WIP: migrade data

WIP: improvements
WIP: migrating code
2022-03-02 11:13:44 +13:00 · 2022-03-01 09:43:03 +13:00 · 2022-02-25 14:01:48 +13:00 · 2022-02-24 13:55:32 +13:00
2526 changed files with 43525 additions and 84582 deletions
--- a/.dockerignore
+++ b/.dockerignore
@@ -1,5 +1,3 @@
 *
 !dist
 !build
-!metadata.json
-!docker-extension/build
--- a/.eslintrc.yml
+++ b/.eslintrc.yml
@@ -31,12 +31,7 @@ rules:
    [
      'error',
      {
-        pathGroups:
-          [
-            { pattern: '@@/**', group: 'internal', position: 'after' },
-            { pattern: '@/**', group: 'internal' },
-            { pattern: '{Kubernetes,Portainer,Agent,Azure,Docker}/**', group: 'internal' },
-          ],
+        pathGroups: [{ pattern: '@/**', group: 'internal' }, { pattern: '{Kubernetes,Portainer,Agent,Azure,Docker}/**', group: 'internal' }],
        groups: ['builtin', 'external', 'internal', 'parent', 'sibling', 'index'],
        pathGroupsExcludedImportTypes: ['internal'],
      },
@@ -46,7 +41,6 @@ settings:
  'import/resolver':
    alias:
      map:
-        - ['@@', './app/react/components']
        - ['@', './app']
      extensions: ['.js', '.ts', '.tsx']

@@ -58,7 +52,6 @@ overrides:
    parser: '@typescript-eslint/parser'
    plugins:
      - '@typescript-eslint'
-      - 'regex'
    extends:
      - airbnb
      - airbnb-typescript
@@ -75,14 +68,7 @@ overrides:
        version: 'detect'
    rules:
      import/order:
-        [
-          'error',
-          {
-            pathGroups: [{ pattern: '@@/**', group: 'internal', position: 'after' }, { pattern: '@/**', group: 'internal' }],
-            groups: ['builtin', 'external', 'internal', 'parent', 'sibling', 'index'],
-            'newlines-between': 'always',
-          },
-        ]
+        ['error', { pathGroups: [{ pattern: '@/**', group: 'internal' }], groups: ['builtin', 'external', 'internal', 'parent', 'sibling', 'index'], 'newlines-between': 'always' }]
      func-style: [error, 'declaration']
      import/prefer-default-export: off
      no-use-before-define: ['error', { functions: false }]
@@ -104,7 +90,6 @@ overrides:
      'react/jsx-no-bind': off
      'no-await-in-loop': 'off'
      'react/jsx-no-useless-fragment': ['error', { allowExpressions: true }]
-      'regex/invalid': ['error', [{ 'regex': 'data-feather="(.*)"', 'message': 'Please use `react-feather` package instead' }]]
  - files:
      - app/**/*.test.*
    extends:
--- a/.github/workflows/lint.yml
+++ b/.github/workflows/lint.yml
@@ -18,12 +18,17 @@ jobs:
    runs-on: ubuntu-latest

    steps:
-      - uses: actions/checkout@v2
-      - uses: actions/setup-node@v2
+      - name: Check out Git repository
+        uses: actions/checkout@v2
+
+      - name: Set up Node.js
+        uses: actions/setup-node@v1
        with:
-          node-version: '14'
-          cache: 'yarn'
-      - run: yarn --frozen-lockfile
+          node-version: 12
+
+      # ESLint and Prettier must be in `package.json`
+      - name: Install Node.js dependencies
+        run: yarn --frozen-lockfile

      - name: Run linters
        uses: wearerequired/lint-action@v1
@@ -34,5 +39,3 @@ jobs:
          prettier_dir: app/
          gofmt: true
          gofmt_dir: api/
-      - name: Typecheck
-        uses: icrawl/action-tsc@v1
--- a/.github/workflows/nightly-security-scan.yml
+++ b/.github/workflows/nightly-security-scan.yml
@@ -1,230 +0,0 @@
-name: Nightly Code Security Scan
-
-on: 
-  schedule:
-    - cron: '0 8 * * *'
-  workflow_dispatch:
-    
-jobs:
-  client-dependencies:
-    name: Client dependency check
-    runs-on: ubuntu-latest
-    if: >- # only run for develop branch
-      github.ref == 'refs/heads/develop' 
-    outputs:
-      js: ${{ steps.set-matrix.outputs.js_result }}
-    steps:
-      - uses: actions/checkout@master
-
-      - name: Run Snyk to check for vulnerabilities
-        uses: snyk/actions/node@master
-        continue-on-error: true # To make sure that artifact upload gets called
-        env:
-          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
-        with:
-          json: true
-
-      - name: Upload js security scan result as artifact 
-        uses: actions/upload-artifact@v3
-        with:
-          name: js-security-scan-develop-result
-          path: snyk.json
-
-      - name: Export scan result to html file 
-        run: | 
-          $(docker run --rm -v ${{ github.workspace }}:/data oscarzhou/scan-report:0.1.8 summary -report-type=snyk -path="/data/snyk.json" -output-type=table -export -export-filename="/data/js-result")
-
-      - name: Upload js result html file
-        uses: actions/upload-artifact@v3
-        with:
-          name: html-js-result-${{github.run_id}}
-          path: js-result.html
-
-      - name: Analyse the js result
-        id: set-matrix
-        run: | 
-          result=$(docker run --rm -v ${{ github.workspace }}:/data oscarzhou/scan-report:0.1.8 summary -report-type=snyk -path="/data/snyk.json" -output-type=matrix)
-          echo "::set-output name=js_result::${result}"
-
-  server-dependencies:
-    name: Server dependency check
-    runs-on: ubuntu-latest
-    if: >- # only run for develop branch
-      github.ref == 'refs/heads/develop' 
-    outputs:
-      go: ${{ steps.set-matrix.outputs.go_result }}
-    steps:
-      - uses: actions/checkout@master
-
-      - name: Download go modules
-        run: cd ./api && go get -t -v -d ./...
-
-      - name: Run Snyk to check for vulnerabilities
-        uses: snyk/actions/golang@master
-        continue-on-error: true # To make sure that artifact upload gets called
-        env:
-          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
-        with:
-          args: --file=./api/go.mod
-          json: true
-
-      - name: Upload go security scan result as artifact
-        uses: actions/upload-artifact@v3
-        with:
-          name: go-security-scan-develop-result
-          path: snyk.json
-
-      - name: Export scan result to html file 
-        run: | 
-          $(docker run --rm -v ${{ github.workspace }}:/data oscarzhou/scan-report:0.1.8 summary -report-type=snyk -path="/data/snyk.json" -output-type=table -export -export-filename="/data/go-result")
-
-      - name: Upload go result html file
-        uses: actions/upload-artifact@v3
-        with:
-          name: html-go-result-${{github.run_id}}
-          path: go-result.html
-
-      - name: Analyse the go result
-        id: set-matrix
-        run: | 
-          result=$(docker run --rm -v ${{ github.workspace }}:/data oscarzhou/scan-report:0.1.8 summary -report-type=snyk -path="/data/snyk.json" -output-type=matrix)
-          echo "::set-output name=go_result::${result}"
-
-  image-vulnerability:
-    name: Build docker image and Image vulnerability check
-    runs-on: ubuntu-latest
-    if: >-
-      github.ref == 'refs/heads/develop'
-    outputs:
-      image: ${{ steps.set-matrix.outputs.image_result }}
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@master
-
-      - name: Use golang 1.18
-        uses: actions/setup-go@v3
-        with:
-          go-version: '1.18'
-
-      - name: Use Node.js 12.x
-        uses: actions/setup-node@v1
-        with:
-          node-version: 12.x
-
-      - name: Install packages and build
-        run: yarn install && yarn build
-
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v1
-
-      - name: Build and push
-        uses: docker/build-push-action@v2
-        with:
-          context: .
-          file: build/linux/Dockerfile
-          tags: trivy-portainer:${{ github.sha }}
-          outputs: type=docker,dest=/tmp/trivy-portainer-image.tar
-
-      - name: Load docker image
-        run: |
-          docker load --input /tmp/trivy-portainer-image.tar
-
-      - name: Run Trivy vulnerability scanner
-        uses: docker://docker.io/aquasec/trivy:latest
-        continue-on-error: true 
-        with:
-          args: image --ignore-unfixed=true --vuln-type="os,library" --exit-code=1 --format="json" --output="image-trivy.json" --no-progress trivy-portainer:${{ github.sha }}  
-
-      - name: Upload image security scan result as artifact
-        uses: actions/upload-artifact@v3
-        with:
-          name: image-security-scan-develop-result
-          path: image-trivy.json
-
-      - name: Export scan result to html file 
-        run: | 
-          $(docker run --rm -v ${{ github.workspace }}:/data oscarzhou/scan-report:0.1.8 summary -report-type=trivy -path="/data/image-trivy.json" -output-type=table -export -export-filename="/data/image-result")
-
-      - name: Upload go result html file
-        uses: actions/upload-artifact@v3
-        with:
-          name: html-image-result-${{github.run_id}}
-          path: image-result.html
-
-      - name: Analyse the trivy result
-        id: set-matrix
-        run: | 
-          result=$(docker run --rm -v ${{ github.workspace }}:/data oscarzhou/scan-report:0.1.8 summary -report-type=trivy -path="/data/image-trivy.json" -output-type=matrix)
-          echo "::set-output name=image_result::${result}"
-
-  result-analysis:
-    name: Analyse scan result
-    needs: [client-dependencies, server-dependencies, image-vulnerability]
-    runs-on: ubuntu-latest
-    if: >-
-      github.ref == 'refs/heads/develop'
-    strategy:
-      matrix: 
-        js: ${{fromJson(needs.client-dependencies.outputs.js)}}
-        go: ${{fromJson(needs.server-dependencies.outputs.go)}}
-        image: ${{fromJson(needs.image-vulnerability.outputs.image)}}
-    steps:
-      - name: Display the results of js, go and image
-        run: |
-          echo ${{ matrix.js.status }}
-          echo ${{ matrix.go.status }}
-          echo ${{ matrix.image.status }}
-          echo ${{ matrix.js.summary }}
-          echo ${{ matrix.go.summary }}
-          echo ${{ matrix.image.summary }}
-
-      - name: Send Slack message
-        if: >- 
-          matrix.js.status == 'failure' ||
-          matrix.go.status == 'failure' || 
-          matrix.image.status == 'failure'
-        uses: slackapi/slack-github-action@v1.18.0
-        with:
-          payload: |
-            {
-              "blocks": [
-                {
-                  "type": "section",
-                  "text": {
-                    "type": "mrkdwn",
-                    "text": "Code Scanning Result (*${{ github.repository }}*)\n*<${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}|GitHub Actions Workflow URL>*"
-                  }
-                }
-              ],
-              "attachments": [
-                {
-                  "color": "#FF0000",
-                  "blocks": [
-                    {
-                      "type": "section",
-                      "text": {
-                        "type": "mrkdwn",
-                        "text": "*JS dependency check*: *${{ matrix.js.status }}*\n${{ matrix.js.summary }}"
-                      }
-                    },
-                    {
-                      "type": "section",
-                      "text": {
-                        "type": "mrkdwn",
-                        "text": "*Go dependency check*: *${{ matrix.go.status }}*\n${{ matrix.go.summary }}"
-                      }
-                    },
-                    {
-                      "type": "section",
-                      "text": {
-                        "type": "mrkdwn",
-                        "text": "*Image vulnerability check*: *${{ matrix.image.status }}*\n${{ matrix.image.summary }}\n"
-                      }
-                    }
-                  ]
-                }
-              ]
-            }
-        env:
-          SLACK_WEBHOOK_URL: ${{ secrets.SECURITY_SLACK_WEBHOOK_URL }}
-          SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK
--- a/.github/workflows/pr-security.yml
+++ b/.github/workflows/pr-security.yml
@@ -1,233 +0,0 @@
-name: PR Code Security Scan
-
-on:
-  pull_request_review:
-    types:
-      - submitted
-      - edited
-    paths:
-      - 'package.json'
-      - 'api/go.mod'
-      - 'gruntfile.js'
-      - 'build/linux/Dockerfile'
-      - 'build/linux/alpine.Dockerfile'
-      - 'build/windows/Dockerfile'
-    
-jobs:
-  client-dependencies:
-    name: Client dependency check
-    runs-on: ubuntu-latest
-    if: >-
-      github.event.pull_request &&
-      github.event.review.body == '/scan'
-    outputs:
-      jsdiff: ${{ steps.set-diff-matrix.outputs.js_diff_result }}
-    steps:
-      - uses: actions/checkout@master
-
-      - name: Run Snyk to check for vulnerabilities
-        uses: snyk/actions/node@master
-        continue-on-error: true # To make sure that artifact upload gets called
-        env:
-          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
-        with:
-          json: true
-
-      - name: Upload js security scan result as artifact
-        uses: actions/upload-artifact@v3
-        with:
-          name: js-security-scan-feat-result
-          path: snyk.json
-
-      - name: Download artifacts from develop branch
-        env:
-          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        run: |
-          mv ./snyk.json ./js-snyk-feature.json
-          (gh run download -n js-security-scan-develop-result -R ${{ github.repository }} 2>&1 >/dev/null) || :
-          if [[ -e ./snyk.json ]]; then
-            mv ./snyk.json ./js-snyk-develop.json
-          else
-            echo "null" > ./js-snyk-develop.json
-          fi
-
-      - name: Export scan result to html file 
-        run: | 
-          $(docker run --rm -v ${{ github.workspace }}:/data oscarzhou/scan-report:0.1.8 diff -report-type=snyk -path="/data/js-snyk-feature.json" -compare-to="/data/js-snyk-develop.json" -output-type=table -export -export-filename="/data/js-result")
-
-      - name: Upload js result html file
-        uses: actions/upload-artifact@v3
-        with:
-          name: html-js-result-compare-to-develop-${{github.run_id}}
-          path: js-result.html
-
-      - name: Analyse the js diff result
-        id: set-diff-matrix
-        run: | 
-          result=$(docker run --rm -v ${{ github.workspace }}:/data oscarzhou/scan-report:0.1.8 diff -report-type=snyk -path="/data/js-snyk-feature.json" -compare-to="./data/js-snyk-develop.json" -output-type=matrix)
-          echo "::set-output name=js_diff_result::${result}"
-
-  server-dependencies:
-    name: Server dependency check
-    runs-on: ubuntu-latest
-    if: >-
-      github.event.pull_request &&
-      github.event.review.body == '/scan'
-    outputs:
-      godiff: ${{ steps.set-diff-matrix.outputs.go_diff_result }}
-    steps:
-      - uses: actions/checkout@master
-
-      - name: Download go modules
-        run: cd ./api && go get -t -v -d ./...
-
-      - name: Run Snyk to check for vulnerabilities
-        uses: snyk/actions/golang@master
-        continue-on-error: true # To make sure that artifact upload gets called
-        env:
-          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
-        with:
-          args: --file=./api/go.mod
-          json: true
-
-      - name: Upload go security scan result as artifact
-        uses: actions/upload-artifact@v3
-        with:
-          name: go-security-scan-feature-result
-          path: snyk.json
-
-      - name: Download artifacts from develop branch
-        env:
-          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        run: |
-          mv ./snyk.json ./go-snyk-feature.json
-          (gh run download -n go-security-scan-develop-result -R ${{ github.repository }} 2>&1 >/dev/null) || :
-          if [[ -e ./snyk.json ]]; then
-            mv ./snyk.json ./go-snyk-develop.json
-          else
-            echo "null" > ./go-snyk-develop.json
-          fi
-
-      - name: Export scan result to html file 
-        run: | 
-          $(docker run --rm -v ${{ github.workspace }}:/data oscarzhou/scan-report:0.1.8 diff -report-type=snyk -path="/data/go-snyk-feature.json" -compare-to="/data/go-snyk-develop.json" -output-type=table -export -export-filename="/data/go-result")
-
-      - name: Upload go result html file
-        uses: actions/upload-artifact@v3
-        with:
-          name: html-go-result-compare-to-develop-${{github.run_id}}
-          path: go-result.html
-
-      - name: Analyse the go diff result
-        id: set-diff-matrix
-        run: | 
-          result=$(docker run --rm -v ${{ github.workspace }}:/data oscarzhou/scan-report:0.1.8 diff -report-type=snyk -path="/data/go-snyk-feature.json" -compare-to="/data/go-snyk-develop.json" -output-type=matrix)
-          echo "::set-output name=go_diff_result::${result}"
-
-  image-vulnerability:
-    name: Build docker image and Image vulnerability check
-    runs-on: ubuntu-latest
-    if: >-
-      github.event.pull_request &&
-      github.event.review.body == '/scan'
-    outputs:
-      imagediff: ${{ steps.set-diff-matrix.outputs.image_diff_result }}
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@master
-
-      - name: Use golang 1.18
-        uses: actions/setup-go@v3
-        with:
-          go-version: '1.18'
-
-      - name: Use Node.js 12.x
-        uses: actions/setup-node@v1
-        with:
-          node-version: 12.x
-
-      - name: Install packages and build
-        run: yarn install && yarn build
-
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v1
-
-      - name: Build and push
-        uses: docker/build-push-action@v2
-        with:
-          context: .
-          file: build/linux/Dockerfile
-          tags: trivy-portainer:${{ github.sha }}
-          outputs: type=docker,dest=/tmp/trivy-portainer-image.tar
-
-      - name: Load docker image
-        run: |
-          docker load --input /tmp/trivy-portainer-image.tar
-
-      - name: Run Trivy vulnerability scanner
-        uses: docker://docker.io/aquasec/trivy:latest
-        continue-on-error: true 
-        with:
-          args: image --ignore-unfixed=true --vuln-type="os,library" --exit-code=1 --format="json" --output="image-trivy.json" --no-progress trivy-portainer:${{ github.sha }}  
-
-      - name: Upload image security scan result as artifact
-        uses: actions/upload-artifact@v3
-        with:
-          name: image-security-scan-feature-result
-          path: image-trivy.json
-
-      - name: Download artifacts from develop branch
-        env:
-          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        run: |
-          mv ./image-trivy.json ./image-trivy-feature.json
-          (gh run download -n image-security-scan-develop-result -R ${{ github.repository }} 2>&1 >/dev/null) || :
-          if [[ -e ./image-trivy.json ]]; then
-            mv ./image-trivy.json ./image-trivy-develop.json
-          else
-            echo "null" > ./image-trivy-develop.json
-          fi
-
-      - name: Export scan result to html file 
-        run: | 
-          $(docker run --rm -v ${{ github.workspace }}:/data oscarzhou/scan-report:0.1.8 diff -report-type=trivy -path="/data/image-trivy-feature.json" -compare-to="/data/image-trivy-develop.json" -output-type=table -export -export-filename="/data/image-result")
-
-      - name: Upload image result html file
-        uses: actions/upload-artifact@v3
-        with:
-          name: html-image-result-compare-to-develop-${{github.run_id}}
-          path: image-result.html
-
-      - name: Analyse the image diff result
-        id: set-diff-matrix
-        run: | 
-          result=$(docker run --rm -v ${{ github.workspace }}:/data oscarzhou/scan-report:0.1.8 diff -report-type=trivy -path="/data/image-trivy-feature.json" -compare-to="./data/image-trivy-develop.json" -output-type=matrix)
-          echo "::set-output name=image_diff_result::${result}"
-
-  result-analysis:
-    name: Analyse scan result compared to develop
-    needs: [client-dependencies, server-dependencies, image-vulnerability]
-    runs-on: ubuntu-latest
-    if: >-
-      github.event.pull_request &&
-      github.event.review.body == '/scan'
-    strategy:
-      matrix: 
-        jsdiff: ${{fromJson(needs.client-dependencies.outputs.jsdiff)}}
-        godiff: ${{fromJson(needs.server-dependencies.outputs.godiff)}}
-        imagediff: ${{fromJson(needs.image-vulnerability.outputs.imagediff)}}
-    steps:
-
-      - name: Check job status of diff result
-        if: >-
-          matrix.jsdiff.status == 'failure' ||
-          matrix.godiff.status == 'failure' ||
-          matrix.imagediff.status == 'failure' 
-        run: |
-          echo ${{ matrix.jsdiff.status }}
-          echo ${{ matrix.godiff.status }}
-          echo ${{ matrix.imagediff.status }}
-          echo ${{ matrix.jsdiff.summary }}
-          echo ${{ matrix.godiff.summary }}
-          echo ${{ matrix.imagediff.summary }}
-          exit 1
--- a/.github/workflows/test-client.yaml
+++ b/.github/workflows/test-client.yaml
@@ -0,0 +1,11 @@
+name: Test Frontend
+on: push
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - name: Install modules
+        run: yarn --frozen-lockfile
+      - name: Run tests
+        run: yarn test:client
--- a/.github/workflows/test.yaml
+++ b/.github/workflows/test.yaml
@@ -1,29 +0,0 @@
-name: Test
-on: push
-jobs:
-  test-client:
-    runs-on: ubuntu-latest
-
-    steps:
-      - uses: actions/checkout@v2
-      - uses: actions/setup-node@v2
-        with:
-          node-version: '14'
-          cache: 'yarn'
-      - run: yarn --frozen-lockfile
-
-      - name: Run tests
-        run: yarn test:client
-  # test-server:
-  #   runs-on: ubuntu-latest
-  #   env:
-  #     GOPRIVATE: "github.com/portainer"
-  #   steps:
-  #     - uses: actions/checkout@v3
-  #     - uses: actions/setup-go@v3
-  #       with:
-  #         go-version: '1.18'
-  #     - name: Run tests
-  #       run: |
-  #         cd api
-  #         go test ./...
--- a/.gitignore
+++ b/.gitignore
@@ -7,7 +7,6 @@ storybook-static
 .tmp
 **/.vscode/settings.json
 **/.vscode/tasks.json
-.vscode
 *.DS_Store

