Merge pull request #8941 from wazuh/enhancement/idr360-update-wazuh-indexer-upgrade-guide

ayodeko · web-flow · commit 5a2e69922932 · 2025-09-25T17:21:01.000+02:00
Update Wazuh indexer upgrade steps
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -3,14 +3,15 @@ All notable changes to this project will be documented in this file.
 
 ## [v4.13.1]
 
-### Changed
-
-- **Post-release**: Updated curl commands in the Upgrade guide. ([#8934](https://github.com/wazuh/wazuh-documentation/pull/8934))
-
 ### Added
 
 - **Post-release**: Updated the Wazuh Amazon Machine Images (AMI) documentation. ([#8938](https://github.com/wazuh/wazuh-documentation/pull/8938))
 
+### Changed
+
+- **Post-release**: Updated curl commands in the Upgrade guide. ([#8934](https://github.com/wazuh/wazuh-documentation/pull/8934))
+- **Post-release**: Updated the upgrade guide steps for upgrading the Wazuh indexer. ([#8941](https://github.com/wazuh/wazuh-documentation/pull/8941))
+
 ## [v4.13.0]
 
 ### Added
diff --git a/source/upgrade-guide/upgrading-central-components.rst b/source/upgrade-guide/upgrading-central-components.rst
@@ -73,6 +73,46 @@ Preparing the Wazuh indexer cluster for upgrade
 
 Perform the following steps on any of the Wazuh indexer nodes replacing ``<WAZUH_INDEXER_IP_ADDRESS>``, ``<USERNAME>``, and ``<PASSWORD>``.
 
+#. Backup the existing Wazuh indexer security configuration files:
+
+   .. code-block:: console
+
+      # /usr/share/wazuh-indexer/bin/indexer-security-init.sh --options "-backup /etc/wazuh-indexer/opensearch-security -icl -nhnv"
+
+   .. code-block:: none
+      :class: output
+
+      Security Admin v7
+      Will connect to 127.0.0.1:9200 ... done
+      Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
+      OpenSearch Version: 2.19.1
+      Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
+      Clustername: wazuh-cluster
+      Clusterstate: GREEN
+      Number of nodes: 1
+      Number of data nodes: 1
+      .opendistro_security index already exists, so we do not need to create one.
+      Will retrieve '/config' into /etc/wazuh-indexer/opensearch-security/config.yml
+         SUCC: Configuration for 'config' stored in /etc/wazuh-indexer/opensearch-security/config.yml
+      Will retrieve '/roles' into /etc/wazuh-indexer/opensearch-security/roles.yml
+         SUCC: Configuration for 'roles' stored in /etc/wazuh-indexer/opensearch-security/roles.yml
+      Will retrieve '/rolesmapping' into /etc/wazuh-indexer/opensearch-security/roles_mapping.yml
+         SUCC: Configuration for 'rolesmapping' stored in /etc/wazuh-indexer/opensearch-security/roles_mapping.yml
+      Will retrieve '/internalusers' into /etc/wazuh-indexer/opensearch-security/internal_users.yml
+         SUCC: Configuration for 'internalusers' stored in /etc/wazuh-indexer/opensearch-security/internal_users.yml
+      Will retrieve '/actiongroups' into /etc/wazuh-indexer/opensearch-security/action_groups.yml
+         SUCC: Configuration for 'actiongroups' stored in /etc/wazuh-indexer/opensearch-security/action_groups.yml
+      Will retrieve '/tenants' into /etc/wazuh-indexer/opensearch-security/tenants.yml
+         SUCC: Configuration for 'tenants' stored in /etc/wazuh-indexer/opensearch-security/tenants.yml
+      Will retrieve '/nodesdn' into /etc/wazuh-indexer/opensearch-security/nodes_dn.yml
+         SUCC: Configuration for 'nodesdn' stored in /etc/wazuh-indexer/opensearch-security/nodes_dn.yml
+      Will retrieve '/whitelist' into /etc/wazuh-indexer/opensearch-security/whitelist.yml
+         SUCC: Configuration for 'whitelist' stored in /etc/wazuh-indexer/opensearch-security/whitelist.yml
+      Will retrieve '/allowlist' into /etc/wazuh-indexer/opensearch-security/allowlist.yml
+         SUCC: Configuration for 'allowlist' stored in /etc/wazuh-indexer/opensearch-security/allowlist.yml
+      Will retrieve '/audit' into /etc/wazuh-indexer/opensearch-security/audit.yml
+         SUCC: Configuration for 'audit' stored in /etc/wazuh-indexer/opensearch-security/audit.yml
+
 #. Disable shard replication to prevent shard replicas from being created while Wazuh indexer nodes are being taken offline for the upgrade.
 
