Upgrade Remediate on offline nodes

Upgrading to new version of Puppet Remediate on offline machines can be done with a few simple commands.

To upgrade from Remediate 1.2.0 to Remediate 1.2.1 on an offline node:

  1. On a node with internet connectivity:
    1. Download the offline Remediate image bundle (https://storage.googleapis.com/remediate/stable/1.2.1/offline/images.tar.gz)
    2. Download the offline docker-compose.yml file (https://storage.googleapis.com/remediate/stable/1.2.1/offline/docker-compose.yml)
    Note: Skip this step if you are using your own custom Docker registry.
  2. Optionally, you can verify the image bundle and offline docker-compose.yml files signatures:
    With each Puppet Remediate release, a digital signature is created using the private key portion of an asymmetric key. You can manually validate the signature using the public key portion of the same asymmetric key.
    1. Download the offline docker-compose.yml file signature and the image bundle signature, along with the public key to the same directory as your docker-compose.yml and license file.
    2. Run the following commands: 
      openssl dgst -sha256 -verify puppet-remediate-signing-key.pub -signature docker_compose_signature docker-compose.yml

      And:

      openssl dgst -sha256 -verify puppet-remediate-signing-key.pub -signature images_signature images.tar.gz

      If the signature is valid, you will get the following response for each command: 

      Verified Ok
  3. Copy the Remediate image bundle and offline docker-compose.yml file to the offline node where you want to install Remediate.
  4. Run the following command from the folder where your docker-compose.yml file is located: 
    docker-compose run remediate stop
  5. Remove the oauth_client.json file: 
    docker secret rm oauth_client.json
  6. Use the following command ⁠to start Remediate (replacing your-license.json with your own license): 
    docker-compose run remediate start -o --license-file ./your-license.json
What to do next
Remember: After you update Remediate, any existing discovered data is lost. You must wait for the next scheduled data discovery run completes to see data in the UI. Alternatively, click Discover All on the Manage Sources page to start a discovery run manually.