 .eslintcache
--- a/.prettierignore
+++ b/.prettierignore
@@ -1,2 +1 @@
-dist
-api/datastore/test_data
+dist
--- a/.storybook/main.js
+++ b/.storybook/main.js
@@ -16,9 +16,6 @@ module.exports = {
            exportLocalsConvention: 'camelCaseOnly',
          },
        },
-        postcssLoaderOptions: {
-          implementation: require('postcss'),
-        },
      },
    },
  ],
--- a/.storybook/preview.js
+++ b/.storybook/preview.js
@@ -3,7 +3,6 @@ import '../app/assets/css';
 import { pushStateLocationPlugin, UIRouter } from '@uirouter/react';
 import { initialize as initMSW, mswDecorator } from 'msw-storybook-addon';
 import { handlers } from '@/setup-tests/server-handlers';
-import { QueryClient, QueryClientProvider } from 'react-query';

 // Initialize MSW
 initMSW({
@@ -32,17 +31,11 @@ export const parameters = {
  },
 };

-const testQueryClient = new QueryClient({
-  defaultOptions: { queries: { retry: false } },
-});
-
 export const decorators = [
  (Story) => (
-    <QueryClientProvider client={testQueryClient}>
-      <UIRouter plugins={[pushStateLocationPlugin]}>
-        <Story />
-      </UIRouter>
-    </QueryClientProvider>
+    <UIRouter plugins={[pushStateLocationPlugin]}>
+      <Story />
+    </UIRouter>
  ),
  mswDecorator,
 ];
--- a/README.md
+++ b/README.md
@@ -12,15 +12,21 @@ Portainer consists of a single container that can run on any cluster. It can be
 - [Take5 – get 5 free nodes of Portainer Business for as long as you want them](https://portainer.io/pricing/take5)
 - [Portainer BE install guide](https://install.portainer.io)

+## Demo
+
+You can try out the public demo instance: http://demo.portainer.io/ (login with the username **admin** and the password **tryportainer**).
+
+Please note that the public demo cluster is **reset every 15min**.
+
 ## Latest Version

 Portainer CE is updated regularly. We aim to do an update release every couple of months.

-[![latest version](https://img.shields.io/github/v/release/portainer/portainer?color=%2344cc11&label=Latest%20release&style=for-the-badge)](https://github.com/portainer/portainer/releases/latest)
+**The latest version of Portainer is 2.9.x**. Portainer is on version 2, the second number denotes the month of release.

 ## Getting started

- [Deploy Portainer](https://docs.portainer.io/start/install)
+- [Deploy Portainer](https://docs.portainer.io/v/ce-2.9/start/install)
 - [Documentation](https://documentation.portainer.io)
 - [Contribute to the project](https://documentation.portainer.io/contributing/instructions/)

--- a/api/adminmonitor/admin_monitor.go
+++ b/api/adminmonitor/admin_monitor.go
@@ -2,83 +2,57 @@ package adminmonitor

 import (
 	"context"
-	"net/http"
-	"strings"
-	"sync"
+	"log"
 	"time"

-	httperror "github.com/portainer/libhttp/error"
 	portainer "github.com/portainer/portainer/api"
 	"github.com/portainer/portainer/api/dataservices"
-
-	"github.com/rs/zerolog/log"
 )

-const RedirectReasonAdminInitTimeout string = "AdminInitTimeout"
+var logFatalf = log.Fatalf

 type Monitor struct {
-	timeout           time.Duration
-	datastore         dataservices.DataStore
-	shutdownCtx       context.Context
-	cancellationFunc  context.CancelFunc
-	mu                sync.Mutex
-	adminInitDisabled bool
+	timeout          time.Duration
+	datastore        dataservices.DataStore
+	shutdownCtx      context.Context
+	cancellationFunc context.CancelFunc
 }

 // New creates a monitor that when started will wait for the timeout duration and then shutdown the application unless it has been initialized.
 func New(timeout time.Duration, datastore dataservices.DataStore, shutdownCtx context.Context) *Monitor {
 	return &Monitor{
-		timeout:           timeout,
-		datastore:         datastore,
-		shutdownCtx:       shutdownCtx,
-		adminInitDisabled: false,
+		timeout:     timeout,
+		datastore:   datastore,
+		shutdownCtx: shutdownCtx,
 	}
 }

 // Starts starts the monitor. Active monitor could be stopped or shuttted down by cancelling the shutdown context.
 func (m *Monitor) Start() {
-	m.mu.Lock()
-	defer m.mu.Unlock()
-
-	if m.cancellationFunc != nil {
-		return
-	}
-
 	cancellationCtx, cancellationFunc := context.WithCancel(context.Background())
 	m.cancellationFunc = cancellationFunc

 	go func() {
-		log.Debug().Msg("start initialization monitor")
-
+		log.Println("[DEBUG] [internal,init] [message: start initialization monitor ]")
 		select {
 		case <-time.After(m.timeout):
 			initialized, err := m.WasInitialized()
 			if err != nil {
-				log.Fatal().Err(err).Msg("")
+				logFatalf("%s", err)
 			}
-
 			if !initialized {
-				log.Info().Msg("the Portainer instance timed out for security purposes, to re-enable your Portainer instance, you will need to restart Portainer")
-
-				m.mu.Lock()
-				defer m.mu.Unlock()
-
-				m.adminInitDisabled = true
-				return
+				logFatalf("[FATAL] [internal,init] No administrator account was created in %f mins. Shutting down the Portainer instance for security reasons", m.timeout.Minutes())
 			}
 		case <-cancellationCtx.Done():
-			log.Debug().Msg("canceling initialization monitor")
+			log.Println("[DEBUG] [internal,init] [message: canceling initialization monitor]")
 		case <-m.shutdownCtx.Done():
-			log.Debug().Msg("shutting down initialization monitor")
+			log.Println("[DEBUG] [internal,init] [message: shutting down initialization monitor]")
 		}
 	}()
 }

 // Stop stops monitor. Safe to call even if monitor wasn't started.
 func (m *Monitor) Stop() {
-	m.mu.Lock()
-	defer m.mu.Unlock()
-
 	if m.cancellationFunc == nil {
 		return
 	}
@@ -94,23 +68,3 @@ func (m *Monitor) WasInitialized() (bool, error) {
 	}
 	return len(users) > 0, nil
 }
-
-func (m *Monitor) WasInstanceDisabled() bool {
-	m.mu.Lock()
-	defer m.mu.Unlock()
-	return m.adminInitDisabled
-}
-
-// WithRedirect checks whether administrator initialisation timeout. If so, it will return the error with redirect reason.
-// Otherwise, it will pass through the request to next
-func (m *Monitor) WithRedirect(next http.Handler) http.Handler {
-	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		if m.WasInstanceDisabled() && strings.HasPrefix(r.RequestURI, "/api") && r.RequestURI != "/api/status" && r.RequestURI != "/api/settings/public" {
-			w.Header().Set("redirect-reason", RedirectReasonAdminInitTimeout)
-			httperror.WriteError(w, http.StatusSeeOther, "Administrator initialization timeout", nil)
-			return
-		}
-
-		next.ServeHTTP(w, r)
-	})
-}
--- a/api/adminmonitor/admin_monitor_test.go
+++ b/api/adminmonitor/admin_monitor_test.go
@@ -21,18 +21,6 @@ func Test_stopCouldBeCalledMultipleTimes(t *testing.T) {
 	monitor.Stop()
 }

-func Test_startOrStopCouldBeCalledMultipleTimesConcurrently(t *testing.T) {
-	monitor := New(1*time.Minute, nil, context.Background())
-
-	go monitor.Start()
-	monitor.Start()
-
-	go monitor.Stop()
-	monitor.Stop()
-
-	time.Sleep(2 * time.Second)
-}
-
 func Test_canStopStartedMonitor(t *testing.T) {
 	monitor := New(1*time.Minute, nil, context.Background())
 	monitor.Start()
@@ -42,13 +30,21 @@ func Test_canStopStartedMonitor(t *testing.T) {
 	assert.Nil(t, monitor.cancellationFunc, "cancellation function should absent in stopped monitor")
 }

-func Test_start_shouldDisableInstanceAfterTimeout_ifNotInitialized(t *testing.T) {
+func Test_start_shouldFatalAfterTimeout_ifNotInitialized(t *testing.T) {
 	timeout := 10 * time.Millisecond

 	datastore := i.NewDatastore(i.WithUsers([]portainer.User{}))
+
+	var fataled bool
+	origLogFatalf := logFatalf
+	logFatalf = func(s string, v ...interface{}) { fataled = true }
+	defer func() {
+		logFatalf = origLogFatalf
+	}()
+
 	monitor := New(timeout, datastore, context.Background())
 	monitor.Start()
+	<-time.After(2 * timeout)

-	<-time.After(20 * timeout)
-	assert.True(t, monitor.WasInstanceDisabled(), "monitor should have been timeout and instance is disabled")
+	assert.True(t, fataled, "monitor should been timeout and fatal")
 }
--- a/api/agent/version.go
+++ b/api/agent/version.go
@@ -1,71 +0,0 @@
-package agent
-
-import (
-	"crypto/tls"
-	"errors"
-	"fmt"
-	"net/http"
-	"strconv"
-	"time"
-
-	portainer "github.com/portainer/portainer/api"
-	"github.com/portainer/portainer/api/internal/url"
-)
-
-// GetAgentVersionAndPlatform returns the agent version and platform
-//
-// it sends a ping to the agent and parses the version and platform from the headers
-func GetAgentVersionAndPlatform(endpointUrl string, tlsConfig *tls.Config) (portainer.AgentPlatform, string, error) {
-	httpCli := &http.Client{
-		Timeout: 3 * time.Second,
-	}
-
-	if tlsConfig != nil {
-		httpCli.Transport = &http.Transport{
-			TLSClientConfig: tlsConfig,
-		}
-	}
-
-	parsedURL, err := url.ParseURL(endpointUrl + "/ping")
-	if err != nil {
-		return 0, "", err
-	}
-
-	parsedURL.Scheme = "https"
-
-	req, err := http.NewRequest(http.MethodGet, parsedURL.String(), nil)
-	if err != nil {
-		return 0, "", err
-	}
-
-	resp, err := httpCli.Do(req)
-	if err != nil {
-		return 0, "", err
-	}
-	defer resp.Body.Close()
-
-	if resp.StatusCode != http.StatusNoContent {
-		return 0, "", fmt.Errorf("Failed request with status %d", resp.StatusCode)
-	}
-
-	version := resp.Header.Get(portainer.PortainerAgentHeader)
-	if version == "" {
-		return 0, "", errors.New("Version Header is missing")
-	}
-
-	agentPlatformHeader := resp.Header.Get(portainer.HTTPResponseAgentPlatform)
-	if agentPlatformHeader == "" {
-		return 0, "", errors.New("Agent Platform Header is missing")
-	}
-
-	agentPlatformNumber, err := strconv.Atoi(agentPlatformHeader)
-	if err != nil {
-		return 0, "", err
-	}
-
-	if agentPlatformNumber == 0 {
-		return 0, "", errors.New("Agent platform is invalid")
-	}
-
-	return portainer.AgentPlatform(agentPlatformNumber), version, nil
-}
--- a/api/api-description.md
+++ b/api/api-description.md
@@ -50,15 +50,4 @@ Instead, it acts as a reverse-proxy to the Docker HTTP API. This means that you

 To do so, you can use the `/endpoints/{id}/docker` Portainer API environment(endpoint) (which is not documented below due to Swagger limitations). This environment(endpoint) has a restricted access policy so you still need to be authenticated to be able to query this environment(endpoint). Any query on this environment(endpoint) will be proxied to the Docker API of the associated environment(endpoint) (requests and responses objects are the same as documented in the Docker API).

-# Private Registry
-
-Using private registry, you will need to pass a based64 encoded JSON string ‘{"registryId":\<registryID value\>}’ inside the Request Header. The parameter name is "X-Registry-Auth".
-\<registryID value\> - The registry ID where the repository was created.
-
-Example:
-
-```
-eyJyZWdpc3RyeUlkIjoxfQ==
-```
-
 **NOTE**: You can find more information on how to query the Docker API in the [Docker official documentation](https://docs.docker.com/engine/api/v1.30/) as well as in [this Portainer example](https://documentation.portainer.io/api/api-examples/).
--- a/api/apikey/service.go
+++ b/api/apikey/service.go
@@ -6,10 +6,10 @@ import (
 	"fmt"
 	"time"

+	"github.com/pkg/errors"
+
 	portainer "github.com/portainer/portainer/api"
 	"github.com/portainer/portainer/api/dataservices"
-
-	"github.com/pkg/errors"
 )

 const portainerAPIKeyPrefix = "ptr_"
--- a/api/apikey/service_test.go
+++ b/api/apikey/service_test.go
@@ -2,7 +2,7 @@ package apikey

 import (
 	"crypto/sha256"
-	"fmt"
+	"log"
 	"strings"
 	"testing"
 	"time"
@@ -10,8 +10,6 @@ import (
 	portainer "github.com/portainer/portainer/api"
 	"github.com/portainer/portainer/api/datastore"
 	"github.com/stretchr/testify/assert"
-
-	"github.com/rs/zerolog/log"
 )

 func Test_SatisfiesAPIKeyServiceInterface(t *testing.T) {
@@ -22,7 +20,7 @@ func Test_SatisfiesAPIKeyServiceInterface(t *testing.T) {
 func Test_GenerateApiKey(t *testing.T) {
 	is := assert.New(t)

-	_, store, teardown := datastore.MustNewTestStore(t, true, true)
+	_, store, teardown := datastore.MustNewTestStore(true)
 	defer teardown()

 	service := NewAPIKeyService(store.APIKeyRepository(), store.User())
@@ -76,7 +74,7 @@ func Test_GenerateApiKey(t *testing.T) {
 func Test_GetAPIKey(t *testing.T) {
 	is := assert.New(t)

-	_, store, teardown := datastore.MustNewTestStore(t, true, true)
+	_, store, teardown := datastore.MustNewTestStore(true)
 	defer teardown()

 	service := NewAPIKeyService(store.APIKeyRepository(), store.User())
@@ -96,7 +94,7 @@ func Test_GetAPIKey(t *testing.T) {
 func Test_GetAPIKeys(t *testing.T) {
 	is := assert.New(t)

-	_, store, teardown := datastore.MustNewTestStore(t, true, true)
+	_, store, teardown := datastore.MustNewTestStore(true)
 	defer teardown()

 	service := NewAPIKeyService(store.APIKeyRepository(), store.User())
@@ -117,7 +115,7 @@ func Test_GetAPIKeys(t *testing.T) {
 func Test_GetDigestUserAndKey(t *testing.T) {
 	is := assert.New(t)

-	_, store, teardown := datastore.MustNewTestStore(t, true, true)
+	_, store, teardown := datastore.MustNewTestStore(true)
 	defer teardown()

 	service := NewAPIKeyService(store.APIKeyRepository(), store.User())
@@ -153,7 +151,7 @@ func Test_GetDigestUserAndKey(t *testing.T) {
 func Test_UpdateAPIKey(t *testing.T) {
 	is := assert.New(t)

-	_, store, teardown := datastore.MustNewTestStore(t, true, true)
+	_, store, teardown := datastore.MustNewTestStore(true)
 	defer teardown()

 	service := NewAPIKeyService(store.APIKeyRepository(), store.User())
@@ -171,9 +169,11 @@ func Test_UpdateAPIKey(t *testing.T) {
 		_, apiKeyGot, err := service.GetDigestUserAndKey(apiKey.Digest)
 		is.NoError(err)

-		log.Debug().Str("wanted", fmt.Sprintf("%+v", apiKey)).Str("got", fmt.Sprintf("%+v", apiKeyGot)).Msg("")
+		log.Println(apiKey)
+		log.Println(apiKeyGot)

 		is.Equal(apiKey.LastUsed, apiKeyGot.LastUsed)
+
 	})

 	t.Run("Successfully updates api-key in cache upon api-key update", func(t *testing.T) {
@@ -199,7 +199,7 @@ func Test_UpdateAPIKey(t *testing.T) {
 func Test_DeleteAPIKey(t *testing.T) {
 	is := assert.New(t)

-	_, store, teardown := datastore.MustNewTestStore(t, true, true)
+	_, store, teardown := datastore.MustNewTestStore(true)
 	defer teardown()

 	service := NewAPIKeyService(store.APIKeyRepository(), store.User())
@@ -240,7 +240,7 @@ func Test_DeleteAPIKey(t *testing.T) {
 func Test_InvalidateUserKeyCache(t *testing.T) {
 	is := assert.New(t)

-	_, store, teardown := datastore.MustNewTestStore(t, true, true)
+	_, store, teardown := datastore.MustNewTestStore(true)
 	defer teardown()

 	service := NewAPIKeyService(store.APIKeyRepository(), store.User())
--- a/api/archive/tar.go
+++ b/api/archive/tar.go
@@ -34,45 +34,3 @@ func TarFileInBuffer(fileContent []byte, fileName string, mode int64) ([]byte, e

 	return buffer.Bytes(), nil
 }
-
-// tarFileInBuffer represents a tar archive buffer.
-type tarFileInBuffer struct {
-	b *bytes.Buffer
-	w *tar.Writer
-}
-
-func NewTarFileInBuffer() *tarFileInBuffer {
-	var b bytes.Buffer
-	return &tarFileInBuffer{
-		b: &b,
-		w: tar.NewWriter(&b),
-	}
-}
-
-// Put puts a single file to tar archive buffer.
-func (t *tarFileInBuffer) Put(fileContent []byte, fileName string, mode int64) error {
-	hdr := &tar.Header{
-		Name: fileName,
-		Mode: mode,
-		Size: int64(len(fileContent)),
-	}
-
-	if err := t.w.WriteHeader(hdr); err != nil {
-		return err
-	}
-
-	if _, err := t.w.Write(fileContent); err != nil {
-		return err
-	}
-
-	return nil
-}
-
-// Bytes returns the archive as a byte array.
-func (t *tarFileInBuffer) Bytes() []byte {
-	return t.b.Bytes()
-}
-
-func (t *tarFileInBuffer) Close() error {
-	return t.w.Close()
-}
--- a/api/archive/targz_test.go
+++ b/api/archive/targz_test.go
@@ -2,12 +2,14 @@ package archive

 import (
 	"fmt"
+	"io/ioutil"
 	"os"
 	"os/exec"
 	"path"
 	"path/filepath"
 	"testing"

+	"github.com/docker/docker/pkg/ioutils"
 	"github.com/stretchr/testify/assert"
 )

@@ -25,18 +27,22 @@ func listFiles(dir string) []string {
 }

 func Test_shouldCreateArhive(t *testing.T) {
-	tmpdir := t.TempDir()
+	tmpdir, _ := ioutils.TempDir("", "backup")
+	defer os.RemoveAll(tmpdir)
+
 	content := []byte("content")
-	os.WriteFile(path.Join(tmpdir, "outer"), content, 0600)
+	ioutil.WriteFile(path.Join(tmpdir, "outer"), content, 0600)
 	os.MkdirAll(path.Join(tmpdir, "dir"), 0700)
-	os.WriteFile(path.Join(tmpdir, "dir", ".dotfile"), content, 0600)
-	os.WriteFile(path.Join(tmpdir, "dir", "inner"), content, 0600)
+	ioutil.WriteFile(path.Join(tmpdir, "dir", ".dotfile"), content, 0600)
+	ioutil.WriteFile(path.Join(tmpdir, "dir", "inner"), content, 0600)

 	gzPath, err := TarGzDir(tmpdir)
 	assert.Nil(t, err)
 	assert.Equal(t, filepath.Join(tmpdir, fmt.Sprintf("%s.tar.gz", filepath.Base(tmpdir))), gzPath)

