Diskover Upgrade Guide — RHEL (v2.5.x+)

Upgrade Path: Diskover ≤2.2.x → v2.5.x+
Deployment Method: Manual RPM
Platform: RHEL / Rocky Linux / AlmaLinux 8.x or 9.x

Overview

This guide walks you through upgrading an existing Diskover ≤2.2.x deployment to version 2.5.x or later on RHEL-based Linux systems (Rocky Linux, AlmaLinux, RHEL 8.x / 9.x) using manual RPM packages.

By the end of this guide, your environment will be running the latest Diskover platform — including Diskover Web, Diskover Admin, Diskoverd (task workers), Celery, and all licensed scanners, plugins, and file actions — with your existing configuration and data preserved.

What this guide covers:

Pre-upgrade checks and backups
Upgrading Elasticsearch, PHP, Diskover Web, Diskover Admin, Diskoverd, Celery, and RabbitMQ via RPM packages
Migrating flat-file configurations into Diskover Admin
Post-upgrade verification and service startup
Rollback procedures

What this guide does NOT cover:

Fresh installations (see the Full Stack Deployment Guide)
Ansible-based upgrades (see the Ansible Upgrade Guide)
Ubuntu/Debian upgrades (a separate guide is available)
Windows or macOS worker upgrades (see the respective platform guides)

Architecture & Topology

Before upgrading, it helps to understand which components live on which hosts. A typical Diskover deployment has these host groups:

Host Group	Components	systemd Services
web	Diskover Web UI, Diskover Admin, Nginx, PHP-FPM, Kibana (optional), Diskover MCP	`nginx`, `php-fpm`, `diskover-admin`, `kibana`
worker	Diskoverd scanner daemon, Celery task queue	`diskoverd`, `celery`
elasticsearch	Elasticsearch cluster (one or more nodes)	`elasticsearch`
rabbitmq	RabbitMQ message broker	`rabbitmq-server`

In single-host deployments, all four groups run on the same machine. In multi-host deployments, each group may run on dedicated hosts.

The upgrade touches all host groups. You will work through each group in the order specified in this guide.

Pre-Upgrade Checklist

Complete every item before starting the upgrade. Skipping a step here is the most common cause of upgrade issues.

Current Diskover version verified — In Diskover Web, click the Gear Icon → Settings → Diskover Version
All running scans completed or paused — Do not upgrade while an active scan is in progress. Check the Task Panel in Diskover Admin
Maintenance window scheduled — Diskover services will be stopped during the upgrade. Coordinate with stakeholders who rely on the Web UI
Release notes reviewed — Check the release notes for your target version at https://support.diskoverdata.com/hc/en-us/categories/40908236805659-Diskover-Release-Notes-User-Guide for any breaking changes or new requirements
JFrog credentials confirmed — Verify your JFrog Artifactory username and token are still valid. If you don't have credentials, contact the Diskover team
Elasticsearch cluster health is green or yellow — Run: curl -s http://localhost:9200/_cluster/health and verify "status" is not "red"

Prerequisites

Before upgrading, your environment must meet these minimum requirements:

Requirement	Detail
OS	RHEL / Rocky Linux / AlmaLinux 8.x or 9.x. CentOS/RHEL 7.x is not supported (EOL).
Elasticsearch	8.x required. If you are still on 7.x, upgrade Elasticsearch first (see the Elasticsearch Upgrade section below).
PHP	8.x+ required on the web host. The upgrade process covers PHP installation if needed.
Python	3.11+ (installed during worker and admin setup).
Internet access	Required to reach JFrog Artifactory for RPM packages.
Root / sudo access	All commands in this guide must be run as `root` or with `sudo`.

Credentials

Credential	Purpose	How to Obtain
JFrog Artifactory username & token	Download Diskover RPM packages	Provided by Diskover Data. Contact support if you need new credentials.

Backup Procedures

Backups are your safety net. Even if you're confident, take them — they make rollbacks painless.

On the web host:

# Back up Diskover Web
mv /var/www/diskover-web/ /var/www/diskover-web-$(date +%Y%m%d)/

# Back up Nginx configuration
cp /etc/nginx/conf.d/diskover-web.conf /etc/nginx/conf.d/diskover-web.conf.$(date +%Y%m%d)

# Back up the Diskover core directory (only if the web host also runs as a worker)
mv /opt/diskover/ /opt/diskover-$(date +%Y%m%d)/

On each worker host:

# Back up Diskover core
mv /opt/diskover/ /opt/diskover-$(date +%Y%m%d)/

Elasticsearch Snapshot (Recommended for Major Upgrades)

If you are upgrading Elasticsearch versions (e.g., 7.x → 8.x) as part of this process, create an Elasticsearch snapshot first. This protects your indexed data in case the ES upgrade encounters issues.

