Skip to content

Operations

This page covers day-to-day operations: upgrading, resetting, and backing up your OpenCVE instance.

Backup

Before any upgrade or destructive operation, back up your PostgreSQL database:

~/opencve/docker$ docker compose exec -T postgres pg_dump -U opencve opencve | gzip > opencve-backup-$(date +%Y%m%d).sql.gz

Adjust the username if you changed POSTGRES_USER in docker/.env.

To restore from a backup:

~/opencve/docker$ gunzip -c opencve-backup-YYYYMMDD.sql.gz | docker compose exec -T postgres psql -U opencve opencve

Upgrade

Upgrading OpenCVE rebuilds the Docker images at the target version and runs database migrations.

Warning

Back up your database before upgrading. Review the Releases page for version-specific notes.

Navigate to the docker/ directory and run:

~/opencve/docker$ ./install.sh upgrade

This installs the latest master branch by default. The script will:

  1. Update OPENCVE_VERSION in docker/.env
  2. Pause all Airflow DAGs and wait for running tasks to finish (up to 5 minutes)
  3. Rebuild and restart the webserver, then apply migrations and collect static files
  4. Rebuild and restart the Airflow stack and nginx
  5. Verify that container versions match OPENCVE_VERSION
  6. Reconfigure Airflow connections and unpause all DAGs

To upgrade to a specific release:

~/opencve/docker$ ./install.sh -r v3.0.0 upgrade

Tip

You can also pause / unpause DAGs manually:

docker compose exec airflow-scheduler airflow dags pause opencve
docker compose exec airflow-scheduler airflow dags unpause opencve

Note

The application code is pulled from GitHub at build time via OPENCVE_VERSION. A git pull on your local clone only updates Docker configuration files and install.sh — it does not update the running application.

Since OpenCVE relies on Django and Airflow, review their upgrade documentation for additional guidance:

Reset

The reset command stops the stack and removes all Docker volumes (database, repositories, static files). Configuration files on the host are kept.

~/opencve/docker$ ./install.sh reset

The script asks for confirmation (Type 'yes' to confirm destruction). Use -y to skip the prompt:

~/opencve/docker$ ./install.sh -y reset

After a reset, reinstall with:

./install.sh prepare && ./install.sh start

The KB import step alone can take 10 to 30 minutes on a fresh install.

To also replace configuration files with fresh defaults:

./install.sh reset && ./install.sh -f prepare && ./install.sh start