-	extractionDir := t.TempDir()
+	extractionDir, _ := ioutils.TempDir("", "extract")
+	defer os.RemoveAll(extractionDir)
+
 	cmd := exec.Command("tar", "-xzf", gzPath, "-C", extractionDir)
 	err = cmd.Run()
 	if err != nil {
@@ -47,7 +53,7 @@ func Test_shouldCreateArhive(t *testing.T) {
 	wasExtracted := func(p string) {
 		fullpath := path.Join(extractionDir, p)
 		assert.Contains(t, extractedFiles, fullpath)
-		copyContent, _ := os.ReadFile(fullpath)
+		copyContent, _ := ioutil.ReadFile(fullpath)
 		assert.Equal(t, content, copyContent)
 	}

@@ -57,18 +63,22 @@ func Test_shouldCreateArhive(t *testing.T) {
 }

 func Test_shouldCreateArhiveXXXXX(t *testing.T) {
-	tmpdir := t.TempDir()
+	tmpdir, _ := ioutils.TempDir("", "backup")
+	defer os.RemoveAll(tmpdir)
+
 	content := []byte("content")
-	os.WriteFile(path.Join(tmpdir, "outer"), content, 0600)
+	ioutil.WriteFile(path.Join(tmpdir, "outer"), content, 0600)
 	os.MkdirAll(path.Join(tmpdir, "dir"), 0700)
-	os.WriteFile(path.Join(tmpdir, "dir", ".dotfile"), content, 0600)
-	os.WriteFile(path.Join(tmpdir, "dir", "inner"), content, 0600)
+	ioutil.WriteFile(path.Join(tmpdir, "dir", ".dotfile"), content, 0600)
+	ioutil.WriteFile(path.Join(tmpdir, "dir", "inner"), content, 0600)

 	gzPath, err := TarGzDir(tmpdir)
 	assert.Nil(t, err)
 	assert.Equal(t, filepath.Join(tmpdir, fmt.Sprintf("%s.tar.gz", filepath.Base(tmpdir))), gzPath)

-	extractionDir := t.TempDir()
+	extractionDir, _ := ioutils.TempDir("", "extract")
+	defer os.RemoveAll(extractionDir)
+
 	r, _ := os.Open(gzPath)
 	ExtractTarGz(r, extractionDir)
 	if err != nil {
@@ -79,7 +89,7 @@ func Test_shouldCreateArhiveXXXXX(t *testing.T) {
 	wasExtracted := func(p string) {
 		fullpath := path.Join(extractionDir, p)
 		assert.Contains(t, extractedFiles, fullpath)
-		copyContent, _ := os.ReadFile(fullpath)
+		copyContent, _ := ioutil.ReadFile(fullpath)
 		assert.Equal(t, content, copyContent)
 	}

--- a/api/archive/zip.go
+++ b/api/archive/zip.go
@@ -4,12 +4,12 @@ import (
 	"archive/zip"
 	"bytes"
 	"fmt"
+	"github.com/pkg/errors"
 	"io"
+	"io/ioutil"
 	"os"
 	"path/filepath"
 	"strings"
-
-	"github.com/pkg/errors"
 )

 // UnzipArchive will unzip an archive from bytes into the dest destination folder on disk
@@ -36,7 +36,7 @@ func extractFileFromArchive(file *zip.File, dest string) error {
 	}
 	defer f.Close()

-	data, err := io.ReadAll(f)
+	data, err := ioutil.ReadAll(f)
 	if err != nil {
 		return err
 	}
--- a/api/archive/zip_test.go
+++ b/api/archive/zip_test.go
@@ -1,14 +1,17 @@
 package archive

 import (
+	"github.com/stretchr/testify/assert"
+	"io/ioutil"
+	"os"
 	"path/filepath"
 	"testing"
-
-	"github.com/stretchr/testify/assert"
 )

 func TestUnzipFile(t *testing.T) {
-	dir := t.TempDir()
+	dir, err := ioutil.TempDir("", "unzip-test-")
+	assert.NoError(t, err)
+	defer os.RemoveAll(dir)
 	/*
 		Archive structure.
 		├── 0
@@ -18,7 +21,7 @@ func TestUnzipFile(t *testing.T) {
 		└── 0.txt
 	*/

-	err := UnzipFile("./testdata/sample_archive.zip", dir)
+	err = UnzipFile("./testdata/sample_archive.zip", dir)

 	assert.NoError(t, err)
 	archiveDir := dir + "/sample_archive"
--- a/api/backup/backup.go
+++ b/api/backup/backup.go
@@ -7,14 +7,13 @@ import (
 	"path/filepath"
 	"time"

+	"github.com/pkg/errors"
 	"github.com/portainer/portainer/api/archive"
 	"github.com/portainer/portainer/api/crypto"
 	"github.com/portainer/portainer/api/dataservices"
 	"github.com/portainer/portainer/api/filesystem"
 	"github.com/portainer/portainer/api/http/offlinegate"
-
-	"github.com/pkg/errors"
-	"github.com/rs/zerolog/log"
+	"github.com/sirupsen/logrus"
 )

 const rwxr__r__ os.FileMode = 0744
@@ -48,9 +47,9 @@ func CreateBackupArchive(password string, gate *offlinegate.OfflineGate, datasto

 		err := datastore.Export(exportFilename)
 		if err != nil {
-			log.Error().Err(err).Str("filename", exportFilename).Msg("failed to export")
+			logrus.WithError(err).Debugf("failed to export to %s", exportFilename)
 		} else {
-			log.Debug().Str("filename", exportFilename).Msg("file exported")
+			logrus.Debugf("exported to %s", exportFilename)
 		}
 	}

--- a/api/build/variables.go
+++ b/api/build/variables.go
@@ -1,9 +0,0 @@
-package build
-
-// Variables to be set during the build time
-var BuildNumber string
-var ImageTag string
-var NodejsVersion string
-var YarnVersion string
-var WebpackVersion string
-var GoVersion string
--- a/api/chisel/schedules.go
+++ b/api/chisel/schedules.go
@@ -1,13 +1,14 @@
 package chisel

 import (
+	"strconv"
+
 	portainer "github.com/portainer/portainer/api"
 )

 // AddEdgeJob register an EdgeJob inside the tunnel details associated to an environment(endpoint).
 func (service *Service) AddEdgeJob(endpointID portainer.EndpointID, edgeJob *portainer.EdgeJob) {
-	service.mu.Lock()
-	tunnel := service.getTunnelDetails(endpointID)
+	tunnel := service.GetTunnelDetails(endpointID)

 	existingJobIndex := -1
 	for idx, existingJob := range tunnel.Jobs {
@@ -23,25 +24,24 @@ func (service *Service) AddEdgeJob(endpointID portainer.EndpointID, edgeJob *por
 		tunnel.Jobs[existingJobIndex] = *edgeJob
 	}

-	service.mu.Unlock()
+	key := strconv.Itoa(int(endpointID))
+	service.tunnelDetailsMap.Set(key, tunnel)
 }

 // RemoveEdgeJob will remove the specified Edge job from each tunnel it was registered with.
 func (service *Service) RemoveEdgeJob(edgeJobID portainer.EdgeJobID) {
-	service.mu.Lock()
+	for item := range service.tunnelDetailsMap.IterBuffered() {
+		tunnelDetails := item.Val.(*portainer.TunnelDetails)

-	for _, tunnel := range service.tunnelDetailsMap {
-		// Filter in-place
-		n := 0
-		for _, edgeJob := range tunnel.Jobs {
-			if edgeJob.ID != edgeJobID {
-				tunnel.Jobs[n] = edgeJob
-				n++
+		updatedJobs := make([]portainer.EdgeJob, 0)
+		for _, edgeJob := range tunnelDetails.Jobs {
+			if edgeJob.ID == edgeJobID {
+				continue
 			}
+			updatedJobs = append(updatedJobs, edgeJob)
 		}

-		tunnel.Jobs = tunnel.Jobs[:n]
+		tunnelDetails.Jobs = updatedJobs
+		service.tunnelDetailsMap.Set(item.Key, tunnelDetails)
 	}
-
-	service.mu.Unlock()
 }
--- a/api/chisel/service.go
+++ b/api/chisel/service.go
@@ -3,17 +3,17 @@ package chisel
 import (
 	"context"
 	"fmt"
-	"net/http"
-	"sync"
-	"time"
-
-	portainer "github.com/portainer/portainer/api"
-	"github.com/portainer/portainer/api/dataservices"
 	"github.com/portainer/portainer/api/http/proxy"
+	"log"
+	"net/http"
+	"strconv"
+	"time"

 	"github.com/dchest/uniuri"
 	chserver "github.com/jpillora/chisel/server"
-	"github.com/rs/zerolog/log"
+	cmap "github.com/orcaman/concurrent-map"
+	portainer "github.com/portainer/portainer/api"
+	"github.com/portainer/portainer/api/dataservices"
 )

 const (
@@ -28,19 +28,18 @@ const (
 type Service struct {
 	serverFingerprint string
 	serverPort        string
-	tunnelDetailsMap  map[portainer.EndpointID]*portainer.TunnelDetails
+	tunnelDetailsMap  cmap.ConcurrentMap
 	dataStore         dataservices.DataStore
 	snapshotService   portainer.SnapshotService
 	chiselServer      *chserver.Server
 	shutdownCtx       context.Context
 	ProxyManager      *proxy.Manager
-	mu                sync.Mutex
 }

 // NewService returns a pointer to a new instance of Service
 func NewService(dataStore dataservices.DataStore, shutdownCtx context.Context) *Service {
 	return &Service{
-		tunnelDetailsMap: make(map[portainer.EndpointID]*portainer.TunnelDetails),
+		tunnelDetailsMap: cmap.New(),
 		dataStore:        dataStore,
 		shutdownCtx:      shutdownCtx,
 	}
@@ -59,17 +58,17 @@ func (service *Service) pingAgent(endpointID portainer.EndpointID) error {
 		Timeout: 3 * time.Second,
 	}
 	_, err = httpClient.Do(req)
-	return err
+	if err != nil {
+		return err
+	}
+
+	return nil
 }

 // KeepTunnelAlive keeps the tunnel of the given environment for maxAlive duration, or until ctx is done
 func (service *Service) KeepTunnelAlive(endpointID portainer.EndpointID, ctx context.Context, maxAlive time.Duration) {
 	go func() {
-		log.Debug().
-			Int("endpoint_id", int(endpointID)).
-			Float64("max_alive_minutes", maxAlive.Minutes()).
-			Msg("start")
-
+		log.Printf("[DEBUG] [chisel,KeepTunnelAlive] [endpoint_id: %d] [message: start for %.0f minutes]\n", endpointID, maxAlive.Minutes())
 		maxAliveTicker := time.NewTicker(maxAlive)
 		defer maxAliveTicker.Stop()
 		pingTicker := time.NewTicker(tunnelCleanupInterval)
@@ -81,25 +80,14 @@ func (service *Service) KeepTunnelAlive(endpointID portainer.EndpointID, ctx con
 				service.SetTunnelStatusToActive(endpointID)
 				err := service.pingAgent(endpointID)
 				if err != nil {
-					log.Debug().
-						Int("endpoint_id", int(endpointID)).
-						Err(err).
-						Msg("ping agent")
+					log.Printf("[DEBUG] [chisel,KeepTunnelAlive] [endpoint_id: %d] [warning: ping agent err=%s]\n", endpointID, err)
 				}
 			case <-maxAliveTicker.C:
-				log.Debug().
-					Int("endpoint_id", int(endpointID)).
-					Float64("timeout_minutes", maxAlive.Minutes()).
-					Msg("tunnel keep alive timeout")
-
+				log.Printf("[DEBUG] [chisel,KeepTunnelAlive] [endpoint_id: %d] [message: stop as %.0f minutes timeout]\n", endpointID, maxAlive.Minutes())
 				return
 			case <-ctx.Done():
 				err := ctx.Err()
-				log.Debug().
-					Int("endpoint_id", int(endpointID)).
-					Err(err).
-					Msg("tunnel stop")
-
+				log.Printf("[DEBUG] [chisel,KeepTunnelAlive] [endpoint_id: %d] [message: stop as err=%s]\n", endpointID, err)
 				return
 			}
 		}
@@ -178,10 +166,7 @@ func (service *Service) retrievePrivateKeySeed() (string, error) {
 }

 func (service *Service) startTunnelVerificationLoop() {
-	log.Debug().
-		Float64("check_interval_seconds", tunnelCleanupInterval.Seconds()).
-		Msg("starting tunnel management process")
-
+	log.Printf("[DEBUG] [chisel, monitoring] [check_interval_seconds: %f] [message: starting tunnel management process]", tunnelCleanupInterval.Seconds())
 	ticker := time.NewTicker(tunnelCleanupInterval)

 	for {
@@ -189,12 +174,10 @@ func (service *Service) startTunnelVerificationLoop() {
 		case <-ticker.C:
 			service.checkTunnels()
 		case <-service.shutdownCtx.Done():
-			log.Debug().Msg("shutting down tunnel service")
-
+			log.Println("[DEBUG] Shutting down tunnel service")
 			if err := service.StopTunnelServer(); err != nil {
-				log.Debug().Err(err).Msg("stopped tunnel service")
+				log.Printf("Stopped tunnel service: %s", err)
 			}
-
 			ticker.Stop()
 			return
 		}
@@ -202,54 +185,42 @@ func (service *Service) startTunnelVerificationLoop() {
 }

 func (service *Service) checkTunnels() {
-	tunnels := make(map[portainer.EndpointID]portainer.TunnelDetails)
+	for item := range service.tunnelDetailsMap.IterBuffered() {
+		tunnel := item.Val.(*portainer.TunnelDetails)

-	service.mu.Lock()
-	for key, tunnel := range service.tunnelDetailsMap {
-		tunnels[key] = *tunnel
-	}
-	service.mu.Unlock()
-
-	for endpointID, tunnel := range tunnels {
 		if tunnel.LastActivity.IsZero() || tunnel.Status == portainer.EdgeAgentIdle {
 			continue
 		}

 		elapsed := time.Since(tunnel.LastActivity)
-		log.Debug().
-			Int("endpoint_id", int(endpointID)).
-			Str("status", tunnel.Status).
-			Float64("status_time_seconds", elapsed.Seconds()).
-			Msg("environment tunnel monitoring")
+		log.Printf("[DEBUG] [chisel,monitoring] [endpoint_id: %s] [status: %s] [status_time_seconds: %f] [message: environment tunnel monitoring]", item.Key, tunnel.Status, elapsed.Seconds())

 		if tunnel.Status == portainer.EdgeAgentManagementRequired && elapsed.Seconds() < requiredTimeout.Seconds() {
 			continue
 		} else if tunnel.Status == portainer.EdgeAgentManagementRequired && elapsed.Seconds() > requiredTimeout.Seconds() {
-			log.Debug().
-				Int("endpoint_id", int(endpointID)).
-				Str("status", tunnel.Status).
-				Float64("status_time_seconds", elapsed.Seconds()).
-				Float64("timeout_seconds", requiredTimeout.Seconds()).
-				Msg("REQUIRED state timeout exceeded")
+			log.Printf("[DEBUG] [chisel,monitoring] [endpoint_id: %s] [status: %s] [status_time_seconds: %f] [timeout_seconds: %f] [message: REQUIRED state timeout exceeded]", item.Key, tunnel.Status, elapsed.Seconds(), requiredTimeout.Seconds())
 		}

 		if tunnel.Status == portainer.EdgeAgentActive && elapsed.Seconds() < activeTimeout.Seconds() {
 			continue
 		} else if tunnel.Status == portainer.EdgeAgentActive && elapsed.Seconds() > activeTimeout.Seconds() {
-			log.Debug().
-				Int("endpoint_id", int(endpointID)).
-				Str("status", tunnel.Status).
-				Float64("status_time_seconds", elapsed.Seconds()).
-				Float64("timeout_seconds", activeTimeout.Seconds()).
-				Msg("ACTIVE state timeout exceeded")
+			log.Printf("[DEBUG] [chisel,monitoring] [endpoint_id: %s] [status: %s] [status_time_seconds: %f] [timeout_seconds: %f] [message: ACTIVE state timeout exceeded]", item.Key, tunnel.Status, elapsed.Seconds(), activeTimeout.Seconds())

-			err := service.snapshotEnvironment(endpointID, tunnel.Port)
+			endpointID, err := strconv.Atoi(item.Key)
 			if err != nil {
-				log.Error().
-					Int("endpoint_id", int(endpointID)).
-					Err(err).
-					Msg("unable to snapshot Edge environment")
+				log.Printf("[ERROR] [chisel,snapshot,conversion] Invalid environment identifier (id: %s): %s", item.Key, err)
 			}
+
+			err = service.snapshotEnvironment(portainer.EndpointID(endpointID), tunnel.Port)
+			if err != nil {
+				log.Printf("[ERROR] [snapshot] Unable to snapshot Edge environment (id: %s): %s", item.Key, err)
+			}
+		}
+
+		endpointID, err := strconv.Atoi(item.Key)
+		if err != nil {
+			log.Printf("[ERROR] [chisel,conversion] Invalid environment identifier (id: %s): %s", item.Key, err)
+			continue
 		}

 		service.SetTunnelStatusToIdle(portainer.EndpointID(endpointID))
--- a/api/chisel/tunnel.go
+++ b/api/chisel/tunnel.go
@@ -4,11 +4,13 @@ import (
 	"encoding/base64"
 	"fmt"
 	"math/rand"
+	"strconv"
 	"strings"
 	"time"

-	"github.com/dchest/uniuri"
 	"github.com/portainer/libcrypto"
+
+	"github.com/dchest/uniuri"
 	portainer "github.com/portainer/portainer/api"
 )

@@ -17,13 +19,13 @@ const (
 	maxAvailablePort = 65535
 )

-// NOTE: it needs to be called with the lock acquired
 // getUnusedPort is used to generate an unused random port in the dynamic port range.
 // Dynamic ports (also called private ports) are 49152 to 65535.
 func (service *Service) getUnusedPort() int {
 	port := randomInt(minAvailablePort, maxAvailablePort)

-	for _, tunnel := range service.tunnelDetailsMap {
+	for item := range service.tunnelDetailsMap.IterBuffered() {
+		tunnel := item.Val.(*portainer.TunnelDetails)
 		if tunnel.Port == port {
 			return service.getUnusedPort()
 		}
@@ -36,32 +38,26 @@ func randomInt(min, max int) int {
 	return min + rand.Intn(max-min)
 }

-// NOTE: it needs to be called with the lock acquired
-func (service *Service) getTunnelDetails(endpointID portainer.EndpointID) *portainer.TunnelDetails {
-
-	if tunnel, ok := service.tunnelDetailsMap[endpointID]; ok {
-		return tunnel
-	}
-
-	tunnel := &portainer.TunnelDetails{
-		Status: portainer.EdgeAgentIdle,
-	}
-
-	service.tunnelDetailsMap[endpointID] = tunnel
-
-	return tunnel
-}
-
 // GetTunnelDetails returns information about the tunnel associated to an environment(endpoint).
-func (service *Service) GetTunnelDetails(endpointID portainer.EndpointID) portainer.TunnelDetails {
-	service.mu.Lock()
-	defer service.mu.Unlock()
+func (service *Service) GetTunnelDetails(endpointID portainer.EndpointID) *portainer.TunnelDetails {
+	key := strconv.Itoa(int(endpointID))

-	return *service.getTunnelDetails(endpointID)
+	if item, ok := service.tunnelDetailsMap.Get(key); ok {
+		tunnelDetails := item.(*portainer.TunnelDetails)
+		return tunnelDetails
+	}
+
+	jobs := make([]portainer.EdgeJob, 0)
+	return &portainer.TunnelDetails{
+		Status:      portainer.EdgeAgentIdle,
+		Port:        0,
+		Jobs:        jobs,
+		Credentials: "",
+	}
 }

