Upgrade Graylog V4.3 to V5.0

Upgrade Graylog V4.3 to V5.0 On Ubuntu

It’s maintenance time! As Graylog has released a new version it’s time to buckle down and get your environment updated. Watch the “5.0 Graylog Upgrade How-to” video. The video also includes upgrading Mongo and OpenSearch. However, you can follow along in the outlined steps below.

The Path

The single-node instance that will be upgraded starts off with the following versions:

  • MongoDB 4.4.18
  • OpenSearch 1.3.4 (tarball install)
  • Graylog 4.3

The conclusion of the upgrade will be:

  • MongoDB 5.x
  • OpenSearch 2.5 (.deb install – yay!)
  • Graylog 5.0

Upgrading Mongo

Mongo is the first piece of the puzzle that will be upgraded.

Checking the version compatibility to version 5.0 is the first course of action.

db.adminCommand( { getParameter: 1, featureCompatibilityVersion: 1 } )

If your version of Mongo is > 4.2 but < 4.4 please change the version to 4.4. Then re-run the “featureCompatibilityVersion” command to make sure it returns with

# mongo
>db.adminCommand( { setFeatureCompatibilityVersion: "4.4" } )
{ "ok" : 1 }

Stop & confirm the Mongo service
# sudo systemctl stop mongod
# sudo systemctl status mongod

Get, upgrade, & start the service

Import the key
# wget -qO - https://www.mongodb.org/static/pgp/server-5.0.asc | sudo apt-key add -

Create repo file
# echo "deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu focal/mongodb-org/5.0 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-5.0.list

Upgrade, and start the service
# sudo apt update && sudo apt upgrade

# sudo systemctl start mongod

# sudo systemctl status mongod

# mongo -version

Set Compatibility

Now that has started running version 5.x. Update the compatibility to 5.0
# mongo

db.adminCommand( { setFeatureCompatibilityVersion: "5.0" } )
>db.adminCommand( { getParameter: 1, featureCompatibilityVersion: 1 } )
>{ "ok" : 1 }

Upgrading OpenSearch

The second piece of the upgrade task is upgrading OpenSearch.

Download
http://opensearch.org/download.html

If you followed the instructions for installing OpenSearch 1.3.4 tarball. There is a simpler way to install OpenSearch with a .deb package. Before installing the existing configuration directory path will need to be backed up.

Stop OpenSearch Service

# sudo systemctl stop opensearch

Backup dir path

# sudo mkdir /usr/share/bkup-opensearch

# sudo mv /usr/share/opensearch /usr/share/bkup-opensearch

Install (.deb)

# sudo dpkg -i opensearch-2.5.0-linux-x64.deb

Repurpose the opensearch.yml file

# sudo mv /usr/share/bkup-opensearch/opensearch/config/opensearch/yml /etc/opensearch

# sudo chown opensearch:opensearch /etc/opensearch/opensearch.yml

Start & confirm OpenSearch Service
# sudo systemctl daemon-reload

# sudo systemctl enable opensearch.service

# sudo systemctl start opensearch

# sudo systemctl status opensearch

Curl OpenSearch

# sudo curl http://localhost:9200
The output will show the repurposed configuration (e.g. cluster name, IP, etc)

Upgrading Graylog

The third and final piece, upgrading Graylog.

Download the latest 5.0 package
# wget https://packages.graylog2.org/repo/packages/graylog-5.0-repository_latest.deb

Stop & confirm the service
# sudo systemctl stop graylog-service

# sudo systemctl status graylog-service

Install (.deb)
# sudo dpkg -i graylog-5.0-repository_latest.deb

Update & Start Graylog Service

This is where it can get a little tricky. So make sure that you’re installing the correct product. If the Graylog instance you’re upgrading is an Enterprise Edition. Please use the sytax “graylog-enterprise”. If you accidentally install “graylog-server” your instance will roll back to an Open Edition.

# sudo apt update

# sudo apt install graylog-(enterprise/server)

# sudo systemctl daemon-reload

# sudo systemctl start graylog-server

# sudo systemctl status graylog-server

Package Verification

Alright, all packages are upgraded. Let’s wrap it up.
# sudo apt list --installed | grep 'mongod\|opensearch\|graylog'

You did it! You survived the upgrade you’re now happily running Graylog 5.0. So until next time, happy logging.