Skip to main content

Upgrading from 1x to 2x

Note: You don't have to upgrade to 2x, but this is the guide to do so. You can just do a fresh install of 2x. You will want to skip to the uninstall section (Section 4) to clear your system of the old version if you are not upgrading.

  1. Checkout the latest version of the LME repository to your home directory

    cd ~
    git clone https://github.com/cisagov/LME.git

  2. Export indices:

    Note: This may take some time witout feedback. Make sure it finishes successfully

    A successful completion looks like this:

    Data and mappings export completed. Backup stored in: /lme_backup
    Files created:
    - /lme_backup/winlogbeat_data.json.gz
    - /lme_backup/winlogbeat_mappings.json.gz

    Run this command to export the indices (this may take some time without feedback):

    cd ~/LME/scripts/upgrade
    sudo ./export_1x.sh

  3. Either export the dashboards or use the existing ones

    • If you don't have custom dashboards, you can use the path to the existing ones in the following steps 
      /opt/lme/Chapter 4 Files/dashboards/ or
      /opt/lme-old/Chapter 4 Files/dashboards/
    • If you have custom dashboards, you will need to export them and use that path: 
      # Export all of the dashboards, it is the last option
      cd ~/LME/scripts/upgrade/
      pip install -r requirements.txt
      export_dashboards.py -u elastic -p yourpassword
      • Your path to use for the importer will be:
      /yourhomedirectory/LME/scripts/upgrade/exported/

  4. Uninstall old LME version

    sudo su
    cd "/opt/lme/Chapter 3 Files/"
    ./deploy.sh uninstall

    # Go back to your user
    exit 

    # If you are using docker for more than lme (You want to keep docker)
    sudo docker volume rm lme_esdata
    sudo docker volume rm lme_logstashdata

    # If you are only using docker for lme 
    # Remove existing volumes
    cd ~/LME/scripts/upgrade

    sudo su # Become root in the right directory
    ./remove_volumes.sh
    # Uninstall Docker  
    ./uninstall_docker.sh

    # Rename the directory to make room for the new install
    mv /opt/lme /opt/lme-old
    exit # Go back to regular user

  5. Install LME version 2x

    #***** Make sure you are running as normal user *****#
    sudo apt-get update && sudo apt-get -y install ansible

    # Copy the environment file 
    cp ~/LME/config/example.env ~/LME/config/lme-environment.env

    # Edit the lme-environment.env and change all the passwords
    # vim ~/LME/config/lme-environment.env 

    # Change to the script directory
    cd ~/LME/

    # Run the installer as a non privileged user
    ./install.sh 

    # Become a super user
    sudo su

    # Load podman into your environment
    . ~/.profile

    # Have the full paths of the winlogbeat files that you exported earlier ready
    # /lme_backup/winlogbeat_data.json.gz
    # /lme_backup/winlogbeat_mappings.json.gz

    cd scripts/

    # This will extract the secrets from the environment file and show them to you. Save these passwords.
    . extract_secrets.sh -p

    # This will import the winlogbeat data and mappings use the elastic password from above
    ./upgrade/import_1x.sh

    # Use the path from above dashboard export or original dashboards
    # Use the elastic password from above. It is the new password for elastic
    sudo ./upgrade/import_dashboards.sh -d /opt/lme-old/Chapter\ 4\ Files/dashboards/