Refer to the Elastic documentation for snapshot procedures:
https://www.elastic.co/guide/en/elasticsearch/reference/current/snapshot-restore.html

Upgrade Order

When upgrading manually, follow this order to avoid dependency issues:

Elasticsearch (if upgrading ES version)
Python3 (all hosts)
PHP (if upgrading from a version older than 8.x)
Diskover Web & Diskover Admin (web host)
Task Workers / Diskoverd (worker hosts)
RabbitMQ (if not already installed or needs upgrade)
Celery (worker hosts)

Important: All commands below should be run as root or with sudo.

Step 1: Elasticsearch Upgrade (If Needed)

Your system must be running Elasticsearch 8.x. If you are already on 8.x, skip this step.

If upgrading from Elasticsearch 7.x, be aware that indexes created in 7.x may not be compatible with 8.x, which means all storage may need to be re-scanned after the upgrade. Use the Elastic Upgrade Assistant to identify any settings or indices that could prevent you from successfully upgrading your cluster.

Resources:

Upgrade Assistant: https://www.elastic.co/docs/deploy-manage/upgrade/prepare-to-upgrade/upgrade-assistant
General ES Upgrade: https://www.elastic.co/guide/en/elasticsearch/reference/current/setup-upgrade.html
ES 7.x → 8.x Upgrade: https://www.elastic.co/guide/en/elastic-stack/8.14/upgrading-elastic-stack.html

License impact: If you upgrade Elasticsearch, your cluster ID will change. This invalidates your existing Diskover licenses (both Web and Worker). Once you complete the upgrade, new licenses will need to be requested.

Step 2: Python 3.11 and Virtual Environment

Prior to conducting this upgrade we must ensure that both the Diskover-Web host and all of our Task Worker / Indexer hosts have Python 3.11+ installed. Repeat these steps on every host that runs Diskover Admin or Diskoverd workers.

2a. Install Python 3.11

dnf -y install python3.11 python3.11-devel gcc

2b. Create a Dedicated Python Virtual Environment

python3.11 -m venv /opt/python-venv-diskover

2c. Add the Virtual Environment to the System PATH

This makes Python commands available from any shell session without needing to source the virtual environment:

cat > /etc/profile.d/diskover-venv.sh << 'EOF'
# Add Diskover venv to PATH for CLI usage
export PATH="/opt/python-venv-diskover/bin:$PATH"
EOF

Load the new PATH into your current session:

source /etc/profile.d/diskover-venv.sh

2d. Verify

which python3
# Expected: /opt/python-venv-diskover/bin/python3

python3 -V
# Expected: Python 3.11.x

Step 3: PHP Upgrade (If Needed)

You must be running PHP 8.x+ for Diskover v2.5.x. If you are already running PHP 8.x+, skip this step. Below are steps that will walk you through how to update your PHP version to 8.4.

3a. Enable the EPEL and Remi Repositories

RHEL 8:

dnf -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm

RHEL 9:

dnf -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm

3b. Install PHP 8.4 Packages

dnf -y install php84 php84-php-common php84-php-fpm php84-php-opcache php84-php-cli \
  php84-php-gd php84-php-mysqlnd php84-php-ldap php84-php-pecl-zip php84-php-xml \
  php84-php-mbstring php84-php-json php84-php-sqlite3

3c. The php.ini File

Find the php.ini-production file: find / -mount -name php.ini-production. Example: /opt/remi/php84/root/usr/share/doc/php84-php-common/php.ini-production
Find the php.ini file: find / -mount -name php.ini. Example: /etc/opt/remi/php84/php.ini
Now copy php.ini-production INTO php.ini (it's okay to overwrite it): cp PHP.INI-PRODUCTION-PATH PHP.INI-PATH. Example: cp /opt/remi/php84/root/usr/share/doc/php84-php-common/php.ini-production /etc/opt/remi/php84/php.ini. This command may differ depending on your PHP8 install directory. To find your PHP8 install directory: php -i | grep 'Configuration File'

3d. Edit Your php-fpm Config File

vi /etc/opt/remi/php84/php-fpm.d/www.conf. This command may differ depending on your PHP8 install directory.
Please ensure the following properties are set / changed / uncommented:

user = nginx
group = nginx
listen = /var/opt/remi/php84/run/php-fpm/www.sock  (take note of this .sock location, you will need it later)
listen.owner = nginx
listen.group = nginx
;listen.acl_users = apache                          (ensure this is commented out with the ;)

3e. Set the PHP Directory Ownership

chown -R root:nginx /var/opt/remi/php84/lib/php (this command may differ depending on your PHP8 install directory)
mkdir /var/run/php-fpm
chown -R nginx:nginx /var/run/php-fpm

3f. Create the PHP-FPM Service File

vi /etc/systemd/system/php-fpm.service

[Unit]
Description=PHP FastCGI process manager
After=local-fs.target network.target nginx.service

