Upgrading Tanium Appliance software

Use the built-in TanOS upgrade functionality to upgrade the TanOS system and the Tanium Appliance roles (Tanium Server, Module Server, Zone Server, and Zone Server Hub).

TanOS periodically checks the TanOS manifest for available upgrades and informs you on the tanadmin menu screen when an upgrade is available. View screen

Welcome tanadmin last login to tanos-server at 2022-08-25 21:35 
Current system time: 2022-08-26 21:49:25 UTC 
Latest Available Prod Version: Upgrade available to 1.7.4.0023 


------------------------------------------------------

                >>> tanadmin menu <<< 
                
         1: Tanium Installation Menu
         2: Tanium Operations Menu
         3: Tanium Support Menu
         4: Status Menu

         A: Appliance Configuration Menu
         B: Appliance Maintenance Menu
         C: User Administration Menu

         P: Password change (current user)
         Q: View End User License Agreement (EULA)

         @: About this Appliance

         Z: Log out

------------------------------------------------------

Additionally, a health check reports when an upgrade is available. For more information, see Run the Health Check.

Upgrade TanOS

Before you begin

Obtain the TanOS upgrade package from Tanium Support. The upgrade package is provided as a token URL, which you can either provide directly to TanOS (versions 1.6.6 and higher) or use to download the package file and upload to /incoming.
Read the release notes for the TanOS versions that were released after your current version to stay informed about expected behavior.
Verify the current deployment is working as expected, including all Tanium Core Platform and solutions.
Run a health check on each appliance to check the status of network services and Tanium services.
For physical Tanium Appliances, make sure all firmware is up-to-date with your current TanOS version. For more information, see Documentation Home > Tanium Core Platform > Tanium Appliance Deployment Guide. If you upgrade from TanOS 1.6.7 or later, these are already up-to-date.
The TanOS upgrade automatically upgrades BIOS, iDRAC, PERC, and NIC firmware, as well as the operating system packages, to the latest versions.
Updating firmware is a major task. The process can take between ten and thirty minutes, depending on the hardware models. Allow the firmware update to complete before you attempt any other appliance tasks. Do not manually power off or reboot the appliance during the update.
Before you upgrade to from a version earlier than 1.7.3, verify that TMS Sync is either healthy and active or disabled. If you are upgrading from version 1.7.3 or later, the upgrade process performs this verification automatically in the pre-upgrade checks.

In TanOS 1.7.0–1.7.2, this verification includes confirming PostgreSQL replication is streaming. You can confirm PostgreSQL replication and file synchronization from menu 2-D-1 (Show Detailed Status).
Create a backup of the appliance. If you have an inactive partition on a physical Tanium Appliance or virtual Tanium Appliance, you can choose to perform a partition sync to back up the active partition to the inactive partition. Alternatively, for virtual or cloud appliances, you can create a snapshot of the virtual image before you upgrade.

Though a normal upgrade does not require you to restore from a backup, the backup lets you quickly restore the appliances to a known functional state if you encounter issues during an upgrade.
To avoid issues with dropped SSH connections, you can upgrade using the physical Tanium Appliance iDRAC virtual console or the virtual serial console of your hypervisor or cloud provider.

Perform the upgrade

Select an upgrade method that is appropriate for your environment and the version from which you are upgrading, and perform the upgrade.

The upgrade process runs pre-upgrade checks before upgrading the appliance. In an array, the upgrade process runs the pre-upgrade checks on all appliances in the array before upgrading any of the appliances. If you see the message Pre-upgrade checks failed, not upgrading, fix the issue that is reported with the message before running the upgrade again.
During an upgrade, TanOS stops all Tanium services, and resumes any services after rebooting the appliance.
It is safe to restart the Tanium Appliance upgrade if it is interrupted, such as if you lose your SSH connection to the appliance. When using the Appliance Array, the upgrade checks all appliances before proceeding from where the interruption occurred. If you have problems restarting an upgrade that was interrupted, contact Tanium Support.
To troubleshoot TanOS upgrade issues, review the upgrade log from the appliance that had an issue. See View the TanOS upgrade log.

Upgrade paths

When upgrading from 1.6.4 or higher, it is strongly recommended that you have configured an Appliance Array and that you use the Appliance Array to perform TanOS upgrades. If you do not use an Array, you must upgrade each appliance individually. For instructions, see Tanium Appliance Deployment Guide (version 1.7.2): Upgrade an individual appliance from TanOS 1.5.6 or higher.

Select the upgrade path for your starting TanOS version.