 // GetActiveTunnel retrieves an active tunnel which allows communicating with edge agent
-func (service *Service) GetActiveTunnel(endpoint *portainer.Endpoint) (portainer.TunnelDetails, error) {
+func (service *Service) GetActiveTunnel(endpoint *portainer.Endpoint) (*portainer.TunnelDetails, error) {
 	tunnel := service.GetTunnelDetails(endpoint.ID)

 	if tunnel.Status == portainer.EdgeAgentActive {
@@ -72,13 +68,13 @@ func (service *Service) GetActiveTunnel(endpoint *portainer.Endpoint) (portainer
 	if tunnel.Status == portainer.EdgeAgentIdle || tunnel.Status == portainer.EdgeAgentManagementRequired {
 		err := service.SetTunnelStatusToRequired(endpoint.ID)
 		if err != nil {
-			return portainer.TunnelDetails{}, fmt.Errorf("failed opening tunnel to endpoint: %w", err)
+			return nil, fmt.Errorf("failed opening tunnel to endpoint: %w", err)
 		}

 		if endpoint.EdgeCheckinInterval == 0 {
 			settings, err := service.dataStore.Settings().Settings()
 			if err != nil {
-				return portainer.TunnelDetails{}, fmt.Errorf("failed fetching settings from db: %w", err)
+				return nil, fmt.Errorf("failed fetching settings from db: %w", err)
 			}

 			endpoint.EdgeCheckinInterval = settings.EdgeAgentCheckinInterval
@@ -87,27 +83,29 @@ func (service *Service) GetActiveTunnel(endpoint *portainer.Endpoint) (portainer
 		time.Sleep(2 * time.Duration(endpoint.EdgeCheckinInterval) * time.Second)
 	}

-	return service.GetTunnelDetails(endpoint.ID), nil
+	tunnel = service.GetTunnelDetails(endpoint.ID)
+
+	return tunnel, nil
 }

 // SetTunnelStatusToActive update the status of the tunnel associated to the specified environment(endpoint).
 // It sets the status to ACTIVE.
 func (service *Service) SetTunnelStatusToActive(endpointID portainer.EndpointID) {
-	service.mu.Lock()
-	tunnel := service.getTunnelDetails(endpointID)
+	tunnel := service.GetTunnelDetails(endpointID)
 	tunnel.Status = portainer.EdgeAgentActive
 	tunnel.Credentials = ""
 	tunnel.LastActivity = time.Now()
-	service.mu.Unlock()
+
+	key := strconv.Itoa(int(endpointID))
+	service.tunnelDetailsMap.Set(key, tunnel)
 }

 // SetTunnelStatusToIdle update the status of the tunnel associated to the specified environment(endpoint).
 // It sets the status to IDLE.
 // It removes any existing credentials associated to the tunnel.
 func (service *Service) SetTunnelStatusToIdle(endpointID portainer.EndpointID) {
-	service.mu.Lock()
+	tunnel := service.GetTunnelDetails(endpointID)

-	tunnel := service.getTunnelDetails(endpointID)
 	tunnel.Status = portainer.EdgeAgentIdle
 	tunnel.Port = 0
 	tunnel.LastActivity = time.Now()
@@ -118,9 +116,10 @@ func (service *Service) SetTunnelStatusToIdle(endpointID portainer.EndpointID) {
 		service.chiselServer.DeleteUser(strings.Split(credentials, ":")[0])
 	}

-	service.ProxyManager.DeleteEndpointProxy(endpointID)
+	key := strconv.Itoa(int(endpointID))
+	service.tunnelDetailsMap.Set(key, tunnel)

-	service.mu.Unlock()
+	service.ProxyManager.DeleteEndpointProxy(endpointID)
 }

 // SetTunnelStatusToRequired update the status of the tunnel associated to the specified environment(endpoint).
@@ -129,10 +128,7 @@ func (service *Service) SetTunnelStatusToIdle(endpointID portainer.EndpointID) {
 // and generate temporary credentials that can be used to establish a reverse tunnel on that port.
 // Credentials are encrypted using the Edge ID associated to the environment(endpoint).
 func (service *Service) SetTunnelStatusToRequired(endpointID portainer.EndpointID) error {
-	tunnel := service.getTunnelDetails(endpointID)
-
-	service.mu.Lock()
-	defer service.mu.Unlock()
+	tunnel := service.GetTunnelDetails(endpointID)

 	if tunnel.Port == 0 {
 		endpoint, err := service.dataStore.Endpoint().Endpoint(endpointID)
@@ -156,6 +152,9 @@ func (service *Service) SetTunnelStatusToRequired(endpointID portainer.EndpointI
 			return err
 		}
 		tunnel.Credentials = credentials
+
+		key := strconv.Itoa(int(endpointID))
+		service.tunnelDetailsMap.Set(key, tunnel)
 	}

 	return nil
--- a/api/cli/cli.go
+++ b/api/cli/cli.go
@@ -2,14 +2,15 @@ package cli

 import (
 	"errors"
-	"os"
-	"path/filepath"
-	"strings"
+	"log"
 	"time"

 	portainer "github.com/portainer/portainer/api"

-	"github.com/rs/zerolog/log"
+	"os"
+	"path/filepath"
+	"strings"
+
 	"gopkg.in/alecthomas/kingpin.v2"
 )

@@ -34,7 +35,6 @@ func (*Service) ParseFlags(version string) (*portainer.CLIFlags, error) {
 		TunnelPort:                kingpin.Flag("tunnel-port", "Port to serve the tunnel server").Default(defaultTunnelServerPort).String(),
 		Assets:                    kingpin.Flag("assets", "Path to the assets").Default(defaultAssetsDirectory).Short('a').String(),
 		Data:                      kingpin.Flag("data", "Path to the folder where the data is stored").Default(defaultDataDirectory).Short('d').String(),
-		DemoEnvironment:           kingpin.Flag("demo", "Demo environment").Bool(),
 		EndpointURL:               kingpin.Flag("host", "Environment URL").Short('H').String(),
 		FeatureFlags:              BoolPairs(kingpin.Flag("feat", "List of feature flags").Hidden()),
 		EnableEdgeComputeFeatures: kingpin.Flag("edge-compute", "Enable Edge Compute features").Bool(),
@@ -51,7 +51,7 @@ func (*Service) ParseFlags(version string) (*portainer.CLIFlags, error) {
 		SSLKey:                    kingpin.Flag("sslkey", "Path to the SSL key used to secure the Portainer instance").String(),
 		Rollback:                  kingpin.Flag("rollback", "Rollback the database store to the previous version").Bool(),
 		SnapshotInterval:          kingpin.Flag("snapshot-interval", "Duration between each environment snapshot job").String(),
-		AdminPassword:             kingpin.Flag("admin-password", "Set admin password with provided hash").String(),
+		AdminPassword:             kingpin.Flag("admin-password", "Hashed admin password").String(),
 		AdminPasswordFile:         kingpin.Flag("admin-password-file", "Path to the file containing the password for the admin user").String(),
 		Labels:                    pairs(kingpin.Flag("hide-label", "Hide containers with a specific label in the UI").Short('l')),
 		Logo:                      kingpin.Flag("logo", "URL for the logo displayed in the UI").String(),
@@ -61,8 +61,6 @@ func (*Service) ParseFlags(version string) (*portainer.CLIFlags, error) {
 		MaxBatchSize:              kingpin.Flag("max-batch-size", "Maximum size of a batch").Int(),
 		MaxBatchDelay:             kingpin.Flag("max-batch-delay", "Maximum delay before a batch starts").Duration(),
 		SecretKeyName:             kingpin.Flag("secret-key-name", "Secret key name for encryption and will be used as /run/secrets/<secret-key-name>.").Default(defaultSecretKeyName).String(),
-		LogLevel:                  kingpin.Flag("log-level", "Set the minimum logging level to show").Default("INFO").Enum("DEBUG", "INFO", "WARN", "ERROR"),
-		LogMode:                   kingpin.Flag("log-mode", "Set the logging output mode").Default("PRETTY").Enum("PRETTY", "JSON"),
 	}

 	kingpin.Parse()
@@ -102,11 +100,11 @@ func (*Service) ValidateFlags(flags *portainer.CLIFlags) error {

 func displayDeprecationWarnings(flags *portainer.CLIFlags) {
 	if *flags.NoAnalytics {
-		log.Warn().Msg("the --no-analytics flag has been kept to allow migration of instances running a previous version of Portainer with this flag enabled, to version 2.0 where enabling this flag will have no effect")
+		log.Println("Warning: The --no-analytics flag has been kept to allow migration of instances running a previous version of Portainer with this flag enabled, to version 2.0 where enabling this flag will have no effect.")
 	}

 	if *flags.SSL {
-		log.Warn().Msg("SSL is enabled by default and there is no need for the --ssl flag, it has been kept to allow migration of instances running a previous version of Portainer with this flag enabled")
+		log.Println("Warning: SSL is enabled by default and there is no need for the --ssl flag. It has been kept to allow migration of instances running a previous version of Portainer with this flag enabled")
 	}
 }

--- a/api/cli/defaults.go
+++ b/api/cli/defaults.go
@@ -18,6 +18,8 @@ const (
 	defaultHTTPDisabled        = "false"
 	defaultHTTPEnabled         = "false"
 	defaultSSL                 = "false"
+	defaultSSLCertPath         = "/certs/portainer.crt"
+	defaultSSLKeyPath          = "/certs/portainer.key"
 	defaultBaseURL             = "/"
 	defaultSecretKeyName       = "portainer"
 )
--- a/api/cli/defaults_windows.go
+++ b/api/cli/defaults_windows.go
@@ -15,6 +15,8 @@ const (
 	defaultHTTPDisabled        = "false"
 	defaultHTTPEnabled         = "false"
 	defaultSSL                 = "false"
+	defaultSSLCertPath         = "C:\\certs\\portainer.crt"
+	defaultSSLKeyPath          = "C:\\certs\\portainer.key"
 	defaultSnapshotInterval    = "5m"
 	defaultBaseURL             = "/"
 	defaultSecretKeyName       = "portainer"
--- a/api/cli/pairlistbool.go
+++ b/api/cli/pairlistbool.go
@@ -1,10 +1,10 @@
 package cli

 import (
-	"strings"
-
 	portainer "github.com/portainer/portainer/api"

+	"strings"
+
 	"gopkg.in/alecthomas/kingpin.v2"
 )

--- a/api/cmd/portainer/import.go
+++ b/api/cmd/portainer/import.go
@@ -0,0 +1,29 @@
+package main
+
+import (
+	"log"
+
+	portainer "github.com/portainer/portainer/api"
+	"github.com/portainer/portainer/api/datastore"
+	"github.com/sirupsen/logrus"
+)
+
+func importFromJson(fileService portainer.FileService, store *datastore.Store) {
+	// EXPERIMENTAL - if used with an incomplete json file, it will fail, as we don't have a way to default the model values
+	importFile := "/data/import.json"
+	if exists, _ := fileService.FileExists(importFile); exists {
+		if err := store.Import(importFile); err != nil {
+			logrus.WithError(err).Debugf("Import %s failed", importFile)
+
+			// TODO: should really rollback on failure, but then we have nothing.
+		} else {
+			logrus.Printf("Successfully imported %s to new portainer database", importFile)
+		}
+		// TODO: this is bad - its to ensure that any defaults that were broken in import, or migrations get set back to what we want
+		// I also suspect that everything from "Init to Init" is potentially a migration
+		err := store.Init()
+		if err != nil {
+			log.Fatalf("Failed initializing data store: %v", err)
+		}
+	}
+}
--- a/api/cmd/portainer/log.go
+++ b/api/cmd/portainer/log.go
@@ -2,54 +2,41 @@ package main

 import (
 	"fmt"
-	stdlog "log"
-	"os"
+	"log"
+	"strings"

-	"github.com/rs/zerolog"
-	"github.com/rs/zerolog/log"
-	"github.com/rs/zerolog/pkgerrors"
+	"github.com/sirupsen/logrus"
 )

+type portainerFormatter struct {
+	logrus.TextFormatter
+}
+
+func (f *portainerFormatter) Format(entry *logrus.Entry) ([]byte, error) {
+	var levelColor int
+	switch entry.Level {
+	case logrus.DebugLevel, logrus.TraceLevel:
+		levelColor = 31 // gray
+	case logrus.WarnLevel:
+		levelColor = 33 // yellow
+	case logrus.ErrorLevel, logrus.FatalLevel, logrus.PanicLevel:
+		levelColor = 31 // red
+	default:
+		levelColor = 36 // blue
+	}
+	return []byte(fmt.Sprintf("\x1b[%dm%s\x1b[0m %s %s\n", levelColor, strings.ToUpper(entry.Level.String()), entry.Time.Format(f.TimestampFormat), entry.Message)), nil
+}
+
 func configureLogger() {
-	zerolog.ErrorStackFieldName = "stack_trace"
-	zerolog.ErrorStackMarshaler = pkgerrors.MarshalStack
-	zerolog.TimeFieldFormat = zerolog.TimeFormatUnix
+	logger := logrus.New() // logger is to implicitly substitute stdlib's log
+	log.SetOutput(logger.Writer())

-	stdlog.SetFlags(0)
-	stdlog.SetOutput(log.Logger)
+	formatter := &logrus.TextFormatter{DisableTimestamp: true, DisableLevelTruncation: true}
+	formatterLogrus := &portainerFormatter{logrus.TextFormatter{DisableTimestamp: false, DisableLevelTruncation: true, TimestampFormat: "2006/01/02 15:04:05", FullTimestamp: true}}

-	log.Logger = log.Logger.With().Caller().Stack().Logger()
-}
-
-func setLoggingLevel(level string) {
-	switch level {
-	case "ERROR":
-		zerolog.SetGlobalLevel(zerolog.ErrorLevel)
-	case "WARN":
-		zerolog.SetGlobalLevel(zerolog.WarnLevel)
-	case "INFO":
-		zerolog.SetGlobalLevel(zerolog.InfoLevel)
-	case "DEBUG":
-		zerolog.SetGlobalLevel(zerolog.DebugLevel)
-	}
-}
-
-func setLoggingMode(mode string) {
-	switch mode {
-	case "PRETTY":
-		log.Logger = log.Output(zerolog.ConsoleWriter{
-			Out:           os.Stderr,
-			NoColor:       true,
-			TimeFormat:    "2006/01/02 03:04PM",
-			FormatMessage: formatMessage})
-	case "JSON":
-		log.Logger = log.Output(os.Stderr)
-	}
-}
-
-func formatMessage(i interface{}) string {
-	if i == nil {
-		return ""
-	}
-	return fmt.Sprintf("%s |", i)
+	logger.SetFormatter(formatter)
+	logrus.SetFormatter(formatterLogrus)
+
+	logger.SetLevel(logrus.DebugLevel)
+	logrus.SetLevel(logrus.DebugLevel)
 }
--- a/api/cmd/portainer/main.go
+++ b/api/cmd/portainer/main.go
@@ -4,16 +4,18 @@ import (
 	"context"
 	"crypto/sha256"
 	"fmt"
+	"log"
 	"os"
 	"path"
 	"strconv"
 	"strings"
 	"time"

+	"github.com/sirupsen/logrus"
+
 	"github.com/portainer/libhelm"
 	portainer "github.com/portainer/portainer/api"
 	"github.com/portainer/portainer/api/apikey"
-	"github.com/portainer/portainer/api/build"
 	"github.com/portainer/portainer/api/chisel"
 	"github.com/portainer/portainer/api/cli"
 	"github.com/portainer/portainer/api/crypto"
@@ -21,7 +23,7 @@ import (
 	"github.com/portainer/portainer/api/database/boltdb"
 	"github.com/portainer/portainer/api/dataservices"
 	"github.com/portainer/portainer/api/datastore"
-	"github.com/portainer/portainer/api/demo"
+	"github.com/portainer/portainer/api/datastore/migrations"
 	"github.com/portainer/portainer/api/docker"
 	"github.com/portainer/portainer/api/exec"
 	"github.com/portainer/portainer/api/filesystem"
@@ -41,39 +43,35 @@ import (
 	"github.com/portainer/portainer/api/ldap"
 	"github.com/portainer/portainer/api/oauth"
 	"github.com/portainer/portainer/api/scheduler"
-	"github.com/portainer/portainer/api/stacks/deployments"
-
-	"github.com/rs/zerolog/log"
+	"github.com/portainer/portainer/api/stacks"
 )

 func initCLI() *portainer.CLIFlags {
 	var cliService portainer.CLIService = &cli.Service{}
 	flags, err := cliService.ParseFlags(portainer.APIVersion)
 	if err != nil {
-		log.Fatal().Err(err).Msg("failed parsing flags")
+		logrus.Fatalf("Failed parsing flags: %v", err)
 	}

 	err = cliService.ValidateFlags(flags)
 	if err != nil {
-		log.Fatal().Err(err).Msg("failed validating flags")
+		logrus.Fatalf("Failed validating flags:%v", err)
 	}
-
 	return flags
 }

 func initFileService(dataStorePath string) portainer.FileService {
 	fileService, err := filesystem.NewService(dataStorePath, "")
 	if err != nil {
-		log.Fatal().Err(err).Msg("failed creating file service")
+		logrus.Fatalf("Failed creating file service: %v", err)
 	}
-
 	return fileService
 }

 func initDataStore(flags *portainer.CLIFlags, secretKey []byte, fileService portainer.FileService, shutdownCtx context.Context) dataservices.DataStore {
 	connection, err := database.NewDatabase("boltdb", *flags.Data, secretKey)
 	if err != nil {
-		log.Fatal().Err(err).Msg("failed creating database connection")
+		logrus.Fatalf("failed creating database connection: %s", err)
 	}

 	if bconn, ok := connection.(*boltdb.DbConnection); ok {
@@ -81,31 +79,30 @@ func initDataStore(flags *portainer.CLIFlags, secretKey []byte, fileService port
 		bconn.MaxBatchDelay = *flags.MaxBatchDelay
 		bconn.InitialMmapSize = *flags.InitialMmapSize
 	} else {
-		log.Fatal().Msg("failed creating database connection: expecting a boltdb database type but a different one was received")
+		logrus.Fatalf("failed creating database connection: expecting a boltdb database type but a different one was received")
 	}

 	store := datastore.NewStore(*flags.Data, fileService, connection)
 	isNew, err := store.Open()
 	if err != nil {
-		log.Fatal().Err(err).Msg("failed opening store")
+		logrus.Fatalf("Failed opening store: %v", err)
 	}

 	if *flags.Rollback {
 		err := store.Rollback(false)
 		if err != nil {
-			log.Fatal().Err(err).Msg("failed rolling back")
+			logrus.Fatalf("Failed rolling back: %v", err)
 		}

-		log.Info().Msg("exiting rollback")
+		logrus.Println("Exiting rollback")
 		os.Exit(0)
-
 		return nil
 	}

 	// Init sets some defaults - it's basically a migration
 	err = store.Init()
 	if err != nil {
-		log.Fatal().Err(err).Msg("failed initializing data store")
+		logrus.Fatalf("Failed initializing data store: %v", err)
 	}

 	if isNew {
@@ -114,25 +111,31 @@ func initDataStore(flags *portainer.CLIFlags, secretKey []byte, fileService port

 		err := updateSettingsFromFlags(store, flags)
 		if err != nil {
-			log.Fatal().Err(err).Msg("failed updating settings from flags")
+			logrus.Fatalf("Failed updating settings from flags: %v", err)
 		}
 	} else {
 		storedVersion, err := store.VersionService.DBVersion()
 		if err != nil {
-			log.Fatal().Err(err).Msg("failure during creation of new database")
+			logrus.Fatalf("Something Failed during creation of new database: %v", err)
 		}
-
 		if storedVersion != portainer.DBVersion {
-			err = store.MigrateData()
+			m := migrations.NewMigrator(*store)
+			err = m.Migrate(storedVersion)
 			if err != nil {
-				log.Fatal().Err(err).Msg("failed migration")
+				logrus.Fatalf("Failed migration: %v", err)
 			}
 		}
 	}

+	m := migrations.NewMigrator(*store)
+
+	m.Migrate(18)
+
+	logrus.Fatal("Dieing.....")
+
 	err = updateSettingsFromFlags(store, flags)
 	if err != nil {
-		log.Fatal().Err(err).Msg("failed updating settings from flags")
+		log.Fatalf("Failed updating settings from flags: %v", err)
 	}