[Service]
PIDFile=/opt/php/php-fpm.pid
ExecStart=/opt/remi/php84/root/usr/sbin/php-fpm --fpm-config /etc/opt/remi/php84/php-fpm.conf --nodaemonize
Type=simple

[Install]
WantedBy=multi-user.target

3g. Set Permissions, Enable and Start the Service

chmod 644 /etc/systemd/system/php-fpm.service
systemctl daemon-reload
systemctl enable php-fpm --now

Check its status to ensure it's come online before continuing: systemctl status php-fpm

Step 4: Diskover Web & Diskover Admin (Web Host)

Diskover Admin is a new service to the 2.3+ branch of Diskover. This service should ALWAYS be installed on the Diskover-Web host(s).

4a. Stop Services and Back Up Existing Directories

systemctl stop nginx php-fpm

# Move existing directories to date-stamped backups
mv /var/www/diskover-web/ /var/www/diskover-web-$(date +%Y%m%d)/

# Back up the Nginx config
cp /etc/nginx/conf.d/diskover-web.conf /etc/nginx/conf.d/diskover-web.conf.$(date +%Y%m%d)

# If this host also runs as a worker, back up the Diskover core directory
mv /opt/diskover/ /opt/diskover-$(date +%Y%m%d)/

Note: Remember the date-stamped directory names — you will need them when migrating configuration and data in step 4d, and for rollback if needed. Run date +%Y%m%d to confirm today's date string (e.g., 20260406).

4b. Configure the JFrog Repository

If you don't already have a Diskover repo file, create /etc/yum.repos.d/diskover.repo. If you need a JFrog User & Token, please get in contact with the Diskover team so we can issue you one. This is what your repo file should look like:

[diskover]
name=Diskover repository
baseurl=https://your-jfrog-username:your-jfrog-token@artifactory.com/artifactory/diskover-repo/
enabled=1
gpgcheck=0

4c. Install the Upgraded Packages

dnf install diskover-web diskover-admin diskoverd \
  diskover-plugin* diskover-scanner* diskover-file-action*

This installs Diskover Web, Diskover Admin, the Diskoverd task worker, and all available scanners, plugins, and file actions from your repository.

4d. Migrate Configuration and Data

You should now have the new version installed along with all of the accompanying Diskover features. Let's focus on moving the tasks, smart searches, etc. all back into place. Replace YYYYMMDD with the date string from your backup (e.g., 20260406):

Smart Searches / Reports / Cost Analysis / Custom Tags:

rsync -av /var/www/diskover-web-YYYYMMDD/public/*txt /var/www/diskover-web/public/
chown nginx:nginx /var/www/diskover-web/public/tasks/*txt

Workers / Tasks / Templates / Task History:

rsync -av /var/www/diskover-web-YYYYMMDD/public/tasks/*.json /var/www/diskover-web/public/tasks/
chown nginx:nginx /var/www/diskover-web/public/tasks/*json

Constants.php: This will migrate all of the Diskover Web UI settings into the new Diskover Admin UI. If there were any changes to the ES Host or Diskover sub-systems during the upgrade, make sure this file is updated to reflect those changes.
```
cp /var/www/diskover-web-YYYYMMDD/src/diskover/Constants.php /var/www/diskover-web/src/diskover/
chown nginx:nginx /var/www/diskover-web/src/diskover/Constants.php
```

SQLite DB file:

cp /var/www/diskover-web-YYYYMMDD/diskoverdb.sqlite3 /var/www/diskover-web/diskoverdb.sqlite3
chown nginx:nginx /var/www/diskover-web/diskoverdb.sqlite3

4e. Install Diskover Admin Python Dependencies

Ensure your Python PIP packages for Diskover Admin have all been installed:

cd /var/www/diskover-admin/etc/
pip3 install -r requirements.txt

4f. Update the Nginx Configuration

Edit the /etc/nginx/conf.d/diskover-web.conf to have the new changes. This is what your conf file should look like now:

server {
    listen   8000;
    server_name  diskover-web;
    root   /var/www/diskover-web/public;
    index  index.php index.html index.htm;
    error_log  /var/log/nginx/error.log;
    access_log /var/log/nginx/access.log;

    location / {
        try_files $uri $uri/ /index.php?$args =404;
    }

    location ~ \.php(/|$) {
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        set $path_info $fastcgi_path_info;
        fastcgi_param PATH_INFO $path_info;
        try_files $fastcgi_script_name =404;
        fastcgi_pass unix:/var/opt/remi/php84/run/php-fpm/www.sock;
        fastcgi_index index.php;
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        include fastcgi_params;
        fastcgi_read_timeout 900;
        fastcgi_buffers 16 16k;
        fastcgi_buffer_size 32k;
    }

    location /diskover_admin {
        proxy_set_header Host $http_host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_pass http://unix:/var/www/diskover-admin/run/diskover-admin.sock;
    }
}

Change the PHP sock file location FROM fastcgi_pass unix:/var/run/php-fpm/www.sock; TO fastcgi_pass unix:/var/opt/remi/php84/run/php-fpm/www.sock. The new sock file location may differ, so please be sure to check the listen location inside /etc/opt/remi/php84/php-fpm.d/www.conf.

