Closed doloban closed 2 weeks ago
semik
commented
1 month ago Hello, by a mistake is Appliance 2.12.0 using development deb package repository. Do not upgrade to version 0.0.0 which is development version of CZERTAINLY and it is impossible to downgrade due to database structure.
If you really have to, change version to 2.13.0 inside TUI.
Stable release of debian package should be on Monday 16. Sep. If possible please wait until then.
doloban
commented
1 month ago I wanted to try CT logs Discovery before they were oficially released so I installed CZERTAINLY version 0.0.0. We are familiar with the version downgrade issue from version 0.0.0, but as far as i'm concerned, we do not need to downgrade and also our version 0.0.0 should not cause any problems with upgrading to latest versions of CZERTAINLY, since they are all released into latest development versions too, am I right?
On Monday 16 Sep we will get by installing CZERTAINLY with version 0.0.0 the development latest version 2.13, correct?
semik
commented
1 month ago Hi @doloban, a new version of Appliance is published. Sorry for delay.
I suppose you are using Appliance version 2.12.0 - I made mistake and it was released as developer version. Please check files /root/.ssh/authorized_keys and /home/czertainly/.ssh/authorized and delete any unknown key. There might be ssh-ed25519 with label semik@domaNS which is mine and it should not be present there.
Next check content of file /etc/apt/sources.list it should contain deb http://deb.czertainly.com/ bullseye main. I think you will find it there deb http://deb.czertainly.com/ develop main if so, please modify it to use bullseye. After modifying run Update Operating System from Advanced menu. It should update also czertainly-appliance-tools to version 2.13.1 - you can check it by selecting Versions functions from from Advanced menu on brand new Appliance it looks this way:
You will probably see
appliance: 2.12.0; tools: 2.13.1; chart: czertainly-0.0.0
Next you need to exec function Configure CZERTAINLY from main menu. Change CZERTAINLY version to 2.13.0 (from 0.0.0) and put X to every component you are interested in. Like CT Logs Discovery you are interested in.
Revisit file /home/czertainly/czertainly-values.custom.yaml and delete unnecessary parts. I suppose you put there enabling CT Logs Discovery, this is not necessary now. It can be enabled from TUI. That file has highest priorty.
Please let me know if you need further assistance.
doloban
commented
1 month ago Hello @semik, thanks for response. Luckily we are using virtual appliance with version 2.10.0. Below is screenshot displaying our versions of other components. Based on version differences, do we need to follow the same steps as you described, or can we skip the step with checking /root/.ssh/authorized_keys and /home/czertainly/.ssh/authorized files?
doloban
commented
1 month ago Hello, just reminding myself regarding this topic.
Is the procedure same for us even though we have appliance: 2.10.0?
semik
commented
1 month ago Hello @doloban,
version 2.10.0 does not have issue with dev SSH keys pre-instaled. I just verified it. Also /etc/apt/sources.list is fine.
Updating Operating System from Advanced menu should change your version of tools to 2.13.1 then restart TUI and proceed to CZERTAINLY upgrade.
Please note that VA 2.10.0 is based on Debian Bullseye which has LTS support from Debian until August 31st, 2026, you should migrate before that date. Right now it is fine.
doloban
commented
1 month ago Hello @semik,
thanks for checking. Just to be completely sure - below are our current versions (CZERTAINLY version in TUI section "configure czertainly" is 0.0.0, se we have to be cautious). Is it safe to upgrade from 0.0.0 (which is currently, in our appliance, version czertainly-2.12.0-1-develop) to 2.13.0? Wanted to ask you directly before we run into some problems. Of course we will do backup and snapshot before the upgrade.
semik
commented
1 month ago Hi @doloban,
yes this should be safe. Upgrade packages of OS including tools, this will raise tools version to 2.13.0. Next change CZERTAINLY version and upgrade.
When you enter system shell and exec czertainly-versions --detailed you will receive info about detailed versions of each instaled image:
api-gateway
cont: docker.io/revomatico/docker-kong-oidc:3.4.0-2
auth-service
cont: docker.io/3keycompany/czertainly-auth:1.4.0
auth-opa-policies
cont: docker.io/3keycompany/czertainly-auth-opa-policies:1.2.0
common-credential-provider
cont: docker.io/3keycompany/czertainly-common-credential-provider:1.3.2
czertainly
init: docker.io/curlimages/curl:8.1.1
cont: docker.io/openpolicyagent/opa:0.53.0-rootless
cont: docker.io/3keycompany/czertainly-core:2.12.0
...Hello, so we finished the upgrade to 2.13.0 and everything seems to be working fine.
You can close this issue, thank you.
Hello, we are currently trying to upgrade CZERTAINLY to 2.13.0. We have set in CZERTAINLY Appliance in TUI option "configure czertainly" version to 0.0.0, which should be the develop latest version, altough after install we still have the previous CZERTAINLY version (currently it is 2.12.0-1-develop). I have tried to force refresh the page and also opening CZERTAINLY in an anonymous window, it did not help. Is it possible to replace 0.0.0 version to 2.13.0 (for the upgrade purpose) or it would be considered as version rollback and cause problems? Thank you.
Best regards, Denys