Upgrade Remediate on offline nodes

Upgrading to new version of Puppet Remediate on offline machines can be done with a few simple commands.

To upgrade to Remediate 1.3.x on an offline node:

  1. On a node with internet connectivity:
    1. Download the offline Remediate image bundle (https://storage.googleapis.com/remediate/stable/latest/offline/images.tar.gz)
    2. Download the offline docker-compose.yml file (https://storage.googleapis.com/remediate/stable/latest/offline/docker-compose.yml)
    Note: Skip this step if you are using your own custom Docker registry.
  2. Optionally, you can verify the image bundle and offline docker-compose.yml files signatures:
    With each Puppet Remediate release, a digital signature is created using the private key portion of an asymmetric key. You can manually validate the signature using the public key portion of the same asymmetric key.
    1. Download the offline docker-compose.yml file signature and the image bundle signature, along with the public key to the same directory as your docker-compose.yml and license file.
    2. Run the following commands:
      openssl dgst -sha256 -verify puppet-remediate-signing-key.pub -signature docker_compose_signature docker-compose.yml


      openssl dgst -sha256 -verify puppet-remediate-signing-key.pub -signature images_signature images.tar.gz

      If the signature is valid, you will get the following response for each command:

      Verified Ok
  3. Copy the Remediate image bundle and offline docker-compose.yml file to the offline node where you want to install Remediate.
  4. Stop Remediate:
    docker-compose run remediate stop
  5. Use the following command ⁠to start Remediate (replacing your-license.json with your own license):
    docker-compose run remediate start -o --license-file ./your-license.json
    CAUTION: If you start Remediate without a license file you will not have access to the full range of Remediate functionality. If you started Remediate without a license file in error, simply stop the application by issuing the following command:
    docker-compose run remediate stop

    And start Remediate again using the --license-file parameter as outlined above.

What to do next
Remember: After you update Remediate, any existing discovered data is lost. You must wait for the next scheduled data discovery run completes to see data in the UI. Alternatively, click Discover All on the Manage Sources page to start a discovery run manually.