4g. Start Diskover Admin

Start your Diskover Admin service:

sudo systemctl enable diskover-admin --now

Issue a sudo systemctl status diskover-admin to see if it is online. If it is online, you'll see:

uvicorn.error - INFO - Application startup complete.

If it has not come back online, issue a journalctl -n 100 -u diskover-admin to see the startup logs. Be sure to include this in your support ticket to the Diskover team.

4h. Verify the Web UI

Start Nginx and PHP-FPM:

systemctl start nginx php-fpm

Access the Diskover Web UI login page. You should now see the new version listed! Please clear your cache to see the new blue & white Diskover logo! You may need to do the same thing when you log into Diskover as well.

Note that if you chose to upgrade your Elasticsearch version during this process, your licenses for Diskover-Web will no longer be valid as your Elasticsearch cluster ID has been modified as part of the Elasticsearch upgrade process. Once you complete the Task Workers / Indexers section of this upgrade, new licenses will need to be made!

If you have any issues with this Diskover-Admin configuration please ensure to review your log files!

Diskover-Admin: tail -fn 100 /var/log/diskover/diskover-admin.log

Step 5: Task Workers (Worker Hosts)

Repeat these steps on each worker host in your environment.

5a. Stop Services and Create Backups

systemctl stop diskoverd
mv /opt/diskover/ /opt/diskover-$(date +%Y%m%d)/

5b. Configure the JFrog Repository

If this worker host does not already have the repo file, create /etc/yum.repos.d/diskover.repo using the same format shown in Step 4b above.

5c. Install the Upgraded Packages

On worker-only hosts, you do not need to install diskover-admin or diskover-web:

dnf install diskoverd diskover-plugin* diskover-scanner* diskover-file-action*

5d. Install Python Dependencies

Ensure your Python PIP packages have all been installed:

cd /opt/diskover
pip3 install -r requirements.txt

5e. Import Configurations into Diskover Admin

Let's import our Diskover Task Worker configurations from flat files into the Diskover Admin UI.

Default configs — /root/.config/diskover/config.yaml:

python3 /opt/diskover/diskover.py --importconfig

If ran correctly, you should see: Importing Diskover configuration from /root/.config/diskover/config.yaml to Diskover.Configurations.Default and the configs you had set in the flat file are now present inside Diskover Admin → Diskover → Configurations → Default.

Alternate configs — /root/.config/diskover_altconfig1 (or a different name depending on the use case). This is not to be confused with any plugin like /root/.config/diskover_costs:

# Run the following to create a shell variable:
export DISKOVERDIR=/root/.config/diskover_altconfig1/   # the path listed needs to be the directory that holds the config.yaml
python3 /opt/diskover/diskover.py --importconfig -c NAME_OF_CONFIG_TO_BE_DISPLAYED_IN_DISKOVER_ADMIN

Full real-world example:

export DISKOVERDIR=/root/.config/diskover_no_plugins_enabled/
python3 /opt/diskover/diskover.py --importconfig -c No_plugins_enabled

If ran correctly, you should see Importing Diskover configuration from /root/.config/diskover_no_plugins_enabled/config.yaml to Diskover.Configurations.No_plugins_enabled and the configs you had set in the flat file are now present inside Diskover Admin → Diskover → Configurations → No_plugins_enabled.

Do not start Diskoverd yet — wait until the Diskover Admin configuration is verified (see Step 8 below).

Note that if you chose to upgrade your Elasticsearch version during this process, your licenses for Diskoverd will no longer be valid as your Elasticsearch cluster ID has been modified as part of the Elasticsearch upgrade process. Now that you've completed the Task Worker section of this upgrade, new licenses will need to be made!

Step 6: RabbitMQ (If Not Already Installed)

RabbitMQ is the message broker that connects Celery workers across all worker nodes. We recommend installing it on a dedicated host, though it can share a host with other components in smaller deployments.

