Upgrading Sandfly Docker/Podman Deployment
You will receive announcements about new versions of Sandfly from the mailing list, if subscribed. Additionally, you can check our website and other media outlets for announcements about new versions.
TIP: Keep Your System Updated!We are constantly adding new investigative capabilities and features. Make sure to keep both Sandfly and the underlying Operating System updated.
To update a Sandfly Docker/Podman deployment, read and complete the following steps.
Step 1: Pause Scheduled Tasks
Log into the Sandfly User Interface (UI), navigate to Schedules, and deactivate all active schedules.
This step automatically cancels active Trickle schedules and ensures no other scheduled tasks are started during the upgrade. Make note of which schedules were deactivated as they need to be reactivated once the upgrade is finished. See Deactivating and Deleting Schedule for details.
Step 2: Ensure All Tasks Have Completed
In the Sandfly UI, open the Task Queues page by clicking its button in the Top Bar or via the sidebar at Scanning > Task Queues and confirm all of the following:
- The task queue(s) are empty, as indicated by a 0 (zero) value in the Total indicators in the All Tasks and Queues sections.
- There are no Trickle schedules in progress. If a section named Trickle Schedules is showing under Queues , this indicates one or more are active. In that case, first double-check that Step 1 was completed and then manually cancel any remaining Trickle schedules via the red "X" button, as Trickle schedules can also be started manually.
Do not stop nodes in the middle of scans because it can leave orphaned files on the remote hosts. If the nodes are allowed to finish active tasks, everything cleans up correctly.
Empty Task Queue
Step 3: Download the Update
Download the latest version from the following URL:
For a checksum verification of the downloaded file, its sha256 hash is provided to the right of the package name.
If the Sandfly systems are air-gapped, download the archive from a device that has internet access and then transfer the file to the Sandfly hosts as appropriate for your environment.
Once the archive is on the Sandfly hosts, untar it over the existing sandfly-setup directory:
IMPORTANT: Extract the Archive Over the Existing sandfly-setup DirectoryThe files contained in the tarball do not overwrite generated configurations or other added files under that directory, so it is generally safe to untar the new version onto the existing directory. If any scripts were customized, or for the cautious, make a backup of the entire directory before extraction.
Step 4: Container Image Cleanup
Once all tasks have completed, run the scripts to stop and delete all containers on the server and node instances.
Run the following command on the server and all nodes.
On the Server:
cd ~/sandfly-setup/setup
./clean_docker.sh
* Sandfly server is running on this system. Stopping...
4b24ab50f1c5
4b24ab50f1c5
* Sandfly server stopped.
* Postgres is running on this system. Stopping...
f23041d1b2b4
waiting for server to shut down....
f23041d1b2b4
* Postgres server stopped.
* Done.
4b24ab50f1c5
f23041d1b2b4
4b24ab50f1c5
f23041d1b2b4
Untagged: quay.io/sandfly/sandfly:5.7.0
...
Untagged: postgres:14.15
...On every host being used as a Node:
cd ~/sandfly-setup/setup
./clean_docker.sh
* Stopping node container 865c0500124e
865c0500124e
865c0500124e
* Stopping node container 3b9a82446aae
3b9a82446aae
3b9a82446aae
* Done.
...A large list of container hashes will be displayed; once complete, it will return to the command prompt. This indicates the script has completed and the containers have been removed.
Step 5: Run Start Scripts on Server and Nodes
On the server and all nodes, run the applicable start script. They will load the latest version of Sandfly and run it.
On the Server:
cd ~/sandfly-setup/start_scripts/
./start_sandfly.sh
*** Starting Postgres.
** Loading images from local archive:
** ../../docker_images/sandfly-docker-images-5.7.0.tgz
** There will be a slight delay before further output...
...
Loaded image: quay.io/sandfly/sandfly:5.7.0
Loaded image: postgres:14.21
Loaded image: postgres:18.2
...
*** Starting Sandfly Server.On every host being used as a Node, including if the Node is on the Server:
cd ~/sandfly-setup/start_scripts/
./start_node.sh
** Loading images from local archive:
** ../../docker_images/sandfly-docker-images-5.7.0.tgz
** There will be a slight delay before further output...
...
Loaded image: quay.io/sandfly/sandfly:5.7.0On the Node host(s), the start script can be run multiple times to start additional containers depending on the RAM and CPU capacity of the host.
Step 6: Verification
Run the docker ps command on the server and node(s) to verify all containers are running.
On the Server:
docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
4b24ab50f1c5 quay.io/sandfly/sandfly:5.7.0 "/opt/sandfly/start_…" 4 seconds ago Up 3 seconds 0.0.0.0:80->8000/tcp, :::80->8000/tcp, 0.0.0.0:443->8443/tcp, :::443->8443/tcp sandfly-server
f23041d1b2b4 postgres:18.2 "docker-entrypoint.s…" 4 seconds ago Up 3 seconds 5432/tcp sandfly-postgresOn every host used as a Node:
docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
865c0520124e quay.io/sandfly/sandfly:5.7.0 "/opt/sandfly/start_…" 5 seconds ago Up 3 seconds boring_jang
3b9a82546aae quay.io/sandfly/sandfly:5.7.0 "/opt/sandfly/start_…" 7 seconds ago Up 5 seconds clever_burnell
92b33fe63f33 quay.io/sandfly/sandfly:5.7.0 "/opt/sandfly/start_…" 8 seconds ago Up 6 seconds goofy_blackwellYou can now log back into the UI. To confirm the version number and/or public keys, navigate to Settings > About Sandfly within the UI.
Step 7: Resume Your Schedules
Finally, reactivate your previously enabled schedules and Sandfly will resume from its previous state.
Updated 7 days ago