Upgrading Elastic Stack from a legacy version
To upgrade Elasticsearch to the latest version from a version prior to 6.8.x
, it is needed to first upgrade to Elasticsearch 6.8.x
as an intermediate step. Once Elastic Stack is on version 6.x
it can be upgraded to the latest version
Prepare the Elastic Stack
Stop the services:
# systemctl stop logstash # systemctl stop filebeat # systemctl stop kibana
In case of having disabled the repository for Elastic Stack 6.x it can be enabled using:
For CentOS/RHEL/Fedora:
# sed -i "s/^enabled=0/enabled=1/" /etc/yum.repos.d/elastic.repoFor Debian/Ubuntu:
# sed -i "s/#deb/deb/" /etc/apt/sources.list.d/elastic-6.x.list # apt-get updateFor openSUSE:
# sed -i "s/^enabled=0/enabled=1/" /etc/zypp/repos.d/elastic.repo
Upgrade Elasticsearch
Disable shard allocation
curl -X PUT "localhost:9200/_cluster/settings" -H 'Content-Type: application/json' -d' { "persistent": { "cluster.routing.allocation.enable": "primaries" } } '
Stop non-essential indexing and perform a synced flush. (Optional)
curl -X POST "localhost:9200/_flush/synced"
Shut down a single node.
# systemctl stop elasticsearch
Upgrade the node you shut down.
For CentOS/RHEL/Fedora:
# yum install elasticsearch-6.8.8For Debian/Ubuntu:
# apt-get install elasticsearch=6.8.8
These steps must be repeated in all the Elasticsearch nodes of the installation.
Upgrade Logstash
Upgrade the
logstash
package:
For CentOS/RHEL/Fedora:
# yum install logstash-6.8.8
For Debian/Ubuntu:
# apt-get install logstash=1:6.8.8-1
Upgrade Filebeat
Upgrade Filebeat.
For CentOS/RHEL/Fedora:
# yum install filebeat-6.8.8For Debian/Ubuntu:
# apt-get install filebeat=6.8.8
Upgrade Kibana
Upgrade the
kibana
package:
For CentOS/RHEL/Fedora:
# yum install kibana-6.8.8
For Debian/Ubuntu:
# apt-get install kibana=6.8.8
Uninstall the Wazuh app from Kibana:
Update file permissions. This will avoid several errors prior to updating the app:
# chown -R kibana:kibana /usr/share/kibana/optimize # chown -R kibana:kibana /usr/share/kibana/plugins
Remove the Wazuh app:
# cd /usr/share/kibana/ # sudo -u kibana bin/kibana-plugin remove wazuh
Disabling repositories
For CentOS/RHEL/Fedora:
# sed -i "s/^enabled=1/enabled=0/" /etc/yum.repos.d/elastic.repoFor Debian/Ubuntu:
# sed -i "s/^deb/#deb/" /etc/apt/sources.list.d/elastic-6.x.list # apt-get updateAlternatively, you can set the package state to
hold
, which will stop updates (although you can still upgrade it manually usingapt-get install
).# echo "elasticsearch hold" | sudo dpkg --set-selections # echo "kibana hold" | sudo dpkg --set-selectionsFor openSUSE:
# sed -i "s/^enabled=1/enabled=0/" /etc/zypp/repos.d/elastic.repo
Now that the installation has been upgraded to 6.8.x version, it can be upgraded to the latest version available following the steps in the section Upgrading Elastic Stack from 6.8 to 7.x.