6a. Import RabbitMQ Signing Keys

# Primary RabbitMQ signing key
rpm --import 'https://github.com/rabbitmq/signing-keys/releases/download/3.0/rabbitmq-release-signing-key.asc'

# Modern Erlang repository key
rpm --import 'https://github.com/rabbitmq/signing-keys/releases/download/3.0/cloudsmith.rabbitmq-erlang.E495BB49CC4BBE5B.key'

# RabbitMQ server repository key
rpm --import 'https://github.com/rabbitmq/signing-keys/releases/download/3.0/cloudsmith.rabbitmq-server.9F4587F226208342.key'

6b. Configure Repositories

Create the RabbitMQ repository file:

vi /etc/yum.repos.d/rabbitmq.repo

RHEL/Rocky 8 — add the following:

##
## Zero dependency Erlang RPM
##
[modern-erlang]
name=modern-erlang-el8
baseurl=https://yum1.rabbitmq.com/erlang/el/8/$basearch
        https://yum2.rabbitmq.com/erlang/el/8/$basearch
repo_gpgcheck=1
enabled=1
gpgkey=https://github.com/rabbitmq/signing-keys/releases/download/3.0/cloudsmith.rabbitmq-erlang.E495BB49CC4BBE5B.key
gpgcheck=1
sslverify=1
sslcacert=/etc/pki/tls/certs/ca-bundle.crt
metadata_expire=300
pkg_gpgcheck=1
autorefresh=1
type=rpm-md

[modern-erlang-noarch]
name=modern-erlang-el8-noarch
baseurl=https://yum1.rabbitmq.com/erlang/el/8/noarch
        https://yum2.rabbitmq.com/erlang/el/8/noarch
repo_gpgcheck=1
enabled=1
gpgkey=https://github.com/rabbitmq/signing-keys/releases/download/3.0/cloudsmith.rabbitmq-erlang.E495BB49CC4BBE5B.key
       https://github.com/rabbitmq/signing-keys/releases/download/3.0/rabbitmq-release-signing-key.asc
gpgcheck=1
sslverify=1
sslcacert=/etc/pki/tls/certs/ca-bundle.crt
metadata_expire=300
pkg_gpgcheck=1
autorefresh=1
type=rpm-md

##
## RabbitMQ Server
##
[rabbitmq-el8]
name=rabbitmq-el8
baseurl=https://yum2.rabbitmq.com/rabbitmq/el/8/$basearch
        https://yum1.rabbitmq.com/rabbitmq/el/8/$basearch
repo_gpgcheck=1
enabled=1
gpgkey=https://github.com/rabbitmq/signing-keys/releases/download/3.0/cloudsmith.rabbitmq-server.9F4587F226208342.key
       https://github.com/rabbitmq/signing-keys/releases/download/3.0/rabbitmq-release-signing-key.asc
gpgcheck=1
sslverify=1
sslcacert=/etc/pki/tls/certs/ca-bundle.crt
metadata_expire=300
pkg_gpgcheck=1
autorefresh=1
type=rpm-md

[rabbitmq-el8-noarch]
name=rabbitmq-el8-noarch
baseurl=https://yum2.rabbitmq.com/rabbitmq/el/8/noarch
        https://yum1.rabbitmq.com/rabbitmq/el/8/noarch
repo_gpgcheck=1
enabled=1
gpgkey=https://github.com/rabbitmq/signing-keys/releases/download/3.0/cloudsmith.rabbitmq-server.9F4587F226208342.key
       https://github.com/rabbitmq/signing-keys/releases/download/3.0/rabbitmq-release-signing-key.asc
gpgcheck=1
sslverify=1
sslcacert=/etc/pki/tls/certs/ca-bundle.crt
metadata_expire=300
pkg_gpgcheck=1
autorefresh=1
type=rpm-md

RHEL/Rocky 9 (and 10) — add the following instead:

##
## Zero dependency Erlang RPM
##
[modern-erlang]
name=modern-erlang-el9
baseurl=https://yum1.rabbitmq.com/erlang/el/9/$basearch
        https://yum2.rabbitmq.com/erlang/el/9/$basearch
repo_gpgcheck=1
enabled=1
gpgkey=https://github.com/rabbitmq/signing-keys/releases/download/3.0/cloudsmith.rabbitmq-erlang.E495BB49CC4BBE5B.key
gpgcheck=1
sslverify=1
sslcacert=/etc/pki/tls/certs/ca-bundle.crt
metadata_expire=300
pkg_gpgcheck=1
autorefresh=1
type=rpm-md

[modern-erlang-noarch]
name=modern-erlang-el9-noarch
baseurl=https://yum1.rabbitmq.com/erlang/el/9/noarch
        https://yum2.rabbitmq.com/erlang/el/9/noarch
repo_gpgcheck=1
enabled=1
gpgkey=https://github.com/rabbitmq/signing-keys/releases/download/3.0/cloudsmith.rabbitmq-erlang.E495BB49CC4BBE5B.key
       https://github.com/rabbitmq/signing-keys/releases/download/3.0/rabbitmq-release-signing-key.asc
gpgcheck=1
sslverify=1
sslcacert=/etc/pki/tls/certs/ca-bundle.crt
metadata_expire=300
pkg_gpgcheck=1
autorefresh=1
type=rpm-md

