Skip to Content

Changes for page R10 Docker - Double lane

Last modified by Erik Bakker on 2023/08/03 16:16
From version 6.2
edited by Erik Bakker
on 2023/01/23 14:39
Change comment: There is no comment for this version
To version 13.1
edited by Erik Bakker
on 2023/07/10 15:13
Change comment: There is no comment for this version

Summary

Details

Page properties
Title
... ... @@ -1,1 +1,1 @@
1 -R5 Docker - Double lane
1 +R9 Docker - Double lane
Content
... ... @@ -1,16 +1,28 @@
1 -Service affecting template; in order to update to this cloud template there is only a single step required.
1 +Service affecting R9 template that improves security and allows for the retrieval of Static IP addresses from Deploy Architecture.
2 2  
3 +**Process**
4 +We upgrade in two steps to use the new R9 release of the cloud template. Of these two steps, the intermediate step is non-service affecting, and the final step is service affecting.
5 +
3 3  **Overview**
4 -This update changes the Carwash - for context on the carwash see [[this link>>doc:Main.eMagiz Academy.Fundamentals.fundamental-emagiz-cloud-inner-workings||target="blank"]]. Note that using this new version of the Carwash involves a DNS change, and thus relies on clients honoring TTLs of DNS records. This update also changes the IP adresses used in the infrastructure. For more details, please contact Expert Services. Furthermore, TLSv1.0 is disabled in this update. Verify legacy software can handle atleast TLSv1.1 before updating.
7 +It improves the ease with which Static IP Addresses can be gathered and distributed by a user while at the same time improving the security and auto-healing functionality.
5 5  
6 6  **Updates**
7 - * Changed ciphers and cipher suites
8 - * Disabled TLS V1.0 support and enable TLS V1.3 support
9 - * IP addresses available for the new car wash
10 - ** eu-central-1a: 35.158.46.28
11 - ** eu-central-1b: 3.74.190.88
10 +* Ability to fetch Static IP Addresses
11 +* New ubuntu version with new security patches.
12 +* Disable IPv6 on startup
13 +* Enable new Out of Memory killer to protect instance becoming unhealthy
14 +* Improved Cloud instance status check and auto repair
15 +* Added new version of the deployment agent, solving a known portainer bug where all containers are replaced instead of one.
12 12  
17 +**Update Steps**
18 +* Use the intermediate template (non-service affecting) (duration: 10 minutes)
19 +** This step will upgrade the backup machines hosted in the second Availability Zone in your Cloudslot.
20 +** The network drive containing the Artemis queue store and your Elastic IPs will remain.
21 +* Use the final template (service affecting) (duration: 10 minutes)
22 +** This step will upgrade the primary machines in the first Availability Zone in your Cloudslot.
23 +** The runtimes on the machines will be restored using the active release in the eMagiz portal.
24 +* User actions after applying the final template:
25 +** Check if all runtimes are reachable by Deploy Architecture.
26 +** Check if all flows have been installed according to the active release.
27 +** Check if messages pass through the model by verifying a critical message flow in external systems.
13 13  
14 -**Technical notes**
15 -• Supported Ciphers in OpenSSL Format: ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:DHE-RSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS@SECLEVEL=1
16 -• Supported TLS Versions: TLSv1.1, TLSv1.2 and TLSv1.3