Upgrade Elasticsearch
editUpgrade Elasticsearch
editFIPS Compliance and Java 17
Elasticsearch 8.3.3 requires Java 17 or later. There is not yet a FIPS-certified security module for Java 17 that you can use when running Elasticsearch 8.3.3 in FIPS 140-2 mode. If you run in FIPS 140-2 mode, you will either need to request an exception from your security organization to upgrade to Elasticsearch 8.3.3, or remain on Elasticsearch 7.x until Java 17 is certified. Alternatively, consider using Elasticsearch Service in the FedRAMP-certified GovCloud region.
An Elasticsearch cluster can be upgraded one node at a time so upgrading does not interrupt service. Running multiple versions of Elasticsearch in the same cluster beyond the duration of an upgrade is not supported, as shards cannot be replicated from upgraded nodes to nodes running the older version.
Before you start, take the upgrade preparation steps. When performing a rolling upgrade:
-
Upgrade nodes that are NOT master-eligible first.
You can retrieve a list of these nodes with
GET /_nodes/_all,master:false/_none
or by finding all the nodes configured withnode.master: false
. -
Upgrade nodes tier-by-tier, starting with the frozen tier.
Complete the upgrade for all nodes in each data tier before moving to the next.
Upgrade the frozen tier, then the cold tier, then the warm tier, and upgrade the hot tier last. This ensures ILM can continue to move data through the tiers during the upgrade. You can get the list of nodes in a specific tier with a
GET /_nodes
request, for example:GET /_nodes/data_frozen:true/_none
. -
Upgrade the master-eligible nodes last. You can retrieve a list
of these nodes with
GET /_nodes/master:true
.
This order ensures that all nodes can join the cluster during the upgrade. Upgraded nodes can join a cluster with an older master, but older nodes cannot always join a cluster with a upgraded master.
To upgrade a cluster:
-
Disable shard allocation.
When you shut down a data node, the allocation process waits for
index.unassigned.node_left.delayed_timeout
(by default, one minute) before starting to replicate the shards on that node to other nodes in the cluster, which can involve a lot of I/O. Since the node is shortly going to be restarted, this I/O is unnecessary. You can avoid racing the clock by disabling allocation of replicas before shutting down data nodes:PUT _cluster/settings { "persistent": { "cluster.routing.allocation.enable": "primaries" } }
-
Stop non-essential indexing and perform a flush. (Optional)
While you can continue indexing during the upgrade, shard recovery is much faster if you temporarily stop non-essential indexing and perform a flush.
POST /_flush
-
Temporarily stop the tasks associated with active machine learning jobs and datafeeds. (Optional)
It is possible to leave your machine learning jobs running during the upgrade, but it puts increased load on the cluster. When you shut down a machine learning node, its jobs automatically move to another node and restore the model states.
Any machine learning indices created before 7.x must be reindexed before upgrading, which you can initiate from the Upgrade Assistant in 7.17.
-
Temporarily halt the tasks associated with your machine learning jobs and datafeeds and prevent new jobs from opening by using the set upgrade mode API:
POST _ml/set_upgrade_mode?enabled=true
When you disable upgrade mode, the jobs resume using the last model state that was automatically saved. This option avoids the overhead of managing active jobs during the upgrade and is faster than explicitly stopping datafeeds and closing jobs.
- Stop all datafeeds and close all jobs. This option saves the model state at the time of closure. When you reopen the jobs after the upgrade, they use the exact same model. However, saving the latest model state takes longer than using upgrade mode, especially if you have a lot of jobs or jobs with large model states.
-
-
-
If you are running Elasticsearch with
systemd
:sudo systemctl stop elasticsearch.service
-
If you are running Elasticsearch with SysV
init
:sudo -i service elasticsearch stop
-
If you are running Elasticsearch as a daemon:
kill $(cat pid)
-
-
Upgrade the node you shut down.
To upgrade using a Debian or RPM package:
-
Use
rpm
ordpkg
to install the new package. All files are installed in the appropriate location for the operating system and Elasticsearch config files are not overwritten.
To upgrade using a zip or compressed tarball:
-
Extract the zip or tarball to a new directory. This is critical if you
are not using external
config
anddata
directories. -
Set the
ES_PATH_CONF
environment variable to specify the location of your externalconfig
directory andjvm.options
file. If you are not using an externalconfig
directory, copy your old configuration over to the new installation. -
Set
path.data
inconfig/elasticsearch.yml
to point to your external data directory. If you are not using an externaldata
directory, copy your old data directory over to the new installation.If you use monitoring features, re-use the data directory when you upgrade Elasticsearch. Monitoring identifies unique Elasticsearch nodes by using the persistent UUID, which is stored in the data directory.