##
## RabbitMQ Server
##
[rabbitmq-el9]
name=rabbitmq-el9
baseurl=https://yum2.rabbitmq.com/rabbitmq/el/9/$basearch
        https://yum1.rabbitmq.com/rabbitmq/el/9/$basearch
repo_gpgcheck=1
enabled=1
gpgkey=https://github.com/rabbitmq/signing-keys/releases/download/3.0/cloudsmith.rabbitmq-server.9F4587F226208342.key
       https://github.com/rabbitmq/signing-keys/releases/download/3.0/rabbitmq-release-signing-key.asc
gpgcheck=1
sslverify=1
sslcacert=/etc/pki/tls/certs/ca-bundle.crt
metadata_expire=300
pkg_gpgcheck=1
autorefresh=1
type=rpm-md

[rabbitmq-el9-noarch]
name=rabbitmq-el9-noarch
baseurl=https://yum2.rabbitmq.com/rabbitmq/el/9/noarch
        https://yum1.rabbitmq.com/rabbitmq/el/9/noarch
repo_gpgcheck=1
enabled=1
gpgkey=https://github.com/rabbitmq/signing-keys/releases/download/3.0/cloudsmith.rabbitmq-server.9F4587F226208342.key
       https://github.com/rabbitmq/signing-keys/releases/download/3.0/rabbitmq-release-signing-key.asc
gpgcheck=1
sslverify=1
sslcacert=/etc/pki/tls/certs/ca-bundle.crt
metadata_expire=300
pkg_gpgcheck=1
autorefresh=1
type=rpm-md

6c. Install RabbitMQ and Erlang

dnf -y install rabbitmq-server erlang

6d. Start and Enable the Service

systemctl start rabbitmq-server
systemctl status rabbitmq-server
systemctl enable rabbitmq-server

6e. Configure RabbitMQ for Diskover

Enable the management plugin (provides a web-based management UI) and set up a dedicated user for Diskover:

# Enable the management UI plugin
rabbitmq-plugins enable rabbitmq_management

# Secure the default guest account (this password is not used by Diskover)
rabbitmqctl change_password guest your-guest-password

# Create a dedicated Diskover user (choose your own username and password)
rabbitmqctl add_user diskover your-rabbitmq-password

# Grant administrator privileges
rabbitmqctl set_user_tags diskover administrator

# Set permissions
rabbitmqctl set_permissions -p / diskover ".*" ".*" ".*"

# Restart to apply changes
systemctl restart rabbitmq-server
systemctl status rabbitmq-server

6f. Verify RabbitMQ

The RabbitMQ Management UI should now be accessible at:

http://your-rabbitmq-host:15672/

Step 7: Celery (Worker Hosts)

Celery should be installed on all Worker nodes. Here are some instructions for configuring Celery for a Diskover Worker!

Install the Celery service via PIP: pip3 install celery
- Ensure you can find the binary with the which command: which celery — Should return with /opt/python-venv-diskover/bin/celery
Copy in the default Celery config file: cp /opt/diskover/diskover_celery/etc/celery.conf /etc/
Create the systemd service file: cp /opt/diskover/diskover_celery/etc/celery.service /etc/systemd/system/
Create the Celery log & run directories:
1. mkdir /var/log/celery; chmod 777 /var/log/celery
2. mkdir /var/run/celery; chmod 777 /var/run/celery
Set the permissions and enable the service:
1. chmod 644 /etc/systemd/system/celery.service
2. systemctl daemon-reload
3. systemctl enable celery
Let's not start the service yet as we need to enter in the RabbitMQ host inside Diskover Admin when we configure the Diskover settings via the config Wizard.

Your Celery worker is now all configured! We will use this component with the Diskover File Actions. However, we will not start it until the Diskover Admin configs have been configured. This is because we set the RabbitMQ host in the Diskover Admin Wizard configuration. If Celery does not know the RabbitMQ host it needs to connect to, the service will not start properly.

Celery Documentation Base: https://docs.celeryq.dev/en/stable/getting-started/first-steps-with-celery.html

Step 8: Diskover Admin Configuration

Configuring settings for the first time

Diskover Admin endpoint:

If you've not configured these settings for the first time, it will automatically route you to the first page of the config wizard. You should see Elasticsearch Connection Configuration for Diskover-Web if you're in the correct place. If not, please click System → Meta → Wizard → Setup.

Since we're upgrading from an older version of Diskover, the vast majority of the settings for Elasticsearch should be migrated over from the /var/www/diskover-web/src/diskover/Constants.php file. Please verify they're all correct and change any values as needed.

