Upgrade Graylog on SUSE
This guide describes the recommended way to upgrade Graylog on SUSE Linux Enterprise Server 12 and 15.
Prerequisites
Before proceeding, ensure that the following prerequisites are met:
-
You must be a Graylog administrator to perform a system upgrade.
-
Review the release notes for your target Graylog version to identify breaking changes and required configuration updates.
-
Back up data for all services before upgrading to enable rollback if needed. See Backup and Restore for details.
-
Ensure all system components are compatible with your target Graylog version.
-
If you are upgrading MongoDB (or OpenSearch, if used as your search backend) do so before upgrading Graylog.
Software Verification
To verify your current version of Graylog or any of its dependencies before upgrading, use the following commands:
Graylog
sudo zypper search -i | grep graylog
Data Node
sudo zypper search -i | grep graylog-datanode
MongoDB
sudo zypper search -i | grep mongod
Upgrade with Self-Managed OpenSearch
This guide comprehensively describes the upgrade process for Graylog environments using Graylog Data Node as the search backend. If you have deployed Graylog with self-managed OpenSearch, then you will only need to follow the process described in subsequent sections to upgrade the Graylog service. If you wish to upgrade OpenSearch to a Graylog-supported version, you must do so before you upgrade Graylog. See the OpenSearch documentation for more information on upgrading OpenSearch.
To verify your current version of OpenSearch before upgrading, run the following command:
sudo zypper search -i | grep opensearch
Rolling Upgrade Process
This section describes the process for upgrading Graylog and Data Node as a rolling upgrade. For more information on this upgrade method, see Upgrading Graylog. Note that you must first complete a full upgrade of your Graylog server(s) before upgrading your Data Node server(s) as detailed below.
Upgrade Graylog
To complete a rolling upgrade of your Graylog server(s), follow these steps:
-
Begin on your Graylog node and stop the service. (If this is a multi-node cluster, begin on a follower node in your Graylog cluster.)
Copysudo systemctl stop graylog-server.service
-
Monitor the status of the Graylog service to verify it has stopped:
Copyps -aefww | grep graylog
-
Once the service has stopped, update the local package cache:
Copysudo rpm -Uvh https://packages.graylog2.org/repo/packages/graylog-6.2-repository_latest.rpm
sudo zypper updateHint: To display all available versions of Graylog: -
If you have a lock on the Graylog package, you may then be prompted to remove it before allowing the upgrade to execute:
Copysudo zypper removelock graylog-server
-
Upgrade the Graylog package:
-
To verify that the updated Graylog packages have been installed:
Copyzypper se --installed-only graylog
-
If the version notes for your target version indicate configuration changes are necessary, then make these changes in the
server.conf
file. To open the file:Copysudo nano /etc/graylog/server/server.conf
-
Start the Graylog service:
Copysudo systemctl start graylog-server.service
For multi-node clusters, repeat all the previous steps for the follower nodes, upgrading them one at a time. Once all followers are upgraded and verified healthy, perform the upgrade on the leader node. You may optionally perform a leader election on a follower node before starting on the current leader to minimize risk by modifying the is_leader = false
configuration property in the server.conf
file and modifying the value to true
.
Upgrade Data Node
Graylog Data Node must be on the same version as your Graylog service. For example, if you have upgraded Graylog to 6.2, then you must upgrade Data Node to the 6.2 release, as well.
Rolling upgrades are only applicable to Data Node clusters of three or more nodes. If you have fewer than three Data Nodes, you must perform a non-rolling restart upgrade. See the following section for details.
To complete a rolling upgrade of your Data Node server(s), follow these steps:
-
Begin the upgrade by accessing any Data Node server in your cluster directly and stop the Data Node service.
Copysudo systemctl stop graylog-datanode
-
Monitor the status of the Data Node service to verify it has stopped:
Copyps -aefww | grep graylog-datanode
-
Once the service has stopped, update the local package cache:
Copysudo rpm -Uvh https://packages.graylog2.org/repo/packages/graylog-6.2-repository_latest.rpm
sudo zypper updateHint: To display all available versions of Data Node:Copysudo zypper search -s graylog-datanode
-
If you have a lock on the Graylog Data Node package, you may then be prompted to remove it before allowing the upgrade to execute:
Copysudo zypper removelock graylog-datanode
-
Upgrade the Graylog package:
Copysudo zypper install graylog-datanode-6.2
-
To verify that the updated Data Node packages have been installed:
Copyzypper se --installed-only graylog
-
If the version notes for your target version indicate configuration changes are necessary for Data Node, then make these changes in the
datanode.conf
file. To open the file:Copysudo nano /etc/graylog/datanode/datanode.conf
-
Start the Data Node service:
Copysudo systemctl start graylog-datanode
For multi-node clusters, repeat all the previous steps for the remaining nodes, upgrading them one at a time.
Non-Rolling Restart Upgrade Process
Essentially, a non-rolling restart upgrade follows the same steps as detailed in the previous sections, EXCEPT that you must shut down all the nodes in your cluster and stop all the services you will upgrade, first Graylog and then Data Node. This will result in complete downtime of the Graylog system during the upgrade window, during which time Graylog will not be able to receive or process logs. Be sure to plan accordingly so that you do not lose data during the upgrade process if you choose this upgrade method. See Upgrade Graylog for more information on which upgrade method works best for your environment.