Upgrading Wazuh Docker
This section describes how to upgrade your Wazuh Docker deployment, starting from version 4.3.
To upgrade to version 4.11, you can follow one of two strategies.
Using default docker-compose files : This strategy uses the default docker-compose files for Wazuh 4.11. It replaces the docker-compose files of your outdated Wazuh version.
Keeping custom docker-compose files : This strategy preserves the docker-compose files of your outdated Wazuh deployment. It ignores the docker-compose files of the latest Wazuh version.
Using default docker-compose files
Run the following command from your wazuh-docker directory, such as
wazuh-docker/single-node/
orwazuh-docker/multi-node/
, to stop the outdated environment:# docker-compose down
Checkout the tag for the current version of wazuh-docker:
# git checkout v4.11.1
Start the new version of Wazuh using
docker-compose
:# docker-compose up -d
Keeping custom docker-compose files
To upgrade your deployment keeping your custom docker-compose files, do the following.
Run the following command from your wazuh-docker directory, such as
wazuh-docker/single-node/
orwazuh-docker/multi-node/
, to stop the outdated environment:# docker-compose down
If you are upgrading from a version earlier than 4.8, update the
defaultRoute
parameter in the Wazuh dashboard configuration.single-node/config/wazuh_dashboard/opensearch_dashboards.yml
uiSettings.overrides.defaultRoute: /app/wz-home
multi-node/config/wazuh_dashboard/opensearch_dashboards.yml
uiSettings.overrides.defaultRoute: /app/wz-home
Modify the
OPENSEARCH_JAVA_OPTS
environment variable to allocate more RAM to the Wazuh indexer container.single-node/docker-compose.yml
environment: - "OPENSEARCH_JAVA_OPTS=-Xms1g -Xmx1g"
multi-node/docker-compose.yml
environment: - "OPENSEARCH_JAVA_OPTS=-Xms1g -Xmx1g"
Modify the the tag of image generator.
single-node/generate-indexer-certs.yml
services: generator: image: wazuh/wazuh-certs-generator:0.0.2
multi-node/generate-indexer-certs.yml
services: generator: image: wazuh/wazuh-certs-generator:0.0.2
After these changes, recreate the certificates.
docker-compose -f generate-indexer-certs.yml run --rm generator
If you are upgrading from 4.3, update old paths with the new ones.
Wazuh dashboard
Edit
single-node/config/wazuh_dashboard/opensearch_dashboards.yml
and do the following replacements.Replace
/usr/share/wazuh-dashboard/config/certs/
with/usr/share/wazuh-dashboard/certs/
.
Edit
single-node/docker-compose.yml
and do the following replacements.Replace
/usr/share/wazuh-dashboard/config/certs/
with/usr/share/wazuh-dashboard/certs/
.
Wazuh indexer
Edit
single-node/config/wazuh_indexer/wazuh.indexer.yml
and do the following replacements.Replace
/usr/share/wazuh-indexer/config/certs/
with/usr/share/wazuh-indexer/certs/
.Replace
${OPENSEARCH_PATH_CONF}/certs/
with/usr/share/wazuh-indexer/certs/
.
Edit
single-node/docker-compose.yml
and do the following replacements.Replace
/usr/share/wazuh-indexer/config/certs/
with/usr/share/wazuh-indexer/certs/
.Replace
/usr/share/wazuh-indexer/config/opensearch.yml
with/usr/share/wazuh-indexer/opensearch.yml
.Replace
/usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/
with/usr/share/wazuh-indexer/opensearch-security/
Wazuh dashboard
Edit
multi-node/config/wazuh_dashboard/opensearch_dashboards.yml
and do the following replacements.Replace
/usr/share/wazuh-dashboard/config/certs/
with/usr/share/wazuh-dashboard/certs/
.
Edit
multi-node/docker-compose.yml
and do the following replacements.Replace
/usr/share/wazuh-dashboard/config/certs/
with/usr/share/wazuh-dashboard/certs/
.
Wazuh indexer
Edit
multi-node/config/wazuh_indexer/wazuh1.indexer.yml
,wazuh2.indexer.yml
, andwazuh3.indexer.yml
and do the following replacements.Replace
/usr/share/wazuh-indexer/config/certs/
with/usr/share/wazuh-indexer/certs/
.Replace
${OPENSEARCH_PATH_CONF}/certs/
with/usr/share/wazuh-indexer/certs/
.
Edit
multi-node/docker-compose.yml
and do the following replacements.Replace
/usr/share/wazuh-indexer/config/certs/
with/usr/share/wazuh-indexer/certs/
.Replace
/usr/share/wazuh-indexer/config/opensearch.yml
with/usr/share/wazuh-indexer/opensearch.yml
.Replace
/usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/
with/usr/share/wazuh-indexer/opensearch-security/
.
Edit the
docker-compose.yml
file corresponding to your deployment type. Modify the highlighted lines and add the variable related to thekibanaserver
user with the corresponding value.wazuh.manager: image: wazuh/wazuh-manager:4.11.1 ... wazuh.indexer: image: wazuh/wazuh-indexer:4.11.1 ... wazuh.dashboard: image: wazuh/wazuh-dashboard:4.11.1 environment: - INDEXER_USERNAME=admin - INDEXER_PASSWORD=SecretPassword - WAZUH_API_URL=https://wazuh.manager - DASHBOARD_USERNAME=kibanaserver - DASHBOARD_PASSWORD=kibanaserver
wazuh.master: image: wazuh/wazuh-manager:4.11.1 ... wazuh.worker: image: wazuh/wazuh-manager:4.11.1 ... wazuh1.indexer: image: wazuh/wazuh-manager:4.11.1 ... wazuh2.indexer: image: wazuh/wazuh-manager:4.11.1 ... wazuh3.indexer: image: wazuh/wazuh-manager:4.11.1 ... wazuh.master: image: wazuh/wazuh-manager:4.11.1 environment: - OPENSEARCH_HOSTS="https://wazuh1.indexer:9200" - WAZUH_API_URL="https://wazuh.master" - API_USERNAME=wazuh-wui - API_PASSWORD=MyS3cr37P450r.*- - DASHBOARD_USERNAME=kibanaserver - DASHBOARD_PASSWORD=kibanaserver
Replace the following files in your deployment with the ones from the v4.11.1 tag of the wazuh-docker repository.
single-node/config/wazuh_cluster/wazuh_manager.conf
multi-node/config/wazuh_cluster/wazuh_manager.conf
multi-node/config/wazuh_cluster/wazuh_worker.conf
Start the new version of Wazuh using
docker-compose
.# docker-compose up -d