Elasticsearch connection settings for Diskover Web:
1. You will need to input the IP / AWS / Elastic Cloud endpoint where Elasticsearch is running. If you have a clustered ES setup, click Add item to enter your other IPs / endpoints
2. Keep the port at 9200 unless your cluster runs on another port. If running AWS OpenSearch, 443 will be the port.
3. Enable HTTPS if you have your Elasticsearch secure. Otherwise, keep it unchecked for HTTP
  - If HTTPS, enter your Elastic user & pass
  - Enter the path to the Elasticsearch http_ca.crt that's on your Web host inside the CA Certificates Path
4. It's best to click Test to see if Diskover can connect to your Elasticsearch system. The page will refresh and output the health of your cluster, number of shards, nodes, etc. If this returns successfully, you're clear to hit Save & Continue
The next step will ask you if you'd like to copy the settings from Diskover Web to the settings for your Diskover Ingesters (Task Workers). You can select Yes to make the setup easier. Be sure to review them!
License request:
1. If you're upgrading from Diskover v2.2.x or lower, you can copy the contents of the flat file that's on the Diskover Web & Diskover Worker hosts into their respective boxes in the UI
  - Web: /var/www/diskover-web/src/diskover/diskover-web.lic
  - Worker: /opt/diskover/diskover.lic
2. If this is a brand new install, you can choose the Request License button. Please click it and fill out the required fields:
  1. Email address
  2. Elasticsearch Node count
  3. Comments — Your name/company will suffice
  4. Hit Send Request. This will get sent to the Diskover team. We will reach back out with your licenses to enter in the Diskover Admin page
Time Zone for Indices:
1. This is the time / timezone that will be shown for your users in the Indices page. If you choose to enable this functionality for files & directories, this will be the time listed inside the Search page in Diskover
Message Queue Configuration:
1. Diskover supports RabbitMQ and AmazonMQ. Please change the username & password to the actual users that were set up during the installation of the RabbitMQ service, or in AmazonMQ
2. Host will be either the IP of RabbitMQ, or the AmazonMQ endpoint
3. The Test button will see if Diskover Web can communicate with this service. If you see a Connection Successful, you can proceed
API Configuration:
1. Please change the API Host & Port to the IP / hostname of your Diskover Web. If HTTP, the port will be 8000. If HTTPS, the port will be 443

You're finished when you reach Basic setup is complete! Now that you have the Diskover Admin service set up, you need to click the Home button at the top of the page to take you back home so you can navigate to the "Task Panel" and create tasks for your index.

Step 9: Post-Upgrade — Start Services

Now that you have your Diskover system upgraded and the Diskover Admin configured, you should perform the following.

Start Celery Service

Enable and start the service:
1. systemctl enable celery --now
2. systemctl status celery
  - If for some reason the celery service will not start, check the Celery logs at /var/log/celery/. This should give you an indication as to why the service will not start. If it's not very clear why, or if you're having troubles in general, please get in contact with the Diskover Support team so we can assist getting the service started. Please be sure to include the /var/log/celery/ logs when you submit the ticket.

Start Diskoverd Service

Enable and start the service:
1. systemctl enable diskoverd --now
2. systemctl status diskoverd
  - If for some reason the diskoverd service will not start, check the journalctl startup logs with journalctl -u diskoverd. This should give you an indication as to why the service will not start. If it's not very clear why, or if you're having troubles in general, please get in contact with the Diskover Support team so we can assist getting the service started. Please be sure to include the journalctl logs when you submit the ticket.

Verify Workers in the Web UI

Navigate to Diskover Admin → Task Panel → Workers tab. Your worker(s) should appear as online.

Post-Upgrade Verification

Run through this checklist to confirm the upgrade was successful:

Check	How to Verify	Expected Result
Diskover version	Gear Icon → Settings → Diskover Version	Shows target version
Elasticsearch health	`curl -s http://localhost:9200/_cluster/health`	`"status": "green"` or `"yellow"`
RabbitMQ status	`rabbitmqctl status`	Running, listeners on port 5672
Diskover Web UI	Navigate to `http://your-web-host-ip:8000`	Login page loads with new version
Diskover Admin	Navigate to `http://your-web-host-ip:8000/diskover_admin/`	Admin dashboard loads
Diskoverd service	`systemctl status diskoverd`	`active (running)`
Celery service	`systemctl status celery`	`active (running)`
Worker registration	Diskover Admin → Task Panel → Workers	Worker(s) listed as online
Test scan	Create and run a small test scan	Completes without errors
File actions	Test a file action (e.g., LiveView)	Executes successfully

Rollback Procedures

If the upgrade causes critical issues, you can roll back to the previous version.

When to Rollback

Critical functionality (Web UI, scanning, file actions) is broken after upgrade
Services fail to start and troubleshooting does not resolve the issue
Data corruption is detected in Elasticsearch indices

Rollback Steps

Stop all Diskover services:

systemctl stop diskoverd celery nginx php-fpm diskover-admin

Restore the backed-up directories.

