Upgrading to ProGet 2022
  • 29 Nov 2022
  • 9 Minutes to read
  • Dark
    Light
  • PDF

Upgrading to ProGet 2022

  • Dark
    Light
  • PDF

ProGet 2022 is a major update, and this article provides information about what will change, the impact to your instance, and how to mitigate risk during upgrade.

Planning for Your Upgrade

ProGet 2022 is a major upgrade, and many of the changes were additive features (available as "preview" features in ProGet 6.0), platform updates (library upgrades, etc.), and UI changes.

There are some key things to keep in mind before upgrading:

  1. Replication has updated/refactored, and you may need to migrate configuration
  2. Package Consumers has been replaced with Projects and Releases, and you may want to migrate data
  3. Custom-built extensions need to be recompiled
  4. Hybrid user directories were replaced, and you will need to manually delete old entries
  5. The platform (.NET 4.5.2) was upgraded to .NET 6, which may mean you need to update hosting configuration and directories. A few customers have also reported performance problems, which we are continuing to investigate.

You can also rollback to ProGet 6.0 if there are issues without restoring your database.

Upgrading from ProGet 5.3

If you're upgrading from ProGet 5.3, upgrading to ProGet 2022 should be relatively easy.

There were some API Keys changes in ProGet 6.0, and some users reported that some API Key needing to edited or deleted/recreated to fix permissions issues. Otherwise, no major features were removed or changed, and the upgrade should be relatively easy.

Upgrading from ProGet 5.2

If you're upgrading from ProGet 5.2, you will need convert all "quirks" feeds before upgrading. Rolling back will also require restoring your database.

While we recommend upgrading directly to ProGet 2022 from ProGet 5.2 (and skipping 6.0 and 5.3), there were some substantial changes to the database made in ProGet 5.3. Make sure to read the Upgrading to ProGet 5.3 notes to learn what changed.

Upgrading from ProGet 5.1 or Earlier

If you're upgrading from ProGet 5.1 or earlier, you should upgrade to ProGet 5.2 first.

We recommend upgrade to latest ProGet 5.2, then latest ProGet 2022. See: 5.3 notes, v4 notes, v2/v3 notes

New Features in ProGet 2022

Updated Feature: Replication Improvements

For ProGet 2022, we developed a new user interface for replication and improved some of the underlying replication code to make it easier to troubleshoot and diagnose. This was developed as a "preview feature" in ProGet 6.0, and you may already have enabled it.

Replication Data Migration Required

If you didn't enable the "preview feature" in ProGet 6.0, then replication will not work until you've performed a one-time data migration. This takes seconds, and can be done under the "Replication" tab.

In addition to an improved user experience, the main differences are:

  • Create a single "replication configuration" that uses multiple feeds; in previous versions, feed replication was configured on a per-feed basis
  • Use API Keys that can be changed without editing replication configuration; in previous versions, each feed required its own security token, and API Keys were not used
  • See "incoming" and "outgoing" replications status on a single dashboard; this was very limited in previous versions, and was often confusing to follow

See Feed Replication (6.0 and Earlier) to learn more about the differences.

Replication Changes Risk Mitigation

Because the replication changes were implemented side-by-side, you can test the replication changes in ProGet 6.0 by enabling the "preview features" in the latest maintenance version of ProGet 6.0. You can also switch back to using the non-preview behavior.

After you've upgraded to ProGet 2022, you can rollback to ProGet 6.0 if there are issues, and then switch back to the old behavior from within ProGet.

New Feature: ProGet Enterprise for Edge Computing

This is a new edition of ProGet that is supported via a new license key in ProGet v2022, and is specialized for Content Distribution for Edge Computing.

Compared to ProGet Enterprise, the main benefit is scaling at 5+ edge nodes (instances):

• Licensing (pricing) model that makes scaling to hundreds of nodes feasible
• Dashboard on “hub” instances to give visibility into edge nodes
• Simplified setup for the edge nodes (no license key required)
• Working with our team to better improve the product/experience to fit your needs

There is no risk mitigation required, and many of the code changes/additions were introduced as a preview feature throughout ProGet 6.0.

New Feature: SAML & Security Management Overhaul

We've added some more flexibility for logging-in to ProGet 2022 and made it lot easier to manage security. This was developed as a "preview feature" in ProGet 6.0, and you may already have enabled it:

  • Improved UI for managing security and users
  • Allow multiple user directories to be searched at once
  • Integrate with SAML providers like Azure and PingID
  • Import/export Permissions and Built-in Users
  • Enable multiple login options at once: Built-in Username/passwords, Windows Authentication, SAML Authentication

These changes involved changing some of the login/authentication code, which may lead to bugs/regressions where users cannot log-in or a connected systems (build/CI server) reports authentication errors.

In addition, if you're using the Hybrid User Directory (which allowed you to query multiple user directories), those user directories will become enabled, and you will see an error on the User Directories page if you had one configured. You can safely delete this directory.

Security Changes Risk Mitigation

Because the security changes were implemented side-by-side, you can test the feature changes in ProGet 6.0 by enabling the "preview features" in the latest maintenance version of ProGet 6.0. You can also switch back to using the non-preview behavior.

