Rollback Procedures

When an upgrade encounters critical issues, a rollback to the previous version may be necessary. Energy Logserver does not provide an automated rollback mechanism — the process requires reinstalling the previous version and restoring configuration from a backup.

Prerequisites

Before every upgrade, the ./install.sh -u script offers to run configuration-backup.sh, which creates a backup archive in /root/. This backup contains configuration files, Logserver indices data, templates, and cluster settings. Ensure this backup exists before attempting a rollback.

To verify that a backup archive exists:

ls -lt /root/backup-*.tar.gz | head -5

Procedure

1. Stop all services

systemctl stop logserver logserver-gui logserver-probe alert cerebro \
  e-doc skimmer intelligence intelligence-scheduler license-service

2. Reinstall previous version

Use the installer package of the previous version:

tar xjf energy-logserver-<previous-version>.x86_64.tar.bz2
cd install
./install.sh -u

3. Restore configuration from backup

Extract the backup archive created by configuration-backup.sh:

tar xzf /root/backup-<hostname>-<date>.tar.gz -C /tmp/restore

The archive contains the following configuration backups:

Archive file	Restore path
`elasticsearch_conf.tar.gz`	`/etc/elasticsearch/`
`kibana_conf.tar.gz`	`/etc/kibana/`
`logstash_conf.tar.gz`	`/etc/logstash/`
`alert_conf.tar.gz`	`/opt/alert/`
`cerebro_conf.tar.gz`	`/opt/cerebro/`
`skimmer_conf.tar.gz`	`/opt/skimmer/`
`intelligence_conf.tar.gz`	`/opt/intelligence/`
`license_conf.tar.gz`	`/opt/license-service/`
`e-doc_conf.tar.gz`	`/opt/e-doc/`
`logserver-store_conf.tar.gz`	`/etc/logserver-store/`
`wazuh_conf.tar.gz`	`/var/ossec/etc/` (only if Wazuh is installed)
`wazuh_gui_conf.tar.gz`	`/usr/share/kibana/data/wazuh/config/` (only if Wazuh GUI is installed)
`wiki_conf.tar.gz`	`/opt/wiki/` (only if Wiki.js is installed)

The last three files are produced only when the matching component is installed on the node, so they may be missing from the archive.

Restore only the configuration files that were affected by the upgrade. Each archive can be extracted individually, for example:

tar xzf /tmp/restore/<date>/elasticsearch_conf.tar.gz -C /
tar xzf /tmp/restore/<date>/kibana_conf.tar.gz -C /

4. Start services

Start the database service first and wait for it to become available:

systemctl start logserver
curl -u $USER:$PASSWORD "http://localhost:9200/_cluster/health?pretty"

Then start the remaining services:

systemctl start logserver-gui alert cerebro e-doc skimmer \
  intelligence intelligence-scheduler license-service logstash

5. Verify

systemctl status logserver logserver-gui logstash alert cerebro \
  e-doc skimmer intelligence intelligence-scheduler license-service \
  --no-pager