 	// this is for the db restore functionality - needs more tests.
@@ -144,19 +147,19 @@ func initDataStore(flags *portainer.CLIFlags, secretKey []byte, fileService port

 		err := store.Export(exportFilename)
 		if err != nil {
-			log.Error().Str("filename", exportFilename).Err(err).Msg("failed to export")
+			logrus.WithError(err).Debugf("Failed to export to %s", exportFilename)
 		} else {
-			log.Debug().Str("filename", exportFilename).Msg("exported")
+			logrus.Debugf("exported to %s", exportFilename)
 		}
+		connection.Close()
 	}()
-
 	return store
 }

 func initComposeStackManager(assetsPath string, configPath string, reverseTunnelService portainer.ReverseTunnelService, proxyManager *proxy.Manager) portainer.ComposeStackManager {
 	composeWrapper, err := exec.NewComposeStackManager(assetsPath, configPath, proxyManager)
 	if err != nil {
-		log.Fatal().Err(err).Msg("failed creating compose manager")
+		logrus.Fatalf("Failed creating compose manager: %v", err)
 	}

 	return composeWrapper
@@ -186,15 +189,10 @@ func initAPIKeyService(datastore dataservices.DataStore) apikey.APIKeyService {
 }

 func initJWTService(userSessionTimeout string, dataStore dataservices.DataStore) (dataservices.JWTService, error) {
-	if userSessionTimeout == "" {
-		userSessionTimeout = portainer.DefaultUserSessionTimeout
-	}
-
 	jwtService, err := jwt.NewService(userSessionTimeout, dataStore)
 	if err != nil {
 		return nil, err
 	}
-
 	return jwtService, nil
 }

@@ -214,11 +212,11 @@ func initOAuthService() portainer.OAuthService {
 	return oauth.NewService()
 }

-func initGitService(ctx context.Context) portainer.GitService {
-	return git.NewService(ctx)
+func initGitService() portainer.GitService {
+	return git.NewService()
 }

-func initSSLService(addr, certPath, keyPath string, fileService portainer.FileService, dataStore dataservices.DataStore, shutdownTrigger context.CancelFunc) (*ssl.Service, error) {
+func initSSLService(addr, dataPath, certPath, keyPath string, fileService portainer.FileService, dataStore dataservices.DataStore, shutdownTrigger context.CancelFunc) (*ssl.Service, error) {
 	slices := strings.Split(addr, ":")
 	host := slices[0]
 	if host == "" {
@@ -239,17 +237,11 @@ func initDockerClientFactory(signatureService portainer.DigitalSignatureService,
 	return docker.NewClientFactory(signatureService, reverseTunnelService)
 }

-func initKubernetesClientFactory(signatureService portainer.DigitalSignatureService, reverseTunnelService portainer.ReverseTunnelService, dataStore dataservices.DataStore, instanceID, addrHTTPS, userSessionTimeout string) (*kubecli.ClientFactory, error) {
-	return kubecli.NewClientFactory(signatureService, reverseTunnelService, dataStore, instanceID, addrHTTPS, userSessionTimeout)
+func initKubernetesClientFactory(signatureService portainer.DigitalSignatureService, reverseTunnelService portainer.ReverseTunnelService, instanceID string, dataStore dataservices.DataStore) *kubecli.ClientFactory {
+	return kubecli.NewClientFactory(signatureService, reverseTunnelService, instanceID, dataStore)
 }

-func initSnapshotService(
-	snapshotIntervalFromFlag string,
-	dataStore dataservices.DataStore,
-	dockerClientFactory *docker.ClientFactory,
-	kubernetesClientFactory *kubecli.ClientFactory,
-	shutdownCtx context.Context,
-) (portainer.SnapshotService, error) {
+func initSnapshotService(snapshotIntervalFromFlag string, dataStore dataservices.DataStore, dockerClientFactory *docker.ClientFactory, kubernetesClientFactory *kubecli.ClientFactory, shutdownCtx context.Context) (portainer.SnapshotService, error) {
 	dockerSnapshotter := docker.NewSnapshotter(dockerClientFactory)
 	kubernetesSnapshotter := kubernetes.NewSnapshotter(kubernetesClientFactory)

@@ -294,12 +286,6 @@ func updateSettingsFromFlags(dataStore dataservices.DataStore, flags *portainer.
 		settings.BlackListedLabels = *flags.Labels
 	}

-	if agentKey, ok := os.LookupEnv("AGENT_SECRET"); ok {
-		settings.AgentSecret = agentKey
-	} else {
-		settings.AgentSecret = ""
-	}
-
 	err = dataStore.Settings().UpdateSettings(settings)
 	if err != nil {
 		return err
@@ -316,7 +302,12 @@ func updateSettingsFromFlags(dataStore dataservices.DataStore, flags *portainer.
 		sslSettings.HTTPEnabled = true
 	}

-	return dataStore.SSLSettings().UpdateSettings(sslSettings)
+	err = dataStore.SSLSettings().UpdateSettings(sslSettings)
+	if err != nil {
+		return err
+	}
+
+	return nil
 }

 // enableFeaturesFromFlags turns on or off feature flags
@@ -350,7 +341,11 @@ func enableFeaturesFromFlags(dataStore dataservices.DataStore, flags *portainer.
 			return fmt.Errorf("feature flag's '%s' value should be true or false", feat.Name)
 		}

-		log.Info().Str("feature", string(*correspondingFeature)).Bool("state", featureState).Msg("")
+		if featureState {
+			logrus.Printf("Feature %v : on", *correspondingFeature)
+		} else {
+			logrus.Printf("Feature %v : off", *correspondingFeature)
+		}

 		settings.FeatureFlagSettings[*correspondingFeature] = featureState
 	}
@@ -378,7 +373,7 @@ func generateAndStoreKeyPair(fileService portainer.FileService, signatureService
 func initKeyPair(fileService portainer.FileService, signatureService portainer.DigitalSignatureService) error {
 	existingKeyPair, err := fileService.KeyPairFilesExist()
 	if err != nil {
-		log.Fatal().Err(err).Msg("failed checking for existing key pair")
+		logrus.Fatalf("Failed checking for existing key pair: %v", err)
 	}

 	if existingKeyPair {
@@ -448,11 +443,7 @@ func createTLSSecuredEndpoint(flags *portainer.CLIFlags, dataStore dataservices.

 	err := snapshotService.SnapshotEndpoint(endpoint)
 	if err != nil {
-		log.Error().
-			Str("endpoint", endpoint.Name).
-			Str("URL", endpoint.URL).
-			Err(err).
-			Msg("environment snapshot error")
+		logrus.Printf("http error: environment snapshot error (environment=%s, URL=%s) (err=%s)\n", endpoint.Name, endpoint.URL, err)
 	}

 	return dataStore.Endpoint().Create(endpoint)
@@ -497,10 +488,7 @@ func createUnsecuredEndpoint(endpointURL string, dataStore dataservices.DataStor

 	err := snapshotService.SnapshotEndpoint(endpoint)
 	if err != nil {
-		log.Error().
-			Str("endpoint", endpoint.Name).
-			Str("URL", endpoint.URL).Err(err).
-			Msg("environment snapshot error")
+		logrus.Printf("http error: environment snapshot error (environment=%s, URL=%s) (err=%s)\n", endpoint.Name, endpoint.URL, err)
 	}

 	return dataStore.Endpoint().Create(endpoint)
@@ -517,8 +505,7 @@ func initEndpoint(flags *portainer.CLIFlags, dataStore dataservices.DataStore, s
 	}

 	if len(endpoints) > 0 {
-		log.Info().Msg("instance already has defined environments, skipping the environment defined via CLI")
-
+		logrus.Println("Instance already has defined environments. Skipping the environment defined via CLI.")
 		return nil
 	}

@@ -532,9 +519,9 @@ func loadEncryptionSecretKey(keyfilename string) []byte {
 	content, err := os.ReadFile(path.Join("/run/secrets", keyfilename))
 	if err != nil {
 		if os.IsNotExist(err) {
-			log.Info().Str("filename", keyfilename).Msg("encryption key file not present")
+			logrus.Printf("Encryption key file `%s` not present", keyfilename)
 		} else {
-			log.Info().Err(err).Msg("error reading encryption key file")
+			logrus.Printf("Error reading encryption key file: %v", err)
 		}

 		return nil
@@ -551,72 +538,67 @@ func buildServer(flags *portainer.CLIFlags) portainer.Server {
 	fileService := initFileService(*flags.Data)
 	encryptionKey := loadEncryptionSecretKey(*flags.SecretKeyName)
 	if encryptionKey == nil {
-		log.Info().Msg("proceeding without encryption key")
+		logrus.Println("Proceeding without encryption key")
 	}

 	dataStore := initDataStore(flags, encryptionKey, fileService, shutdownCtx)

 	if err := dataStore.CheckCurrentEdition(); err != nil {
-		log.Fatal().Err(err).Msg("")
+		logrus.Fatal(err)
 	}
-
 	instanceID, err := dataStore.Version().InstanceID()
 	if err != nil {
-		log.Fatal().Err(err).Msg("failed getting instance id")
+		logrus.Fatalf("Failed getting instance id: %v", err)
 	}

 	apiKeyService := initAPIKeyService(dataStore)

 	settings, err := dataStore.Settings().Settings()
 	if err != nil {
-		log.Fatal().Err(err).Msg("")
+		logrus.Fatal(err)
 	}
-
 	jwtService, err := initJWTService(settings.UserSessionTimeout, dataStore)
 	if err != nil {
-		log.Fatal().Err(err).Msg("failed initializing JWT service")
+		logrus.Fatalf("Failed initializing JWT service: %v", err)
 	}

 	err = enableFeaturesFromFlags(dataStore, flags)
 	if err != nil {
-		log.Fatal().Err(err).Msg("failed enabling feature flag")
+		logrus.Fatalf("Failed enabling feature flag: %v", err)
 	}

 	ldapService := initLDAPService()
-
 	oauthService := initOAuthService()
-
-	gitService := initGitService(shutdownCtx)
+	gitService := initGitService()

 	openAMTService := openamt.NewService()

 	cryptoService := initCryptoService()
-
 	digitalSignatureService := initDigitalSignatureService()

-	sslService, err := initSSLService(*flags.AddrHTTPS, *flags.SSLCert, *flags.SSLKey, fileService, dataStore, shutdownTrigger)
+	sslService, err := initSSLService(*flags.AddrHTTPS, *flags.Data, *flags.SSLCert, *flags.SSLKey, fileService, dataStore, shutdownTrigger)
 	if err != nil {
-		log.Fatal().Err(err).Msg("")
+		logrus.Fatal(err)
 	}

 	sslSettings, err := sslService.GetSSLSettings()
 	if err != nil {
-		log.Fatal().Err(err).Msg("failed to get SSL settings")
+		logrus.Fatalf("Failed to get ssl settings: %s", err)
 	}

 	err = initKeyPair(fileService, digitalSignatureService)
 	if err != nil {
-		log.Fatal().Err(err).Msg("failed initializing key pair")
+		logrus.Fatalf("Failed initializing key pair: %v", err)
 	}

 	reverseTunnelService := chisel.NewService(dataStore, shutdownCtx)

 	dockerClientFactory := initDockerClientFactory(digitalSignatureService, reverseTunnelService)
-	kubernetesClientFactory, err := initKubernetesClientFactory(digitalSignatureService, reverseTunnelService, dataStore, instanceID, *flags.AddrHTTPS, settings.UserSessionTimeout)
+	kubernetesClientFactory := initKubernetesClientFactory(digitalSignatureService, reverseTunnelService, instanceID, dataStore)

 	snapshotService, err := initSnapshotService(*flags.SnapshotInterval, dataStore, dockerClientFactory, kubernetesClientFactory, shutdownCtx)
 	if err != nil {
-		log.Fatal().Err(err).Msg("failed initializing snapshot service")
+		logrus.Fatalf("Failed initializing snapshot service: %v", err)
 	}
 	snapshotService.Start()

@@ -625,9 +607,9 @@ func buildServer(flags *portainer.CLIFlags) portainer.Server {

 	kubernetesTokenCacheManager := kubeproxy.NewTokenCacheManager()

-	kubeClusterAccessService := kubernetes.NewKubeClusterAccessService(*flags.BaseURL, *flags.AddrHTTPS, sslSettings.CertPath)
+	kubeConfigService := kubernetes.NewKubeConfigCAService(*flags.AddrHTTPS, sslSettings.CertPath)

-	proxyManager := proxy.NewManager(dataStore, digitalSignatureService, reverseTunnelService, dockerClientFactory, kubernetesClientFactory, kubernetesTokenCacheManager, gitService)
+	proxyManager := proxy.NewManager(dataStore, digitalSignatureService, reverseTunnelService, dockerClientFactory, kubernetesClientFactory, kubernetesTokenCacheManager)

 	reverseTunnelService.ProxyManager = proxyManager

@@ -637,46 +619,37 @@ func buildServer(flags *portainer.CLIFlags) portainer.Server {

 	swarmStackManager, err := initSwarmStackManager(*flags.Assets, dockerConfigPath, digitalSignatureService, fileService, reverseTunnelService, dataStore)
 	if err != nil {
-		log.Fatal().Err(err).Msg("failed initializing swarm stack manager")
+		logrus.Fatalf("Failed initializing swarm stack manager: %v", err)
 	}

 	kubernetesDeployer := initKubernetesDeployer(kubernetesTokenCacheManager, kubernetesClientFactory, dataStore, reverseTunnelService, digitalSignatureService, proxyManager, *flags.Assets)

 	helmPackageManager, err := initHelmPackageManager(*flags.Assets)
 	if err != nil {
-		log.Fatal().Err(err).Msg("failed initializing helm package manager")
+		logrus.Fatalf("Failed initializing helm package manager: %v", err)
 	}

 	err = edge.LoadEdgeJobs(dataStore, reverseTunnelService)
 	if err != nil {
-		log.Fatal().Err(err).Msg("failed loading edge jobs from database")
+		logrus.Fatalf("Failed loading edge jobs from database: %v", err)
 	}

 	applicationStatus := initStatus(instanceID)

-	demoService := demo.NewService()
-	if *flags.DemoEnvironment {
-		err := demoService.Init(dataStore, cryptoService)
-		if err != nil {
-			log.Fatal().Err(err).Msg("failed initializing demo environment")
-		}
-	}
-
 	err = initEndpoint(flags, dataStore, snapshotService)
 	if err != nil {
-		log.Fatal().Err(err).Msg("failed initializing environment")
+		logrus.Fatalf("Failed initializing environment: %v", err)
 	}

 	adminPasswordHash := ""
 	if *flags.AdminPasswordFile != "" {
 		content, err := fileService.GetFileContent(*flags.AdminPasswordFile, "")
 		if err != nil {
-			log.Fatal().Err(err).Msg("failed getting admin password file")
+			logrus.Fatalf("Failed getting admin password file: %v", err)
 		}
-
 		adminPasswordHash, err = cryptoService.Hash(strings.TrimSuffix(string(content), "\n"))
 		if err != nil {
-			log.Fatal().Err(err).Msg("failed hashing admin password")
+			logrus.Fatalf("Failed hashing admin password: %v", err)
 		}
 	} else if *flags.AdminPassword != "" {
 		adminPasswordHash = *flags.AdminPassword
@@ -685,40 +658,39 @@ func buildServer(flags *portainer.CLIFlags) portainer.Server {
 	if adminPasswordHash != "" {
 		users, err := dataStore.User().UsersByRole(portainer.AdministratorRole)
 		if err != nil {
-			log.Fatal().Err(err).Msg("failed getting admin user")
+			logrus.Fatalf("Failed getting admin user: %v", err)
 		}

 		if len(users) == 0 {
-			log.Info().Msg("created admin user with the given password.")
+			logrus.Println("Created admin user with the given password.")
 			user := &portainer.User{
 				Username: "admin",
 				Role:     portainer.AdministratorRole,
 				Password: adminPasswordHash,
 			}
-
 			err := dataStore.User().Create(user)
 			if err != nil {
-				log.Fatal().Err(err).Msg("failed creating admin user")
+				logrus.Fatalf("Failed creating admin user: %v", err)
 			}
 		} else {
-			log.Info().Msg("instance already has an administrator user defined, skipping admin password related flags.")
+			logrus.Println("Instance already has an administrator user defined. Skipping admin password related flags.")
 		}
 	}

 	err = reverseTunnelService.StartTunnelServer(*flags.TunnelAddr, *flags.TunnelPort, snapshotService)
 	if err != nil {
-		log.Fatal().Err(err).Msg("failed starting tunnel server")
+		logrus.Fatalf("Failed starting tunnel server: %v", err)
 	}

-	scheduler := scheduler.NewScheduler(shutdownCtx)
-	stackDeployer := deployments.NewStackDeployer(swarmStackManager, composeStackManager, kubernetesDeployer)
-	deployments.StartStackSchedules(scheduler, stackDeployer, dataStore, gitService)
-
 	sslDBSettings, err := dataStore.SSLSettings().Settings()
 	if err != nil {
-		log.Fatal().Msg("failed to fetch SSL settings from DB")
+		logrus.Fatalf("Failed to fetch ssl settings from DB")
 	}

+	scheduler := scheduler.NewScheduler(shutdownCtx)
+	stackDeployer := stacks.NewStackDeployer(swarmStackManager, composeStackManager, kubernetesDeployer)
+	stacks.StartStackSchedules(scheduler, stackDeployer, dataStore, gitService)
+
 	return &http.Server{
 		AuthorizationService:        authorizationService,
 		ReverseTunnelService:        reverseTunnelService,
@@ -732,8 +704,8 @@ func buildServer(flags *portainer.CLIFlags) portainer.Server {
 		ComposeStackManager:         composeStackManager,
 		KubernetesDeployer:          kubernetesDeployer,
 		HelmPackageManager:          helmPackageManager,
-		APIKeyService:               apiKeyService,
 		CryptoService:               cryptoService,
+		APIKeyService:               apiKeyService,
 		JWTService:                  jwtService,
 		FileService:                 fileService,
 		LDAPService:                 ldapService,
@@ -742,7 +714,7 @@ func buildServer(flags *portainer.CLIFlags) portainer.Server {
 		OpenAMTService:              openAMTService,
 		ProxyManager:                proxyManager,
 		KubernetesTokenCacheManager: kubernetesTokenCacheManager,
-		KubeClusterAccessService:    kubeClusterAccessService,
+		KubeConfigService:           kubeConfigService,
 		SignatureService:            digitalSignatureService,
 		SnapshotService:             snapshotService,
 		SSLService:                  sslService,
@@ -752,32 +724,19 @@ func buildServer(flags *portainer.CLIFlags) portainer.Server {
 		ShutdownCtx:                 shutdownCtx,
 		ShutdownTrigger:             shutdownTrigger,
 		StackDeployer:               stackDeployer,
-		DemoService:                 demoService,
+		BaseURL:                     *flags.BaseURL,
 	}
 }

 func main() {
-	configureLogger()
-	setLoggingMode("PRETTY")
-
 	flags := initCLI()

-	setLoggingLevel(*flags.LogLevel)
-	setLoggingMode(*flags.LogMode)
+	configureLogger()

 	for {
 		server := buildServer(flags)
-		log.Info().
-			Str("version", portainer.APIVersion).
-			Str("build_number", build.BuildNumber).
-			Str("image_tag", build.ImageTag).
-			Str("nodejs_version", build.NodejsVersion).
-			Str("yarn_version", build.YarnVersion).
-			Str("webpack_version", build.WebpackVersion).
-			Str("go_version", build.GoVersion).
-			Msg("starting Portainer")
-
+		logrus.Printf("[INFO] [cmd,main] Starting Portainer version %s\n", portainer.APIVersion)
 		err := server.Start()
-		log.Info().Err(err).Msg("HTTP server exited")
+		logrus.Printf("[INFO] [cmd,main] Http server exited: %v\n", err)
 	}
 }
--- a/api/cmd/portainer/main_test.go
+++ b/api/cmd/portainer/main_test.go
@@ -8,7 +8,6 @@ import (
 	"github.com/portainer/portainer/api/cli"
 	"github.com/portainer/portainer/api/dataservices"
 	"github.com/portainer/portainer/api/datastore"
-
 	"github.com/stretchr/testify/assert"
 	"gopkg.in/alecthomas/kingpin.v2"
 )
@@ -22,7 +21,7 @@ func (m mockKingpinSetting) SetValue(value kingpin.Value) {
 func Test_enableFeaturesFromFlags(t *testing.T) {
 	is := assert.New(t)

-	_, store, teardown := datastore.MustNewTestStore(t, true, true)
+	_, store, teardown := datastore.MustNewTestStore(true)
 	defer teardown()

 	tests := []struct {
@@ -77,7 +76,7 @@ func Test_optionalFeature(t *testing.T) {

 	is := assert.New(t)

-	_, store, teardown := datastore.MustNewTestStore(t, true, true)
+	_, store, teardown := datastore.MustNewTestStore(true)
 	defer teardown()

