Upgrading Sandfly
You will receive announcements about new versions of Sandfly from the mailing list if you subscribed to it. Additionally, you can check our website for announcements about new versions.
TIP: Keep Your System Updated!
We are constantly adding in new sandfly investigative capabilities and features. You will want to make sure you keep your system updated.
To update Sandfly, fully read and complete the following steps.
Step 1: Pause Scheduled Tasks
Log into the Sandfly User Interface (UI), navigate to the Schedules view, and deactivate all active schedules.
This step is important to perform as it will automatically cancel currently running Trickle schedules and to ensure that no other scheduled tasks are started during the upgrade. Make note of which schedules were deactivated as they need to be reactivated once the upgrade is finished. See Deactivating and Deleting Schedule for details.
Step 2: Make Sure All Tasks Have Completed
In the Sandfly UI, open the Task Queues page by clicking on its button in the Top Bar or via the sidebar at Scanning > Task Queues and confirm the all of the following:
- The task queue(s) are empty, as indicated by a 0 (zero) value in the Total Tasks and Tasks indicators.
- There are no Trickle schedules in progress. If a widget named "Trickle Schedule Progress" is showing under "Queues", this indicates that one or more are active. In that case, first double check that Step 1 was completed and then manually cancel any remaining Trickle schedules via the red "X" button, as Trickle schedules can also be started manually.
It is important to not stop nodes in the middle of scans because it can leave orphaned files on the remote hosts. If the nodes are allowed to finish active tasks then everything cleans up correctly.
Empty Task Queue
Step 3: Download The Update
Download the latest version from the following URL:
If the Sandfly systems are air-gapped, download the archive from a device that has Internet access and then transfer the file to the Sandfly hosts as appropriate for your environment.
Once the archive is on the Sandfly hosts, untar it over the existing sandfly-setup directory:
IMPORTANT: Extract the archive over the existing sandfly-setup directory
The files contained in the tarball do not overwrite generated configurations or other added files under that directory, so it is generally safe to untar the new version on to the existing directory. If any scripts were customized, or if you prefer to be cautious, make a backup of the entire directory before extraction.
Step 4: Delete Docker Images
Once all tasks have been cleared out, we can run our scripts to stop and delete all of the Docker containers on the server and node instances.
Run the following command on the server and all nodes.
On the Server:
cd ~/sandfly-setup/setup
./clean_docker.sh
* Sandfly server is running on this system. Stopping...
4b24ab50f1c5
4b24ab50f1c5
* Sandfly server stopped.
* Postgres is running on this system. Stopping...
f23041d1b2b4
waiting for server to shut down....
f23041d1b2b4
* Postgres server stopped.
* Done.
4b24ab50f1c5
f23041d1b2b4
4b24ab50f1c5
f23041d1b2b4
Untagged: quay.io/sandfly/sandfly:5.5.0
...
Untagged: postgres:14.15
...
On every host being used as a Node, including if the Node is on the Server:
cd ~/sandfly-setup/setup
./clean_docker.sh
* Stopping node container 865c0500124e
865c0500124e
865c0500124e
* Stopping node container 3b9a82446aae
3b9a82446aae
3b9a82446aae
* Done.
...
You will see a large list of container hashes go by. Then you will be back at the command prompt. That means the script completed and the Docker containers have been removed.
Step 5: Run Start Scripts On Server and Nodes
On the server, and separately on all nodes, simply run the applicable start script. They will pull over the latest version of Sandfly and run it.
On the Server:
cd ~/sandfly-setup/start_scripts/
./start_sandfly.sh
*** Starting Postgres.
** Loading images from local archive:
** ../../docker_images/sandfly-docker-images-5.5.0.tgz
** There will be a slight delay before further output...
...
Loaded image: quay.io/sandfly/sandfly:5.5.0
...
Loaded image: postgres:14.15
...
*** Starting Sandfly Server.
On every host being used as a Node, including if the Node is on the Server:
cd ~/sandfly-setup/start_scripts/
./start_node.sh
** Loading images from local archive:
** ../../docker_images/sandfly-docker-images-5.5.0.tgz
** There will be a slight delay before further output...
...
Loaded image: quay.io/sandfly/sandfly:5.5.0
On the Node(s) hosts you can run the start script multiple times to start additional containers depending on your RAM and CPU capacity.
Step 6: Verification
Run the docker ps command on the server and node(s) to make sure everything is running.
On the Server:
docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
4b24ab50f1c5 quay.io/sandfly/sandfly:5.5.0 "/opt/sandfly/start_…" 4 seconds ago Up 3 seconds 0.0.0.0:80->8000/tcp, :::80->8000/tcp, 0.0.0.0:443->8443/tcp, :::443->8443/tcp sandfly-server
f23041d1b2b4 postgres:14.15 "docker-entrypoint.s…" 4 seconds ago Up 3 seconds 5432/tcp sandfly-postgres
On every host being used as a Node, including if the Node is on the Server:
docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
865c0520124e quay.io/sandfly/sandfly:5.5.0 "/opt/sandfly/start_…" 5 seconds ago Up 3 seconds boring_jang
3b9a82546aae quay.io/sandfly/sandfly:5.5.0 "/opt/sandfly/start_…" 7 seconds ago Up 5 seconds clever_burnell
92b33fe63f33 quay.io/sandfly/sandfly:5.5.0 "/opt/sandfly/start_…" 8 seconds ago Up 6 seconds goofy_blackwell
At this point you should now be able to log back into the UI. If you would like to confirm the version number and/or public keys, navigate to Settings > Settings Summary within the UI. The version number and build information are displayed in the "About Sandfly" section.
Step 7: Resume Your Schedules
Finally, re-activate your formerly enabled schedules and Sandfly will take up where it left off.
Updated about 13 hours ago