Roll back firmware through the REST API

The ExtraHop REST API enables you to roll back firmware on a sensor or ECA VM to a previous version. In this topic, we show methods for rolling back firmware on a single system through the ExtraHop REST API Explorer and rolling back firmware on multiple systems with a Python script.

If you have upgraded both an ECA VM and connected sensors, you must roll back the sensors before you roll back the ECA VM.

Warning:Rolling back the firmware on a sensor resets the datastore and removes all metrics. Connected sensors are unaffected.
Important:Rollback is not supported for ExtraHop recordstores or packetstores. If you need to roll back ExtraHop recordstores or packetstores, contact ExtraHop Support for assistance.

Roll back firmware through the REST API Explorer

Important:The REST API Explorer is not available on Reveal(x) 360.
  1. In a browser, navigate to the REST API Explorer.
    The URL is the hostname or IP address of your sensor or console, followed by /api/v1/explore/. For example, if your hostname is seattle-eda, the URL is https://seattle-eda/api/v1/explore/.
  2. Click Enter API Key and then paste or type your API key into the API Key field.
  3. Click Authorize and then click Close.
  4. View the previous version of firmware you can roll back to.
    1. Click ExtraHop and then click GET /extrahop​/firmware​/previous.
    2. Click Try it out.
    3. Click Send Request.
      The Server response section displays the following information:

      version: The previous firmware version that the system can be rolled back to.

      backup_time: The last time that the sensor or console generated a backup file before being upgraded to the current version, expressed in milliseconds since the epoch. The sensor or console automatically creates a backup each time the system is upgraded.

      The information appears in a format similar to the following text:

      {
        "version": "8.4.0.1522",
        "backup_time": 1617229294388
      }

  5. Roll back the firmware version.
    1. Click POST ​/extrahop​/firmware​/previous​/rollback.
    2. Click Try it out.
    3. Click Send Request.
      The Server response section displays a 202 status code.
      Note:The rollback process might take several minutes to complete.
  6. Verify the firmware upgrade is complete.
    1. Click GET ​/extrahop.
    2. Click Try it out.
    3. Click Send Request.
      If the firmware rollback process is complete, the Server response section displays a 200 status code and the version of firmware the sensor or console is currently running.

      If the firmware rollback process is still in progress, the Server response section displays a 503 error code.

Retrieve and run the example Python script

The ExtraHop GitHub repository contains an example Python script that rolls back firmware for multiple sensors or consoles by reading URLs and API keys from a CSV file.

Important:The example python script authenticates to the sensor or console through an API key, which is not compatible with the Reveal(x) 360 REST API. To run this script with Reveal(x) 360, you must modify the script to authenticate with API tokens. See the py_rx360_auth.py script in the ExtraHop GitHub repository for an example of how to authenticate with API tokens.
  1. Go to the ExtraHop code-examples GitHub repository and download the rollback_firmware/rollback_firmware.py file to your local machine.
  2. Create a CSV file with rows that contain the following columns in the specified order:
    System hostname API key
    Tip:The rollback_firmware directory contains an example CSV file named systems.csv.
  3. In a text editor, open the upgrade_system.py file and replace the following configuration variables with information from your environment:

    SYSTEM_LIST: The relative file path of the CSV file.

  4. Run the following command:
    python3 rollback_firmware.py

    The script returns the version that each sensor or console can be rolled back to.

    Note:If the script returns an error message that the SSL certificate verification failed, make sure that a trusted certificate has been added to your sensor or console. Alternatively, you can add the verify=False option to bypass certificate verification. However, this method is not secure and not recommended. The following code sends an HTTP GET request without certificate verification:
    requests.get(url, headers=headers, verify=False)
  5. To start the rollback process, type y and press ENTER.
Published 2022-09-22