Upgrading Wazuh Docker

This section describes how to upgrade your Wazuh Docker deployment, starting from version 4.3.

To upgrade to version 4.9, you can follow one of two strategies.

  • Using default docker-compose files : This strategy uses the default docker-compose files for Wazuh 4.9. It replaces the docker-compose files of your outdated Wazuh version.

  • Keeping custom docker-compose files : This strategy preserves the docker-compose files of your outdated Wazuh deployment. It ignores the docker-compose files of the latest Wazuh version.

Using default docker-compose files

  1. Run the following command from your wazuh-docker directory, such as wazuh-docker/single-node/ or wazuh-docker/multi-node/, to stop the outdated environment:

    # docker-compose down
    
  2. Checkout the tag for the current version of wazuh-docker:

    # git checkout v4.9.2
    
  3. Start the new version of Wazuh using docker-compose:

    # docker-compose up -d
    

Keeping custom docker-compose files

In Wazuh 4.4, some paths are different to those in earlier versions. You have to update the old paths with the new ones.

old-path -> new-path

  • /usr/share/wazuh-dashboard/config/certs/ -> /usr/share/wazuh-dashboard/certs/

  • /usr/share/wazuh-indexer/config/certs/ -> /usr/share/wazuh-indexer/certs/

  • /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/ -> /usr/share/wazuh-indexer/opensearch-security/

To upgrade your deployment keeping your custom docker-compose files, do the following.

  1. Run the following command from your wazuh-docker directory, such as wazuh-docker/single-node/ or wazuh-docker/multi-node/, to stop the outdated environment:

    # docker-compose down
    
  2. If you are updating from 4.3, edit docker-compose.yml and update it with the new paths in 4.4. You can see the new paths for single node docker compose files, such as single-node/docker-compose.yml below. For multi node docker compose files, such as multi-node/docker-compose.yml, you need to do similar changes in the corresponding files.

    wazuh.manager:
       image: wazuh/wazuh-manager:4.9.2
    ...
    wazuh.indexer:
       image: wazuh/wazuh-indexer:4.9.2
       volumes:
          - wazuh-indexer-data:/var/lib/wazuh-indexer
          - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-indexer/certs/root-ca.pem
          - ./config/wazuh_indexer_ssl_certs/wazuh.indexer-key.pem:/usr/share/wazuh-indexer/certs/wazuh.indexer.key
          - ./config/wazuh_indexer_ssl_certs/wazuh.indexer.pem:/usr/share/wazuh-indexer/certs/wazuh.indexer.pem
          - ./config/wazuh_indexer_ssl_certs/admin.pem:/usr/share/wazuh-indexer/certs/admin.pem
          - ./config/wazuh_indexer_ssl_certs/admin-key.pem:/usr/share/wazuh-indexer/certs/admin-key.pem
          - ./config/wazuh_indexer/wazuh.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml
          - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml
    ...
    wazuh.dashboard:
       image: wazuh/wazuh-dashboard:4.9.2
       volumes:
          - ./config/wazuh_indexer_ssl_certs/wazuh.dashboard.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem
          - ./config/wazuh_indexer_ssl_certs/wazuh.dashboard-key.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem
          - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-dashboard/certs/root-ca.pem
          - ./config/wazuh_dashboard/opensearch_dashboards.yml:/usr/share/wazuh-dashboard/config/opensearch_dashboards.yml
          - ./config/wazuh_dashboard/wazuh.yml:/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml
    
  3. Start the new version of Wazuh using docker-compose:

    # docker-compose up -d