Upgrading Wazuh Docker

This section describes how to upgrade your Wazuh Docker deployment, starting from version 4.3. To upgrade Wazuh deployments of versions earlier than 4.3, refer to the Migrating data from Opendistro to the Wazuh indexer documentation.

To upgrade to version 4.7, you can follow one of two strategies.

  • Using default docker-compose files : This strategy uses the default docker-compose files for Wazuh 4.7. It replaces the docker-compose files of your outdated Wazuh version.

  • Keeping custom docker-compose files : This strategy preserves the docker-compose files of your outdated Wazuh deployment. It ignores the docker-compose files of the latest Wazuh version.

Using default docker-compose files

  1. Run the following command from your wazuh-docker directory, such as wazuh-docker/single-node/ or wazuh-docker/multi-node/, to stop the outdated environment:

    # docker-compose down
    
  2. Checkout the tag for the current version of wazuh-docker:

    # git checkout v4.7.3
    
  3. Start the new version of Wazuh using docker-compose:

    # docker-compose up -d
    

Keeping custom docker-compose files

In Wazuh 4.4, some paths are different to those in earlier versions. You have to update the old paths with the new ones.

old-path -> new-path

  • /usr/share/wazuh-dashboard/config/certs/ -> /usr/share/wazuh-dashboard/certs/

  • /usr/share/wazuh-indexer/config/certs/ -> /usr/share/wazuh-indexer/certs/

  • /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/ -> /usr/share/wazuh-indexer/opensearch-security/

To upgrade your deployment keeping your custom docker-compose files, do the following.

  1. Run the following command from your wazuh-docker directory, such as wazuh-docker/single-node/ or wazuh-docker/multi-node/, to stop the outdated environment:

    # docker-compose down
    
  2. If you are updating from 4.3, edit docker-compose.yml and update it with the new paths in 4.4. You can see the new paths for single node docker compose files, such as single-node/docker-compose.yml below. For multi node docker compose files, such as multi-node/docker-compose.yml, you need to do similar changes in the corresponding files.

    wazuh.manager:
       image: wazuh/wazuh-manager:4.7.3
    ...
    wazuh.indexer:
       image: wazuh/wazuh-indexer:4.7.3
       volumes:
          - wazuh-indexer-data:/var/lib/wazuh-indexer
          - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-indexer/certs/root-ca.pem
          - ./config/wazuh_indexer_ssl_certs/wazuh.indexer-key.pem:/usr/share/wazuh-indexer/certs/wazuh.indexer.key
          - ./config/wazuh_indexer_ssl_certs/wazuh.indexer.pem:/usr/share/wazuh-indexer/certs/wazuh.indexer.pem
          - ./config/wazuh_indexer_ssl_certs/admin.pem:/usr/share/wazuh-indexer/certs/admin.pem
          - ./config/wazuh_indexer_ssl_certs/admin-key.pem:/usr/share/wazuh-indexer/certs/admin-key.pem
          - ./config/wazuh_indexer/wazuh.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml
          - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml
    ...
    wazuh.dashboard:
       image: wazuh/wazuh-dashboard:4.7.3
       volumes:
          - ./config/wazuh_indexer_ssl_certs/wazuh.dashboard.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem
          - ./config/wazuh_indexer_ssl_certs/wazuh.dashboard-key.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem
          - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-dashboard/certs/root-ca.pem
          - ./config/wazuh_dashboard/opensearch_dashboards.yml:/usr/share/wazuh-dashboard/config/opensearch_dashboards.yml
          - ./config/wazuh_dashboard/wazuh.yml:/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml
    
  3. Start the new version of Wazuh using docker-compose:

    # docker-compose up -d