Upgrading Kaspersky Security Center Linux from version 15.4 or earlier on the Kaspersky Security Center Linux failover cluster nodes

You can install Administration Server version 16 or later on every Kaspersky Security Center Linux failover cluster node where the Administration Server version 14—15.4 is installed. When upgrading, all data and settings from the previous version of Administration Server are preserved.

If you previously installed Kaspersky Security Center Linux on devices locally, you can also upgrade Kaspersky Security Center Linux on these devices by using the installation file or through backup.

To upgrade Kaspersky Security Center Linux from version 15.4 or earlier on the Kaspersky Security Center Linux failover cluster nodes:

  1. Download the Kaspersky Security Center Linux installation file with a full package for version 16.1 from the Kaspersky website:
    • For devices running an RPM-based operating system—ksc64-<version number>-<build number>.x86_64.rpm
    • For devices running a Debian-based operating system—ksc64_<version number>-<build number>_amd64.deb
  2. Stop the cluster.
  3. On the DBMS server, create a database for IAM. The IAM database name must be different from the database used by the Administration Server.
    • For PostgreSQL, run the following command:

      sudo -i -u postgres psql -U postgres -c "CREATE DATABASE <iam_db_name>;"

    • For MariaDB, run the following command:

      sudo mysql -u root -p -e "CREATE DATABASE <iam_db_name>;"

  4. Create an unprivileged account 'ksciam', add it to the 'kladmins' security group, and then set the 'kladmins' group as the primary group for the 'ksciam' account. To do this, sequentially run the following commands:

    sudo adduser ksciam

    sudo gpasswd -a ksciam kladmins

    sudo usermod -g kladmins ksciam

  5. On the active node of the cluster, run one of the following commands in the command-line terminal to start upgrading:
    • For devices running an RPM-based operating system:

      sudo yum install ./ksc64-<version number>-<build number>.x86_64.rpm

    • For devices running a Debian-based operating system:

      sudo apt-get install ./ksc64_<version number>-<build number>_amd64.deb

    After the command has been successfully executed, the /opt/kaspersky/ksc64/lib/bin/setup/postinstall.pl script is created. The message about that is displayed in the terminal.

  6. Run the /opt/kaspersky/ksc64/lib/bin/setup/postinstall.pl script to configure the upgraded Administration Server:

    sudo /opt/kaspersky/ksc64/lib/bin/setup/postinstall.pl

  7. Read the License Agreement and Privacy Policy, which appear in the command-line terminal. If you agree with all of the terms of the License Agreement and Privacy Policy:
    1. Enter Y to confirm that you have fully read, understood, and accept the terms and conditions of the EULA.
    2. Enter Y again to confirm that you have fully read, understood, and accept the Privacy Policy that describes the handling of data.

    Installation of the application on your device will continue after you have entered Y twice.

  8. Select the node on which you are upgrading by entering 2.

    The picture below shows the last two steps.

    Entering 'Y' to accept the terms of the EULA and the Privacy Policy, and selecting the Admin.Server installation mode.

    Accepting the terms of the EULA and the Privacy Policy, and selecting the installation mode in the command-line terminal

  9. Next, the script configures and finishes upgrading the Administration Server. During the upgrade, you cannot change the Administration Server settings adjusted before the upgrade. When prompted, enter the following settings:
    1. Enter the IAM Server FQDN.
    2. Enter the account name to start the IAM service. The account must be a member of the entered security group. By default, the ksciam account is used.
    3. Select the DBMS that you installed to work with the IAM service:
      • If you installed MySQL or MariaDB, enter 1.
      • If you installed PostgreSQL or Postgres Pro, enter 2.
    4. Enter the IAM DBMS address to be used by the IAM service.
    5. Enter the IAM DBMS port number. This port is used to communicate with the IAM service. By default, the following ports are used:
      • Port 3306 for MySQL or MariaDB
      • Port 5432 for PostgreSQL or Postgres Pro
    6. Enter the IAM database name to be used by the IAM service. The name of the database used by IAM service should be different from database used by the Administration Server.
    7. Enter the DBMS login and password to be used by the IAM service.
  10. Perform the step 5 on the passive node.

    At step 6, enter 3 to select the node.

  11. Start the cluster.

    You can start the cluster on any node. If you start the cluster on the passive node, it becomes the active node.

  12. For devices on which the earlier version of Network Agent is installed, create and run the task for remote installation of the new version of Network Agent.

    We recommend that you upgrade the Network Agent for Linux to the same version as Kaspersky Security Center Linux.

    After completion of the remote installation task, the Network Agent version is upgraded.

    Run the following commands on Linux-based assets to remove dependencies that are no longer needed:

    • For Debian-based assets, run either of the following commands:

      sudo apt-get -y autoremove

      sudo apt -y autoremove

    • For RPM-based assets, run either of the following commands:

      sudo dnf autoremove

      sudo yum autoremove

    As a result, you installed the Administration Server of the latest version on the Kaspersky Security Center Linux failover cluster nodes.

Page top