When working with Docker, everything revolves around images. In essence, upgrading your Graylog instance using Docker is a matter of updating the Graylog image and/or its dependencies: MongoDB and Elasticsearch or OpenSearch.
Prerequisites
This guide assumes you have Docker already installed and have existing images deployed on containers. In this example we will be upgrading Graylog 5.2 to 6.0. For information about the upgrade path, please see the Graylog documentation.
If you are running Windows, then you will need to do the following after installing Docker:
-
If it is running, shut down Docker Desktop.
-
Open a command prompt and execute the following commands:
Copycd %userprofile%
notepad.exe .wslconfig -
You will be prompted with a Yes/No dialog to create a file named
.wslconfig. Select Yes. -
Copy and paste the following into the contents of the file:
Copy[wsl2]
kernelCommandLine = "sysctl.vm.max_map_count=262144" -
Save and close the file.
-
Execute the following command:
Copywsl --shutdown -
Restart Docker Desktop.
Update Docker Images and Containers
-
Check the current image versions ("tags") using the command
docker images. -
After getting the outdated image versions deployed on your container(s), use the
docker pscommand to see a list of all containers currently running on your system. -
Stop the container(s) running on outdated images using the command:
Copydocker stop [container ID] e.g. docker stop 4f969a48e6748e00c547dfcefb756185 -
Remove the container(s) with the outdated images using the command:
Copydocker rm [container ID] e.g. docker rm 4f969a48e6748e00c547dfcefb756185f2bac70b6fac805aff4bd7ab02bb6945 -
Pull your desired image versions.
Hint: Graylog does not use the latest tag by default, so ensure you specify the image you want.In this instance, we are upgrading to Graylog 6.0 and pulling images using the following commands:
-
MongoDB:
docker pull mongo:6.0.14-jammy -
OpenSearch:
docker pull opensearchproject/opensearch:2.12.0 -
Graylog Enterprise:
docker pull graylog/graylog-enterprise:6.0.0 -
Graylog Open:
docker pull graylog/graylog:6.0.0
Warning: We caution you not to install or upgrade to OpenSearch 2.16! It is not supported. Doing so will break your instance! -
-
After downloading the new images, use them to recreate the containers by executing the
docker-compose up -d mongors1 mongors2 mongors3command.Warning: If you choose not to use the above supplieddocker-compose.ymlfile, you must change the image value for each service in yourdocker-compose.ymlfiles to reflect the tags of the newly pulled images. -
Copy and paste and then execute these commands one at a time to configure MongoDB for Graylog:
docker exec -it [Mongo Container ID] /bin/bashsh /scripts/rs-init.shmongo -
Now enter
rs.initiate(). This is a MongoDB command that tells it to initiate the replica set. It should return:rs01:PRIMARY>. -
If it returns a “SECONDARY” value, then execute the previous docker command against the next MongoDB container and repeat until it returns a “PRIMARY” value.
-
Now copy and paste the following into your terminal:
Copyuse graylog;
db.createUser(
{
user: "admin",
pwd: "password",
roles:
[{role: "dbAdmin", db: "graylog"},
{role: "readWrite", db: "graylog"}]
} );
Set Feature Compatibility
Upon upgrading the MongoDB image to 6.0.14 (or whichever version you choose), you will also need to also set the compatibility level of MongoDB following the steps below:
-
Verify the existing compatibility level using the command:
Copydb.adminCommand( { getParameter: 1, featureCompatibilityVersion: 1 } ) -
In the MongoDB shell launched on the primary replica and with an administrator account, run:
Copydb.adminCommand( { setFeatureCompatibilityVersion: "6.0" } ) -
Repeat step 2 above to confirm that the compatibility level has been set to the desired version. In this case, we want version 6.0.
-
Quit and exit the MongoDB command shell using the commands below:
Copyquit()
exit -
Now, run the
docker-compose up -d --force-recreatecommand in your terminal. -
Finally, navigate to the external Graylog URI at
http://127.0.0.1:9000/.
