New versions of Puppet Comply are released regularly. Upgrading to the current version ensures you are always taking advantage of the latest features, fixes, and improvements.
complymodule. To ensure you always have the latest version, upgrade the
complymodule before you upgrade the Comply application. Note that you cannot run scans until you complete both of these upgrades.
Upgrade from Comply 2.2.1 to 2.2.2
Comply 2.2.2 automatically upgrades the CIS-CAT assessor to the latest version every time you upgrade Comply.
If you want Comply to update the CIS-CAT
Assessor automatically, select Automatically kick off PE jobs on
assessor upgrade on the Config page in Puppet Application Manager.
If you select this option, on upgrade Comply kicks off 2 PE agent runs: the first to download the new assessor, and the second update the facts in PE.Tip: Because this option starts PE jobs automatically on upgrading Comply, systems administrators, especially of larger implementation, may wish to consider leaving this option unchecked. Assessor upgrade then takes place automatically when the next two PE jobs are run.
Comply requires the latest version of the assessor on the node in order to perform runs. A background task runs to check if nodes have been upgraded every 15 minutes if this option is selected and every hour if it is not selected. If a node does not upgrade and remains red on the Inventory page, run the Puppet agent. If the upgrade continues to fail, see the Puppet agent logs for more information.
- Click Save Config.
If you have not already configured the
scanner_sourceparameter, you can do so at this point. Otherwise proceed to the next step. Navigate to Puppet Enterprise (PE), and update the default value of the
scanner_sourceparameter to one of the following assessor distribution files:
For more information, see Classify the nodes you want to scan in PE.
If using the Puppet supported cluster:
If using NGINX Ingress
Click Add to node group, and then commit the changes.
Warning: When upgrading the
Update your Puppetfile with the latest version of the
complymodule and its dependencies.
Deploy code by running the
puppet-code deploy --allcommand.
complymodule, running the agent before Comply is updated may cause an error.
- Update your Puppetfile with the latest version of the
Navigate back to Puppet Application Manager. After pre-flight checks have
completed successfully, click Go to updated version, and then click
Note: If the upgrade of an assessor on a node fails, the node is marked in red on the Inventory page. Failures may be due to network issues. If that is the case, Comply attempts to upgrade the node once connectivity returns. An hourly background task runs to check if nodes have been upgraded or not. If a node does not upgrade and remains red on the Inventory page, run the Puppet agent. If the upgrade continues to fail, see the Puppet agent logs for more information.
Upgrade Comply in an online environment
Check for download and deploy updates from the Version history tab in the Puppet Application Manager UI.
- In the Puppet Application Manager UI, click Version history.
Click Check for updates.
Configure an automatic update check by clicking Configure automatic updates. You can check for updates hourly, every four hours, daily, weekly, or at a custom interval.
- If an update is available, Puppet Application Manager downloads it for you and performs preflight checks on your system to make sure your cluster meets system requirements for the new version. Review the outcome of these checks by clicking View preflight.
- When you're ready to upgrade to the new version of Comply, click Deploy.
Upgrade Comply in an offline environment
If your environments do not have direct access to the internet, use the links below to upgrade to the latest version of Comply.
Navigate to the portal provided to you by Puppet
in the licence email, for example,
https://get.replicated.com/airgap/#/kots/comply/, and login with the password.
Select Embeded cluster and download the latest Comply release
Log into Puppet Application Manager —
Select Version history, and upload the new version of
.airgapfile that you downloaded in step 2.
- Click Deploy.