 	// Enable the test feature
--- a/api/connection.go
+++ b/api/connection.go
@@ -24,13 +24,12 @@ type Connection interface {
 	SetServiceName(bucketName string) error
 	GetObject(bucketName string, key []byte, object interface{}) error
 	UpdateObject(bucketName string, key []byte, object interface{}) error
-	UpdateObjectFunc(bucketName string, key []byte, object any, updateFn func()) error
 	DeleteObject(bucketName string, key []byte) error
 	DeleteAllObjects(bucketName string, matching func(o interface{}) (id int, ok bool)) error
 	GetNextIdentifier(bucketName string) int
 	CreateObject(bucketName string, fn func(uint64) (int, interface{})) error
 	CreateObjectWithId(bucketName string, id int, obj interface{}) error
-	CreateObjectWithStringId(bucketName string, id []byte, obj interface{}) error
+	CreateObjectWithSetSequence(bucketName string, id int, obj interface{}) error
 	GetAll(bucketName string, obj interface{}, append func(o interface{}) (interface{}, error)) error
 	GetAllWithJsoniter(bucketName string, obj interface{}, append func(o interface{}) (interface{}, error)) error
 	ConvertToKey(v int) []byte
--- a/api/crypto/aes.go
+++ b/api/crypto/aes.go
@@ -13,7 +13,7 @@ import (
 // Person with better knowledge is welcomed to improve it.
 // sourced from https://golang.org/src/crypto/cipher/example_test.go

-var emptySalt []byte = make([]byte, 0)
+var emptySalt []byte = make([]byte, 0, 0)

 // AesEncrypt reads from input, encrypts with AES-256 and writes to the output.
 // passphrase is used to generate an encryption key.
--- a/api/crypto/aes_test.go
+++ b/api/crypto/aes_test.go
@@ -2,15 +2,18 @@ package crypto

 import (
 	"io"
+	"io/ioutil"
 	"os"
 	"path/filepath"
 	"testing"

+	"github.com/docker/docker/pkg/ioutils"
 	"github.com/stretchr/testify/assert"
 )

 func Test_encryptAndDecrypt_withTheSamePassword(t *testing.T) {
-	tmpdir := t.TempDir()
+	tmpdir, _ := ioutils.TempDir("", "encrypt")
+	defer os.RemoveAll(tmpdir)

 	var (
 		originFilePath    = filepath.Join(tmpdir, "origin")
@@ -19,7 +22,7 @@ func Test_encryptAndDecrypt_withTheSamePassword(t *testing.T) {
 	)

 	content := []byte("content")
-	os.WriteFile(originFilePath, content, 0600)
+	ioutil.WriteFile(originFilePath, content, 0600)

 	originFile, _ := os.Open(originFilePath)
 	defer originFile.Close()
@@ -29,7 +32,7 @@ func Test_encryptAndDecrypt_withTheSamePassword(t *testing.T) {

 	err := AesEncrypt(originFile, encryptedFileWriter, []byte("passphrase"))
 	assert.Nil(t, err, "Failed to encrypt a file")
-	encryptedContent, err := os.ReadFile(encryptedFilePath)
+	encryptedContent, err := ioutil.ReadFile(encryptedFilePath)
 	assert.Nil(t, err, "Couldn't read encrypted file")
 	assert.NotEqual(t, encryptedContent, content, "Content wasn't encrypted")

@@ -44,12 +47,13 @@ func Test_encryptAndDecrypt_withTheSamePassword(t *testing.T) {

 	io.Copy(decryptedFileWriter, decryptedReader)

-	decryptedContent, _ := os.ReadFile(decryptedFilePath)
+	decryptedContent, _ := ioutil.ReadFile(decryptedFilePath)
 	assert.Equal(t, content, decryptedContent, "Original and decrypted content should match")
 }

 func Test_encryptAndDecrypt_withEmptyPassword(t *testing.T) {
-	tmpdir := t.TempDir()
+	tmpdir, _ := ioutils.TempDir("", "encrypt")
+	defer os.RemoveAll(tmpdir)

 	var (
 		originFilePath    = filepath.Join(tmpdir, "origin")
@@ -58,7 +62,7 @@ func Test_encryptAndDecrypt_withEmptyPassword(t *testing.T) {
 	)

 	content := []byte("content")
-	os.WriteFile(originFilePath, content, 0600)
+	ioutil.WriteFile(originFilePath, content, 0600)

 	originFile, _ := os.Open(originFilePath)
 	defer originFile.Close()
@@ -68,7 +72,7 @@ func Test_encryptAndDecrypt_withEmptyPassword(t *testing.T) {

 	err := AesEncrypt(originFile, encryptedFileWriter, []byte(""))
 	assert.Nil(t, err, "Failed to encrypt a file")
-	encryptedContent, err := os.ReadFile(encryptedFilePath)
+	encryptedContent, err := ioutil.ReadFile(encryptedFilePath)
 	assert.Nil(t, err, "Couldn't read encrypted file")
 	assert.NotEqual(t, encryptedContent, content, "Content wasn't encrypted")

@@ -83,12 +87,13 @@ func Test_encryptAndDecrypt_withEmptyPassword(t *testing.T) {

 	io.Copy(decryptedFileWriter, decryptedReader)

-	decryptedContent, _ := os.ReadFile(decryptedFilePath)
+	decryptedContent, _ := ioutil.ReadFile(decryptedFilePath)
 	assert.Equal(t, content, decryptedContent, "Original and decrypted content should match")
 }

 func Test_decryptWithDifferentPassphrase_shouldProduceWrongResult(t *testing.T) {
-	tmpdir := t.TempDir()
+	tmpdir, _ := ioutils.TempDir("", "encrypt")
+	defer os.RemoveAll(tmpdir)

 	var (
 		originFilePath    = filepath.Join(tmpdir, "origin")
@@ -97,7 +102,7 @@ func Test_decryptWithDifferentPassphrase_shouldProduceWrongResult(t *testing.T)
 	)

 	content := []byte("content")
-	os.WriteFile(originFilePath, content, 0600)
+	ioutil.WriteFile(originFilePath, content, 0600)

 	originFile, _ := os.Open(originFilePath)
 	defer originFile.Close()
@@ -107,7 +112,7 @@ func Test_decryptWithDifferentPassphrase_shouldProduceWrongResult(t *testing.T)

 	err := AesEncrypt(originFile, encryptedFileWriter, []byte("passphrase"))
 	assert.Nil(t, err, "Failed to encrypt a file")
-	encryptedContent, err := os.ReadFile(encryptedFilePath)
+	encryptedContent, err := ioutil.ReadFile(encryptedFilePath)
 	assert.Nil(t, err, "Couldn't read encrypted file")
 	assert.NotEqual(t, encryptedContent, content, "Content wasn't encrypted")

@@ -122,6 +127,6 @@ func Test_decryptWithDifferentPassphrase_shouldProduceWrongResult(t *testing.T)

 	io.Copy(decryptedFileWriter, decryptedReader)

-	decryptedContent, _ := os.ReadFile(decryptedFilePath)
+	decryptedContent, _ := ioutil.ReadFile(decryptedFilePath)
 	assert.NotEqual(t, content, decryptedContent, "Original and decrypted content should NOT match")
 }
--- a/api/crypto/hash.go
+++ b/api/crypto/hash.go
@@ -9,11 +9,11 @@ type Service struct{}

 // Hash hashes a string using the bcrypt algorithm
 func (*Service) Hash(data string) (string, error) {
-	bytes, err := bcrypt.GenerateFromPassword([]byte(data), bcrypt.DefaultCost)
+	hash, err := bcrypt.GenerateFromPassword([]byte(data), bcrypt.DefaultCost)
 	if err != nil {
-		return "", err
+		return "", nil
 	}
-	return string(bytes), err
+	return string(hash), nil
 }

 // CompareHashAndData compares a hash to clear data and returns an error if the comparison fails.
--- a/api/crypto/hash_test.go
+++ b/api/crypto/hash_test.go
@@ -1,53 +0,0 @@
-package crypto
-
-import (
-	"testing"
-)
-
-func TestService_Hash(t *testing.T) {
-	var s = &Service{}
-
-	type args struct {
-		hash string
-		data string
-	}
-	tests := []struct {
-		name   string
-		args   args
-		expect bool
-	}{
-		{
-			name: "Empty",
-			args: args{
-				hash: "",
-				data: "",
-			},
-			expect: false,
-		},
-		{
-			name: "Matching",
-			args: args{
-				hash: "$2a$10$6BFGd94oYx8k0bFNO6f33uPUpcpAJyg8UVX.akLe9EthF/ZBTXqcy",
-				data: "Passw0rd!",
-			},
-			expect: true,
-		},
-		{
-			name: "Not matching",
-			args: args{
-				hash: "$2a$10$ltKrUZ7492xyutHOb0/XweevU4jyw7QO66rP32jTVOMb3EX3JxA/a",
-				data: "Passw0rd!",
-			},
-			expect: false,
-		},
-	}
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-
-			err := s.CompareHashAndData(tt.args.hash, tt.args.data)
-			if (err != nil) == tt.expect {
-				t.Errorf("Service.CompareHashAndData() = %v", err)
-			}
-		})
-	}
-}
--- a/api/crypto/tls.go
+++ b/api/crypto/tls.go
@@ -3,7 +3,7 @@ package crypto
 import (
 	"crypto/tls"
 	"crypto/x509"
-	"os"
+	"io/ioutil"
 )

 // CreateServerTLSConfiguration creates a basic tls.Config to be used by servers with recommended TLS settings
@@ -63,7 +63,7 @@ func CreateTLSConfigurationFromDisk(caCertPath, certPath, keyPath string, skipSe
 	}

 	if !skipServerVerification && caCertPath != "" {
-		caCert, err := os.ReadFile(caCertPath)
+		caCert, err := ioutil.ReadFile(caCertPath)
 		if err != nil {
 			return nil, err
 		}
--- a/api/database/boltdb/db.go
+++ b/api/database/boltdb/db.go
@@ -1,19 +1,18 @@
 package boltdb

 import (
-	"bytes"
 	"encoding/binary"
 	"errors"
 	"fmt"
 	"io"
+	"io/ioutil"
 	"os"
 	"path"
 	"time"

+	"github.com/boltdb/bolt"
 	dserrors "github.com/portainer/portainer/api/dataservices/errors"
-
-	"github.com/rs/zerolog/log"
-	bolt "go.etcd.io/bbolt"
+	"github.com/sirupsen/logrus"
 )

 const (
@@ -121,7 +120,7 @@ func (connection *DbConnection) NeedsEncryptionMigration() (bool, error) {
 // Open opens and initializes the BoltDB database.
 func (connection *DbConnection) Open() error {

-	log.Info().Str("filename", connection.GetDatabaseFileName()).Msg("loading PortainerDB")
+	logrus.Infof("Loading PortainerDB: %s", connection.GetDatabaseFileName())

 	// Now we open the db
 	databasePath := connection.GetDatabaseFilePath()
@@ -162,11 +161,11 @@ func (connection *DbConnection) ExportRaw(filename string) error {
 		return fmt.Errorf("stat on %s failed: %s", databasePath, err)
 	}

-	b, err := connection.ExportJSON(databasePath, true)
+	b, err := connection.exportJson(databasePath)
 	if err != nil {
 		return err
 	}
-	return os.WriteFile(filename, b, 0600)
+	return ioutil.WriteFile(filename, b, 0600)
 }

 // ConvertToKey returns an 8-byte big endian representation of v.
@@ -178,15 +177,18 @@ func (connection *DbConnection) ConvertToKey(v int) []byte {
 	return b
 }

-// CreateBucket is a generic function used to create a bucket inside a database.
+// CreateBucket is a generic function used to create a bucket inside a database database.
 func (connection *DbConnection) SetServiceName(bucketName string) error {
 	return connection.Batch(func(tx *bolt.Tx) error {
 		_, err := tx.CreateBucketIfNotExists([]byte(bucketName))
-		return err
+		if err != nil {
+			return err
+		}
+		return nil
 	})
 }

-// GetObject is a generic function used to retrieve an unmarshalled object from a database.
+// GetObject is a generic function used to retrieve an unmarshalled object from a database database.
 func (connection *DbConnection) GetObject(bucketName string, key []byte, object interface{}) error {
 	var data []byte

@@ -218,7 +220,7 @@ func (connection *DbConnection) getEncryptionKey() []byte {
 	return connection.EncryptionKey
 }

-// UpdateObject is a generic function used to update an object inside a database.
+// UpdateObject is a generic function used to update an object inside a database database.
 func (connection *DbConnection) UpdateObject(bucketName string, key []byte, object interface{}) error {
 	data, err := connection.MarshalObject(object)
 	if err != nil {
@@ -231,33 +233,7 @@ func (connection *DbConnection) UpdateObject(bucketName string, key []byte, obje
 	})
 }

-// UpdateObjectFunc is a generic function used to update an object safely without race conditions.
-func (connection *DbConnection) UpdateObjectFunc(bucketName string, key []byte, object any, updateFn func()) error {
-	return connection.Batch(func(tx *bolt.Tx) error {
-		bucket := tx.Bucket([]byte(bucketName))
-
-		data := bucket.Get(key)
-		if data == nil {
-			return dserrors.ErrObjectNotFound
-		}
-
-		err := connection.UnmarshalObjectWithJsoniter(data, object)
-		if err != nil {
-			return err
-		}
-
-		updateFn()
-
-		data, err = connection.MarshalObject(object)
-		if err != nil {
-			return err
-		}
-
-		return bucket.Put(key, data)
-	})
-}
-
-// DeleteObject is a generic function used to delete an object inside a database.
+// DeleteObject is a generic function used to delete an object inside a database database.
 func (connection *DbConnection) DeleteObject(bucketName string, key []byte) error {
 	return connection.Batch(func(tx *bolt.Tx) error {
 		bucket := tx.Bucket([]byte(bucketName))
@@ -338,23 +314,30 @@ func (connection *DbConnection) CreateObjectWithId(bucketName string, id int, ob
 	})
 }

-// CreateObjectWithStringId creates a new object in the bucket, using the specified id
-func (connection *DbConnection) CreateObjectWithStringId(bucketName string, id []byte, obj interface{}) error {
+// CreateObjectWithSetSequence creates a new object in the bucket, using the specified id, and sets the bucket sequence
+// avoid this :)
+func (connection *DbConnection) CreateObjectWithSetSequence(bucketName string, id int, obj interface{}) error {
 	return connection.Batch(func(tx *bolt.Tx) error {
 		bucket := tx.Bucket([]byte(bucketName))
+
+		// We manually manage sequences for schedules
+		err := bucket.SetSequence(uint64(id))
+		if err != nil {
+			return err
+		}
+
 		data, err := connection.MarshalObject(obj)
 		if err != nil {
 			return err
 		}

-		return bucket.Put(id, data)
+		return bucket.Put(connection.ConvertToKey(id), data)
 	})
 }

 func (connection *DbConnection) GetAll(bucketName string, obj interface{}, append func(o interface{}) (interface{}, error)) error {
 	err := connection.View(func(tx *bolt.Tx) error {
 		bucket := tx.Bucket([]byte(bucketName))
-
 		cursor := bucket.Cursor()
 		for k, v := cursor.First(); k != nil; k, v = cursor.Next() {
 			err := connection.UnmarshalObject(v, obj)
@@ -369,7 +352,6 @@ func (connection *DbConnection) GetAll(bucketName string, obj interface{}, appen

 		return nil
 	})
-
 	return err
 }

@@ -395,27 +377,6 @@ func (connection *DbConnection) GetAllWithJsoniter(bucketName string, obj interf
 	return err
 }

-func (connection *DbConnection) GetAllWithKeyPrefix(bucketName string, keyPrefix []byte, obj interface{}, append func(o interface{}) (interface{}, error)) error {
-	return connection.View(func(tx *bolt.Tx) error {
-		cursor := tx.Bucket([]byte(bucketName)).Cursor()
-
-		for k, v := cursor.Seek(keyPrefix); k != nil && bytes.HasPrefix(k, keyPrefix); k, v = cursor.Next() {
-			err := connection.UnmarshalObjectWithJsoniter(v, obj)
-			if err != nil {
-				return err
-			}
-
-			obj, err = append(obj)
-			if err != nil {
-				return err
-			}
-		}
-
-		return nil
-	})
-}
-
-// BackupMetadata will return a copy of the boltdb sequence numbers for all buckets.
 func (connection *DbConnection) BackupMetadata() (map[string]interface{}, error) {
 	buckets := map[string]interface{}{}

@@ -434,23 +395,21 @@ func (connection *DbConnection) BackupMetadata() (map[string]interface{}, error)
 	return buckets, err
 }

-// RestoreMetadata will restore the boltdb sequence numbers for all buckets.
 func (connection *DbConnection) RestoreMetadata(s map[string]interface{}) error {
 	var err error

 	for bucketName, v := range s {
 		id, ok := v.(float64) // JSON ints are unmarshalled to interface as float64. See: https://pkg.go.dev/encoding/json#Decoder.Decode
 		if !ok {
-			log.Error().Str("bucket", bucketName).Msg("failed to restore metadata to bucket, skipped")
+			logrus.Errorf("Failed to restore metadata to bucket %s, skipped", bucketName)
 			continue
 		}

 		err = connection.Batch(func(tx *bolt.Tx) error {
-			bucket, err := tx.CreateBucketIfNotExists([]byte(bucketName))
-			if err != nil {
-				return err
+			bucket := tx.Bucket([]byte(bucketName))
+			if bucket == nil {
+				return nil
 			}
-
 			return bucket.SetSequence(uint64(id))
 		})
 	}
--- a/api/database/boltdb/export.go
+++ b/api/database/boltdb/export.go
@@ -4,35 +4,14 @@ import (
 	"encoding/json"
 	"time"

-	"github.com/rs/zerolog/log"
-	bolt "go.etcd.io/bbolt"
+	"github.com/boltdb/bolt"
+	"github.com/sirupsen/logrus"
 )

-func backupMetadata(connection *bolt.DB) (map[string]interface{}, error) {
-	buckets := map[string]interface{}{}
-
-	err := connection.View(func(tx *bolt.Tx) error {
-		err := tx.ForEach(func(name []byte, bucket *bolt.Bucket) error {
-			bucketName := string(name)
-			bucket = tx.Bucket([]byte(bucketName))
-			seqId := bucket.Sequence()
-			buckets[bucketName] = int(seqId)
-			return nil
-		})
-
-		return err
-	})
-
-	return buckets, err
-}
-
-// ExportJSON creates a JSON representation from a DbConnection. You can include
-// the database's metadata or ignore it. Ensure the database is closed before
-// using this function.
 // inspired by github.com/konoui/boltdb-exporter (which has no license)
 // but very much simplified, based on how we use boltdb
-func (c *DbConnection) ExportJSON(databasePath string, metadata bool) ([]byte, error) {
-	log.Debug().Str("databasePath", databasePath).Msg("exportJson")
+func (c *DbConnection) exportJson(databasePath string) ([]byte, error) {
+	logrus.WithField("databasePath", databasePath).Infof("exportJson")

 	connection, err := bolt.Open(databasePath, 0600, &bolt.Options{Timeout: 1 * time.Second, ReadOnly: true})
 	if err != nil {
@@ -41,14 +20,6 @@ func (c *DbConnection) ExportJSON(databasePath string, metadata bool) ([]byte, e
 	defer connection.Close()

 	backup := make(map[string]interface{})
-	if metadata {
-		meta, err := backupMetadata(connection)
-		if err != nil {
-			log.Error().Err(err).Msg("failed exporting metadata")
-		}
-
-		backup["__metadata"] = meta
-	}

 	err = connection.View(func(tx *bolt.Tx) error {
 		err = tx.ForEach(func(name []byte, bucket *bolt.Bucket) error {
@@ -60,51 +31,35 @@ func (c *DbConnection) ExportJSON(databasePath string, metadata bool) ([]byte, e
 				if v == nil {
 					continue
 				}
-
 				var obj interface{}
 				err := c.UnmarshalObject(v, &obj)
 				if err != nil {
-					log.Error().
-						Str("bucket", bucketName).
-						Str("object", string(v)).
-						Err(err).
-						Msg("failed to unmarshal")
-
+					logrus.WithError(err).Errorf("Failed to unmarshal (bucket %s): %v", bucketName, string(v))
 					obj = v
 				}
-
 				if bucketName == "version" {
 					version[string(k)] = string(v)
 				} else {
 					list = append(list, obj)
 				}
 			}
-
 			if bucketName == "version" {
 				backup[bucketName] = version
-				return nil
 			}
-
 			if len(list) > 0 {
 				if bucketName == "ssl" ||
 					bucketName == "settings" ||
 					bucketName == "tunnel_server" {
-					backup[bucketName] = nil
-					if len(list) > 0 {
-						backup[bucketName] = list[0]
-					}
+					backup[bucketName] = list[0]
 					return nil
 				}
 				backup[bucketName] = list
-				return nil
 			}

