Upgrade from 1.3.0 to 1.4.0 - Lessons learned and update procedure

Question

Upgrade from 1.3.0 to 1.4.0 - Lessons learned and update procedure

dagobertdebug opened this issue 2 years ago · 1 comments

Hello, here are my lessons learned and procedure I have experienced when updating my docker instance from 1.3.0 to 1.4.0 Maybe someone else finds this usefull...

In general, I followed the procedure mentioned in the release 1.4.0 .

Learnings:

Always make a snapshot before starting any update process (e.g. via VMware).
Stop all containers with docker-compose down, because after the upgrade procedure I had a situation where all data was lost in openCVE and a warning regarding postgres container showed up on startup (cannot remember and did not safe). When postgres container was stopped before the build, the data was kept. Therefore, $ docker stop celery_beat celery_worker webserver postgres or docker-compose down
Check the opencve.cfg from the opencve repository for changes, as the example from the opencve-docker repository is outdated. Most important was to add celery_lock_url = redis://redis:6379/2 in order to avoid the error mentioned here.

Finally, my openCVE docker instance is up and running in version 1.4.0 without errors, all the data and new features. Many thanks for your amazing work and your responsiveness to tickets and problems @ncrocfer @ldurnez and all others involved in this great project.

Here is the exact procedure I have used with success:

Check if there is no updates ongoing on the celery_worker:
$ docker logs celery_worker

If or when there is no update ongoing:
$ docker stop celery_beat celery_worker webserver
$ docker-compose down

Update opencve-docker repository:
$ git pull --prune

Update the opencve.cfg file with the changes of the most recent version here
$ nano conf/opencve.cfg

Check that you are on the correct version:
$ grep OPENCVE_VERSION .env
OPENCVE_VERSION=1.4.0

Add POSTGRES_PASSWORD to .env file to the same password in conf/opencve.cfg (this is required to do before docker build!)
$ nano .env -> POSTGRES_PASSWORD=same password in conf/opencve.cfg

Build the new docker images:
$ docker-compose build

Start the webserver & celery_worker:
$ docker-compose up -d webserver celery_worker

Upgrade the database schema:
$ docker exec -it webserver opencve upgrade-db

Now you are good to go, you can start the beat:
$ docker-compose up -d celery_beat

Check how the system is doing (15-30mins)
$ docker logs -f celery_worker

Answer 1 · 2022-11-07T09:33:50.000Z

Thanks for this procedure which help other people.