Changes for page R12 Docker - Single Lane
Last modified by Carlijn Kokkeler on 2024/03/29 13:47
From version 10.2
edited by Erik Bakker
on 2023/03/03 11:02
on 2023/03/03 11:02
Change comment:
Update document after refactoring.
To version 13.1
edited by Erik Bakker
on 2023/04/28 08:34
on 2023/04/28 08:34
Change comment:
There is no comment for this version
Summary
-
Page properties (2 modified, 0 added, 0 removed)
Details
- Page properties
-
- Title
-
... ... @@ -1,1 +1,1 @@ 1 -R 6Docker-Single lane1 +R7 - Docker Single lane - Content
-
... ... @@ -1,17 +1,15 @@ 1 -Service affecting template; in order to update to this cloud template there is only a single step required. 1 +Non service affecting final template to use the R7 single lane release. 2 +Process: To use the new R7 release of our cloud template we upgrade in one steps, the update is non service affecting. 2 2 3 3 **Overview** 4 -This update changes the Carwash - for context on the carwash see [[this link>>doc:Main.eMagiz Academy.Fundamentals.fundamental-emagiz-cloud-inner-workings||target="blank"]]. Note that using this newversionoftheCarwash involves a DNSchange, and thusrelies on clientshonoringTTLs of DNS records. Thisupdate also changestheIPadressesused inthe infrastructure. Formore details, pleasecontact Expert Services. Furthermore, TLSv1.0 isdisabledin this update. Verify legacy software canhandleatleast TLSv1.1 before updating.5 +This update improves the security by disabling SSH access to cloud machines. 5 5 6 6 **Updates** 7 - * Changed ciphers and cipher suites 8 - * Disabled TLS V1.0 support and enable TLS V1.3 support 9 - * IP addresses available for the new car wash 10 - ** eu-central-1a: 35.158.46.28 11 - ** eu-central-1b: 3.74.190.88 8 +* Improve security by disabling SSH access to cloud machines. 12 12 13 - 14 -**Technical notes** 15 -• Supported Ciphers in OpenSSL Format: ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:DHE-RSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS@SECLEVEL=1 16 -• Supported TLS Versions: TLSv1.1, TLSv1.2 and TLSv1.3 17 - 10 +**Update Steps** 11 +* Use the final R7 template (non service affecting) (duration: 4 minutes) 12 +* User actions after applying the final template: 13 +** Check if all runtimes are reachable by Deploy Architecture. 14 +** Check if all images have been installed according to the active release. 15 +** Check if messages pass through the bus by verifying a critical message flow in external systems.