Periodically, you might need to upgrade your Elastic Cloud Enterprise installation as new versions with additional features become available. The upgrade process updates all hosts that are part of your Elastic Cloud Enterprise installation to the latest version of ECE, with little or no downtime for managed clusters.
Upgrading Elastic Cloud Enterprise works by replacing the containers that ECE itself requires to run on each host. Upgrading ECE does not touch any of the containers that run your Elasticsearch clusters and Kibana instances. Each container that needs to be upgraded is renamed and stopped, followed by the creation of a new container with an upgraded instance of the ECE software and its dependencies. When the upgrade process has completed successfully, it cleans up after itself and removes the old containers.
The upgrade process creates a
frc-upgraders-monitor container on the host where you initiate the process that performs the following actions:
Back up the ZooKeeper transaction log to
RUNNER_IDare specific to your installation.
Configure Elastic Cloud Enterprise to perform the individual container upgrades by creating a
frc-upgraders-upgradercontainer on each host that is part of the installation.
Monitor the upgrade process to ensure that all
frc-upgraders-upgradercontainers perform their part of the upgrade as expected and report their status.
- After all hosts have been upgraded successfully, clean up temporary artifacts created during the upgrade process, and remove the old containers.
The entire process is designed to be failsafe. Containers get upgraded sequentially and the upgrade status of each container is tracked. The upgrade process also monitors that each new container is viable and continues to run as expected. If there is an issue with any part of the upgrade, the entire process is rolled back.
To run the script to upgrade Elastic Cloud Enterprise, a user must be part of the
docker group. You initiate the upgrade process by running the
elastic-cloud-enterprise.sh script with the
upgrade action on a single host. The host that you run the script on must be a host that holds the director role. You do not need to run the script on additional hosts.
Each host in your Elastic Cloud Enterprise installation must have at least 5 GB of disk space available to ensure that the upgrade process can complete successfully.
We strongly recommend that you do not attempt to perform certain actions during the upgrade process, such as:
- Creating or changing Elasticsearch clusters and Kibana instances
- Adding new hosts to your installation or removing existing hosts
As a precaution, we also recommend that you take current snapshots of your Elasticsearch clusters.
To avoid any downtime for Elastic Cloud Enterprise, your installation must include more than one proxy and you must use a load balancer as recommended. If you are using only a single proxy or if you are not using a load balancer, some downtime is expected when the containers on your proxies are upgraded. Each container upgrade typically takes five to ten seconds, times the number of containers on a typical host.
For offline or air-gapped installations, additional steps are required to upgrade Elastic Cloud Enterprise. After downloading the installation script for the new version, you also need to pull and load the required container images and push them to your own private Docker registry. To learn more about pulling and loading Docker images, see Install ECE (Without Internet Access).
If your ECE installation is still using the default, auto-generated certificates: We recommend that you perform one of the following steps to avoid trust errors related to the proxy server certificate after the upgrade. The proxy server certificate is used when connecting to Kibana and Elasticsearch clusters. During the upgrade, the ECE certificate authority generates a new certificate. As with any server certificate rotation, you must add an exception for the new proxy server certificate, unless the certificate authority is present in the trust store of your system or browser. You can perform either of these steps before or after the upgrade:
- Recommended: Add your organization’s own certificate to Elastic Cloud Enterprise. The upgrade process ensures that the certificates you add do not change, which avoids the trust errors.
- Add the default CA certificate to the trust store of your system or of your browser. Only the server certificate changes during upgrade, but the CA certificate remains the same. Adding the CA certificate to your trust store alone is sufficient to avoid the trust errors.
To upgrade your Elastic Cloud Enterprise installation:
Download and run the latest installation script with the
upgradeaction on a single host that holds the director role:
bash <(curl -fsSL https://download.elastic.co/cloud/elastic-cloud-enterprise.sh) upgrade
You can follow along whilst each container for Elastic Cloud Enterprise is upgraded on the hosts that are part of your installation.
After the upgrade process completes, you can add the Elastic Stack packs that ship with Elastic Cloud Enterprise 1.1.4 to get every last little bit of the new version. The upgrade process does not automatically add these stack packs for you, but they can be added like any other stack pack.
If you are using a public Docker registry, you can run the cleanup script as it appears. If you are using a private Docker registry, you must first edit the
ECE_DOCKER_REPOSITORY entries in the script to match your setup.