Skip to content

[Backport 3.2] Add a patch and upgrade guide for MA #11200

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Oct 9, 2025
Merged

[Backport 3.2] Add a patch and upgrade guide for MA #11200

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
90 changes: 90 additions & 0 deletions _migration-assistant/security-patching-and-updating.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,90 @@
---
layout: default
title: Security patching & updating
nav_order: 30
parent: Migration Assistant for OpenSearch
permalink: /migration-assistant/security-patching-and-updating/
---

# Security patching and updating

This page describes how to safely update the **bootstrap box** (the Amazon Elastic Compute Cloud [Amazon EC2] instance you use to build and run Migration Assistant components), clean Docker caches, and rebuild the Migration Assistant container images.

> **Recommended cadence**: Perform these steps only when Migration Assistant is not actively running.

---

## Step 1: Patch the OS on the bootstrap box

```shell
sudo dnf upgrade --refresh -y
```
{% include copy.html %}

> **Note**: If the kernel or core libraries are updated, a reboot is often required.

Reboot if required:

```shell
sudo reboot
```
{% include copy.html %}

After the box comes back up, reconnect and continue.

Check warning on line 33 in _migration-assistant/security-patching-and-updating.md

View workflow job for this annotation

GitHub Actions / vale

[vale] _migration-assistant/security-patching-and-updating.md#L33 

[OpenSearch.OxfordComma] Add an Oxford comma in 'up, reconnect and continue.'.
Raw output 
{"message": "[OpenSearch.OxfordComma] Add an Oxford comma in 'up, reconnect and continue.'.", "location": {"path": "_migration-assistant/security-patching-and-updating.md", "range": {"start": {"line": 33, "column": 26}}}, "severity": "WARNING"}


## Step 2: Clear Docker build and download caches

Clearing the Docker build and downloaded caches removes **all** unused images, containers, networks, and volumes to free disk space and ensure clean rebuilds:

```shell
docker system prune -a --volumes
```
{% include copy.html %}


## Step 3: Clean prior Gradle outputs

From the repository root, run the following command to clean prior Gradle outputs:

```shell
./gradlew clean
```
{% include copy.html %}


## Step 4: Rebuild Migration Assistant images

Rebuild the Docker images used by Migration Assistant:

```shell
./gradlew :buildDockerImages -x test
```
{% include copy.html %}


## Step 5: Redeploy Migration Assistant

Redeploy Migration Assistant to replace existing container images with the freshly built versions:

```shell
cd deployment/cdk/opensearch-service-migration
./deploy.sh <contextId>
```
{% include copy.html %}

> **Warning**: Redeployment will interrupt any running migration tasks (for example, Capture Proxy, Traffic Replayer, or Reindex-from-Snapshot).
> **Do not** redeploy while actively migrating, as this can cause data loss or inconsistent state.
{: .warning}


## Troubleshooting

* **`toomanyrequests: Rate exceeded`**:
Retry the last build command. Some downstream container images are rate limited and may change over time.

* **Cannot pull base images**:
Ensure that the instance has internet egress (NAT/IGW) and access to Docker Hub/Amazon Elastic Container Registry (Amazon ECR) as required.

* **Gradle cache corruption**:
If problems persist after `./gradlew clean`, also remove `~/.gradle/caches` and retry.