Keeping your Helion Development Platform ALS cluster patched

As with all software, you will need to keep on top of your patching. There are 3 different things you will need to patch:

  • The base OS for your cluster
  • ALS itself
  • The Docker images

Patching the base OS is easy. You can do this manually, using the standard apt-get update/upgrade commands, or you can enable the automatic patching of security patches. To do this, ssh into each node in the cluster and run:

sudo dpkg-reconfigure -plow unattended-upgrades

If you want to get ahead, run the following to update immediately:

sudo apt-get update
sudo unattended-upgrades -d

Patching ALS

You can view a list of available patches in the cluster by running

kato patch status

You can install patches 1 by 1, using kato patch install <patch> or patch them all using

kato patch install

Updating the Docker Image

The last thing to do is patch the Docker image. This is a little bit more involved, but not much. To do this you need to SSH into a DEA node (and you will need to do it for each DEA node unless you configure your DEA’s to use a Docker Registry – more on that in a later post).

Make sure your DEA node is up to date.
Create a new directory.
Create a file named Dockerfile in the new directory with the following contents:

FROM stackato/stack-alsek:kato-patched
RUN apt-get update
RUN unattended-upgrades -d
RUN apt-get clean && apt-get autoremove

Build the image using the following:

sudo docker build –no-cache=true -rm -t stackato/stack-alsek:upgrade-2015-08-04 .

Note, this will take some time to complete. Grab a coffee. Tip: The . at the end – this tells Docker to use the Dockerfile in the current directory.

Next, tag the docker image as the latest.

sudo docker tag stackato/stack-alsek:upgrade-2014-09-19 stackato/stack-alsek:latest

Repeat on each DEA node.

The final step is to restart each application so they pickup the latest image. You should notify your application administrators to do this.

You should schedule regular maintenance time to perform upgrades and patching, just like you would any other system.