Help Center/ SecMaster/ User Guide (ME-Abu Dhabi Region)/ Settings/ Data Collection/ Upgrading the Component Controller
Updated on 2024-07-18 GMT+08:00
View PDF
Share

Upgrading the Component Controller

Scenarios

This topic describes how to upgrade the component controller from salt-minion to isap-agent for tenant-side data collection. salt-minion was used as component controller in earlier tenant-side data collection.

The upgrade does not affect the data plane.

Preparing for the Upgrade

IAM is used for data collection authorization. You need to create an IAM user with the minimum permission to access SecMaster APIs and disable verification rules such as MFA for the user.
  1. Create a user group and assign permissions.

    Create a user group on the IAM console, and attach a custom policy to the group.

    {
    "Version": "1.1",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "secmaster:node:create",
                "secmaster:node:monitor",
                "secmaster:node:update",
                "secmaster:node:taskQueueDetail"
                "secmaster:node:updateTaskNodeStatus"
            ]
        }
    ]
}
  2. Create a user and add the user to the user group.

    Create a user with Access Type set to Programmatic access on the IAM console and add the user to the group created in 1.

  3. Log in to the console as the IAM user created in 1.
  4. On the management console, hover over the username in the upper right corner, and choose Security Settings from the drop-down list.
  5. On the Security Settings page, click the Critical Operations tab and ensure that the Virtual MFA Device is not bound.

    If it has been bound, unbind it. For details, see .

Procedure

  1. Log in to the management console.
  2. Click in the upper part of the page and choose Security > SecMaster.
  3. In the navigation pane on the left, choose Workspaces > Management. In the workspace list, click the name of the target workspace.

    Figure 1 Workspace management page

  4. Deregister a node.

    1. In the navigation pane on the left, choose Settings > Components. On the displayed Nodes page, locate the row that contains the target node and click Logout.
    2. In the displayed dialog box, click OK.

      The node is deregistered successfully, and its Health Status changes to Disconnected.

  5. Copy the script.

    1. On the Node Management page, click Create.
    2. On the Create Node page, click Next. On the Verify installed Script page, copy the script.

  6. Install the component controller.

    1. Use a remote management tool, such as Xftp, SecureFX, WinSCP, PuTTY, or Xshell, to log in to the disconnected ECS node.
    2. Run the command copied in 5.b as user root to install the Agent on the ECS.
      Figure 2 Installing the agent
    3. Enter the IAM username and password created in Preparing for the Upgrade as prompted.
    4. If information similar to the following is displayed, the agent is successfully installed: 
      install isap-agent successfully
    5. Check the node status on the Nodes page on the SecMaster console.

  7. Delete the salt-minion management channel.

    1. On the Nodes page, click Create. On the Create Node page, click Delete in the Operation column for each management channel.
    2. In the displayed dialog box, click OK.

Parent topic: Data Collection