Upgrade an Appliance Array from TanOS 1.7.4 or later by downloading from the TanOS manifest
Upgrade an Appliance Array from TanOS 1.6.6 or later using a token URL
Upgrade an Appliance Array from TanOS 1.6.4 or later using a downloaded RPM file

You cannot upgrade directly from a version earlier than 1.6.4. For best results if you are upgrading from an earlier version, upgrade to TanOS 1.7.2 as an intermediate step, and then perform the following upgrade procedure.

Upgrade an Appliance Array from TanOS 1.7.4 or later by downloading from the TanOS manifest

You can download the latest available version that appears in the TanOS manifest directly from Tanium.

On the primary Tanium Server, sign in to the TanOS console as a user with the tanadmin role.
Enter B to go to the Appliance Maintenance menu.
Enter 3 to go to the Upgrade TanOS menu.

At the prompt, enter Yes to upgrade all appliances in the array.

View screen

>>> Appliance Maintenance -> Upgrade TanOS <<<  

Updating Array Information

 Getting update from ts2 (10.70.197.248)
 Sending update to ts2 (10.70.197.248)
 Getting update from tms1 (10.70.197.249)
 Sending update to tms1 (10.70.197.249)

 Array Upgrade Progress Report
 =============================
     Name                      Role                      Version   
     ts1                       TaniumServer              1.7.4
     ts2                       TaniumServer              1.7.4
     tms1                      Tanium Module Server      1.7.4
	 
 This appliance is ready to perform a full-array Tanium upgrade. 
 You should choose to upgrade all appliances in the array even if some of
 them happen to already be on the desired version.


Do you want to upgrade all appliances in the array? [Yes|No]:

Enter D to download the version available from the manifest.

View screen

>>> Appliance Maintenance -> Upgrade TanOS <<<  

Updating Array Information

 Getting update from ts2 (10.70.197.248)
 Sending update to ts2 (10.70.197.248)
 Getting update from tms1 (10.70.197.249)
 Sending update to tms1 (10.70.197.249)

 Array Upgrade Progress Report
 =============================
     Name                      Role                      Version   
     ts1                       TaniumServer              1.7.4.0123
     ts2                       TaniumServer              1.7.4.0123
     tms1                      Tanium Module Server      1.7.4.0123
	 
 This appliance is ready to perform a full-array Tanium upgrade. 
 You should choose to upgrade all appliances in the array even if some of
 them happen to already be on the desired version.


Do you want to upgrade all appliances in the array? [Yes|No]: Yes
Fetching latest upgrade information from Tanium

 Select an Upgrade RPM (must be at least 1.7.4.0123)

          T: Download from Tokens
          D: Download 1.7.5.0082 from Tanium

          R: Return to previous menu  RR: Return to top

After TanOS downloads the upgrade RPM, enter the number for the downloaded file, and follow the prompts to perform the upgrade.

View screen

>>> Appliance Maintenance -> Upgrade TanOS <<<  

Updating Array Information

 Getting update from ts2 (10.70.197.248)
 Sending update to ts2 (10.70.197.248)
 Getting update from tms1 (10.70.197.249)
 Sending update to tms1 (10.70.197.249)

 Array Upgrade Progress Report
 =============================
     Name                      Role                      Version   
     ts1                       TaniumServer              1.7.4.0123
     ts2                       TaniumServer              1.7.4.0123
     tms1                      Tanium Module Server      1.7.4.0123
	 
 This appliance is ready to perform a full-array Tanium upgrade. 
 You should choose to upgrade all appliances in the array even if some of
 them happen to already be on the desired version.


Do you want to upgrade all appliances in the array? [Yes|No]: Yes
Fetching latest upgrade information from Tanium

 Select an Upgrade RPM (must be at least 1.7.4.0123)

          T: Download from Tokens
          D: Download 1.7.5.0082 from Tanium

          1: TaniumTanOS_Upgrade-1.7.5-0082.noarch.rpm                 991M
             Size:   990,636,286 SHA1: d0711017c773a05c0b9dfc0b8e33b66c0a8208df

          R: Return to previous menu  RR: Return to top

When prompted to back up the active partition to the inactive partition, enter Yes.

The TanOS Console displays the upgrade process for each appliance in the array during the upgrade.

Upgrade an Appliance Array from TanOS 1.6.6 or later using a token URL

Use the token URL for the TaniumTanOS_Upgrade-1.7.5-0082.noarch.rpm upgrade file to upgrade to TanOS 1.7.5. You can upgrade all appliances across the array from the primary Tanium Server appliance.

On the primary Tanium Server, sign in to the TanOS console as a user with the tanadmin role.
Enter B to go to the Appliance Maintenance menu.
Enter 3 to go to the Upgrade TanOS menu.

At the prompt, enter Yes to upgrade all appliances in the array.

