Upgrade Graylog on SUSE

This guide describes the recommended way to upgrade Graylog on SUSE Linux Enterprise Server 12 and 15.

Warning: This guide does not cover security settings! The server administrator must make sure the Graylog server is not publicly exposed and is following security best practices.

Prerequisites

Before proceeding, ensure that the following prerequisites are met:

Warning: The following tasks must be completed before upgrading Graylog and/or Data Node. Otherwise, problems may occur. Once the prerequisites are satisfied, you may proceed with the upgrade process.

You must be a Graylog administrator to perform a system upgrade.
Review the release notes for your target Graylog version to identify breaking changes and required configuration updates.
Back up data for all services before upgrading to enable rollback if needed. See Backup and Restore for details.
Ensure all system components are compatible with your target Graylog version.
If you are upgrading MongoDB (or OpenSearch, if used as your search backend) do so before upgrading Graylog.

Software Verification

To verify your current version of Graylog or any of its dependencies before upgrading, use the following commands:

Graylog

Copy

sudo zypper search -i | grep graylog

Data Node

Copy

sudo zypper search -i | grep graylog-datanode

MongoDB

Copy

sudo zypper search -i | grep mongod

Upgrade with Self-Managed OpenSearch

This guide comprehensively describes the upgrade process for Graylog environments using Graylog Data Node as the search backend. If you have deployed Graylog with self-managed OpenSearch, then you will only need to follow the process described in subsequent sections to upgrade the Graylog service. If you wish to upgrade OpenSearch to a Graylog-supported version, you must do so before you upgrade Graylog. See the OpenSearch documentation for more information on upgrading OpenSearch.

To verify your current version of OpenSearch before upgrading, run the following command:

Copy

sudo zypper search -i | grep opensearch

Rolling Upgrade Process

This section describes the process for upgrading Graylog and Data Node as a rolling upgrade. For more information on this upgrade method, see Upgrading Graylog. Note that you must first complete a full upgrade of your Graylog server(s) before upgrading your Data Node server(s) as detailed below.

Warning: This guide assumes you are upgrading between backward-compatible versions of Graylog — i.e. not skipping any major versions. If you are planning to upgrade across multiple major versions, stop now and review the appropriate steps for performing an incremental upgrade.

Upgrade Graylog

To complete a rolling upgrade of your Graylog server(s), follow these steps:

Hint: This guide assumes you are upgrading to the latest version of Graylog, version 6.2.

Begin on your Graylog node and stop the service. (If this is a multi-node cluster, begin on the leader node in your Graylog cluster.)
Copy
```
sudo systemctl stop graylog-server.service
```
Monitor the status of the Graylog service to verify it has stopped:
Copy
```
ps -aefww | grep graylog
```

Once the service has stopped, update the local package cache:

Copy

sudo rpm -Uvh https://packages.graylog2.org/repo/packages/graylog-6.2-repository_latest.rpm
sudo zypper update

Hint: To display all available versions of Graylog:

Graylog Open ↓

Copy

sudo zypper search -s graylog-server

Graylog Enterprise ↓

Copy

sudo zypper search -s graylog-enterprise

Graylog Security ↓

Copy

sudo zypper search -s graylog-enterprise

If you have a lock on the Graylog package, you may then be prompted to remove it before allowing the upgrade to execute:
Copy
```
sudo zypper removelock graylog-server
```

Upgrade the Graylog package:

Graylog Open ↓

Copy

sudo zypper install graylog-server-6.2

Graylog Enterprise ↓

Copy

sudo zypper install graylog-enterprise-6.2

Graylog Security ↓

Copy

sudo zypper install graylog-enterprise-6.2

To verify that the updated Graylog packages have been installed:
Copy
```
zypper se --installed-only graylog
```
If the version notes for your target version indicate configuration changes are necessary, then make these changes in the server.conf file. To open the file:
Copy
```
sudo nano /etc/graylog/server/server.conf
```

Start the Graylog service:

Copy

sudo systemctl start graylog-server.service

For multi-node clusters, repeat all the previous steps for the follower nodes, upgrading them one at a time. You may optionally perform a leader election on a follower node before starting on the current leader to minimize risk by modifying the is_leader = false configuration property in the server.conf file and modifying the value to true.

Upgrade Data Node

Graylog Data Node must be on the same version as your Graylog service. For example, if you have upgraded Graylog to 6.2, then you must upgrade Data Node to the 6.2 release, as well.

Rolling upgrades are only applicable to Data Node clusters of three or more nodes. If you have fewer than three Data Nodes, you must perform a non-rolling restart upgrade. See the following section for details.

To complete a rolling upgrade of your Data Node server(s), follow these steps:

Hint: This guide assumes you are upgrading to the latest version of Graylog Data Node, version 6.2.

Begin the upgrade by accessing any Data Node server in your cluster directly and stop the Data Node service.
Copy
```
sudo systemctl stop graylog-datanode
```
Monitor the status of the Data Node service to verify it has stopped:
Copy
```
ps -aefww | grep graylog-datanode
```

Once the service has stopped, update the local package cache:

Copy

sudo rpm -Uvh https://packages.graylog2.org/repo/packages/graylog-6.2-repository_latest.rpm
sudo zypper update

Hint: To display all available versions of Data Node:

Copy

sudo zypper search -s graylog-datanode

If you have a lock on the Graylog Data Node package, you may then be prompted to remove it before allowing the upgrade to execute:
Copy
```
sudo zypper removelock graylog-datanode
```

Upgrade the Graylog package:

Copy

sudo zypper install graylog-datanode-6.2

To verify that the updated Data Node packages have been installed:
Copy
```
zypper se --installed-only graylog
```
If the version notes for your target version indicate configuration changes are necessary for Data Node, then make these changes in the datanode.conf file. To open the file:
Copy
```
sudo nano /etc/graylog/datanode/datanode.conf
```
Start the Data Node service:
Copy
```
sudo systemctl start graylog-datanode
```

For multi-node clusters, repeat all the previous steps for the remaining nodes, upgrading them one at a time.

Non-Rolling Restart Upgrade Process

Essentially, a non-rolling restart upgrade follows the same steps as detailed in the previous sections, EXCEPT that you must shut down all the nodes in your cluster and stop all the services you will upgrade, first Graylog and then Data Node. This will result in complete downtime of the Graylog system during the upgrade window, during which time Graylog will not be able to receive or process logs. Be sure to plan accordingly so that you do not lose data during the upgrade process if you choose this upgrade method. See Upgrade Graylog for more information on which upgrade method works best for your environment.