Installation

Splunk Upgradtation tar/rpm

PramodhKumar
Explorer

Hi Folks,

We are planned to upgrade our Splunk 7.2.4 to 8.0.3.

7.2.4 was installed using rpm package.

We are thinking to upgrade using tarball.

Since earlier version is installed using rpm, OS still lists old package for this command "rpm -qa | grep splunk"

Does this really matters and can i just remove that package by rpm -e after up gradation?

Or should I go with rpm up gradation only?

Could you please explain whats the difference between rpm and tar...

Any help is highly appreciated..

Thanks,
Pramodh

Labels (1)
0 Karma
1 Solution

PavelP
Motivator

Hello @PramodhKumar

to delete an entry in the rpm database without deleting the rpm package you can use

  rpm -e --justdb splunk

Difference between tgz and rpm: tgz is a tar archive, it is like a ZIP archive that additionally can preserve linux permissions and store special file types like links.

We are thinking to upgrade using tarball - what are your reasons to switch from rpm to tgz?

OS still lists old package for this command "rpm -qa | grep splunk" - since you changed files outside of rpm DB, from the rpm's database point of view your splunk installation is inconsistent with a reference information.

can i just remove that package by rpm -e after up gradation? - don't do this (unless you have a backup), it will remove 99% of files in /opt/splunk folder

Or should I go with rpm up gradation only? - yes please, unless you have good reasons to switch to tgz.

I can imagine a tgz over rpm will work if you know what you are doing.

Technically a tgz file contains the same files as rpm, but rpm does some extra work for you during the install/upgrade/uninstall:

  • checks prerequisites
  • adds user and group splunk
  • detects if it is an install and gratefully stops running splunk
  • etc.

Advantages of rpm/deb packages :

  • easy to install/deinstall
  • correct permissions (forget about chown/chmod -R)
  • easy to upgrade/downgrade
  • easy to verify that the package was installed correctly
  • easy to check which files were changed (rpm -V packagename)

View solution in original post

0 Karma

koshyk
Super Champion

Just to add to PavelP's answer, in large organisations/installations RPM have much more advantages

- Some organisations want strict control on softwares installed and should be done via RPM to be automatically registered

- puppet/orchestration softwares much like standard installations where they can check previous version install and new version etc.

- tar.gz will NOT remove previous versions remnants. This means over multiple iterations of upgrade you will be left with un-necessary files. So may be a clean-up activity required after upgrade

- Lot of softwares get information from RPM database. a central database with all packages installed, which files they own, their interdependencies. So querying tools/cmdb/scanners can easily get this information in detailed way

 

Of course, the main disadvantage of RPM is you "root" access (or need Linux admin person) during installation/upgrade

PavelP
Motivator

Hello @PramodhKumar

to delete an entry in the rpm database without deleting the rpm package you can use

  rpm -e --justdb splunk

Difference between tgz and rpm: tgz is a tar archive, it is like a ZIP archive that additionally can preserve linux permissions and store special file types like links.

We are thinking to upgrade using tarball - what are your reasons to switch from rpm to tgz?

OS still lists old package for this command "rpm -qa | grep splunk" - since you changed files outside of rpm DB, from the rpm's database point of view your splunk installation is inconsistent with a reference information.

can i just remove that package by rpm -e after up gradation? - don't do this (unless you have a backup), it will remove 99% of files in /opt/splunk folder

Or should I go with rpm up gradation only? - yes please, unless you have good reasons to switch to tgz.

I can imagine a tgz over rpm will work if you know what you are doing.

Technically a tgz file contains the same files as rpm, but rpm does some extra work for you during the install/upgrade/uninstall:

  • checks prerequisites
  • adds user and group splunk
  • detects if it is an install and gratefully stops running splunk
  • etc.

Advantages of rpm/deb packages :

  • easy to install/deinstall
  • correct permissions (forget about chown/chmod -R)
  • easy to upgrade/downgrade
  • easy to verify that the package was installed correctly
  • easy to check which files were changed (rpm -V packagename)

View solution in original post

0 Karma

PramodhKumar
Explorer

Hi @PavelP

Thank you so much for picking this up...

Here is some info

what are your reasons to switch from rpm to tgz? - we are more familiar with tar and up gradation was successful in test environment.
But, rpm -qa is listing old(you clarified that above) and no other particular reason apart.

OK, I understand the difference now. Can you please suggest on below.

  1. Since we have successfully upgraded using tar, are we good to go same at prod? If Yes,
  2. How to delete that rpm package from rpm DB.
  3. And does this affect bootstart init script, suppose OS restarts and things may seem to be inconsistent after reboot.

  4. Or let downgrade Splunk and upgrade it again in test using rpm, if everything goes fine then proceed to prod with rpm?

0 Karma

PavelP
Motivator

Hello @PramodhKumar

you can use

  rpm -e --justdb splunk

I've updated the answer, please accept it if it resolve your query

0 Karma
Did you miss .conf21 Virtual?

Good news! The event's keynotes and many of its breakout sessions are now available online, and still totally FREE!