Upgrade Remediate on offline nodes

Upgrading to new version of Puppet Remediate on offline machines can be done with a few simple commands.

To upgrade to Remediate 1.4.2 on an offline node:

  1. On a node with internet connectivity:
    1. Download the offline Remediate image bundle (https://storage.googleapis.com/remediate/stable/latest/offline/images.tar.gz)
    2. Download the offline docker-compose.yml file (https://storage.googleapis.com/remediate/stable/latest/offline/docker-compose.yml)
    Note: Skip this step if you are using your own custom Docker registry.
  2. Optionally, you can verify the image bundle and offline docker-compose.yml files signatures:
    With each Puppet Remediate release, a digital signature is created using the private key portion of an asymmetric key. You can manually validate the signature using the public key portion of the same asymmetric key.
    1. Download the offline docker-compose.yml file signature and the image bundle signature, along with the public key to the same directory as your license file.
    2. Run the following commands:
      openssl dgst -sha256 -verify puppet-remediate-signing-key.pub -signature docker_compose_signature docker-compose.yml


      openssl dgst -sha256 -verify puppet-remediate-signing-key.pub -signature images_signature images.tar.gz

      If the signature is valid, you get the following response for each command:

      Verified Ok
  3. Copy the Remediate image bundle and offline docker-compose.yml file to the offline node where you want to install Remediate.
  4. Run the Docker load command:
    docker load -i images.tar.gz
  5. Stop Remediate:
    docker-compose run remediate stop
  6. Use the following command ⁠to start Remediate (replacing your-license.json with your own license):
    docker-compose run remediate start -o --license-file ./your-license.json
What to do next
Remember: After you update Remediate, any existing discovered data is lost. You must wait for the next scheduled data discovery run completes to see data in the UI. Alternatively, click Discover All on the Manage Sources page to start a discovery run manually.