-
Notifications
You must be signed in to change notification settings - Fork 3
Upgrade Guide
Will Luck edited this page Mar 3, 2026
·
3 revisions
docker pull ghcr.io/will-luck/docker-sentinel:latest
docker stop sentinel && docker rm sentinel
# re-run with the same flags and volumes
docker run -d --name sentinel ... -v sentinel-data:/data ...On startup, Sentinel automatically migrates the BoltDB schema to the current version.
Alternatively, use the Self-Update button on Settings > About. Sentinel pulls the new image and recreates itself via an ephemeral helper container.
All state lives in the /data volume.
| Path | Contents |
|---|---|
/data/sentinel.db |
BoltDB (containers, policies, hooks, settings) |
/data/cluster/ |
mTLS certificates (server CA, agent certs) |
Always use a named volume (-v sentinel-data:/data). Back up before a major upgrade:
docker cp sentinel:/data/sentinel.db ./sentinel-backup.db- Removed the Actions column from the dashboard table
- Status badges are now clickable: Update, Start, Stop actions inline
- Column widths rebalanced for better Image and Ports display
- Policy and Status columns centred for consistency
- Version scope setting (relaxed/strict) for update filtering
- Per-row removal in bulk queue actions without page reload
- Fix multi-arch digest mismatch causing no-op updates
- Agent auto-update setting for remote Sentinel agents
- Remote containers included in dependency graph
- GHCR switch available for remote containers
- Hook and notification storage scoped by host for remote containers
- Images page with manage mode and unused image cleanup
- Local container updates now pull the target version correctly
- SSE auto-refresh for remote container updates
- Version constraint by tag precision scope (major, minor, patch)
- Fall back to registry digest for swarm services without pinned digest
- Queue accordion, account nav, self badge, logs overflow fixes
- Cluster policy overrides, dashboard counts, digest-only display fixes
- Cluster remote container actions and navigation fixes
- Surface skipped containers in history and scan toast
- Default to manual updates for safety
- Registry test button no longer wipes unsaved credentials
- Update-to-version for containers and self-update
- Light theme and auto (system preference) mode
- Scan gate: initial scan deferred until dashboard loads after fresh setup
- Login page CSS moved to shared stylesheet with theme support
- Daily digest notifications with configurable schedule
- Per-container notification mode overrides
- Dashboard banner for pending updates
- Notification deduplication
- Cluster mode with mTLS
- Agent enrolment via PKCS#10 CSR
- Autonomous agent mode
- Setup wizard with role selection
- Lifecycle hooks (pre/post-update)
- Hook management UI
- Exit code 75 skip semantics
- Label persistence for hooks
- Full rewrite with web dashboard
- Authentication (password, WebAuthn, API tokens)
- RBAC with 3 built-in roles
- Docker Swarm support
- Notification channels (7 providers)
- GHCR alternative detection
- Dependency-aware update ordering
- Prometheus metrics
| Version | Change | Migration |
|---|---|---|
| 2.0.0 | Complete rewrite | Fresh install recommended. v1 config not compatible. |
- Upgrade the server first.
- Upgrade each agent in turn.
- Agents reconnect automatically after restart. No re-enrolment required.
- mTLS certificates are preserved in the agent volume.
docker compose pull
docker compose up -dCompose handles the stop/remove/recreate cycle. The named volume is preserved automatically.
docker service update --image ghcr.io/will-luck/docker-sentinel:latest sentinelGetting Started
Using Sentinel
Multi-Host
Security
Reference