diff --git a/sysadm/life-cycle-management/how-to-manage-tools-upgrades.rst b/sysadm/life-cycle-management/how-to-manage-tools-upgrades.rst index 5e1a821..13faa32 100644 --- a/sysadm/life-cycle-management/how-to-manage-tools-upgrades.rst +++ b/sysadm/life-cycle-management/how-to-manage-tools-upgrades.rst @@ -1,7 +1,77 @@ .. _tools_upgrade: How to manage upgrades of tools and software inventory ====================================================== -.. todo:: - This page is a work in progress. For now, please refer to the `existing documentation `_. +How to use this page +-------------------- + +At regular intervals, a sysadmin must: + +- Check the list of components to add new ones and delete eventual removed components +- Check the version of the components currently in use and compare it to the last available version +- If an upgrade is needed or recommended, create a task in the forge and reference it on the table +- Update the changelog section accordingly to the changes + +SWH components +-------------- + + ++------------------------+----------------------+------------------------+------------------------------------------------------------+-------+ +| Software | version (2021-10-04) | Last available version | Should upgrade ? | Tasks | ++========================+======================+========================+============================================================+=======+ +| kafka | 2.6.0 | 3.0.0 | yes a lot of cve were fixed and it is an exposed service | | ++------------------------+----------------------+------------------------+------------------------------------------------------------+-------+ +| Elasticsearch (search) | 7.9.3 | 7.12/7.15? | we should follow the mouvement to avoid accumulating delay | | ++------------------------+----------------------+------------------------+------------------------------------------------------------+-------+ +| redis | 5.0.3 | 6.2.6 | N/A debian package | | ++------------------------+----------------------+------------------------+------------------------------------------------------------+-------+ + + +Infra components +---------------- + ++---------------------+----------------------+------------------------+-------------------------------------------------------------------------------------------------+-------+ +| Software | version (2021-10-04) | Last available version | Should upgrade ? | Tasks | ++=====================+======================+========================+=================================================================================================+=======+ +| Elasticsearch (ELK) | 7.8.0 | 7.15 | yes | | ++---------------------+----------------------+------------------------+-------------------------------------------------------------------------------------------------+-------+ +| Logstash (ELK) | 7.8.0 | 7.15 | yes (will fix the old log ingestion when a server is restarted?) | | ++---------------------+----------------------+------------------------+-------------------------------------------------------------------------------------------------+-------+ +| filebeat (ELK) | 5.5.0 | 7.15 | yes | | ++---------------------+----------------------+------------------------+-------------------------------------------------------------------------------------------------+-------+ +| journalbeat (ELK) | $super-ancient | 7.15 | yes, but new versions have an updated mapping, so need to think about the update to ES mappings | | ++---------------------+----------------------+------------------------+-------------------------------------------------------------------------------------------------+-------+ +| Hedgedoc | 1.9.0 | 1.9.0 | N/A | | ++---------------------+----------------------+------------------------+-------------------------------------------------------------------------------------------------+-------+ +| OPNSense | 21.1.5 | 21.1.9 | yes (preparing the future 22.x versions) | | ++---------------------+----------------------+------------------------+-------------------------------------------------------------------------------------------------+-------+ +| jenkins | 2.303.1 | 2.303.1 | N/A | | ++---------------------+----------------------+------------------------+-------------------------------------------------------------------------------------------------+-------+ +| sentry | 21.7.0 | 21.9.0 | blocked behind needed docker-compose upgrade in Debian | | ++---------------------+----------------------+------------------------+-------------------------------------------------------------------------------------------------+-------+ +| netbox | 3.0.2 | 3.0.4 | no real improvements | | ++---------------------+----------------------+------------------------+-------------------------------------------------------------------------------------------------+-------+ + +Out of scope: +------------- + +========== ============== +Software Reason +========== ============== +icinga debian package +prometheus debian package +grafana debian package +========== ============== + +Links +----- + +* Sentry versions: https://github.com/getsentry/sentry/releases/ +* Netbox versions: https://github.com/netbox-community/netbox/releases/ + +changelog +--------- + +* 2021-10-04 - Page creation +* 2021-10-11 - @olasd added journalbeat, added rationale for sentry, moved grafana to debian packages