-
Set
path.logs
inconfig/elasticsearch.yml
to point to the location where you want to store your logs. If you do not specify this setting, logs are stored in the directory you extracted the archive to.
When you extract the zip or tarball packages, the
elasticsearch-{bare_version}
directory contains the Elasticsearchconfig
,data
, andlogs
directories.We recommend moving these directories out of the Elasticsearch directory so that there is no chance of deleting them when you upgrade Elasticsearch. To specify the new locations, use the
ES_PATH_CONF
environment variable and thepath.data
andpath.logs
settings. For more information, see Important Elasticsearch configuration.The Debian and RPM packages place these directories in the appropriate place for each operating system. In production, we recommend using the deb or rpm package.
Leave
cluster.initial_master_nodes
unset when performing a rolling upgrade. Each upgraded node is joining an existing cluster so there is no need for cluster bootstrapping. You must configure eitherdiscovery.seed_hosts
ordiscovery.seed_providers
on every node. -
Use
-
Upgrade any plugins.
Use the
elasticsearch-plugin
script to install the upgraded version of each installed Elasticsearch plugin. All plugins must be upgraded when you upgrade a node. -
Start the upgraded node.
Start the newly-upgraded node and confirm that it joins the cluster by checking the log file or by submitting a
_cat/nodes
request:GET _cat/nodes
-
Reenable shard allocation.
For data nodes, once the node has joined the cluster, remove the
cluster.routing.allocation.enable
setting to enable shard allocation and start using the node:PUT _cluster/settings { "persistent": { "cluster.routing.allocation.enable": null } }
-
Wait for the node to recover.
Before upgrading the next node, wait for the cluster to finish shard allocation. You can check progress by submitting a
_cat/health
request:GET _cat/health?v=true
Wait for the
status
column to switch togreen
. Once the node isgreen
, all primary and replica shards have been allocated.During a rolling upgrade, primary shards assigned to a node running the new version cannot have their replicas assigned to a node with the old version. The new version might have a different data format that is not understood by the old version.
If it is not possible to assign the replica shards to another node (there is only one upgraded node in the cluster), the replica shards remain unassigned and status stays
yellow
.In this case, you can proceed once there are no initializing or relocating shards (check the
init
andrelo
columns).As soon as another node is upgraded, the replicas can be assigned and the status will change to
green
.Shards that were not flushed might take longer to recover. You can monitor the recovery status of individual shards by submitting a
_cat/recovery
request:GET _cat/recovery
If you stopped indexing, it is safe to resume indexing as soon as recovery completes.
-
Repeat.
When the node has recovered and the cluster is stable, repeat these steps for each node that needs to be updated. You can monitor the health of the cluster with a
_cat/health
request:GET /_cat/health?v=true
And check which nodes have been upgraded with a
_cat/nodes
request:GET /_cat/nodes?h=ip,name,version&v=true
-
Restart machine learning jobs.
If you temporarily halted the tasks associated with your machine learning jobs, use the set upgrade mode API to return them to active states:
POST _ml/set_upgrade_mode?enabled=false
If you closed all machine learning jobs before the upgrade, open the jobs and start the datafeeds from Kibana or with the open jobs and start datafeed APIs.
Rolling upgrades
editDuring a rolling upgrade, the cluster continues to operate normally. However, any new functionality is disabled or operates in a backward compatible mode until all nodes in the cluster are upgraded. New functionality becomes operational once the upgrade is complete and all nodes are running the new version. Once that has happened, there’s no way to return to operating in a backward compatible mode. Nodes running the previous version will not be allowed to join the fully-updated cluster.
In the unlikely case of a network malfunction during the upgrade process that isolates all remaining old nodes from the cluster, you must take the old nodes offline and upgrade them to enable them to join the cluster.
If you stop half or more of the master-eligible nodes all at once during the upgrade the cluster will become unavailable. You must upgrade and restart all of the stopped master-eligible nodes to allow the cluster to re-form. It might also be necessary to upgrade all other nodes running the old version to enable them to join the re-formed cluster.
Similarly, if you run a testing/development environment with a single master node it should be upgraded last. Restarting a single master node forces the cluster to be reformed. The new cluster will initially only have the upgraded master node and will thus reject the older nodes when they re-join the cluster. Nodes that have already been upgraded will successfully re-join the upgraded master.
Archived settings
editIf you upgrade an Elasticsearch cluster that uses deprecated cluster or index settings that are not used in the target version, they are archived. We recommend you remove any archived settings after upgrading. For more information, see Archived settings.