Upgrades
9. Upgrades
DRAFT - This document is currently in draft form and subject to change.
Purpose
This section defines the standards and best practices for managing blockchain software upgrades. Upgrades are among the highest-risk activities for node operators — poor documentation or manual steps can lead to network forks, downtime, or data loss. The goal of this section is to ensure all upgrades are automatable, verifiable, and communicated clearly across the community.
9.1 Upgrade Principles
Blockchain upgrades should follow these principles:
- Automation: Upgrades must be scriptable and runnable without manual intervention.
- Predictability: Upgrade outcomes should be consistent across environments.
- Reversibility: Provide a clear and tested rollback procedure.
- Transparency: Document upgrade timing, scope, and impact for all networks.
- Testing First: All upgrades should be validated on testnet or devnet before mainnet rollout.
- Zero-Downtime (Where Possible): Design upgrade paths to minimize disruption to services.
9.2 Types of Upgrades
Blockchain projects typically perform one or more of the following upgrade types:
| Type | Description | Example |
|---|---|---|
| Binary Upgrade | Replacement of node software with a new version, no protocol change. | v1.2.0 → v1.2.1 |
| Consensus Upgrade (Hard Fork) | Protocol-level change requiring all nodes to upgrade before a specific block height. | v1.2.x → v1.3.0 |
| Configuration Upgrade | Modifies runtime configuration or chain parameters. | Enabling new feature flags |
| Schema Upgrade | Database schema or data structure migration. | Indexer or API database schema changes |
Each type must be explicitly documented with version compatibility and any special migration steps.
9.3 Pre-Upgrade Requirements
Before performing any upgrade, the project must ensure:
Release Announcement:
- Publish upgrade details (target version, height, timing, impact) in official channels (see Section 2).
- Include instructions for testnet and mainnet separately.
Upgrade Testing:
- Validate upgrade success on a live testnet.
- Perform data integrity verification post-upgrade.
Compatibility Matrix:
- Provide a clear table showing compatibility between versions.
Example:
| From Version | To Version | Type | Notes |
|---|---|---|---|
| v1.2.0 | v1.2.1 | Patch | Safe upgrade |
| v1.2.x | v1.3.0 | Hard Fork | Mandatory before block 12,345,678 |
| v1.3.x | v2.0.0 | Breaking | Requires chain halt and migration |
9.4 Automated Upgrade Process
Projects must provide an automated process for performing upgrades.
Example (Systemd + Bash Script):
#!/bin/bash
set -e
VERSION="v1.3.0"
SERVICE="blockchain-node"
echo "Stopping node service..."
sudo systemctl stop $SERVICE
echo "Downloading new binary..."
wget https://releases.blockchain.org/${VERSION}/blockchain -O /usr/local/bin/blockchain
chmod +x /usr/local/bin/blockchain
echo "Verifying binary checksum..."
sha256sum -c blockchain-${VERSION}.sha256
echo "Starting node..."
sudo systemctl start $SERVICE
echo "Upgrade complete: now running $VERSION"
Projects should also provide equivalent examples for:
- Ansible Playbooks
- Helm Chart Upgrades
- Terraform-managed nodes
9.5 Upgrade Scheduling & Coordination
Projects must define and communicate upgrade schedules early.
Minimum Notice Periods:
| Network | Notice Period | Example |
|---|---|---|
| Mainnet | ≥ 7 days | Announce block height and date/time |
| Testnet | ≥ 3 days | Used for testing new releases |
| Devnet/Canary | Flexible | Experimental validation only |
Chain Halts:
If an upgrade requires a chain halt:
- Publish the halt height in the announcement.
- Clearly state whether the upgrade is manual or automated.
- Provide post-upgrade verification steps (block height, hash, version).
9.6 Rollback & Recovery
Projects must provide a tested rollback procedure for each upgrade.
Requirements:
- Keep previous binary versions available for download.
- Document how to revert configuration or chain data if needed.
- Automate rollback when possible (e.g., via Ansible task or Helm rollback).
- Include version verification after rollback.
Example:
helm rollback validator 3
# or
systemctl stop blockchain-node
cp /usr/local/bin/blockchain-old /usr/local/bin/blockchain
systemctl start blockchain-node
9.7 Validation & Post-Upgrade Checks
After upgrade completion, operators should verify node health.
Checklist:
- Node version output matches expected version.
- Node is connected to peers and producing/validating blocks.
- No errors in logs.
- Metrics and health endpoints are operational.
- Blockchain height and hash match public explorers.
Example:
blockchain version
# v1.3.0
curl localhost:26657/status
9.8 Automation & GitOps
All upgrade processes should be compatible with automation frameworks such as:
- Ansible
- Terraform
- ArgoCD / FluxCD (for Kubernetes Helm upgrades)
Projects should:
- Provide playbooks or manifests for automated upgrades.
- Tag all upgrade commits and artifacts with the release version.
- Ensure that all configuration changes are version-controlled.
9.9 Monitoring During Upgrades
Projects should provide visibility during upgrades through metrics and logs.
Recommendations:
- Emit Prometheus metrics for version, block height, and sync status.
- Provide structured upgrade progress logs (start, success, failure).
- Expose upgrade status through
/statusor/healthendpoints. - Integrate upgrade metrics into Grafana dashboards.
9.10 Documentation & Communication
All upgrade documentation must be versioned and publicly accessible.
Minimum Documentation:
UPGRADE.md— step-by-step guide.RELEASE_NOTES.md— changelog and network impact summary.- Announcement in release channels (see Section 2).
- Verified binary checksums and signature details.
Best Practice: Host all upgrade materials under a permanent URL such as:
https://docs.blockchainproject.org/upgrades/v1.3.0
Summary: Upgrades are critical lifecycle events for blockchain networks. Every blockchain project should ensure that upgrades are automated, documented, tested on testnet, and easily reversible. Consistency and communication are key to maintaining validator trust and network stability.