There are two ways to upgrade Carbon Black EDR cluster nodes:

  • Run /usr/share/cb/cbcluster start on the primary node after it has been upgraded. If there are no RPMNEW files on any cluster nodes (indicating modified configuration files), this action upgrades all cluster nodes. If there are new RPMNEW files, cbcluster start will stop and prompt you to manually upgrade the nodes.
  • Upgrade each cluster node manually with cbupgrade . You must do this in any case when there are new RPMNEW files.
Important: If an RPMNEW file is encountered on a node during upgrade, you must reconcile the current configuration files on the node with the new configuration information, and you must remove the RPMNEW file from that node before cbcluster start can complete successfully.

Upgrade Cluster Nodes

Perform the following procedure to upgrade Carbon Black EDR cluster nodes.


  1. Stop the cluster service.
    /usr/share/cb/cbcluster stop
  2. Restart the cluster service.
    /usr/share/cb/cbcluster start


If there are no RPMNEW files, the cluster nodes are upgraded without further steps. If there are RPMNEW files, you must upgrade each node manually.

Manually Upgrade Cluster Nodes

Perform the following procedure to manually upgrade minion servers in a Carbon Black EDR cluster.


See Upgrading a Server. Additional steps are required to ensure that the cluster nodes are communicating with each other.


  1. After the primary node has been upgraded, login to each of the other machines in the cluster and upgrade cb-enterprise:
    yum upgrade cb-enterprise
  2. Login to each of the cluster nodes and upgrade their data schema to the latest version:
    /usr/share/cb/cbupgrade [--proceed-on-rpmnew] [--non-interactive]

    With no argument, this command stops running if Carbon Black EDR RPMNEW files are detected, indicating a modified configuration file. The command reports the names of those files. You must manually resolve differences between the RPMNEW and the existing configuration file of the same name, and delete the RPMNEW file before cbupgrade completes.

    With the proceed-on-rpmnew argument, cbupgrade runs to completion but also reports the RPMNEW files that it discovered so that you can address them after the upgrade. This can be helpful for a seamless upgrade and you can edit the configuration files later.

    When the --proceed-on-rpmnew option is used with --non-interactive option, you are not prompted for the upgrade to proceed, but the cb-enterprise services do not start automatically as if you ran the command without the non-interactive option.

    Caution: At the end of the cbupgrade process, if you are prompted to start services, do not start the services.
  3. With a new software version, communications port requirements can change. You must check whether the firewall settings require an update.
    1. If you are manually updating the settings, run the following command to identify which rules need to be added:
      /usr/share/cb/cbcheck firewall -l
    2. To adjust the firewall settings automatically, run this command to have the utility apply those settings:
      usr/share/cb/cbcheck firewall --apply
  4. After all nodes have been upgraded (but not started), start the entire cluster by logging into the primary node and issuing the following command:
    /usr/share/cb/cbcluster start
    Note: This is an important step to perform after an upgrade. When the cluster is started using the cbcluster tool, it redistributes configuration files that must be synchronized across all nodes in the cluster. If a new software version introduces configuration changes, this step ensures that each minion node has the updates.