In addition, be prepared to run the locked out troubleshooting in the event you are locked out after upgrade. You will be able to restore security after that. If that doesn't work, you can rollback to ProGet 6.0.

New Feature: Software Composition Analysis (SCA)

The "Vulnerabilities" and "Licenses" links in the top navigation have been moved under the new "Reporting & SCA" link. Under this link is also Projects and Releases, which will help you identify which of your applications have unwanted licenses or vulnerabilities.

There is no risk mitigation required, as this is a new feature with minimal impact on existing features.

Package Consumer Data Migration

This feature is designed to completely replace the existing Package Consumers (Usage Tracking) feature, but it's implemented side-by-side.

If you've used the Package Consumers (Usage Tracking) feature in an earlier version of ProGet, then Software Composition Analysis (SCA) features will be disabled until you migrate the data.

Package Consumers will be completely removed in ProGet 2023.

Custom Extensions Changes

ProGet 2022 targets Inedo.SDK-2.0, and you'll need to rebuild any custom extensions you've created. Note that this version of the SDK targets .NET6.

Previous versions of ProGet targeted different versions of Inedo SDK 1.x.This means that you'll need to update the Inedo.SDK NuGet package reference in your project to Inedo-SDK 2.0. See creating an extension documentation to learn more about how to do this.

Platform Changes (.NET6)

The platform that ProGet uses was upgraded from .NET 4.5.2 to .NET 6.

This shouldn't require you to make any changes, as the Inedo Hub will handle them during installation. You do not need to install the .NET6 Web Hosting Package for IIS, as it's automatically bundled in the ProGet application.

Web Folder

We have removed the Web folder and the web application is now included in the Service directory. If you have multiple sites in IIS, you will need to update IIS to point to the Service directory now.

.NET6 Requires Multiple Application Pools for Multiple Sites

Note that each of your sites will require its own application pool, and if you see an error like "ASP.NET Core does not support multiple apps in the same app pool", then you'll want to create a second application pool for your second site.

405 Errors & WebDAV

Some users have reported receiving "405 Method Not Allowed" errors after upgrading, and the underlying cause was that the WebDAV IIS module was blocking PUT and DELETE requests. We're not entirely sure why wasn't blocking those requests earlier.

See Disabling WebDAV in IIS to learn how to fix this.

Performance Issues

A few customers have reported errors like: Timeout expired. The timeout period elapsed prior to obtaining a connection from the pool. This may have occurred because all pooled connections were in use and max pool size was reached.

We now recommend setting the Web.NuGetRequestLimit advanced configuration value, which will mimic ASP.NET Framework's old behavior.

Let us know what values work for you; in general we recommend starting at 500, and increasing or decreasing by values of 100 until you find one that causes the issues to go away.

Background & Research on Performance Issues

This seems to impact customers who meet the following criteria:

  • Very high peak usage, such as hundreds of requests per second
  • Configured with multiple connectors
  • Physical server (Hypervisor) uses newer Xeon-based processors with 8+ cores
  • Virtual server utilizes a fraction of those cores

We believe the issue is related to the fact that .NET Core (our new platform) no longer "automagically" manages the process model on IIS. This means that incoming HTTP requests are no longer throttled at the IIS-level, and they will rush in until they reach the next bottleneck - in this case, ADO.NET’s database connection pooling.

IIS, ASP.NET Framework, and ADO.NET Connection Pooling were designed in a world of "shared hosting", where a single physical server would host multiple applications. As such, the technologies were generally conservative with utilizing using the server's resources. Of course, you could tweak these if you wanted. This design decision made it simpler to manager by trading-off speed/latency.

ASP.NET Core takes a different approach: it doesn't have built-in resource throttling, and will generally consume whatever resources are available. This makes it a bit more complex to manage, but it's generally faster.

While you're welcome to tweak ProGet's IIS settings or database connection settings to match your needs, our current guidance and default setting is 1000 connections, which is ten times the current default value of 100.

Starting in ProGet 2022.5 (PG-2182, the default value for connection pools will be 1000 if the default value of 100 is used. If you're using an earlier version, or otherwise modified this value, you can modify your database connection string, which you can edit in the Inedo Hub:

«existing-connection-string»;Max Pool Size=1000.

Our guidance is based on several factors, but most notably that ADO.NET's current default value (100) was decided over twenty years ago in .NET Framework 1.0. This default may have made sense for the time, but with hardware, networks, operating systems, and hypervisors, there's little advantage to limiting these connections.

Upgrade Process

You can perform the upgrade from the Inedo Hub. Like with all upgrades, you should make sure your installation is backed-up.

While you can upgrade from ProGet 5.0 and later to ProGet 2022 (i.e. there is no need to install intermediate versions), you can only rollback to ProGet 6.0 without restoring your database.

Rolling Back

You can rollback using the Inedo Hub.

You can rollback to any version of ProGet 6.0 without restoring the database.

While there are database schema changes, they are all backwards-compatible, which means you can safely rollback your ProGet installation if there's a showstopper bug, and then upgrade later.


Was this article helpful?