View screen

>>> Appliance Maintenance -> Upgrade TanOS <<<  

Updating Array Information

 Getting update from ts2 (10.70.197.248)
 Sending update to ts2 (10.70.197.248)
 Getting update from tms1 (10.70.197.249)
 Sending update to tms1 (10.70.197.249)

 Array Upgrade Progress Report
 =============================
     Name                      Role                      Version   
     ts1                       TaniumServer              1.7.4
     ts2                       TaniumServer              1.7.4
     tms1                      Tanium Module Server      1.7.4
	 
 This appliance is ready to perform a full-array Tanium upgrade. 
 You should choose to upgrade all appliances in the array even if some of
 them happen to already be on the desired version.


Do you want to upgrade all appliances in the array? [Yes|No]:

Enter T to enter the URL of a token download, and follow the prompts to perform the upgrade.

View screen

>>> Appliance Maintenance -> Upgrade TanOS <<<  

Updating Array Information

 Getting update from ts2 (10.70.197.248)
 Sending update to ts2 (10.70.197.248)
 Getting update from tms1 (10.70.197.249)
 Sending update to tms1 (10.70.197.249)

 Array Upgrade Progress Report
 =============================
     Name                      Role                      Version   
     ts1                       TaniumServer              1.7.4.0123
     ts2                       TaniumServer              1.7.4.0123
     tms1                      Tanium Module Server      1.7.4.0123
	 
 This appliance is ready to perform a full-array Tanium upgrade. 
 You should choose to upgrade all appliances in the array even if some of
 them happen to already be on the desired version.


Do you want to upgrade all appliances in the array? [Yes|No]: Yes
Fetching latest upgrade information from Tanium

 Select an Upgrade RPM (must be at least 1.7.4.0123)

          T: Download from Tokens
          D: Download 1.7.5.0082 from Tanium

          R: Return to previous menu  RR: Return to top

When prompted to back up the active partition to the inactive partition, enter Yes.

The TanOS Console displays the upgrade process for each appliance in the array during the upgrade.

What to do next

Perform the following steps after you upgrade TanOS to the latest version.

Run a health check to check the status of network services and Tanium services.
Verify the installation.
If verification fails, see Troubleshooting.

Upgrade an Appliance Array from TanOS 1.6.4 or later using a downloaded RPM file

Download the TaniumTanOS_Upgrade-1.7.5-0082.noarch.rpm upgrade file and copy it to /incoming to upgrade to TanOS 1.7.5. After you upgrade the primary Tanium Server, you can upgrade all other appliances across the array from the upgraded Tanium Server.

You upgrade all appliances across the array from the primary Tanium Server appliance.

Use SFTP to copy the TanOS upgrade file to the /incoming directory on the appliance.
On the primary Tanium Server, sign in to the TanOS console as a user with the tanadmin role.
Enter B to go to the Appliance Maintenance menu.
Enter 3 to go to the Upgrade TanOS menu.

At the prompt, enter Yes to upgrade all appliances in the array.

View screen

>>> Appliance Maintenance -> Upgrade TanOS <<<  

Updating Array Information

 Getting update from ts2 (10.70.197.248)
 Sending update to ts2 (10.70.197.248)
 Getting update from tms1 (10.70.197.249)
 Sending update to tms1 (10.70.197.249)

 Array Upgrade Progress Report
 =============================
     Name                      Role                      Version   
     ts1                       TaniumServer              1.7.4
     ts2                       TaniumServer              1.7.4
     tms1                      Tanium Module Server      1.7.4
	 
 This appliance is ready to perform a full-array Tanium upgrade. 
 You should choose to upgrade all appliances in the array even if some of
 them happen to already be on the desired version.


Do you want to upgrade all appliances in the array? [Yes|No]:

Enter the line number of the RPM file to use, and follow the prompts to perform the upgrade.
When prompted to back up the active partition to the inactive partition, enter Yes.

The TanOS Console displays the upgrade process for each appliance in the array during the upgrade.

Upgrade from releases earlier than 1.6.4

You cannot upgrade directly to TanOS 1.7.5 from a version earlier than 1.6.4. For best results if you are upgrading from an earlier version, upgrade to TanOS 1.7.2 as an intermediate step. For instructions, see Tanium Appliance Deployment Guide (version 1.7.2): Upgrade TanOS.

What to do next

Perform the following steps after you upgrade TanOS to the latest version.

Run a health check to check the status of network services and Tanium services.
Verify the installation.
If verification fails, see Troubleshooting.

View the TanOS upgrade log

Enter 3 to go to the Tanium Support menu.