 			return nil
 		})
-
 		return err
 	})
-
 	if err != nil {
 		return []byte("{}"), err
 	}
--- a/api/database/boltdb/json_test.go
+++ b/api/database/boltdb/json_test.go
@@ -10,7 +10,7 @@ import (
 )

 const (
-	jsonobject = `{"LogoURL":"","BlackListedLabels":[],"AuthenticationMethod":1,"InternalAuthSettings": {"RequiredPasswordLength": 12}"LDAPSettings":{"AnonymousMode":true,"ReaderDN":"","URL":"","TLSConfig":{"TLS":false,"TLSSkipVerify":false},"StartTLS":false,"SearchSettings":[{"BaseDN":"","Filter":"","UserNameAttribute":""}],"GroupSearchSettings":[{"GroupBaseDN":"","GroupFilter":"","GroupAttribute":""}],"AutoCreateUsers":true},"OAuthSettings":{"ClientID":"","AccessTokenURI":"","AuthorizationURI":"","ResourceURI":"","RedirectURI":"","UserIdentifier":"","Scopes":"","OAuthAutoCreateUsers":false,"DefaultTeamID":0,"SSO":true,"LogoutURI":"","KubeSecretKey":"j0zLVtY/lAWBk62ByyF0uP80SOXaitsABP0TTJX8MhI="},"OpenAMTConfiguration":{"Enabled":false,"MPSServer":"","MPSUser":"","MPSPassword":"","MPSToken":"","CertFileContent":"","CertFileName":"","CertFilePassword":"","DomainName":""},"FeatureFlagSettings":{},"SnapshotInterval":"5m","TemplatesURL":"https://raw.githubusercontent.com/portainer/templates/master/templates-2.0.json","EdgeAgentCheckinInterval":5,"EnableEdgeComputeFeatures":false,"UserSessionTimeout":"8h","KubeconfigExpiry":"0","EnableTelemetry":true,"HelmRepositoryURL":"https://charts.bitnami.com/bitnami","KubectlShellImage":"portainer/kubectl-shell","DisplayDonationHeader":false,"DisplayExternalContributors":false,"EnableHostManagementFeatures":false,"AllowVolumeBrowserForRegularUsers":false,"AllowBindMountsForRegularUsers":false,"AllowPrivilegedModeForRegularUsers":false,"AllowHostNamespaceForRegularUsers":false,"AllowStackManagementForRegularUsers":false,"AllowDeviceMappingForRegularUsers":false,"AllowContainerCapabilitiesForRegularUsers":false}`
+	jsonobject = `{"LogoURL":"","BlackListedLabels":[],"AuthenticationMethod":1,"LDAPSettings":{"AnonymousMode":true,"ReaderDN":"","URL":"","TLSConfig":{"TLS":false,"TLSSkipVerify":false},"StartTLS":false,"SearchSettings":[{"BaseDN":"","Filter":"","UserNameAttribute":""}],"GroupSearchSettings":[{"GroupBaseDN":"","GroupFilter":"","GroupAttribute":""}],"AutoCreateUsers":true},"OAuthSettings":{"ClientID":"","AccessTokenURI":"","AuthorizationURI":"","ResourceURI":"","RedirectURI":"","UserIdentifier":"","Scopes":"","OAuthAutoCreateUsers":false,"DefaultTeamID":0,"SSO":true,"LogoutURI":"","KubeSecretKey":"j0zLVtY/lAWBk62ByyF0uP80SOXaitsABP0TTJX8MhI="},"OpenAMTConfiguration":{"Enabled":false,"MPSServer":"","MPSUser":"","MPSPassword":"","MPSToken":"","CertFileContent":"","CertFileName":"","CertFilePassword":"","DomainName":""},"FeatureFlagSettings":{},"SnapshotInterval":"5m","TemplatesURL":"https://raw.githubusercontent.com/portainer/templates/master/templates-2.0.json","EdgeAgentCheckinInterval":5,"EnableEdgeComputeFeatures":false,"UserSessionTimeout":"8h","KubeconfigExpiry":"0","EnableTelemetry":true,"HelmRepositoryURL":"https://charts.bitnami.com/bitnami","KubectlShellImage":"portainer/kubectl-shell","DisplayDonationHeader":false,"DisplayExternalContributors":false,"EnableHostManagementFeatures":false,"AllowVolumeBrowserForRegularUsers":false,"AllowBindMountsForRegularUsers":false,"AllowPrivilegedModeForRegularUsers":false,"AllowHostNamespaceForRegularUsers":false,"AllowStackManagementForRegularUsers":false,"AllowDeviceMappingForRegularUsers":false,"AllowContainerCapabilitiesForRegularUsers":false}`
 	passphrase = "my secret key"
 )

--- a/api/database/database.go
+++ b/api/database/database.go
@@ -16,6 +16,5 @@ func NewDatabase(storeType, storePath string, encryptionKey []byte) (connection
 			EncryptionKey: encryptionKey,
 		}, nil
 	}
-
-	return nil, fmt.Errorf("Unknown storage database: %s", storeType)
+	return nil, fmt.Errorf("unknown storage database: %s", storeType)
 }
--- a/api/database/models/configmaps_and_secrets.go
+++ b/api/database/models/configmaps_and_secrets.go
@@ -1,17 +0,0 @@
-package models
-
-type (
-	K8sConfigMapOrSecret struct {
-		UID          string            `json:"UID"`
-		Name         string            `json:"Name"`
-		Namespace    string            `json:"Namespace"`
-		CreationDate string            `json:"CreationDate"`
-		Annotations  map[string]string `json:"Annotations"`
-		Data         map[string]string `json:"Data"`
-		Applications []string          `json:"Applications"`
-		IsSecret     bool              `json:"IsSecret"`
-
-		// SecretType will be an empty string for config maps.
-		SecretType string `json:"SecretType"`
-	}
-)
--- a/api/database/models/ingress.go
+++ b/api/database/models/ingress.go
@@ -1,75 +0,0 @@
-package models
-
-import (
-	"errors"
-	"net/http"
-)
-
-type (
-	K8sIngressController struct {
-		Name         string `json:"Name"`
-		ClassName    string `json:"ClassName"`
-		Type         string `json:"Type"`
-		Availability bool   `json:"Availability"`
-		New          bool   `json:"New"`
-		Used         bool   `json:"Used"`
-	}
-
-	K8sIngressControllers []K8sIngressController
-
-	K8sIngressInfo struct {
-		Name        string            `json:"Name"`
-		UID         string            `json:"UID"`
-		Type        string            `json:"Type"`
-		Namespace   string            `json:"Namespace"`
-		ClassName   string            `json:"ClassName"`
-		Annotations map[string]string `json:"Annotations"`
-		Hosts       []string          `json:"Hosts"`
-		Paths       []K8sIngressPath  `json:"Paths"`
-		TLS         []K8sIngressTLS   `json:"TLS"`
-	}
-
-	K8sIngressTLS struct {
-		Hosts      []string `json:"Hosts"`
-		SecretName string   `json:"SecretName"`
-	}
-
-	K8sIngressPath struct {
-		IngressName string `json:"IngressName"`
-		Host        string `json:"Host"`
-		ServiceName string `json:"ServiceName"`
-		Port        int    `json:"Port"`
-		Path        string `json:"Path"`
-		PathType    string `json:"PathType"`
-	}
-
-	// K8sIngressDeleteRequests is a mapping of namespace names to a slice of
-	// ingress names.
-	K8sIngressDeleteRequests map[string][]string
-)
-
-func (r K8sIngressControllers) Validate(request *http.Request) error {
-	return nil
-}
-
-func (r K8sIngressInfo) Validate(request *http.Request) error {
-	if r.Name == "" {
-		return errors.New("missing ingress name from the request payload")
-	}
-	if r.Namespace == "" {
-		return errors.New("missing ingress Namespace from the request payload")
-	}
-	return nil
-}
-
-func (r K8sIngressDeleteRequests) Validate(request *http.Request) error {
-	if len(r) == 0 {
-		return errors.New("missing deletion request list in payload")
-	}
-	for ns := range r {
-		if len(ns) == 0 {
-			return errors.New("deletion given with empty namespace")
-		}
-	}
-	return nil
-}
--- a/api/database/models/namespaces.go
+++ b/api/database/models/namespaces.go
@@ -1,12 +0,0 @@
-package models
-
-import "net/http"
-
-type K8sNamespaceDetails struct {
-	Name        string            `json:"Name"`
-	Annotations map[string]string `json:"Annotations"`
-}
-
-func (r *K8sNamespaceDetails) Validate(request *http.Request) error {
-	return nil
-}
--- a/api/database/models/services.go
+++ b/api/database/models/services.go
@@ -1,64 +0,0 @@
-package models
-
-import (
-	"errors"
-	"net/http"
-)
-
-type (
-	K8sServiceInfo struct {
-		Name                          string              `json:"Name"`
-		UID                           string              `json:"UID"`
-		Type                          string              `json:"Type"`
-		Namespace                     string              `json:"Namespace"`
-		Annotations                   map[string]string   `json:"Annotations"`
-		CreationTimestamp             string              `json:"CreationTimestamp"`
-		Labels                        map[string]string   `json:"Labels"`
-		AllocateLoadBalancerNodePorts *bool               `json:"AllocateLoadBalancerNodePorts,omitempty"`
-		Ports                         []K8sServicePort    `json:"Ports"`
-		Selector                      map[string]string   `json:"Selector"`
-		IngressStatus                 []K8sServiceIngress `json:"IngressStatus"`
-	}
-
-	K8sServicePort struct {
-		Name       string `json:"Name"`
-		NodePort   int    `json:"NodePort"`
-		Port       int    `json:"Port"`
-		Protocol   string `json:"Protocol"`
-		TargetPort int    `json:"TargetPort"`
-	}
-
-	K8sServiceIngress struct {
-		IP   string `json:"IP"`
-		Host string `json:"Host"`
-	}
-
-	// K8sServiceDeleteRequests is a mapping of namespace names to a slice of
-	// service names.
-	K8sServiceDeleteRequests map[string][]string
-)
-
-func (s *K8sServiceInfo) Validate(request *http.Request) error {
-	if s.Name == "" {
-		return errors.New("missing service name from the request payload")
-	}
-	if s.Namespace == "" {
-		return errors.New("missing service namespace from the request payload")
-	}
-	if s.Ports == nil {
-		return errors.New("missing service ports from the request payload")
-	}
-	return nil
-}
-
-func (r K8sServiceDeleteRequests) Validate(request *http.Request) error {
-	if len(r) == 0 {
-		return errors.New("missing deletion request list in payload")
-	}
-	for ns := range r {
-		if len(ns) == 0 {
-			return errors.New("deletion given with empty namespace")
-		}
-	}
-	return nil
-}
--- a/api/dataservices/apikeyrepository/apikeyrepository.go
+++ b/api/dataservices/apikeyrepository/apikeyrepository.go
@@ -6,8 +6,7 @@ import (

 	portainer "github.com/portainer/portainer/api"
 	"github.com/portainer/portainer/api/dataservices/errors"
-
-	"github.com/rs/zerolog/log"
+	"github.com/sirupsen/logrus"
 )

 const (
@@ -42,14 +41,12 @@ func (service *Service) GetAPIKeysByUserID(userID portainer.UserID) ([]portainer
 		func(obj interface{}) (interface{}, error) {
 			record, ok := obj.(*portainer.APIKey)
 			if !ok {
-				log.Debug().Str("obj", fmt.Sprintf("%#v", obj)).Msg("failed to convert to APIKey object")
+				logrus.WithField("obj", obj).Errorf("Failed to convert to APIKey object")
 				return nil, fmt.Errorf("Failed to convert to APIKey object: %s", obj)
 			}
-
 			if record.UserID == userID {
 				result = append(result, *record)
 			}
-
 			return &portainer.APIKey{}, nil
 		})

@@ -67,21 +64,18 @@ func (service *Service) GetAPIKeyByDigest(digest []byte) (*portainer.APIKey, err
 		func(obj interface{}) (interface{}, error) {
 			key, ok := obj.(*portainer.APIKey)
 			if !ok {
-				log.Debug().Str("obj", fmt.Sprintf("%#v", obj)).Msg("failed to convert to APIKey object")
+				logrus.WithField("obj", obj).Errorf("Failed to convert to APIKey object")
 				return nil, fmt.Errorf("Failed to convert to APIKey object: %s", obj)
 			}
 			if bytes.Equal(key.Digest, digest) {
 				k = key
 				return nil, stop
 			}
-
 			return &portainer.APIKey{}, nil
 		})
-
 	if err == stop {
 		return k, nil
 	}
-
 	if err == nil {
 		return nil, errors.ErrObjectNotFound
 	}
--- a/api/dataservices/customtemplate/customtemplate.go
+++ b/api/dataservices/customtemplate/customtemplate.go
@@ -4,8 +4,7 @@ import (
 	"fmt"

 	portainer "github.com/portainer/portainer/api"
-
-	"github.com/rs/zerolog/log"
+	"github.com/sirupsen/logrus"
 )

 const (
@@ -45,11 +44,10 @@ func (service *Service) CustomTemplates() ([]portainer.CustomTemplate, error) {
 			//var tag portainer.Tag
 			customTemplate, ok := obj.(*portainer.CustomTemplate)
 			if !ok {
-				log.Debug().Str("obj", fmt.Sprintf("%#v", obj)).Msg("failed to convert to CustomTemplate object")
+				logrus.WithField("obj", obj).Errorf("Failed to convert to CustomTemplate object")
 				return nil, fmt.Errorf("Failed to convert to CustomTemplate object: %s", obj)
 			}
 			customTemplates = append(customTemplates, *customTemplate)
-
 			return &portainer.CustomTemplate{}, nil
 		})

--- a/api/dataservices/edgegroup/edgegroup.go
+++ b/api/dataservices/edgegroup/edgegroup.go
@@ -4,8 +4,7 @@ import (
 	"fmt"

 	portainer "github.com/portainer/portainer/api"
-
-	"github.com/rs/zerolog/log"
+	"github.com/sirupsen/logrus"
 )

 const (
@@ -44,11 +43,10 @@ func (service *Service) EdgeGroups() ([]portainer.EdgeGroup, error) {
 		func(obj interface{}) (interface{}, error) {
 			group, ok := obj.(*portainer.EdgeGroup)
 			if !ok {
-				log.Debug().Str("obj", fmt.Sprintf("%#v", obj)).Msg("failed to convert to EdgeGroup object")
+				logrus.WithField("obj", obj).Errorf("Failed to convert to EdgeGroup object")
 				return nil, fmt.Errorf("Failed to convert to EdgeGroup object: %s", obj)
 			}
 			groups = append(groups, *group)
-
 			return &portainer.EdgeGroup{}, nil
 		})

--- a/api/dataservices/edgejob/edgejob.go
+++ b/api/dataservices/edgejob/edgejob.go
@@ -4,8 +4,7 @@ import (
 	"fmt"

 	portainer "github.com/portainer/portainer/api"
-
-	"github.com/rs/zerolog/log"
+	"github.com/sirupsen/logrus"
 )

 const (
@@ -42,14 +41,13 @@ func (service *Service) EdgeJobs() ([]portainer.EdgeJob, error) {
 		BucketName,
 		&portainer.EdgeJob{},
 		func(obj interface{}) (interface{}, error) {
+			//var tag portainer.Tag
 			job, ok := obj.(*portainer.EdgeJob)
 			if !ok {
-				log.Debug().Str("obj", fmt.Sprintf("%#v", obj)).Msg("failed to convert to EdgeJob object")
+				logrus.WithField("obj", obj).Errorf("Failed to convert to EdgeJob object")
 				return nil, fmt.Errorf("Failed to convert to EdgeJob object: %s", obj)
 			}
-
 			edgeJobs = append(edgeJobs, *job)
-
 			return &portainer.EdgeJob{}, nil
 		})

@@ -69,14 +67,14 @@ func (service *Service) EdgeJob(ID portainer.EdgeJobID) (*portainer.EdgeJob, err
 	return &edgeJob, nil
 }

-// Create creates a new EdgeJob
-func (service *Service) Create(ID portainer.EdgeJobID, edgeJob *portainer.EdgeJob) error {
-	edgeJob.ID = ID
-
-	return service.connection.CreateObjectWithId(
+// CreateEdgeJob creates a new Edge job
+func (service *Service) Create(edgeJob *portainer.EdgeJob) error {
+	return service.connection.CreateObject(
 		BucketName,
-		int(edgeJob.ID),
-		edgeJob,
+		func(id uint64) (int, interface{}) {
+			edgeJob.ID = portainer.EdgeJobID(id)
+			return int(edgeJob.ID), edgeJob
+		},
 	)
 }

--- a/api/dataservices/edgestack/edgestack.go
+++ b/api/dataservices/edgestack/edgestack.go
@@ -4,8 +4,7 @@ import (
 	"fmt"

 	portainer "github.com/portainer/portainer/api"
-
-	"github.com/rs/zerolog/log"
+	"github.com/sirupsen/logrus"
 )

 const (
@@ -45,12 +44,10 @@ func (service *Service) EdgeStacks() ([]portainer.EdgeStack, error) {
 			//var tag portainer.Tag
 			stack, ok := obj.(*portainer.EdgeStack)
 			if !ok {
-				log.Debug().Str("obj", fmt.Sprintf("%#v", obj)).Msg("failed to convert to EdgeStack object")
+				logrus.WithField("obj", obj).Errorf("Failed to convert to EdgeStack object")
 				return nil, fmt.Errorf("Failed to convert to EdgeStack object: %s", obj)
 			}
-
 			stacks = append(stacks, *stack)
-
 			return &portainer.EdgeStack{}, nil
 		})

