Wazuh 4.14.1 upgrade

[Gokul Suresh]

Hi team,

I have a task to upgrade Wazuh from version 4.10.3 to 4.14.1, and I am referring to the official upgrade documentation below:
https://documentation.wazuh.com/current/upgrade-guide/upgrading-central-components.html

In this document, I came across the following step:

Backup the existing Wazuh indexer security configuration files:
/usr/share/wazuh-indexer/bin/indexer-security-init.sh --options "-backup /etc/wazuh-indexer/opensearch-security -icl -nhnv"

Later, in the post-upgrade steps, the document mentions:

Run the indexer-security-init.sh script to apply the security configuration files from backup into the new Wazuh indexer:

/usr/share/wazuh-indexer/bin/indexer-security-init.sh"

I would like to understand the impact of performing these steps during the upgrade process.

In my environment, there are more than 20 internal users, roles, custom role mappings configured. I would like to know whether executing these steps could modify, overwrite, or affect any existing internal users, roles, role mappings, or other custom configurations.
If there is any potential impact, please advise on the precautions or best practices that should be followed to ensure that the existing configurations remain intact during and after the upgrade.

[Olamilekan Abdullateef Ajani]

Hello,

You are right to question this, but the Wazuh upgrade guide has outlined the best practices for upgrading the Wazuh instance as a step-by-step process. The initial command: /usr/share/wazuh-indexer/bin/indexer-security-init.sh --options "-backup /etc/wazuh-indexer/opensearch-security -icl -nhnv" is creating a backup of all your roles, mappings, custom/internal users, etc., into the directory  /etc/wazuh-indexer/opensearch-security/.

And the post-upgrade command typically restores from the initial backup that was taken. When you run the indexer-security-init.sh script without any argument, it automatically takes the configuration files in the default security configuration folder and pushes them into the running Wazuh indexer engine.
The post-upgrade indexer-security-init.sh command ensures that your backed-up custom data is reapplied to the Indexer cluster itself, which is designed to preserve the backed-up entities.

The best approach is to follow the step-by-step guide. You can also do well by ensuring you have a snapshot of the Wazuh instance and also follow the backup guide for additional fail-safes, which guarantee you have something to fall back to.

Ref:
https://documentation.wazuh.com/current/migration-guide/creating/wazuh-central-components.html