View screen

------------------------------------------------------

                >>> Tanium Support menu <<< 

         1: Tanium Log Files
         2: Tanium Module Log Files
         3: Database Operations
         4: Run Network Diagnostics
         5: Run Health Check
         6: Display Last Scheduled Health Check Results
         7: Appliance Hardware Report

         A: Run TSG (Tanium Support Gatherer)
         B: Run Tcpdump
         P: Performance Monitoring

         X: Advanced Support

         R: Return to previous menu  RR: Return to top

------------------------------------------------------

Enter 1 to go to the Tanium Log Files menu.

View screen

------------------------------------------------------
 
             >>> Tanium Support -> Logs <<< 

          1: TanOS Appliance
          2: Tanium Server
          3: Tanium Module Server
          5: PostgreSQL

          R: Return to previous menu  RR: Return to top

------------------------------------------------------

Enter 1 to go to the TanOS Appliance menu.

View screen

------------------------------------------------------
 
             >>> Tanium Support -> Logs -> TanOS Appliance <<< 
          
  1: TanOS Log
  2: Upgrade Log
  3: Health Log
  4: Health Failure Log
  5: Messages Log
  6: License Log
  7: TanOS Event Log
  8: TanOS Disk Re-sizing Log

  R: Return to previous menu  RR: Return to top

------------------------------------------------------

Enter 2 and then V to view the TanOS upgrade log file.

Upgrade Tanium

In the Tanium Console, the Solutions page (Administration > Confiugration > Solutions) indicates at the top-right if Tanium Core Platform servers are up-to-date or if an update is available.

Use an Appliance Array to configure a Tanium cluster and to upgrade Tanium software.
Complete the upgrade for all the servers in the same maintenance window. If you have a Tanium cluster, complete the upgrade for both Tanium Servers in the same window.

Upgrade path

Check with Tanium Support to understand the ramifications of direct upgrade and whether intermediate steps are recommended. For more information, contact Tanium Support.

Before you begin

Read the release notes for all of the Tanium Core Platform versions that were released after your current version to stay informed about expected behavior.
All servers must have the same version number (for example, 7.5.5.1140); be prepared to upgrade all Tanium servers in your environment. The maintenance window for upgrading Tanium Core Platform servers is usually under an hour.
Tanium will provide the upgrade package files.
Upgrade all appliances to TanOS 1.7.3 or later to use the following steps. See Upgrade TanOS.
Make sure the current deployment is working as expected, including all Tanium Core Platform servers and solutions.
Perform a backup of the appliance. See TanOS backup options.
If you have a Tanium cluster, complete the upgrade for all Tanium Server peers in the same window.

Upgrade the Tanium server software

To upgrade Tanium, use the following procedure to have TanOS download the Tanium Server upgrade package from download.tanium.com and upgrade all appliances within an array. You can either provide the token URL for the upgrade package during the upgrade process or manually upload the RPM package to /incoming.

Enter 1 to go to the Tanium Installation menu.

View screen

------------------------------------------------------

             >>> Tanium Installation <<< 
 
Currently installed Role: Tanium Server (All-In-One)
Currently installed Add-On: No add-ons installed

To change the role, first perform a software reset

------------------------------------------------------

         A: Install Tanium Zone Server Hub Add-On

         U: Upgrade Tanium Software

         R: Return to previous menu

------------------------------------------------------

Enter U to upgrade Tanium software.

Enter Yes to upgrade Tanium on all appliances in the array.

View screen

------------------------------------------------------

    >>> Tanium Installation -> Upgrade Software <<< 

 Use this menu to upgrade already installed Tanium Software.
 Note: Tanium Modules must be upgraded from the Web UI

 Please install a TanOS Upgrader which contains new Tanium versions.

 Currently installed Tanium software:

 TaniumServer                   7.5.5.1140
 Note: Upgrading a TaniumServer requires packages of the same version for all
 three platform variants: TaniumServer, TaniumModuleServer, TaniumZoneServer
 Updating Array Information
 Getting update from ts1 (10.70.197.248)
 Sending update to ts1 (10.70.197.248)
 Getting update from ts1 (10.70.197.249)
 Sending update to ts1 (10.70.197.249)

 Array Upgrade Progress Report
 =============================
     Name                      Role                      Version   
     ts1                       TaniumServer              1.7.4
     ts2                       TaniumServer              1.7.4
	 
 This appliance is ready to perform a full-array Tanium upgrade. 
 You should choose to upgrade all appliances in the array even if some of 
 them happen to already be on the desired version.

 Do you want to upgrade Tanium on all appliances in the array? [Yes|No]: yes

Available Upgrades:

          T: Download from Tanium

          R: Return, do not upgrade

 Please select:

If you have uploaded the RPM file to /incoming, enter the line number of the upgrade package. Otherwise, enter T and paste the upgrade token URL provided by Tanium.

What to do next

After you upgrade Tanium software, perform the steps listed in Verifying the installation to make sure the deployment works as expected. If verification fails, see Troubleshooting.