Upgrade Graylog 4.3 to V5.0 How To

It’s maintenance time! As Graylog has released a new version it’s time to buckle down and get your environment updated. Watch the “5.0 Graylog Upgrade How-to” video. The video also includes upgrading Mongo and OpenSearch. However, you can follow along in the outlined steps below.

The Path

The single-node instance that will be upgraded starts off with the following versions:

  • MongoDB 4.4.18
  • OpenSearch 1.3.4 (tarball install)
  • Graylog 4.3

The conclusion of the upgrade will be:

  • MongoDB 5.x
  • OpenSearch 2.5 (.deb install – yay!)
  • Graylog 5.0

Upgrading Mongo

Mongo is the first piece of the puzzle that will be upgraded.

Checking the version compatibility to version 5.0 is the first course of action.

db.adminCommand( { getParameter: 1, featureCompatibilityVersion: 1 } )

If your version of Mongo is > 4.2 but < 4.4 please change the version to 4.4. Then re-run the “featureCompatibilityVersion” command to make sure it returns with

# mongo
>db.adminCommand( { setFeatureCompatibilityVersion: "4.4" } )
{ "ok" : 1 }

Stop & confirm the Mongo service
# sudo systemctl stop mongod
# sudo systemctl status mongod

Get, upgrade, & start the service

Import the key
# wget -qO - https://www.mongodb.org/static/pgp/server-5.0.asc | sudo apt-key add -

Create repo file
# echo "deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu focal/mongodb-org/5.0 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-5.0.list

Upgrade, and start the service
# sudo apt update && sudo apt upgrade

# sudo systemctl start mongod

# sudo systemctl status mongod

# mongo -version

Set Compatibility

Now that has started running version 5.x. Update the compatibility to 5.0
# mongo

db.adminCommand( { setFeatureCompatibilityVersion: "5.0" } )
>db.adminCommand( { getParameter: 1, featureCompatibilityVersion: 1 } )
>{ "ok" : 1 }

Upgrading OpenSearch

The second piece of the upgrade task is upgrading OpenSearch.

Download
http://opensearch.org/download.html

If you followed the instructions for installing OpenSearch 1.3.4 tarball. There is a simpler way to install OpenSearch with a .deb package. Before installing the existing configuration directory path will need to be backed up.

Stop OpenSearch Service

# sudo systemctl stop opensearch

Backup dir path

# sudo mkdir /usr/share/bkup-opensearch

# sudo mv /usr/share/opensearch /usr/share/bkup-opensearch

Install (.deb)

# sudo dpkg -i opensearch-2.5.0-linux-x64.deb

Repurpose the opensearch.yml file

# sudo mv /usr/share/bkup-opensearch/opensearch/config/opensearch/yml /etc/opensearch

# sudo chown opensearch:opensearch /etc/opensearch/opensearch.yml

Start & confirm OpenSearch Service
# sudo systemctl daemon-reload

# sudo systemctl enable opensearch.service

# sudo systemctl start opensearch

# sudo systemctl status opensearch

Curl OpenSearch

# sudo curl http://localhost:9200
The output will show the repurposed configuration (e.g. cluster name, IP, etc)

Upgrading Graylog

The third and final piece, upgrading Graylog.

Download the latest 5.0 package
# wget https://packages.graylog2.org/repo/packages/graylog-5.0-repository_latest.deb

Stop & confirm the service
# sudo systemctl stop graylog-service

# sudo systemctl status graylog-service

Install (.deb)
# sudo dpkg -i graylog-5.0-repository_latest.deb

Update & Start Graylog Service

This is where it can get a little tricky. So make sure that you’re installing the correct product. If the Graylog instance you’re upgrading is an Enterprise Edition. Please use the sytax “graylog-enterprise”. If you accidentally install “graylog-server” your instance will roll back to an Open Edition.

# sudo apt update

# sudo apt install graylog-(enterprise/server)

# sudo systemctl daemon-reload

# sudo systemctl start graylog-server

# sudo systemctl status graylog-server

Package Verification

Alright, all packages are upgraded. Let’s wrap it up.
# sudo apt list --installed | grep 'mongod\|opensearch\|graylog'

You did it! You survived the upgrade you’re now happily running Graylog 5.0. So until next time, happy logging.

Categories

Get the Monthly Tech Blog Roundup

Subscribe to the latest in log management, security, and all things Graylog blog delivered to your inbox once a month.