Upgrading Wazuh Docker

This section describes how to upgrade Wazuh Docker deployments starting from version 4.3.

To upgrade to version 4.12.0, choose one of the following strategies.

Using the default Docker Compose files

To upgrade your deployment, using the default docker-compose.yml file, follow these steps:

  1. Run the following command from your wazuh-docker/single-node/ or wazuh-docker/multi-node/ directory to stop the outdated environment:

    # docker-compose down
    
  2. Check out the tag for the current version of wazuh-docker:

    # git checkout v4.12.0
    
  3. Start the upgraded Wazuh Docker environment using docker-compose

    # docker-compose up -d
    

Keeping your custom Docker Compose files

To upgrade your deployment while preserving your custom docker-compose.yml file, follow these steps:

  1. Run the following command from your wazuh-docker/single-node/ or wazuh-docker/multi-node/ directory to stop the outdated environment:

    # docker-compose down
    
  2. Update the defaultRoute parameter in the Wazuh dashboard configuration, if upgrading from a version earlier than 4.8:

    • Single-node deployment

      single-node/config/wazuh_dashboard/opensearch_dashboards.yml

      uiSettings.overrides.defaultRoute: /app/wz-home
      
    • Multi-node deployment

      multi-node/config/wazuh_dashboard/opensearch_dashboards.yml

      uiSettings.overrides.defaultRoute: /app/wz-home
      
  3. Modify the OPENSEARCH_JAVA_OPTS environment variable to allocate more RAM to the Wazuh indexer container.

    • Single-node deployment

      single-node/docker-compose.yml

      environment:
      - "OPENSEARCH_JAVA_OPTS=-Xms1g -Xmx1g"
      
    • Multi-node deployment

      multi-node/docker-compose.yml

      environment:
      - "OPENSEARCH_JAVA_OPTS=-Xms1g -Xmx1g"
      
  4. Modify the tag of the image generator.

    • Single-node deployment

      single-node/generate-indexer-certs.yml

      services:
         generator:
            image: wazuh/wazuh-certs-generator:0.0.2
      
    • Multi-node deployment

      multi-node/generate-indexer-certs.yml

      services:
         generator:
            image: wazuh/wazuh-certs-generator:0.0.2
      
  5. Recreate the certificates after these changes.

    docker-compose -f generate-indexer-certs.yml run --rm generator
    
  6. Update old paths with the new ones, if upgrading from 4.3.

    • Single-node deployment

      Wazuh dashboard

      1. Edit the single-node/config/wazuh_dashboard/opensearch_dashboards.yml file and replace /usr/share/wazuh-dashboard/config/certs/ with /usr/share/wazuh-dashboard/certs/.

      2. Edit the single-node/docker-compose.yml file and replace /usr/share/wazuh-dashboard/config/certs/ with /usr/share/wazuh-dashboard/certs/.

      Wazuh indexer

      1. Edit the single-node/config/wazuh_indexer/wazuh.indexer.yml file and do the following replacements.

        • Replace /usr/share/wazuh-indexer/config/certs/ with /usr/share/wazuh-indexer/certs/.

        • Replace ${OPENSEARCH_PATH_CONF}/certs/ with /usr/share/wazuh-indexer/certs/.

      2. Edit the single-node/docker-compose.yml file and do the following replacements.

        • Replace /usr/share/wazuh-indexer/config/certs/ with /usr/share/wazuh-indexer/certs/.

        • Replace /usr/share/wazuh-indexer/config/opensearch.yml with /usr/share/wazuh-indexer/opensearch.yml.

        • Replace /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/ with /usr/share/wazuh-indexer/opensearch-security/.

    • Multi-node deployment

      Wazuh dashboard

      1. Edit the multi-node/config/wazuh_dashboard/opensearch_dashboards.yml file and replace /usr/share/wazuh-dashboard/config/certs/ with /usr/share/wazuh-dashboard/certs/.

      2. Edit the multi-node/docker-compose.yml file and replace /usr/share/wazuh-dashboard/config/certs/ with /usr/share/wazuh-dashboard/certs/.

      Wazuh indexer

      1. Edit the multi-node/config/wazuh_indexer/wazuh1.indexer.yml, multi-node/config/wazuh_indexer/wazuh2.indexer.yml, and multi-node/config/wazuh_indexer/wazuh3.indexer.yml files and do the following replacements.

        • Replace /usr/share/wazuh-indexer/config/certs/ with /usr/share/wazuh-indexer/certs/.

        • Replace ${OPENSEARCH_PATH_CONF}/certs/ with /usr/share/wazuh-indexer/certs/.

      2. Edit the multi-node/docker-compose.yml file and do the following replacements.

        • Replace /usr/share/wazuh-indexer/config/certs/ with /usr/share/wazuh-indexer/certs/.

        • Replace /usr/share/wazuh-indexer/config/opensearch.yml with /usr/share/wazuh-indexer/opensearch.yml.

        • Replace /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/ with /usr/share/wazuh-indexer/opensearch-security/.

  7. Edit the docker-compose.yml file corresponding to your deployment type. Modify the highlighted lines and add the variable related to the kibanaserver user with the corresponding value.

    • Single-node deployment

      wazuh.manager:
         image: wazuh/wazuh-manager:4.13.0
      ...
      wazuh.indexer:
         image: wazuh/wazuh-indexer:4.13.0
      ...
      wazuh.dashboard:
         image: wazuh/wazuh-dashboard:4.13.0
         environment:
            - INDEXER_USERNAME=admin
            - INDEXER_PASSWORD=SecretPassword
            - WAZUH_API_URL=https://wazuh.manager
            - DASHBOARD_USERNAME=kibanaserver
            - DASHBOARD_PASSWORD=kibanaserver
      
    • Multi-node deployment

      wazuh.master:
         image: wazuh/wazuh-manager:4.13.0
      ...
      wazuh.worker:
         image: wazuh/wazuh-manager:4.13.0
      ...
      wazuh1.indexer:
         image: wazuh/wazuh-manager:4.13.0
      ...
      wazuh2.indexer:
         image: wazuh/wazuh-manager:4.13.0
      ...
      wazuh3.indexer:
         image: wazuh/wazuh-manager:4.13.0
      ...
      wazuh.master:
         image: wazuh/wazuh-manager:4.13.0
         environment:
            - OPENSEARCH_HOSTS="https://wazuh1.indexer:9200"
            - WAZUH_API_URL="https://wazuh.master"
            - API_USERNAME=wazuh-wui
            - API_PASSWORD=MyS3cr37P450r.*-
            - DASHBOARD_USERNAME=kibanaserver
            - DASHBOARD_PASSWORD=kibanaserver
      
  8. Replace the following files in your stack with the ones from the v4.12.0 tag of the wazuh-docker repository.

    • Single-node deployment

      single-node/config/wazuh_cluster/wazuh_manager.conf

    • Multi-node deployment

      multi-node/config/wazuh_cluster/wazuh_manager.conf multi-node/config/wazuh_cluster/wazuh_worker.conf

  9. Start the new version of Wazuh using docker-compose:

    # docker-compose up -d