Installation
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Splunk Upgradtation tar/rpm

PramodhKumar
Explorer
‎05-11-2020 06:50 AM

Hi Folks,

We are planned to upgrade our Splunk 7.2.4 to 8.0.3.

7.2.4 was installed using rpm package.

We are thinking to upgrade using tarball.

Since earlier version is installed using rpm, OS still lists old package for this command "rpm -qa | grep splunk"

Does this really matters and can i just remove that package by rpm -e after up gradation?

Or should I go with rpm up gradation only?

Could you please explain whats the difference between rpm and tar...

Any help is highly appreciated..

Thanks,
Pramodh

Labels (1)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

PavelP
Motivator
‎05-11-2020 03:28 PM

Hello @PramodhKumar

to delete an entry in the rpm database without deleting the rpm package you can use

  rpm -e --justdb splunk

Difference between tgz and rpm: tgz is a tar archive, it is like a ZIP archive that additionally can preserve linux permissions and store special file types like links.

We are thinking to upgrade using tarball - what are your reasons to switch from rpm to tgz?

OS still lists old package for this command "rpm -qa | grep splunk" - since you changed files outside of rpm DB, from the rpm's database point of view your splunk installation is inconsistent with a reference information.

can i just remove that package by rpm -e after up gradation? - don't do this (unless you have a backup), it will remove 99% of files in /opt/splunk folder

Or should I go with rpm up gradation only? - yes please, unless you have good reasons to switch to tgz.

I can imagine a tgz over rpm will work if you know what you are doing.

Technically a tgz file contains the same files as rpm, but rpm does some extra work for you during the install/upgrade/uninstall:

  • checks prerequisites
  • adds user and group splunk
  • detects if it is an install and gratefully stops running splunk
  • etc.

Advantages of rpm/deb packages :

  • easy to install/deinstall
  • correct permissions (forget about chown/chmod -R)
  • easy to upgrade/downgrade
  • easy to verify that the package was installed correctly
  • easy to check which files were changed (rpm -V packagename)

View solution in original post

Reply
Solved! Jump to solution

koshyk
Super Champion
‎10-10-2020 10:28 AM

Just to add to PavelP's answer, in large organisations/installations RPM have much more advantages

- Some organisations want strict control on softwares installed and should be done via RPM to be automatically registered

- puppet/orchestration softwares much like standard installations where they can check previous version install and new version etc.

- tar.gz will NOT remove previous versions remnants. This means over multiple iterations of upgrade you will be left with un-necessary files. So may be a clean-up activity required after upgrade

- Lot of softwares get information from RPM database. a central database with all packages installed, which files they own, their interdependencies. So querying tools/cmdb/scanners can easily get this information in detailed way

 

Of course, the main disadvantage of RPM is you "root" access (or need Linux admin person) during installation/upgrade

Reply
Solved! Jump to solution
Solution

PavelP
Motivator
‎05-11-2020 03:28 PM

Hello @PramodhKumar

to delete an entry in the rpm database without deleting the rpm package you can use

  rpm -e --justdb splunk

Difference between tgz and rpm: tgz is a tar archive, it is like a ZIP archive that additionally can preserve linux permissions and store special file types like links.

We are thinking to upgrade using tarball - what are your reasons to switch from rpm to tgz?

OS still lists old package for this command "rpm -qa | grep splunk" - since you changed files outside of rpm DB, from the rpm's database point of view your splunk installation is inconsistent with a reference information.

can i just remove that package by rpm -e after up gradation? - don't do this (unless you have a backup), it will remove 99% of files in /opt/splunk folder

Or should I go with rpm up gradation only? - yes please, unless you have good reasons to switch to tgz.

I can imagine a tgz over rpm will work if you know what you are doing.

Technically a tgz file contains the same files as rpm, but rpm does some extra work for you during the install/upgrade/uninstall:

  • checks prerequisites
  • adds user and group splunk
  • detects if it is an install and gratefully stops running splunk
  • etc.

Advantages of rpm/deb packages :

  • easy to install/deinstall
  • correct permissions (forget about chown/chmod -R)
  • easy to upgrade/downgrade
  • easy to verify that the package was installed correctly
  • easy to check which files were changed (rpm -V packagename)
Reply
Solved! Jump to solution

JyPl4wNYu7GV1uL
Explorer
‎02-16-2024 08:12 AM

Anybody got opinions on the opposite situation?

I've always upgraded splunk using a tarball and extracted over top the prior /opt/splunk installation: ~6 upgrades.

Now I'd like to switch to RPM, for all the stated advantages.  Any issues I need to worry about by installing the RPM over a prior tarball install?

 

0 Karma
Reply
Solved! Jump to solution

PickleRick
SplunkTrust
SplunkTrust
‎02-16-2024 08:38 AM

1. This is a quite old thread. You'd be better off by starting a new one (possibly putting link to this one for reference).

2. Generally speaking, as a good practice:

 - don't mix management with package manager with manually dropping in files. It can end badly.

- If you have a package for your system it's often (although not always; there are sometimes very badly built packages) a better solution

I'm not sure about Splunk but depending on how/where you installed your software before, the RPM might not fit exactly that layout.

So while you can try to install RPM package over a tarball-based /opt/splunk, I think I'd try to go for backup/remove/install/restore.

Oh, and don't try to mess with your production server without testing it in dev environment.

0 Karma
Reply
Solved! Jump to solution

PramodhKumar
Explorer
‎05-11-2020 11:45 PM

Hi @PavelP

Thank you so much for picking this up...

Here is some info

what are your reasons to switch from rpm to tgz? - we are more familiar with tar and up gradation was successful in test environment.
But, rpm -qa is listing old(you clarified that above) and no other particular reason apart.

OK, I understand the difference now. Can you please suggest on below.

  1. Since we have successfully upgraded using tar, are we good to go same at prod? If Yes,
  2. How to delete that rpm package from rpm DB.

  3. And does this affect bootstart init script, suppose OS restarts and things may seem to be inconsistent after reboot.

  4. Or let downgrade Splunk and upgrade it again in test using rpm, if everything goes fine then proceed to prod with rpm?

0 Karma
Reply
Solved! Jump to solution

PavelP
Motivator
‎05-12-2020 02:19 PM

Hello @PramodhKumar

you can use

  rpm -e --justdb splunk

I've updated the answer, please accept it if it resolve your query

0 Karma
Reply
Get Updates on the Splunk Community!

SOC Modernization: How Automation and Splunk SOAR are Shaping the Next-Gen Security ...

Security automation is no longer a luxury but a necessity. Join us to learn how Splunk ES and SOAR empower ...

Ask It, Fix It: Faster Investigations with AI Assistant in Observability Cloud

  Join us in this Tech Talk and learn about the recently launched AI Assistant in Observability Cloud. With ...

Index This | How many sides does a circle have?

  March 2025 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this ...
Top