Skip to main content

Upgrading

This guide aims to walk you through the standard procedure for updating/upgrading of ACUBE services.

Upgrading of apt packages

Updating of apt packages should not cause any breaking changes (most of the time, anyways).

sudo apt update
sudo apt upgrade
Several known issues
  • Upgrading of containerd.io has been known to cause issues for docker. It is recommended to restart all services that use docker (these services should automatically restart on their own anyways).
  • If you are connecting to your machine remotely (either through ssh or other means), upgrading of the firewall (ufw), if enabled, may cause your connection to be terminated.
    • Recommend upgrading in a tmux shell, so in the event that your connection is shut off, you can still attach back to your shell via tmux attach, and so the upgrading process will not be cut-off halfway.
  • Upgrading of qemu may cause the CAPEv2 sandbox to break. The qemu installation method performed via ansible uses the online installation, and holds the qemu package in apt.

Upgrading of ACUBETotal Stack

Update Script

The ACUBE team maintains an updating script that automates the updating process. Ideally, this script should be used to update the ACUBETotal stack. Otherwise, manual updating can be done, but requires reading the changelog and and ensuring any additional changes required are done.

Manual Updating

Before doing any form of updates or upgrades, take a look at changelogs, notably:

  • Change in services - do you need to edit the systemd unit files?
  • New services - do you need to add new systemd unit files or update the pipeline.yml file?
  • Change in environment variables - do you need to declare new environment variables in .env files?

For services that run on docker

  1. Load in the new docker images
    • Online: docker pull <image_name>
    • Offline: docker load -i <image_name>
  2. Restart the appropriate systemd services
    • systemctl restart <service_name>
  3. Debug errors, if any
    • Check the journalctl logs

For databases (e.g. Postgres or MongoDB)

Check the relevant database documentations for upgrading procedures.

Relevant links

For CAPEv2 Sandbox

note

All commands are run from the default CAPEv2 directory (/opt/CAPEv2) by the cape user

  1. Copy the new files (either manually or using git pull)

    1. Take special care when copying in the file pyproject.toml
      • If there are, update your dependencies: python3 -m poetry update

  2. Download the community signatures and modules

    # This will remove all git-untracked files in the folder modules
    git clean -f modules/ data/ analyzer/

    # If you're installing from a zip file
    python3 -m poetry run python utils/community.py -waf --file <local_zip_filename>
    # If you're installing from the git repository directly
    python3 -m poetry run python utils/community.py -waf --url <git_url>
    # If you're installing from a private git repository directly
    python3 -m poetry run python utils/community.py -waf --url <git_url> --token <api_token>

  3. Restart all cape-related services: cape, cape-web, cape-processor, cape-rooter

  4. Ensure that the services are running smoothly, and debug errors if any