Crowdsec does it best not to break existing setups, and the following rules generally applies :
- patches (
X.X.Z) can be applied blindly and are for bugfixes and backward compatible changes
- minor (
X.Z.X) can be applied blindly but might introduce some features that are not backward compatible
- major (
Z.X.X) must be applied with caution as they might break existing installation
We strongly advise you against running crowdsec and LAPI in different versions. When upgrading existing setup, we suggest you to upgrade both crowdsec, cscli and LAPI.
Upgrades from debian packages (official or pragmatic)¶
apt-get update apt-get install crowdsec
Upgrades from release tarball¶
When doing a minor/patch upgrade (ie.
--binupgrade feature should be the more appropriate : It will simply upgrade the existing binaries, letting all configurations untouched.
When doing a minor upgrade (ie.
--upgrade feature should be used : It will attempt to migrate and upgrade any existing configurations, include tainted/custom ones. The ambition is to be able to upgrade scenarios, parsers etc to the latest version when relevant, while keeping custom/tainted ones untouched.
cscli config backup, creating a directory (usually
/tmp/tmp.<random>) in which it's going to dump all relevant configurations before performing an upgrade :
- configuration files :
- one directory for parsers, scenarios, postoverflows and collections, where it's going to store both reference to upstream configurations, and your custom/tainted ones
It is then going to cleanup crowdsec configuration,
/etc/crowdsec/ content (except bouncers configuration), before deploying the new binaries. Once this is done, configuration will be restored from our temp directory using
cscli config restore.
For major upgrades (ie.
wizard won't do the trick, and you'll have to rely on documentation to do so :
- Migrating from
cscli hub allows you to view, update and upgrade configurations :