jeffemmett
/
backlog-md
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
backlog-md/backlog/tasks/task-012 - Update-critical-...

93 lines
3.4 KiB
Markdown
Raw Blame History

---
id: task-012
title: 'Update critical container base images'
status: To Do
assignee: []
created_date: '2026-03-15 08:30'
labels:
- dev-ops
- enhancement
dependencies:
- task-010
priority: high
---
## Description
<!-- SECTION:DESCRIPTION:BEGIN -->
Multiple containers are running severely outdated base images with known vulnerabilities. Prioritized upgrade list from infrastructure audit on 2026-03-15. Many compose files are on host-only paths (not accessible from claude-dev container).
<!-- SECTION:DESCRIPTION:END -->
## Acceptance Criteria
<!-- AC:BEGIN -->
- [ ] #1 CRITICAL: Upgrade p2pwiki-elasticsearch from 7.10.2 to opensearch:2.x (5 years old, Log4Shell era)
- [ ] #2 CRITICAL: Upgrade WordPress stack (5 containers) from 6.4-php8.2 to 6.7-php8.3 (compose at /opt/p2pfoundation/)
- [ ] #3 CRITICAL: Upgrade Gitea from 1.21 to 1.23 (compose at /root/gitea/)
- [ ] #4 HIGH: Upgrade ERPNext Redis from 6.2-alpine to 7-alpine (compose at /opt/erpnext/)
- [ ] #5 HIGH: Upgrade MediaWiki 1.40/1.41 to 1.42 LTS (compose at /opt/websites/p2pwiki/ and /opt/p2pfoundation/)
- [ ] #6 HIGH: Upgrade ERPNext MariaDB from 10.6 to 10.11 (compose at /opt/erpnext/)
- [ ] #7 HIGH: Upgrade p2pwiki-db MariaDB from 10.6 to 10.11 (compose at /opt/websites/p2pwiki/)
- [ ] #8 MEDIUM: Upgrade Qdrant from 1.7.4 to 1.13 (compose at /root/semantic-search/)
- [ ] #9 MEDIUM: Plan Traefik v2 to v3 migration (compose at /root/traefik/)
- [ ] #10 MEDIUM: Re-pull stale :latest images (ollama, n8n, syncthing, *arr stack, jellyfin)
<!-- AC:END -->
## Notes
### Upgrade procedures
**Redis 6.2 → 7 (drop-in):**
```bash
# In /opt/erpnext/docker-compose.yml, change:
# image: redis:6.2-alpine → image: redis:7-alpine
cd /opt/erpnext && docker compose up -d redis-cache redis-queue
```
**Gitea 1.21 → 1.23:**
```bash
# Backup first!
docker exec gitea-db pg_dumpall -U gitea > /tmp/gitea-backup.sql
# In /root/gitea/docker-compose.yml, change:
# image: gitea/gitea:1.21 → image: gitea/gitea:1.23
cd /root/gitea && docker compose up -d
# Gitea handles DB migrations automatically on startup
```
**WordPress 6.4 → 6.7:**
```bash
# Backup databases first
docker exec p2p-db mariadb-dump -u root -pp2p_secure_root_2025 --all-databases > /tmp/p2p-db-backup.sql
# In /opt/p2pfoundation/docker-compose.yml, change:
# image: wordpress:6.4-php8.2-apache → image: wordpress:6.7-php8.3-apache
cd /opt/p2pfoundation && docker compose up -d
# WP handles DB upgrades via wp-admin/upgrade.php
```
**MariaDB 10.6 → 10.11:**
```bash
# Backup first, then change image tag
# MariaDB handles upgrades automatically, but run mysql_upgrade after
docker exec <container> mariadb-upgrade -u root -p<password>
```
**Elasticsearch 7.10 → OpenSearch 2.x:**
This is the most complex upgrade — requires:
1. Full index backup/snapshot
2. Config migration (different env vars, plugins)
3. MediaWiki CirrusSearch extension config update
4. Reindex all content
Plan as a dedicated maintenance window.
**Traefik v2 → v3:**
Requires config migration (middleware syntax changes, entrypoint format). Use `traefik migration v2-to-v3` tool. Plan as dedicated task.
### Accessible from claude-dev container
- `/opt/websites/p2pwiki/` — p2pwiki compose (MariaDB, MediaWiki, Elasticsearch)
### Requires host access
- `/opt/erpnext/` — ERPNext (Redis, MariaDB)
- `/root/gitea/` — Gitea
- `/opt/p2pfoundation/` — WordPress stack, p2p-db
- `/root/semantic-search/` — Qdrant
- `/root/traefik/` — Traefik
Reference in New Issue View Git Blame Copy Permalink