Wazuh Upgrade using Ansible

[Isuru Tharanga]

Hi,

Is it possible to upgrade the Wazuh/ELK deployment via Ansible? I have only seen the deployment, not the upgrade.

Cheers,

Isuru

[Juan Pablo Saez]

Hello Isuru,

The wazuh-ansible vanilla playbooks can upgrade your Wazuh/ELK but configuration files for Wazuh manager, Wazuh agent, Elasticsearch and Kibana are copied from templates after installation so the existing settings are overwritten. As a workaround to avoid losing your settings, the playbook attached to this message includes tasks to just stop, upgrade (through packages install) and restart the different Wazuh components.

• To use the playbook you should create a host file with the groups manager, agent, elasticsearch y kibana. Fill just the ones you want to upgrade. i.e:

manager:
    hosts:
        100.100.100.100:

elasticsearch:
    hosts:
        100.100.100.100:

agent:
    # hosts:

kibana:
    hosts:
        100.100.100.100

• In case you are upgrading Elasticsearch: as stated in the related elasticsearch documentation, before proceeding you should disable shard allocation, and stop non-essential indexing and perform a synced flush(optional). Then you update your nodes one by one and go back to re-enable shard allocation. These steps aren’t included in the attached playbook

I hope you find it useful. Let us know how it goes and feel free to ask for any questions or additional information you may need.

Greetings,

JP