Upgrading to Elasicsearch 6.0 in OVA

Please excuse my ignorance, but I need some direction on the best way to upgrade to Elasticsearch 6.0 in the OVA version of Graylog. I have done several omnibus upgrades of Graylog, and have recently successfully upgraded to 2.5, but I would like to to the Elasticsearch 6.0 upgrade in preparation for Graylog 3.0.

I have done an Elasticsearch upgrade using the dkpg instruction on the Elasticsearch site, but the version that Graylog uses did not get upgraded. I did some looking around, and found that the dkpg version got installed in /usr/share/elasticsearch and Graylog seems to use the version in /opt/graylog/elasticsearch

What is the best process for upgrading the Graylog version? I tried to just copy all of the files from one location to the other, but that caused thing to stop working, so I assume that there is some subset of the files to be copied, or some special process that I am not aware of.

Any assistance would be greatly appreciated, thanks!

Please, please tell me you’re not using the OVA for production use…

Pretty please? :hugs:

Either way, remove the dpkg version and perform the manual installation with packages from the Elastic site. Or alternatively you can move the ElasticSearch data from the original Elastic into the new Elastic. That way you can keep upgrading through dpkg/apt.

Any assistance would be greatly appreciated, thanks!

No assistance or help from anyone from the Graylog team for this - you are running out of any supported ways. The OVA is not build to be customized - you get what is prepared for you, if you want something else, make your customized installation.

Download the new OVA, and change the virtual machine.
In this case you can also test your disaster recovery process.

@jan maybe you should build some warning message and limitations in the OVA version.

If people just read the documentation …


yes, but based on the posts the people don’t read manuals.

This is what I hate about open source projects, the extreme arrogance that comes out. I asked a simple question, and all I got was insults and abuse. If the OVA should never be used, then why have it, why have instructions for upgrading it???

You all could have been helpful, but you have given me so much more!

We’re not being arrogant, okay, maybe I am but I’m an arrogant asshole to begin with. Your question, while properly phrased and clear, was answered by that good old schtick of “RTFM” - because it is in the manual. And honestly, that should have been your first stop.

If you were to have asked your question, with the addition of “I tried the manual but couldn’t find instructions”, the replies most likely would have been different. There are many questions asked here daily that didn’t need to be asked if one would read the documentation or apply the gray matter to the problem at hand - and repeating the same thing over and over and over again generally gets on one’s nerves.

More simply put: ask stupid question, get stupid answer.

To be fair Karl,
Those warnings are relatively new, I can assure you that when we first started using Graylog, many moons ago, the prominent installation mode was the omnibus (without warnings), and throughout the years we’ve maintained and upgraded without any issues.
And yes Tess, we do use Omnibus Graylog extensively in a production environment.
To suggest that we users don’t read instructions or manuals is not fair.
As long as an upgrade path is presented and the risks are outlined, users can decide for themselves if it is acceptable risk / investment trade-off.

Simple question, will there be an upgrade path available for the upcoming 3.0 release for omnibus users?
If not will there be migration guideline?


1 Like

Simple question, will there be an upgrade path available for the upcoming 3.0 release for omnibus users?
If not will there be migration guideline?

as usual - one of both.

Thank you :slight_smile:

Really? I don’t know what Omnibus is, but I guess you mean the ready-made OVA?

EDIT: Found Omnibus… reading up on this sub-project.

EDIT 2: Right, so Omnibus Graylog is a combined installer for the whole stack of Mongo+Elastic+Graylog. My original post was about the ready-made OVA though, which is what @kmb said they are using. I thought Graylog (the company) specifically said not to use that one for production.

That wasn’t me though :slight_smile:


Fair enough.
No we don’t use OVA, but I assume it provides people a ready made easy starting point.
Nothing to stop people from hardening the VM though to make it production safe.
It just gets them over the initial setup curve of GL stack.

1 Like

I will readily admit that was a bit of a steep learning curve :slight_smile: The good thing is that all three teams (Graylog, MongoDB and Elastic) have great documentation on building a “proper” start, i.e. with HA-clustering and security configured.

Graylog is also the reason why I’m following online course on Mongo University. There’s honestly quite a few good trainings in there, fully free and with hands-on exercises as well. Good enough to entertain me as a Linux/Security admin!

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.