Skip to content

How to migrate to this Helm chart

Migrating to this Helm managed OpenCTI instance will essentially require you to start a new OpenCTI instance (from this Helm chart) and migrating your Opensearch / Elasticsearch and MinIO / S3 data to it.

Preparing the migration

Ensure that the components versions between your two instances are the same (OpenCTI, backends, databases). This will avoid any compatibility issues between these various tools.

Ensure that your new Opensearch / Elasticsearch cluster and MinIO / S3 bucket have enough capacity.

Please also note that it is currently not possible to migrate between Opensearch and Elasticsearch.

Migrate

First of all, ensure that all OpenCTI components are stopped (OpenCTI front, ingesters, workers and connectors) on both instances. We recommands to stop the connectors first and let the workers finish processing RabbitMQ queues so that those are completely empty.

This is to ensure that there are no write or delete actions performed on both instances and thus ensure the consistency of the data during the whole migration.

Migrating MinIO / S3

Info

We recommand using the MinIO client for this step: see MinIO Client documentation.

On a server that has access to both the source and destination MinIO service and buckets:

  • Create aliases for both the source and destination MinIO service

    mc alias set minio-src minio_endpoint minio_access_key minio_secret_key

    mc alias set minio-dst http://storage-hl:9000 minio_access_key minio_secret_key

    For more information, see the MinIO documentation about aliases.

    Info

    You can find the destination MinIO credentials in the Kubernetes secret minio-credentials where you deployed OpenCTI.

  • Synchronize the data between the source and the destination bucket

    mc mirror --overwrite --remove --retry minio-src/your_bucket minio-dst/opencti

    For more information, see the MinIO documentation about mirroring buckets.

Migrating Elasticsearch / Opensearch

Info

For the following steps, a link to the official documentation is provided to ensure that the procedure is up to date with your current Elasticsearch / Opensearch version.

On your source database:

  • Configure a snapshot repository (if not already)

    You can choose where your snapshot will be stored (on a cloud provider or locally). The location choice is up to you, note only that the snapshot must be accessible also from your destination database in order to perform the snapshot restoration.

    Documentation:

  • Perform a snapshot and monitor it until its completion

    PUT _snapshot/my_repository/my_snapshot?wait_for_completion=true

    Please, follow the official documentation:

On your destination database:

  • Ensure that the snapshot repository of your source database is accessible

  • Close all OpenCTI indices

    POST /opencti*/_close

    Please, always double check with the official documentation:

  • Delete all OpenCTI indices

    DELETE /opencti*

    Please, always double check with the official documentation:

  • Delete all OpenCTI data streams

    DELETE _data_stream/opencti*

    Please, always double check with the official documentation:

  • Restore the snapshot

    POST _snapshot/my_repository/my_snapshot/_restore?wait_for_completion=true

    Please, always double check with the official documentation:

Once the snapshot restoration is complete, you can start the OpenCTI components (OpenCTI front, ingesters, workers and connectors).