    .. code-block:: bash
@@ -164,7 +204,7 @@ Perform the following steps on each Wazuh indexer node to upgrade them. Upgrade
 
             # service wazuh-indexer stop
 
-#. Backup the ``/etc/wazuh-indexer/jvm.options`` file to preserve your custom JVM settings. For example, create a copy of the file using the following command:
+#. Backup the ``/etc/wazuh-indexer/jvm.options`` file to preserve your custom JVM settings. Create a copy of the file using the following command:
 
    .. code-block:: console
 
@@ -205,6 +245,49 @@ Post-upgrade actions
 
 Perform the following steps on any of the Wazuh indexer nodes replacing ``<WAZUH_INDEXER_IP_ADDRESS>``, ``<USERNAME>``, and ``<PASSWORD>``.
 
+#. Run the ``indexer-security-init.sh`` script to apply the security configuration files from backup into the new Wazuh indexer:
+
+   .. code-block:: console
+
+      # /usr/share/wazuh-indexer/bin/indexer-security-init.sh
+
+   .. code-block:: none
+      :class: output
+
+      Security Admin v7
+      Will connect to 127.0.0.1:9200 ... done
+      Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
+      OpenSearch Version: 2.19.2
+      Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
+      Clustername: wazuh-cluster
+      Clusterstate: GREEN
+      Number of nodes: 1
+      Number of data nodes: 1
+      .opendistro_security index already exists, so we do not need to create one.
+      Populate config from /etc/wazuh-indexer/opensearch-security/
+      Will update '/config' with /etc/wazuh-indexer/opensearch-security/config.yml
+         SUCC: Configuration for 'config' created or updated
+      Will update '/roles' with /etc/wazuh-indexer/opensearch-security/roles.yml
+         SUCC: Configuration for 'roles' created or updated
+      Will update '/rolesmapping' with /etc/wazuh-indexer/opensearch-security/roles_mapping.yml
+         SUCC: Configuration for 'rolesmapping' created or updated
+      Will update '/internalusers' with /etc/wazuh-indexer/opensearch-security/internal_users.yml
+         SUCC: Configuration for 'internalusers' created or updated
+      Will update '/actiongroups' with /etc/wazuh-indexer/opensearch-security/action_groups.yml
+         SUCC: Configuration for 'actiongroups' created or updated
+      Will update '/tenants' with /etc/wazuh-indexer/opensearch-security/tenants.yml
+         SUCC: Configuration for 'tenants' created or updated
+      Will update '/nodesdn' with /etc/wazuh-indexer/opensearch-security/nodes_dn.yml
+         SUCC: Configuration for 'nodesdn' created or updated
+      Will update '/whitelist' with /etc/wazuh-indexer/opensearch-security/whitelist.yml
+         SUCC: Configuration for 'whitelist' created or updated
+      Will update '/audit' with /etc/wazuh-indexer/opensearch-security/audit.yml
+         SUCC: Configuration for 'audit' created or updated
+      Will update '/allowlist' with /etc/wazuh-indexer/opensearch-security/allowlist.yml
+         SUCC: Configuration for 'allowlist' created or updated
+      SUCC: Expected 10 config types for node {"updated_config_types":["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","actiongroups","config","internalusers"],"updated_config_size":10,"message":null} is 10 (["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","actiongroups","config","internalusers"]) due to: null
+      Done with success
+
 #. Check that the newly upgraded Wazuh indexer nodes are in the cluster.
 
    .. code-block:: console
