Upgrading Wazuh Docker

This section describes how to upgrade your Wazuh Docker deployment, starting from version 4.3.

To upgrade to version 4.11, you can follow one of two strategies.

  • Using default docker-compose files : This strategy uses the default docker-compose files for Wazuh 4.11. It replaces the docker-compose files of your outdated Wazuh version.

  • Keeping custom docker-compose files : This strategy preserves the docker-compose files of your outdated Wazuh deployment. It ignores the docker-compose files of the latest Wazuh version.

Using default docker-compose files

  1. Run the following command from your wazuh-docker directory, such as wazuh-docker/single-node/ or wazuh-docker/multi-node/, to stop the outdated environment:

    # docker-compose down
    
  2. Checkout the tag for the current version of wazuh-docker:

    # git checkout v4.11.1
    
  3. Start the new version of Wazuh using docker-compose:

    # docker-compose up -d
    

Keeping custom docker-compose files

To upgrade your deployment keeping your custom docker-compose files, do the following.

  1. Run the following command from your wazuh-docker directory, such as wazuh-docker/single-node/ or wazuh-docker/multi-node/, to stop the outdated environment:

    # docker-compose down
    
  2. If you are upgrading from a version earlier than 4.8, update the defaultRoute parameter in the Wazuh dashboard configuration.

    • single-node/config/wazuh_dashboard/opensearch_dashboards.yml

      uiSettings.overrides.defaultRoute: /app/wz-home
      
  3. Modify the OPENSEARCH_JAVA_OPTS environment variable to allocate more RAM to the Wazuh indexer container.

    • single-node/docker-compose.yml

      environment:
      - "OPENSEARCH_JAVA_OPTS=-Xms1g -Xmx1g"
      
  4. Modify the the tag of image generator.

    • single-node/generate-indexer-certs.yml

      services:
         generator:
            image: wazuh/wazuh-certs-generator:0.0.2
      
  5. After these changes, recreate the certificates.

    docker-compose -f generate-indexer-certs.yml run --rm generator
    
  6. If you are upgrading from 4.3, update old paths with the new ones.

    Wazuh dashboard

    1. Edit single-node/config/wazuh_dashboard/opensearch_dashboards.yml and do the following replacements.

      • Replace /usr/share/wazuh-dashboard/config/certs/ with /usr/share/wazuh-dashboard/certs/.

    2. Edit single-node/docker-compose.yml and do the following replacements.

      • Replace /usr/share/wazuh-dashboard/config/certs/ with /usr/share/wazuh-dashboard/certs/.

    Wazuh indexer

    1. Edit single-node/config/wazuh_indexer/wazuh.indexer.yml and do the following replacements.

      • Replace /usr/share/wazuh-indexer/config/certs/ with /usr/share/wazuh-indexer/certs/.

      • Replace ${OPENSEARCH_PATH_CONF}/certs/ with /usr/share/wazuh-indexer/certs/.

    2. Edit single-node/docker-compose.yml and do the following replacements.

      • Replace /usr/share/wazuh-indexer/config/certs/ with /usr/share/wazuh-indexer/certs/.

      • Replace /usr/share/wazuh-indexer/config/opensearch.yml with /usr/share/wazuh-indexer/opensearch.yml.

      • Replace /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/ with /usr/share/wazuh-indexer/opensearch-security/

  7. Edit the docker-compose.yml file corresponding to your deployment type. Modify the highlighted lines and add the variable related to the kibanaserver user with the corresponding value.

    wazuh.manager:
       image: wazuh/wazuh-manager:4.11.1
    ...
    wazuh.indexer:
       image: wazuh/wazuh-indexer:4.11.1
    ...
    wazuh.dashboard:
       image: wazuh/wazuh-dashboard:4.11.1
       environment:
          - INDEXER_USERNAME=admin
          - INDEXER_PASSWORD=SecretPassword
          - WAZUH_API_URL=https://wazuh.manager
          - DASHBOARD_USERNAME=kibanaserver
          - DASHBOARD_PASSWORD=kibanaserver
    
  8. Replace the following files in your deployment with the ones from the v4.11.1 tag of the wazuh-docker repository.

    • single-node/config/wazuh_cluster/wazuh_manager.conf

  9. Start the new version of Wazuh using docker-compose.

    # docker-compose up -d