Upgrade Remediate on offline nodes

Upgrading to new version of Puppet Remediate on offline machines can be done with a few simple commands.

To upgrade to the latest version of Remediate on an offline node:

  1. On a node with internet connectivity:
    1. Download the offline Remediate image bundle (https://storage.googleapis.com/remediate/stable/latest/offline/images.tar.gz)
    2. Download the offline docker-compose.yml file (https://storage.googleapis.com/remediate/stable/latest/offline/docker-compose.yml)
    Note: Skip this step if you are using your own custom Docker registry.
  2. Optionally, you can verify the image bundle and offline docker-compose.yml files signatures:
    With each Puppet Remediate release, a digital signature is created using the private key portion of an asymmetric key. You can manually validate the signature using the public key portion of the same asymmetric key.
    1. Download the offline docker-compose.yml file signature and the image bundle signature, along with the public key to the same directory as your license file.
    2. Run the following commands:
      openssl dgst -sha256 -verify puppet-remediate-signing-key.pub -signature docker_compose_signature docker-compose.yml


      openssl dgst -sha256 -verify puppet-remediate-signing-key.pub -signature images_signature images.tar.gz

      If the signature is valid, you get the following response for each command:

      Verified Ok
  3. Copy the Remediate image bundle and offline docker-compose.yml file to the offline node where you want to install Remediate.
  4. Run the Docker load command:
    docker load -i images.tar.gz
  5. Stop Remediate:
    docker-compose run remediate stop
  6. Use the following command ⁠to start Remediate (replacing your-license.json with your own license):
    docker-compose run remediate start -o --license-file ./your-license.json