Replace YYYYMMDD with the date string from your backup:

On the web host:

mv /var/www/diskover-web/ /var/www/diskover-web-failed/
mv /var/www/diskover-web-YYYYMMDD/ /var/www/diskover-web/
cp /etc/nginx/conf.d/diskover-web.conf.YYYYMMDD /etc/nginx/conf.d/diskover-web.conf

On worker hosts:

mv /opt/diskover/ /opt/diskover-failed/
mv /opt/diskover-YYYYMMDD/ /opt/diskover/

Start services:

systemctl start nginx php-fpm diskover-admin diskoverd celery

Verify the rollback by checking the version in the Gear Icon → Settings → Diskover Version and confirming all services are running.

Service Management Reference

Service	systemd Unit	Host Group	Start	Status	Logs
Elasticsearch	`elasticsearch`	elasticsearch	`systemctl start elasticsearch`	`systemctl status elasticsearch`	`/var/log/elasticsearch/`
Diskoverd	`diskoverd`	worker	`systemctl start diskoverd`	`systemctl status diskoverd`	`journalctl -fu diskoverd`
Celery	`celery`	worker	`systemctl start celery`	`systemctl status celery`	`/var/log/celery/`
RabbitMQ	`rabbitmq-server`	rabbitmq	`systemctl start rabbitmq-server`	`systemctl status rabbitmq-server`	`/var/log/rabbitmq/`, `journalctl -fu rabbitmq-server`
Nginx	`nginx`	web	`systemctl start nginx`	`systemctl status nginx`	`/var/log/nginx/error.log`
PHP-FPM	`php-fpm`	web	`systemctl start php-fpm`	`systemctl status php-fpm`	`/var/log/php-fpm/error.log`
Diskover Admin	`diskover-admin`	web	`systemctl start diskover-admin`	`systemctl status diskover-admin`	`journalctl -fu diskover-admin`
Kibana	`kibana`	web	`systemctl start kibana`	`systemctl status kibana`	`/var/log/kibana/`

Troubleshooting

Issue	Cause	Solution
`diskover-admin` fails to start	Python dependencies missing or wrong Python version	Run `pip3 install -r /var/www/diskover-admin/etc/requirements.txt`. Verify Python 3.11+: `python3 --version`
`diskoverd` fails to start	Invalid or missing license	Check `journalctl -fu diskoverd` for license errors. Upload a valid license in Diskover Admin.
`celery` fails to start	Cannot connect to RabbitMQ	Verify RabbitMQ host/credentials in Diskover Admin → Message Queue settings. Test: `rabbitmqctl status` on the RabbitMQ host.
Web UI shows old version after upgrade	Browser cache serving stale assets	Clear browser cache or hard-refresh with Ctrl+Shift+R.
Nginx returns 502 Bad Gateway	PHP-FPM socket path mismatch	Verify the `fastcgi_pass` path in `/etc/nginx/conf.d/diskover-web.conf` matches the `listen` value in `/etc/opt/remi/php84/php-fpm.d/www.conf`.
Elasticsearch connection fails in Admin wizard	Wrong host/port or TLS misconfiguration	Verify ES is running: `curl -s http://localhost:9200`. Check HTTPS settings and CA certificate path if using TLS.
Old indexes missing after ES upgrade	ES 7.x indexes incompatible with 8.x	Re-scan storage to rebuild indexes. This is expected behavior for major ES version upgrades.
RabbitMQ fails to start	Hostname not resolvable	Ensure the host's hostname is in `/etc/hosts` or resolvable via DNS. Run: `hostname -f` and verify it resolves.
`dnf install` fails with 401 Unauthorized	Invalid JFrog credentials	Verify username and token in `/etc/yum.repos.d/diskover.repo`. Contact Diskover Data for new credentials if needed.
Python pip install fails	pip version too old or wrong Python	Upgrade pip: `pip3 install --upgrade pip`. Confirm you're using the venv Python: `which python3`

Log File Locations:

Component	Log Location
Elasticsearch	`/var/log/elasticsearch/`
Diskoverd	`journalctl -fu diskoverd` (startup), `/var/log/diskover/` (runtime)
Celery	`/var/log/celery/`
Nginx	`/var/log/nginx/error.log`
PHP-FPM	`/var/log/php-fpm/error.log`
Diskover Admin	`journalctl -fu diskover-admin`, `/var/log/diskover/diskover-admin.log`
RabbitMQ	`/var/log/rabbitmq/`, `journalctl -fu rabbitmq-server`

Support

If you encounter issues during the upgrade that you cannot resolve using this guide:

Documentation: https://docs.diskoverdata.com
Support Portal: https://support.diskoverdata.com
Help Center: https://support.diskoverdata.com/hc/en-us

When submitting a support ticket for upgrade issues, please include:

Previous Diskover version and target version
Target OS and version (cat /etc/os-release)
Relevant service logs (journalctl -u diskoverd, /var/log/celery/, etc.)
Any error messages encountered during the upgrade

Related to