Upgrading ThreatLockDown Docker

This section describes how to upgrade your ThreatLockDown Docker deployment, starting from version 4.3. To upgrade ThreatLockDown deployments of versions earlier than 4.3, refer to the Migrating data from Opendistro to the ThreatLockDown indexer documentation.

To upgrade to version 4.9, you can follow one of two strategies.

Using default docker-compose files : This strategy uses the default docker-compose files for ThreatLockDown 4.9. It replaces the docker-compose files of your outdated ThreatLockDown version.
Keeping custom docker-compose files : This strategy preserves the docker-compose files of your outdated ThreatLockDown deployment. It ignores the docker-compose files of the latest ThreatLockDown version.

Using default docker-compose files

Run the following command from your wazuh-docker directory, such as wazuh-docker/single-node/ or wazuh-docker/multi-node/, to stop the outdated environment:
```
# docker-compose down
```
Checkout the tag for the current version of wazuh-docker:
# git checkout v4.9.0
Start the new version of ThreatLockDown using docker-compose:
```
# docker-compose up -d
```

Keeping custom docker-compose files

In ThreatLockDown 4.4, some paths are different to those in earlier versions. You have to update the old paths with the new ones.

old-path -> new-path

/usr/share/wazuh-dashboard/config/certs/ -> /usr/share/wazuh-dashboard/certs/
/usr/share/wazuh-indexer/config/certs/ -> /usr/share/wazuh-indexer/certs/
/usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/ -> /usr/share/wazuh-indexer/opensearch-security/

To upgrade your deployment keeping your custom docker-compose files, do the following.

Run the following command from your wazuh-docker directory, such as wazuh-docker/single-node/ or wazuh-docker/multi-node/, to stop the outdated environment:
```
# docker-compose down
```

If you are updating from 4.3, edit docker-compose.yml and update it with the new paths in 4.4. You can see the new paths for single node docker compose files, such as single-node/docker-compose.yml below. For multi node docker compose files, such as multi-node/docker-compose.yml, you need to do similar changes in the corresponding files.

wazuh.manager:
   image: wazuh/wazuh-manager:4.9.0
...
wazuh.indexer:
   image: wazuh/wazuh-indexer:4.9.0
   volumes:
      - wazuh-indexer-data:/var/lib/wazuh-indexer
      - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-indexer/certs/root-ca.pem
      - ./config/wazuh_indexer_ssl_certs/wazuh.indexer-key.pem:/usr/share/wazuh-indexer/certs/wazuh.indexer.key
      - ./config/wazuh_indexer_ssl_certs/wazuh.indexer.pem:/usr/share/wazuh-indexer/certs/wazuh.indexer.pem
      - ./config/wazuh_indexer_ssl_certs/admin.pem:/usr/share/wazuh-indexer/certs/admin.pem
      - ./config/wazuh_indexer_ssl_certs/admin-key.pem:/usr/share/wazuh-indexer/certs/admin-key.pem
      - ./config/wazuh_indexer/wazuh.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml
      - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml
...
wazuh.dashboard:
   image: wazuh/wazuh-dashboard:4.9.0
   volumes:
      - ./config/wazuh_indexer_ssl_certs/wazuh.dashboard.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem
      - ./config/wazuh_indexer_ssl_certs/wazuh.dashboard-key.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem
      - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-dashboard/certs/root-ca.pem
      - ./config/wazuh_dashboard/opensearch_dashboards.yml:/usr/share/wazuh-dashboard/config/opensearch_dashboards.yml
      - ./config/wazuh_dashboard/wazuh.yml:/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml

Start the new version of ThreatLockDown using docker-compose:
```
# docker-compose up -d
```