Better upgrade process documentation #8575
Description
🔄 Question: Wazuh Manager restart timing after Indexer upgrade
Hello everyone,
In the official documentation, it's stated that after upgrading the Wazuh Indexer, the next step is to restart the Wazuh Manager service.
However, I believe it might make more sense to restart the Wazuh Manager after upgrading the Wazuh Server, not immediately after the Indexer. In a couple of upgrade scenarios, I encountered issues where some processes were still active or misbehaving because the manager was restarted too early — right after the Indexer upgrade, but before the server upgrade.
Additionally, during the installation of the wazuh-manager package, I noticed the following warning:
Unpacking wazuh-manager (4.12.0-1) over (4.7.4-1) ...
dpkg: warning: unable to delete old directory '/var/ossec/queue/vulnerabilities': Directory not empty
Wouldn't it make more sense to handle the cleanup of this directory before or during the upgrade process, especially if it's no longer needed? Leaving it behind might cause confusion or potential issues in future upgrades.
Lastly, I would suggest adding a note in the documentation recommending users to export their customizations from the Wazuh Dashboard before performing an upgrade. This can be done via:
Management > Stack Management > Saved Objects > Export
This step helps preserve visualizations, dashboards, and other saved objects in case of issues during the upgrade.
💡 Suggestions
Consider updating the documentation to recommend restarting the Wazuh Manager after the Wazuh Server upgrade.
Review whether the /var/ossec/queue/vulnerabilities directory should be removed automatically during the upgrade, or if a cleanup step should be added.
Add a recommendation to export saved objects from the Wazuh Dashboard before upgrading.
🧾 Environment
Wazuh version: 4.12.0-1 (upgraded from 4.7.4-1)
Operating System: Ubuntu 22.04
Installation type: Distributed
Thanks in advance for your support and clarification!