How to Upgrade Connectors Running in AWS/Azure/Docker Containers
If you are running Twingate Connectors as containers in Docker, AWS ECS, or Azure Container Instances, the instructions specific to each environment below cover how to upgrade Connectors. Please keep in mind the best practices for upgrading detailed in Upgrading Connectors to avoid downtime for your users.
See the Linux Docker deployment documentation for more information on deploying the Twingate Connector in a Linux Docker container.
AWS Elastic Container Service (ECS)
In order to upgrade a running ECS Connector service, it needs to be restarted with the “Force new deployment” option selected. You can either do this via the AWS Management Console or with the AWS CLI.
Management Console
- Select the name of the running Connector service in your ECS cluster and choose “Update”.
- Select the “Force new deployment” option, then “Skip to review”.
- Click “Update Service”.
The service will automatically restart and pull the latest image.
Note: If the image tag in the ECS task definition was changed to anything other than 1
or latest
then the image that’s pulled may not be the latest. It’s recommended to always pull the latest image when updating a Connector.
AWS CLI
The command below will force a new deployment of your running ECS Service. Note that you need the name of the ECS Service, Cluster name, and AWS region to run the command.
aws ecs update-service --region <REGION> --cluster <CLUSTER_NAME> --service <SERVICE_NAME> --force-new-deployment
Azure Container Instance
You can upgrade any Connectors running as a container instance on Azure with the following CLI command. This will automatically download the latest image. You will need the container name and Resource Group name to run the command.
az container restart --name <CONTAINER_NAME> --resource-group <RESOURCE_GROUP>
Docker
Checking the Connector Version
If you’d like to check the currently running version of a Connector in a Docker container, you can do so using the following command:
docker exec twingate-connector ./connectord --version
In the above example, twingate-connector
represents the name of the Connector container.
The latest build version number and other update notes are available in the Connector Release Notes.
Linux: Command line / EC2 / VM
The following command can be used to upgrade running Connectors that have been deployed on a host using the Docker CLI. The script automates:
- Pulling the latest Connector image (
twingate/connector:1
) - Comparing any running containers to the latest image
- Stopping any out of date containers, deleting them, and restarting them with the same environment variables and the latest image
curl -s https://binaries.twingate.com/connector/docker-upgrade.sh | sudo nohup sudo bash
Watchtower
Watchtower is a popular open-source tool for automatically updating Docker containers. It can be used to automatically update the Twingate Connector container when a new version is available.
Watchtower on Production Systems
Watchtower is not meant to be used on critical production systems. The makers of the tool recommend implementing container maintenance through the use of Kubernetes or other similar services instead.
To use Watchtower, you can run the following command:
docker run -d --name watchtower -v /var/run/docker.sock:/var/run/docker.sock containrrr/watchtower --cleanup
This will start Watchtower as a container, which will automatically check for new versions of all containers and update them when new images are available.
If you would like to limit Watchtower to just updating the Twingate Connector, you can use the following command:
docker run -d --name watchtower -v /var/run/docker.sock:/var/run/docker.sock containrrr/watchtower --label-enable=true
This will run Watchtower with the label-enable
option, which will check each container for a label com.centurylinklabs.watchtower.enable=true
and only update containers with this label.
To add the label to the Twingate Connector container, will need to add the appropriate label to the Docker run command from the Admin Console:
docker run -d --sysctl net.ipv4.ping_group_range="0 2147483647" --env TWINGATE_NETWORK="networkname" --env TWINGATE_ACCESS_TOKEN="" --env TWINGATE_REFRESH_TOKEN="" --env TWINGATE_LABEL_HOSTNAME="`hostname`" --name "twingate-quixotic-squid" --restart=unless-stopped --pull=always --label com.centurylinklabs.watchtower.enable=true twingate/connector:1
Manual steps
To manually upgrade a Connector using the Docker command line, the following steps will pull the latest Connector image.
Note: You will need to reprovision the Connector in the Twingate Admin Console since this method does not preserve the authentication tokens for the running Connector.
docker ps# Copy either the container ID or namedocker container rm -f [ container ID or name ]docker image rm -f twingate/connector
# Obtain a new Docker run command from the Twingate admin console by reprovisioning the connectordocker run ...
Last updated 9 months ago