p24-infra Docs

update-management

2 min read

Update Management

Overview

LayerUpdate methodFrequency
AlmaLinux OSdnf updateMonthly
Docker enginednf update docker-ceMonthly
Traccar imagedocker compose pullOn new release
MySQL imagedocker compose pullMonthly (minor only)
Prometheus/Grafana/Thanosdocker compose pullMonthly
OpenClawgit pull + local buildOn upstream release
GitHub Actions runnerAuto-updated by GHAutomatic
Node exporter / cAdvisorRe-run install scriptOn new release

Image version policy

Pinned (major.minor) — services with breaking changes between versions:

# /root/traccar/docker-compose.yml
image: traccar/traccar:6       # pin major, float minor
 
# /opt/p24-infra/monitoring/docker-compose.yml
image: prom/prometheus:v3      # pin major
image: grafana/grafana:11      # pin major
image: mysql:8.0               # pin major.minor (8.x has breaking changes vs 9.x)

Floating latest — acceptable only for:

  • grafana/grafana-image-renderer:latest (tightly coupled to grafana version)
  • quay.io/thanos/thanos:latest (auto-downloaded by Thanos itself for sidecar)

Monthly update checklist

Run the first Tuesday of each month.

1. OS + Docker engine

ssh root@217.154.82.162
dnf check-update
dnf update -y
systemctl daemon-reload
# Reboot only if kernel or docker-ce was updated
needs-restarting -r && echo "reboot needed" || echo "no reboot needed"

2. Monitoring stack

cd /opt/p24-infra/monitoring
docker compose pull
docker compose up -d
docker compose ps   # verify all healthy

3. Traccar + DB

cd /root/traccar
docker compose pull
# Test DB connection before restarting
docker compose exec db mysqladmin ping -u traccar -p
docker compose up -d
docker compose ps

4. OpenClaw

cd /root/openclaw
git fetch origin && git log HEAD..origin/main --oneline | head -10
# If new commits — review changelog, then:
git pull
docker build -t openclaw:local .
docker compose up -d
curl http://localhost:18789/healthz   # verify

5. Clean up

docker system prune -f
journalctl --vacuum-time=30d

6. Verify health check

Trigger the GitHub Actions health-check workflow manually:

gh workflow run health-check.yml --repo radieu/p24-infra

Checking for updates without applying

# OS packages
dnf check-update
 
# Docker images (shows digest difference)
docker compose pull --dry-run 2>/dev/null || docker compose pull
 
# OpenClaw upstream
cd /root/openclaw && git fetch && git log HEAD..origin/main --oneline

Rollback procedure

If an update breaks a service:

# Docker image rollback — use previous image tag
docker tag <service>:<current> <service>:backup
docker pull <service>:<previous-version>
# Edit docker-compose.yml image tag
docker compose up -d
 
# OS rollback (DNF)
dnf history list | head -5
dnf history undo <transaction-id>

Graph View

Backlinks