Upgrading Wazuh Docker

This section describes how to upgrade your Wazuh Docker deployment, starting from version 4.3.

To upgrade to version 4.11, you can follow one of two strategies.

  • Using default docker-compose files : This strategy uses the default docker-compose files for Wazuh 4.11. It replaces the docker-compose files of your outdated Wazuh version.

  • Keeping custom docker-compose files : This strategy preserves the docker-compose files of your outdated Wazuh deployment. It ignores the docker-compose files of the latest Wazuh version.

Using default docker-compose files

  1. Run the following command from your wazuh-docker directory, such as wazuh-docker/single-node/ or wazuh-docker/multi-node/, to stop the outdated environment:

    # docker-compose down

  2. Checkout the tag for the current version of wazuh-docker:

    # git checkout v4.11.2

  3. Start the new version of Wazuh using docker-compose:

    # docker-compose up -d

Keeping custom docker-compose files

To upgrade your deployment keeping your custom docker-compose files, do the following.

  1. Run the following command from your wazuh-docker directory, such as wazuh-docker/single-node/ or wazuh-docker/multi-node/, to stop the outdated environment:

    # docker-compose down

  2. If you are upgrading from a version earlier than 4.8, update the defaultRoute parameter in the Wazuh dashboard configuration.

    • single-node/config/wazuh_dashboard/opensearch_dashboards.yml

      uiSettings.overrides.defaultRoute: /app/wz-home

  3. Modify the OPENSEARCH_JAVA_OPTS environment variable to allocate more RAM to the Wazuh indexer container.

    • single-node/docker-compose.yml

      environment:
- "OPENSEARCH_JAVA_OPTS=-Xms1g -Xmx1g"

  4. Modify the the tag of image generator.

    • single-node/generate-indexer-certs.yml

      services:
   generator:
      image: wazuh/wazuh-certs-generator:0.0.2

  5. After these changes, recreate the certificates.

    docker-compose -f generate-indexer-certs.yml run --rm generator

  6. If you are upgrading from 4.3, update old paths with the new ones.

    Wazuh dashboard

    1. Edit single-node/config/wazuh_dashboard/opensearch_dashboards.yml and do the following replacements.

      • Replace /usr/share/wazuh-dashboard/config/certs/ with /usr/share/wazuh-dashboard/certs/.

    2. Edit single-node/docker-compose.yml and do the following replacements.

      • Replace /usr/share/wazuh-dashboard/config/certs/ with /usr/share/wazuh-dashboard/certs/.

    Wazuh indexer

    1. Edit single-node/config/wazuh_indexer/wazuh.indexer.yml and do the following replacements.

      • Replace /usr/share/wazuh-indexer/config/certs/ with /usr/share/wazuh-indexer/certs/.

      • Replace ${OPENSEARCH_PATH_CONF}/certs/ with /usr/share/wazuh-indexer/certs/.

    2. Edit single-node/docker-compose.yml and do the following replacements.

      • Replace /usr/share/wazuh-indexer/config/certs/ with /usr/share/wazuh-indexer/certs/.

      • Replace /usr/share/wazuh-indexer/config/opensearch.yml with /usr/share/wazuh-indexer/opensearch.yml.

      • Replace /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/ with /usr/share/wazuh-indexer/opensearch-security/

  7. Edit the docker-compose.yml file corresponding to your deployment type. Modify the highlighted lines and add the variable related to the kibanaserver user with the corresponding value.

    wazuh.manager:
   image: wazuh/wazuh-manager:4.11.2
...
wazuh.indexer:
   image: wazuh/wazuh-indexer:4.11.2
...
wazuh.dashboard:
   image: wazuh/wazuh-dashboard:4.11.2
   environment:
      - INDEXER_USERNAME=admin
      - INDEXER_PASSWORD=SecretPassword
      - WAZUH_API_URL=https://wazuh.manager
      - DASHBOARD_USERNAME=kibanaserver
      - DASHBOARD_PASSWORD=kibanaserver

  8. Replace the following files in your deployment with the ones from the v4.11.2 tag of the wazuh-docker repository.

    • single-node/config/wazuh_cluster/wazuh_manager.conf

  9. Start the new version of Wazuh using docker-compose.

    # docker-compose up -d