided by the support site. However, those .enc files only support devices already running RHEL 6.x. If you have a device still running RHEL 5.x, then you have to download like 5 different .enc files (approx. 5GB worth of files) and install those before the migration. From what the migration guide states, this will upgrade the the OS to RHEL 6.5 and migrate the ConApp to ArcMC 2.0. It will also automatically reboot after the upload and reset the appliance back to factory settings.

Here are my "lessons learned" on the migrating C5400 ConApp running RHEL 6.1:

C5400 Running RHEL 6.1

OS Upgrade to 6.5

After successfully uploading the osupgrade.enc file to the appliance, we received the error: “ERROR: upgrade failed: RPM -Uv Failure detected” after the install kicked off. Logs showed the following:

  • warning: /opt/updates/rhel65upgrade/rpm.endorsed/acpid-1.0.10-2.1.el6.x86_64.rpm: Header v3 RSA/SHA256 Signature, key ID fd431d51: NOKEY

Though we received the error and it stated that the installation had failed, the OS still upgraded to RHEL 6.5. However, we were not able to gain web access to the appliance. When checking the services, we discovered that the ‘WEB’ and ‘INSP’ services were failing to run. All other functions/services were working as they should.


Per HP ArcSight support- If the rhel65 upgrade fails, the upgrade script fails to put back in place the copy of the /lib64/libcrypt.so.1 library it created at the beginning of the upgrade. This causes conapp/logger to fail to start because this library is now missing.

Solution: copy back the libcrypt.so.1 library - the rhel65 upgrade script copies it to /tmp, so copy it back to /lib64:

  • [root]#  cat /tmp/libcrypt.so.1  > /lib64/libcrypt.so.1
  • Restart all processes afterwards (/opt/local/monit/bin/monit stop/start all)

After moving the libcrypt.so.1 file from the /tmp to /lib64 and performing a reboot of the appliance, we were then able to access the appliance through the web GUI. However, when checking on all of the running services, the ‘INSP’ service was still failing to run. After attempting to stop/start the service, the service stated “execution failed.”


Per HP ArcSight support- We upgraded the version of perl (to 5.10), which overwrites the version that perl arcsight distributes (5.8.8). The new version of perl was built with a different @INC, so /opt/ENIRA/scripts/insp.cgi could not find Net/Ipv4Addr.pm. Note that this is not a real issue as once the migration to ArcMC completes, there is no ‘insp’ process anymore.

Solution: re-install the arcsight perl rpm

  • [root]# rpm -ivh --force /var/cache/yum/x86_64/6Server/ape/packages/arcsight-perl-5.8.8-20.x86_64.rpm

This solution provided by HP did not fix the ‘INSP’ issue. It is still showing the ‘INSP’ process as “Failed Execution.” According to HP, they are going to look further into it on their end and that we should move on with the Migration since ‘INSP’ is no longer used in ArcMC.


Migration to ArcMC 2.0

We were able to successfully upload the armc-1337.enc file but did receive a browser error/warning (didn’t kill upload). After the migration was complete, the appliance automatically rebooted (auto-reboot was not indicated in the migration guide). We then followed the browser steps for logging back into the ArcMC (delete cache, delete cookies, etc). After logging in, we were defaulted to the Administrator’s  page where we uploaded the ArcMC license. After doing this, we performed another reboot, verified that the model number was now C6400 and that the users re-populated. However, we are unable to view any tabs other than “Administrator”

We verified that the users were all a part of the Default System Administrators group, which “should” allow for all rights. There are no other groups or “rights” options that could allow for us to view the needed tabs.

Solution: Create a new group and select the “arcmc rights” for group type. Add the newly created group (we named Default System Admin_ArcMC) to all of the users in addition to the Default System Admin group, then save. Log out of the GUI and then back in…all functionality should be visible/usable. 

0 Likes
Reply
muratekren Super Contributor.
Super Contributor.

Re: Connector Appliance migration to ArcSight Management Center 2.0

sorry being not clear at my first reply , actually I'm planning to migrate a c5500 which is rhel 6.2, so the only files should be the files I mentioned, but I cannot find it anywhere in support site. I just created a case for this will see how they will respond.

btw i guess your lessons learned will be useful in my next steps , thanks in advance  

0 Likes
Reply
MaryCordova Frequent Contributor.
Frequent Contributor.

Re: Connector Appliance migration to ArcSight Management Center 2.0

We have migrated an older ConApp 5400 on RHEL 5.5 using the "ConnectorFolderUpdate" and the multiple "restoreUpgrade" files.  Following the admin guide, the migration was relatively painless.

Make sure to follow the Prerequisites starting page 6 all the way through the end of page 7.  Re item 7 on page 7 - I dont believe we ever lost WebUi access, but it is possible that Ive just forgotten.  You will want to make sure you have iLo access if you are doing this remotely. 

We used the migration steps starting on page 14.  There was no SHA file in the downloads so we ignored that.  The "restoreUpgrade" files that you need will be named according to the model you are upgrading, you just want the .enc versions.

We did not do a restore as per item 12 on page 15 as this was an older, previously unused appliance.  We also did not have the issue as noted in item 16, page 16.

0 Likes
Reply
ipeschen1 Absent Member.
Absent Member.

Re: Connector Appliance migration to ArcSight Management Center 2.0

I tried to upgrade one C5400 connector several times...

The issues we had happened not with the ArcMC upgrade, but with the restore of an backup of CX200 device.

If you try to restore a backup of an old device folowing issues will/can appear with ArcMC 2.0:

- 1st issue (same as samer described): you may loose several rights due to the fact, that there is a change is the right group names: Default ArcMC Rights Group will be replaced by the group „Read Only Connector Appliance Group" which is coming from the old appliance, but should not exist in ArcMC appliance. This issue will be fixed in ArcMC 2.1 - support promised me. As workaround you have to login as root, create a new group, give the group all rights by selceting all checkboxes, and put your user(s) into that group.

- 2nd issue: we followed a procedure where it was mentioned that we have to install ConnectorFolderUpdate.enc on the old ConApp before we create a backup. This was wrong! This just needs to be done, if you are still running on Redhat 5.5 whith old folder structure where the connectors are stored in /opt/arcsight/connectors/... and not directly in opt/arcsight/...)

If you do the same all conatiners will be deleted and it is not possible to restore the system on a easy way again: only Acronis backup works or you have to go to another empty working ArcMC appliance, and copy all container folders. After a restart the services should come up.

0 Likes
Reply
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.