It’s maintenance time! As Graylog has released a new version it’s time to buckle down and get your environment updated. Watch the “5.0 Graylog Upgrade How-to” video. The video also includes upgrading Mongo and OpenSearch. However, you can follow along in the outlined steps below.
The Path
The single-node instance that will be upgraded starts off with the following versions:
- MongoDB 4.4.18
- OpenSearch 1.3.4 (tarball install)
- Graylog 4.3
The conclusion of the upgrade will be:
- MongoDB 5.x
- OpenSearch 2.5 (.deb install – yay!)
- Graylog 5.0
Upgrading Mongo
Mongo is the first piece of the puzzle that will be upgraded.
Checking the version compatibility to version 5.0 is the first course of action.
db.adminCommand( { getParameter: 1, featureCompatibilityVersion: 1 } )
If your version of Mongo is > 4.2 but < 4.4 please change the version to 4.4. Then re-run the “featureCompatibilityVersion” command to make sure it returns with
# mongo
>db.adminCommand( { setFeatureCompatibilityVersion: "4.4" } )
{ "ok" : 1 }
Stop & confirm the Mongo service
# sudo systemctl stop mongod
# sudo systemctl status mongod
Get, upgrade, & start the service
Import the key
# wget -qO - https://www.mongodb.org/static/pgp/server-5.0.asc | sudo apt-key add -
Create repo file
# echo "deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu focal/mongodb-org/5.0 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-5.0.list
Upgrade, and start the service
# sudo apt update && sudo apt upgrade
# sudo systemctl start mongod
# sudo systemctl status mongod
# mongo -version
Set Compatibility
Now that has started running version 5.x. Update the compatibility to 5.0
# mongo
db.adminCommand( { setFeatureCompatibilityVersion: "5.0" } )
>db.adminCommand( { getParameter: 1, featureCompatibilityVersion: 1 } )
>{ "ok" : 1 }
Upgrading OpenSearch
The second piece of the upgrade task is upgrading OpenSearch.
Download
http://opensearch.org/download.html
If you followed the instructions for installing OpenSearch 1.3.4 tarball. There is a simpler way to install OpenSearch with a .deb package. Before installing the existing configuration directory path will need to be backed up.
Stop OpenSearch Service
# sudo systemctl stop opensearch
Backup dir path
# sudo mkdir /usr/share/bkup-opensearch
# sudo mv /usr/share/opensearch /usr/share/bkup-opensearch
Install (.deb)
# sudo dpkg -i opensearch-2.5.0-linux-x64.deb
Repurpose the opensearch.yml file
# sudo mv /usr/share/bkup-opensearch/opensearch/config/opensearch/yml /etc/opensearch
# sudo chown opensearch:opensearch /etc/opensearch/opensearch.yml
Start & confirm OpenSearch Service
# sudo systemctl daemon-reload
# sudo systemctl enable opensearch.service
# sudo systemctl start opensearch
# sudo systemctl status opensearch
Curl OpenSearch
# sudo curl http://localhost:9200
The output will show the repurposed configuration (e.g. cluster name, IP, etc)
Upgrading Graylog
The third and final piece, upgrading Graylog.
Download the latest 5.0 package
# wget https://packages.graylog2.org/repo/packages/graylog-5.0-repository_latest.deb
Stop & confirm the service
# sudo systemctl stop graylog-service
# sudo systemctl status graylog-service
Install (.deb)
# sudo dpkg -i graylog-5.0-repository_latest.deb
Update & Start Graylog Service
This is where it can get a little tricky. So make sure that you’re installing the correct product. If the Graylog instance you’re upgrading is an Enterprise Edition. Please use the sytax “graylog-enterprise”. If you accidentally install “graylog-server” your instance will roll back to an Open Edition.
# sudo apt update
# sudo apt install graylog-(enterprise/server)
# sudo systemctl daemon-reload
# sudo systemctl start graylog-server
# sudo systemctl status graylog-server
Package Verification
Alright, all packages are upgraded. Let’s wrap it up.
# sudo apt list --installed | grep 'mongod\|opensearch\|graylog'
You did it! You survived the upgrade you’re now happily running Graylog 5.0. So until next time, happy logging.