This is the process for in-place Elasticsearch (ES) upgrades, using an existing Search Feed and index data.

Required

This upgrade is for Elasticsearch 6.8.6 and 7.5.2 or higher with a Search Feed created on Swarm 11 or higher.
If you are using Elasticsearch 6.8.6, see How to Upgrade Swarm | Upgrading from Unsupported Elasticsearch for a specific version and live-upgrade ordering requirements.
See Migrating from Older Elasticsearch for migrating from Elasticsearch 2.3.3 or 5.6.12.
Elasticsearch cannot be downgraded once it’s upgraded.

Upgrading Elasticsearch by Script

On each node in an Elasticsearch cluster, follow this process and run the files from the Swarm download bundle:

Info

Make sure you download the latest Swarm software listed under Swarm 17 Highlights from here.

Before upgrading, query the Elasticsearch cluster for the list of nodes.
curl -i http://ELASTICSEARCH:9200/_cat/nodes
Example output:
[root@elasticsearch Elasticsearch]# curl -i http://<ip-address>:9200/_cat/nodes HTTP/1.1 200 OK content-type: text/plain; charset=UTF-8 content-length: 300 <ip-node1> 14 99 1 0.02 0.14 0.15 dilm - <hostname-node1> <ip-node2> 1 71 1 0.01 0.09 0.08 dilm - <hostname-node2> <ip-node3> 72 99 0 0.08 0.06 0.08 dilm - <hostname-node3> <ip-node4> 50 99 0 0.03 0.04 0.05 dilm * <hostname-node4> <ip-node5> 47 99 1 0.08 0.14 0.22 dilm - <hostname-node5>
The node with * is the Elasticsearch master node. It is recommended to upgrade the node last to avoid problems electing a new master node.
Backup the existing configurations so a record exists of any customizations. Run ./techsupport-bundle-grab.sh from your Support tools directory to backup to upgrade your support tools before running the script. Instructions are here.
Install the latest Swarm Search i.e. caringo-elasticsearch-search RPM.
dnf install caringo-elasticsearch-search-VERSION.noarch.rpm

Tip

The error: "ES_PATH_CONF must be set to the configuration path chown: cannot access '/etc/elasticsearch/elasticsearch.keystore': No such file or directory" is displayed if Elasticsearch 7 RPM was inadvertently installed. Install the caringo-elasticsearch-search RPM to proceed.

Info

Run ls -la /etc/elasticsearch command to verify the directory and files (especially elasticsearch.keystore) are owned by root:elasticsearch and the directory has setgid. Run chown -R root:elasticsearch /etc/elasticsearch and chmod g+s /etc/elasticsearch to correct the permissions.

Run the script to install and configure the upgrade.
If the script detects that Elasticsearch is installed and configured, it runs with --upgrade instead of configuring a new cluster, automating the Elasticsearch rolling upgrade steps (https://www.elastic.co/guide/en/elasticsearch/reference/7.17/rolling-upgrades.html).
/usr/share/caringo-elasticsearch-search/bin/configure_elasticsearch_with_swarm_search.py

Important

The upgrade requires Internet access to download the Elasticsearch rpm. Place the elasticsearch-*.rpm in the current directory if Internet access is unavailable.

Warning

The configure script requires node.name to be set in /etc/elasticsearch/elasticsearch.yml. This is not the case with a Swarm Cluster Installer (SCI) deployed VM; uncomment the setting and set it to the default value of ${HOSTNAME}.

Compare the backup file to the newly created elasticsearch.yml, add any customizations needed, and restart systemctl restart elasticsearch if the configuration was modified.

Note

thread_pool.write.queue_size: 1000 and prometheus.indices are no longer required.

Verify that all nodes are accounted for, all shards are assigned, and the status is green.
curl -i 'http://ELASTICSEARCH:9200/_cat/health?v'

The script updates the configuration files and restarts the service if the upgraded Elasticsearch is already installed.

Important

Type Ctrl-C once when the upgrade script is stuck in retrying status checks and proceed to the next node after the script finishes if the cluster loses master during the upgrade process and does not recover. Review /etc/elasticsearch/elasticsearch.yml and tail -F /var/log/elasticsearch/<cluster-name>.log for configuration errors.

The nodes elect the master and recover once all nodes have started on the upgraded Elasticsearch. Health status goes yellow, then eventually green. Re-enable shard allocation, otherwise /_cat/health?v stops at 50% with health status yellow.

Upgrading Elasticsearch Manually

The script automates the following steps for upgrading Elasticsearch manually:

It fixes /etc/sysconfig/elasticsearch to the correct ES6 version (the same as ES7+).
It increases the systemd timeout in /etc/systemd/system/elasticsearch.service.d/override.conf (see github.com/elastic/elasticsearch/issues/60140)
and does a systemctl daemon-reload to pick up configuration file changes.
A prompt to continue with the dnf upgrade to the latest ES version appears after refreshing the config files for Elasticsearch 6.
It disables shard allocation and performs a POST synced-flush for safer rolling upgrades.

Important

Disabling shard allocation or sync-flush can fail to contact the node but does not proceed to upgrade the next node until the cluster health is green again.

It uninstalls the existing Prometheus Exporter plugin.
It shells out to dnf to install the Elasticsearch 7 RPM in the current directory or from artifacts.elastic.co, if unavailable.
It updates elasticsearch.yml for Elasticsearch 7+ compatibility, including cluster.initial_master_nodes instead of discovery.zen.unicast.hosts and jvm.options.
It starts the upgraded Elasticsearch and waits for it to be ready.
The cluster re-enables shard allocation and prompts to repeat these two steps on the next node if the cluster health is green or yellow.