Upgrading to new version of Puppet Remediate on offline machines can be done with a few
simple commands.
To upgrade from Remediate 1.2.0 to
Remediate 1.2.1 on an offline
node:
-
On a node with internet connectivity:
-
Download the offline Remediate image bundle (https://storage.googleapis.com/remediate/stable/1.2.1/offline/images.tar.gz)
-
Download the offline
docker-compose.yml
file
(https://storage.googleapis.com/remediate/stable/1.2.1/offline/docker-compose.yml)
Note: Skip this step if you are using your own custom Docker
registry.
-
Optionally, you can verify the image bundle and offline
docker-compose.yml
files signatures:
With each Puppet Remediate release, a digital signature is created using the private key portion of
an asymmetric key. You can manually validate the signature using the public
key portion of the same asymmetric key.
-
Download the offline
docker-compose.yml
file signature and the image bundle signature, along with the
public key to the same directory as your
docker-compose.yml
and license file.
-
Run the following commands:
openssl dgst -sha256 -verify puppet-remediate-signing-key.pub -signature docker_compose_signature docker-compose.yml
And:
openssl dgst -sha256 -verify puppet-remediate-signing-key.pub -signature images_signature images.tar.gz
If the signature is valid, you will get the
following response for each command:
Verified Ok
-
Copy the Remediate image bundle and offline
docker-compose.yml
file to the offline node where you
want to install Remediate.
-
Run the following command from the folder where your
docker-compose.yml
file is located:
docker-compose run remediate stop
-
Remove the
oauth_client.json
file:
docker secret rm oauth_client.json
-
Use the following command to start Remediate (replacing
your-license.json
with your own license):
docker-compose run remediate start -o --license-file ./your-license.json
What to do next
Remember: After you update Remediate, any existing discovered data is lost. You
must wait for the next scheduled data discovery run completes to see data in the UI.
Alternatively, click Discover All on the Manage
Sources page to start a discovery run manually.