--- a/api/dataservices/edgeupdateschedule/edgeupdateschedule.go
+++ b/api/dataservices/edgeupdateschedule/edgeupdateschedule.go
@@ -1,186 +0,0 @@
-package edgeupdateschedule
-
-import (
-	"fmt"
-	"sync"
-
-	portainer "github.com/portainer/portainer/api"
-	"github.com/portainer/portainer/api/edgetypes"
-
-	"github.com/pkg/errors"
-	"github.com/rs/zerolog/log"
-)
-
-const (
-	// BucketName represents the name of the bucket where this service stores data.
-	BucketName = "edge_update_schedule"
-)
-
-// Service represents a service for managing Edge Update Schedule data.
-type Service struct {
-	connection portainer.Connection
-
-	mu                 sync.Mutex
-	idxActiveSchedules map[portainer.EndpointID]*edgetypes.EndpointUpdateScheduleRelation
-}
-
-func (service *Service) BucketName() string {
-	return BucketName
-}
-
-// NewService creates a new instance of a service.
-func NewService(connection portainer.Connection) (*Service, error) {
-	err := connection.SetServiceName(BucketName)
-	if err != nil {
-		return nil, err
-	}
-
-	service := &Service{
-		connection: connection,
-	}
-
-	service.idxActiveSchedules = map[portainer.EndpointID]*edgetypes.EndpointUpdateScheduleRelation{}
-
-	schedules, err := service.List()
-	if err != nil {
-		return nil, errors.WithMessage(err, "Unable to list schedules")
-	}
-
-	for _, schedule := range schedules {
-		service.setRelation(&schedule)
-	}
-
-	return service, nil
-}
-
-func (service *Service) ActiveSchedule(environmentID portainer.EndpointID) *edgetypes.EndpointUpdateScheduleRelation {
-	service.mu.Lock()
-	defer service.mu.Unlock()
-
-	return service.idxActiveSchedules[environmentID]
-}
-
-func (service *Service) ActiveSchedules(environmentsIDs []portainer.EndpointID) []edgetypes.EndpointUpdateScheduleRelation {
-	service.mu.Lock()
-	defer service.mu.Unlock()
-
-	schedules := []edgetypes.EndpointUpdateScheduleRelation{}
-
-	for _, environmentID := range environmentsIDs {
-		if s, ok := service.idxActiveSchedules[environmentID]; ok {
-			schedules = append(schedules, *s)
-		}
-	}
-
-	return schedules
-}
-
-// List return an array containing all the items in the bucket.
-func (service *Service) List() ([]edgetypes.UpdateSchedule, error) {
-	var list = make([]edgetypes.UpdateSchedule, 0)
-
-	err := service.connection.GetAll(
-		BucketName,
-		&edgetypes.UpdateSchedule{},
-		func(obj interface{}) (interface{}, error) {
-			item, ok := obj.(*edgetypes.UpdateSchedule)
-			if !ok {
-				log.Debug().Str("obj", fmt.Sprintf("%#v", obj)).Msg("failed to convert to EdgeUpdateSchedule object")
-				return nil, fmt.Errorf("Failed to convert to EdgeUpdateSchedule object: %s", obj)
-			}
-			list = append(list, *item)
-			return &edgetypes.UpdateSchedule{}, nil
-		})
-
-	return list, err
-}
-
-// Item returns a item by ID.
-func (service *Service) Item(ID edgetypes.UpdateScheduleID) (*edgetypes.UpdateSchedule, error) {
-	var item edgetypes.UpdateSchedule
-	identifier := service.connection.ConvertToKey(int(ID))
-
-	err := service.connection.GetObject(BucketName, identifier, &item)
-	if err != nil {
-		return nil, err
-	}
-
-	return &item, nil
-}
-
-// Create assign an ID to a new object and saves it.
-func (service *Service) Create(item *edgetypes.UpdateSchedule) error {
-	err := service.connection.CreateObject(
-		BucketName,
-		func(id uint64) (int, interface{}) {
-			item.ID = edgetypes.UpdateScheduleID(id)
-			return int(item.ID), item
-		},
-	)
-
-	if err != nil {
-		return err
-	}
-
-	return service.setRelation(item)
-}
-
-// Update updates an item.
-func (service *Service) Update(id edgetypes.UpdateScheduleID, item *edgetypes.UpdateSchedule) error {
-	identifier := service.connection.ConvertToKey(int(id))
-	err := service.connection.UpdateObject(BucketName, identifier, item)
-	if err != nil {
-		return err
-	}
-
-	service.cleanRelation(id)
-
-	return service.setRelation(item)
-}
-
-// Delete deletes an item.
-func (service *Service) Delete(id edgetypes.UpdateScheduleID) error {
-
-	service.cleanRelation(id)
-
-	identifier := service.connection.ConvertToKey(int(id))
-	return service.connection.DeleteObject(BucketName, identifier)
-}
-
-func (service *Service) cleanRelation(id edgetypes.UpdateScheduleID) {
-	service.mu.Lock()
-	defer service.mu.Unlock()
-
-	for _, schedule := range service.idxActiveSchedules {
-		if schedule != nil && schedule.ScheduleID == id {
-			delete(service.idxActiveSchedules, schedule.EnvironmentID)
-		}
-	}
-}
-
-func (service *Service) setRelation(schedule *edgetypes.UpdateSchedule) error {
-	service.mu.Lock()
-	defer service.mu.Unlock()
-
-	for environmentID, environmentStatus := range schedule.Status {
-		if environmentStatus.Status != edgetypes.UpdateScheduleStatusPending {
-			continue
-		}
-
-		// this should never happen
-		if service.idxActiveSchedules[environmentID] != nil && service.idxActiveSchedules[environmentID].ScheduleID != schedule.ID {
-			return errors.New("Multiple schedules are pending for the same environment")
-		}
-
-		service.idxActiveSchedules[environmentID] = &edgetypes.EndpointUpdateScheduleRelation{
-			EnvironmentID: environmentID,
-			ScheduleID:    schedule.ID,
-			TargetVersion: environmentStatus.TargetVersion,
-			Status:        environmentStatus.Status,
-			Error:         environmentStatus.Error,
-			Type:          schedule.Type,
-		}
-	}
-
-	return nil
-}
--- a/api/dataservices/endpoint/endpoint.go
+++ b/api/dataservices/endpoint/endpoint.go
@@ -4,8 +4,7 @@ import (
 	"fmt"

 	portainer "github.com/portainer/portainer/api"
-
-	"github.com/rs/zerolog/log"
+	"github.com/sirupsen/logrus"
 )

 const (
@@ -69,12 +68,10 @@ func (service *Service) Endpoints() ([]portainer.Endpoint, error) {
 		func(obj interface{}) (interface{}, error) {
 			endpoint, ok := obj.(*portainer.Endpoint)
 			if !ok {
-				log.Debug().Str("obj", fmt.Sprintf("%#v", obj)).Msg("failed to convert to Endpoint object")
+				logrus.WithField("obj", obj).Errorf("Failed to convert to Endpoint object")
 				return nil, fmt.Errorf("failed to convert to Endpoint object: %s", obj)
 			}
-
 			endpoints = append(endpoints, *endpoint)
-
 			return &portainer.Endpoint{}, nil
 		})

@@ -83,7 +80,7 @@ func (service *Service) Endpoints() ([]portainer.Endpoint, error) {

 // CreateEndpoint assign an ID to a new environment(endpoint) and saves it.
 func (service *Service) Create(endpoint *portainer.Endpoint) error {
-	return service.connection.CreateObjectWithId(BucketName, int(endpoint.ID), endpoint)
+	return service.connection.CreateObjectWithSetSequence(BucketName, int(endpoint.ID), endpoint)
 }

 // GetNextIdentifier returns the next identifier for an environment(endpoint).
--- a/api/dataservices/endpointgroup/endpointgroup.go
+++ b/api/dataservices/endpointgroup/endpointgroup.go
@@ -4,8 +4,7 @@ import (
 	"fmt"

 	portainer "github.com/portainer/portainer/api"
-
-	"github.com/rs/zerolog/log"
+	"github.com/sirupsen/logrus"
 )

 const (
@@ -67,14 +66,13 @@ func (service *Service) EndpointGroups() ([]portainer.EndpointGroup, error) {
 		BucketName,
 		&portainer.EndpointGroup{},
 		func(obj interface{}) (interface{}, error) {
+			//var tag portainer.Tag
 			endpointGroup, ok := obj.(*portainer.EndpointGroup)
 			if !ok {
-				log.Debug().Str("obj", fmt.Sprintf("%#v", obj)).Msg("failed to convert to EndpointGroup object")
+				logrus.WithField("obj", obj).Errorf("Failed to convert to EndpointGroup object")
 				return nil, fmt.Errorf("Failed to convert to EndpointGroup object: %s", obj)
 			}
-
 			endpointGroups = append(endpointGroups, *endpointGroup)
-
 			return &portainer.EndpointGroup{}, nil
 		})

--- a/api/dataservices/endpointrelation/endpointrelation.go
+++ b/api/dataservices/endpointrelation/endpointrelation.go
@@ -4,8 +4,7 @@ import (
 	"fmt"

 	portainer "github.com/portainer/portainer/api"
-
-	"github.com/rs/zerolog/log"
+	"github.com/sirupsen/logrus"
 )

 const (
@@ -34,7 +33,7 @@ func NewService(connection portainer.Connection) (*Service, error) {
 	}, nil
 }

-// EndpointRelations returns an array of all EndpointRelations
+//EndpointRelations returns an array of all EndpointRelations
 func (service *Service) EndpointRelations() ([]portainer.EndpointRelation, error) {
 	var all = make([]portainer.EndpointRelation, 0)

@@ -44,12 +43,10 @@ func (service *Service) EndpointRelations() ([]portainer.EndpointRelation, error
 		func(obj interface{}) (interface{}, error) {
 			r, ok := obj.(*portainer.EndpointRelation)
 			if !ok {
-				log.Debug().Str("obj", fmt.Sprintf("%#v", obj)).Msg("failed to convert to EndpointRelation object")
+				logrus.WithField("obj", obj).Errorf("Failed to convert to EndpointRelation object")
 				return nil, fmt.Errorf("Failed to convert to EndpointRelation object: %s", obj)
 			}
-
 			all = append(all, *r)
-
 			return &portainer.EndpointRelation{}, nil
 		})

--- a/api/dataservices/extension/extension.go
+++ b/api/dataservices/extension/extension.go
@@ -4,8 +4,7 @@ import (
 	"fmt"

 	portainer "github.com/portainer/portainer/api"
-
-	"github.com/rs/zerolog/log"
+	"github.com/sirupsen/logrus"
 )

 const (
@@ -57,12 +56,10 @@ func (service *Service) Extensions() ([]portainer.Extension, error) {
 		func(obj interface{}) (interface{}, error) {
 			extension, ok := obj.(*portainer.Extension)
 			if !ok {
-				log.Debug().Str("obj", fmt.Sprintf("%#v", obj)).Msg("failed to convert to Extension object")
+				logrus.WithField("obj", obj).Errorf("Failed to convert to Extension object")
 				return nil, fmt.Errorf("Failed to convert to Extension object: %s", obj)
 			}
-
 			extensions = append(extensions, *extension)
-
 			return &portainer.Extension{}, nil
 		})

--- a/api/dataservices/fdoprofile/fdoprofile.go
+++ b/api/dataservices/fdoprofile/fdoprofile.go
@@ -4,8 +4,7 @@ import (
 	"fmt"

 	portainer "github.com/portainer/portainer/api"
-
-	"github.com/rs/zerolog/log"
+	"github.com/sirupsen/logrus"
 )

 const (
@@ -44,9 +43,8 @@ func (service *Service) FDOProfiles() ([]portainer.FDOProfile, error) {
 		func(obj interface{}) (interface{}, error) {
 			fdoProfile, ok := obj.(*portainer.FDOProfile)
 			if !ok {
-				log.Debug().Str("obj", fmt.Sprintf("%#v", obj)).Msg("failed to convert to FDOProfile object")
-
-				return nil, fmt.Errorf("Failed to convert to FDOProfile object: %s", obj)
+				logrus.WithField("obj", obj).Errorf("Failed to convert to FDOProfile object")
+				return nil, fmt.Errorf("failed to convert to FDOProfile object: %s", obj)
 			}
 			fdoProfiles = append(fdoProfiles, *fdoProfile)
 			return &portainer.FDOProfile{}, nil
--- a/api/dataservices/helmuserrepository/helmuserrepository.go
+++ b/api/dataservices/helmuserrepository/helmuserrepository.go
@@ -4,8 +4,7 @@ import (
 	"fmt"

 	portainer "github.com/portainer/portainer/api"
-
-	"github.com/rs/zerolog/log"
+	"github.com/sirupsen/logrus"
 )

 const (
@@ -34,7 +33,7 @@ func NewService(connection portainer.Connection) (*Service, error) {
 	}, nil
 }

-// HelmUserRepository returns an array of all HelmUserRepository
+//HelmUserRepository returns an array of all HelmUserRepository
 func (service *Service) HelmUserRepositories() ([]portainer.HelmUserRepository, error) {
 	var repos = make([]portainer.HelmUserRepository, 0)

@@ -44,12 +43,10 @@ func (service *Service) HelmUserRepositories() ([]portainer.HelmUserRepository,
 		func(obj interface{}) (interface{}, error) {
 			r, ok := obj.(*portainer.HelmUserRepository)
 			if !ok {
-				log.Debug().Str("obj", fmt.Sprintf("%#v", obj)).Msg("failed to convert to HelmUserRepository object")
+				logrus.WithField("obj", obj).Errorf("Failed to convert to HelmUserRepository object")
 				return nil, fmt.Errorf("Failed to convert to HelmUserRepository object: %s", obj)
 			}
-
 			repos = append(repos, *r)
-
 			return &portainer.HelmUserRepository{}, nil
 		})

@@ -66,14 +63,12 @@ func (service *Service) HelmUserRepositoryByUserID(userID portainer.UserID) ([]p
 		func(obj interface{}) (interface{}, error) {
 			record, ok := obj.(*portainer.HelmUserRepository)
 			if !ok {
-				log.Debug().Str("obj", fmt.Sprintf("%#v", obj)).Msg("failed to convert to HelmUserRepository object")
+				logrus.WithField("obj", obj).Errorf("Failed to convert to HelmUserRepository object")
 				return nil, fmt.Errorf("Failed to convert to HelmUserRepository object: %s", obj)
 			}
-
 			if record.UserID == userID {
 				result = append(result, *record)
 			}
-
 			return &portainer.HelmUserRepository{}, nil
 		})

--- a/api/dataservices/interface.go
+++ b/api/dataservices/interface.go
@@ -7,7 +7,6 @@ import (
 	"time"

 	"github.com/portainer/portainer/api/dataservices/errors"
-	"github.com/portainer/portainer/api/edgetypes"

 	portainer "github.com/portainer/portainer/api"
 )
@@ -24,11 +23,11 @@ type (
 		BackupTo(w io.Writer) error
 		Export(filename string) (err error)
 		IsErrObjectNotFound(err error) bool
+
 		CustomTemplate() CustomTemplateService
 		EdgeGroup() EdgeGroupService
 		EdgeJob() EdgeJobService
 		EdgeStack() EdgeStackService
-		EdgeUpdateSchedule() EdgeUpdateScheduleService
 		Endpoint() EndpointService
 		EndpointGroup() EndpointGroupService
 		EndpointRelation() EndpointRelationService
@@ -39,7 +38,6 @@ type (
 		Role() RoleService
 		APIKeyRepository() APIKeyRepository
 		Settings() SettingsService
-		Snapshot() SnapshotService
 		SSLSettings() SSLSettingsService
 		Stack() StackService
 		Tag() TagService
@@ -76,24 +74,13 @@ type (
 	EdgeJobService interface {
 		EdgeJobs() ([]portainer.EdgeJob, error)
 		EdgeJob(ID portainer.EdgeJobID) (*portainer.EdgeJob, error)
-		Create(ID portainer.EdgeJobID, edgeJob *portainer.EdgeJob) error
+		Create(edgeJob *portainer.EdgeJob) error
 		UpdateEdgeJob(ID portainer.EdgeJobID, edgeJob *portainer.EdgeJob) error
 		DeleteEdgeJob(ID portainer.EdgeJobID) error
 		GetNextIdentifier() int
 		BucketName() string
 	}

-	EdgeUpdateScheduleService interface {
-		ActiveSchedule(environmentID portainer.EndpointID) *edgetypes.EndpointUpdateScheduleRelation
-		ActiveSchedules(environmentIDs []portainer.EndpointID) []edgetypes.EndpointUpdateScheduleRelation
-		List() ([]edgetypes.UpdateSchedule, error)
-		Item(ID edgetypes.UpdateScheduleID) (*edgetypes.UpdateSchedule, error)
-		Create(edgeUpdateSchedule *edgetypes.UpdateSchedule) error
-		Update(ID edgetypes.UpdateScheduleID, edgeUpdateSchedule *edgetypes.UpdateSchedule) error
-		Delete(ID edgetypes.UpdateScheduleID) error
-		BucketName() string
-	}
-
 	// EdgeStackService represents a service to manage Edge stacks
 	EdgeStackService interface {
 		EdgeStacks() ([]portainer.EdgeStack, error)
@@ -214,15 +201,6 @@ type (
 		BucketName() string
 	}

-	SnapshotService interface {
-		Snapshot(endpointID portainer.EndpointID) (*portainer.Snapshot, error)
-		Snapshots() ([]portainer.Snapshot, error)
-		UpdateSnapshot(snapshot *portainer.Snapshot) error
-		DeleteSnapshot(endpointID portainer.EndpointID) error
-		Create(snapshot *portainer.Snapshot) error
-		BucketName() string
-	}
-
 	// SSLSettingsService represents a service for managing application settings
 	SSLSettingsService interface {
 		Settings() (*portainer.SSLSettings, error)
@@ -251,7 +229,6 @@ type (
 		Tag(ID portainer.TagID) (*portainer.Tag, error)
 		Create(tag *portainer.Tag) error
 		UpdateTag(ID portainer.TagID, tag *portainer.Tag) error
-		UpdateTagFunc(ID portainer.TagID, updateFunc func(tag *portainer.Tag)) error
 		DeleteTag(ID portainer.TagID) error
 		BucketName() string
 	}
--- a/api/dataservices/registry/registry.go
+++ b/api/dataservices/registry/registry.go
@@ -4,8 +4,7 @@ import (
 	"fmt"

 	portainer "github.com/portainer/portainer/api"
-
-	"github.com/rs/zerolog/log"
+	"github.com/sirupsen/logrus"
 )

 const (
@@ -57,12 +56,10 @@ func (service *Service) Registries() ([]portainer.Registry, error) {
 		func(obj interface{}) (interface{}, error) {
 			registry, ok := obj.(*portainer.Registry)
 			if !ok {
-				log.Debug().Str("obj", fmt.Sprintf("%#v", obj)).Msg("failed to convert to Registry object")
+				logrus.WithField("obj", obj).Errorf("Failed to convert to Registry object")
 				return nil, fmt.Errorf("Failed to convert to Registry object: %s", obj)
 			}
-
 			registries = append(registries, *registry)
-
 			return &portainer.Registry{}, nil
 		})

--- a/api/dataservices/resourcecontrol/resourcecontrol.go
+++ b/api/dataservices/resourcecontrol/resourcecontrol.go
@@ -4,8 +4,7 @@ import (
 	"fmt"

 	portainer "github.com/portainer/portainer/api"
-
-	"github.com/rs/zerolog/log"
+	"github.com/sirupsen/logrus"
 )

 const (
@@ -59,7 +58,7 @@ func (service *Service) ResourceControlByResourceIDAndType(resourceID string, re
 		func(obj interface{}) (interface{}, error) {
 			rc, ok := obj.(*portainer.ResourceControl)
 			if !ok {
-				log.Debug().Str("obj", fmt.Sprintf("%#v", obj)).Msg("failed to convert to ResourceControl object")
+				logrus.WithField("obj", obj).Errorf("Failed to convert to ResourceControl object")
 				return nil, fmt.Errorf("Failed to convert to ResourceControl object: %s", obj)
 			}

@@ -74,7 +73,6 @@ func (service *Service) ResourceControlByResourceIDAndType(resourceID string, re
 					return nil, stop
 				}
 			}
-
 			return &portainer.ResourceControl{}, nil
 		})
 	if err == stop {
@@ -94,12 +92,10 @@ func (service *Service) ResourceControls() ([]portainer.ResourceControl, error)
 		func(obj interface{}) (interface{}, error) {
 			rc, ok := obj.(*portainer.ResourceControl)
 			if !ok {
-				log.Debug().Str("obj", fmt.Sprintf("%#v", obj)).Msg("failed to convert to ResourceControl object")
+				logrus.WithField("obj", obj).Errorf("Failed to convert to ResourceControl object")
 				return nil, fmt.Errorf("Failed to convert to ResourceControl object: %s", obj)
 			}
-
 			rcs = append(rcs, *rc)
-
 			return &portainer.ResourceControl{}, nil
 		})

--- a/api/dataservices/role/role.go
+++ b/api/dataservices/role/role.go
@@ -4,8 +4,7 @@ import (
 	"fmt"

 	portainer "github.com/portainer/portainer/api"
-
-	"github.com/rs/zerolog/log"
+	"github.com/sirupsen/logrus"
 )

 const (
@@ -57,12 +56,10 @@ func (service *Service) Roles() ([]portainer.Role, error) {
 		func(obj interface{}) (interface{}, error) {
 			set, ok := obj.(*portainer.Role)
 			if !ok {
-				log.Debug().Str("obj", fmt.Sprintf("%#v", obj)).Msg("failed to convert to Role object")
+				logrus.WithField("obj", obj).Errorf("Failed to convert to Role object")
 				return nil, fmt.Errorf("Failed to convert to Role object: %s", obj)
 			}
-
 			sets = append(sets, *set)
-
 			return &portainer.Role{}, nil
 		})

--- a/api/dataservices/schedule/schedule.go
+++ b/api/dataservices/schedule/schedule.go
@@ -4,8 +4,7 @@ import (
 	"fmt"

 	portainer "github.com/portainer/portainer/api"
-
-	"github.com/rs/zerolog/log"
+	"github.com/sirupsen/logrus"
 )

 const (
@@ -69,12 +68,10 @@ func (service *Service) Schedules() ([]portainer.Schedule, error) {
 		func(obj interface{}) (interface{}, error) {
 			schedule, ok := obj.(*portainer.Schedule)
 			if !ok {
-				log.Debug().Str("obj", fmt.Sprintf("%#v", obj)).Msg("failed to convert to Schedule object")
+				logrus.WithField("obj", obj).Errorf("Failed to convert to Schedule object")
 				return nil, fmt.Errorf("Failed to convert to Schedule object: %s", obj)
 			}
-
 			schedules = append(schedules, *schedule)
-
 			return &portainer.Schedule{}, nil
 		})

@@ -92,14 +89,12 @@ func (service *Service) SchedulesByJobType(jobType portainer.JobType) ([]portain
 		func(obj interface{}) (interface{}, error) {
 			schedule, ok := obj.(*portainer.Schedule)
 			if !ok {
-				log.Debug().Str("obj", fmt.Sprintf("%#v", obj)).Msg("failed to convert to Schedule object")
+				logrus.WithField("obj", obj).Errorf("Failed to convert to Schedule object")
 				return nil, fmt.Errorf("Failed to convert to Schedule object: %s", obj)
 			}
-
 			if schedule.JobType == jobType {
 				schedules = append(schedules, *schedule)
 			}
-
 			return &portainer.Schedule{}, nil
 		})

@@ -108,7 +103,7 @@ func (service *Service) SchedulesByJobType(jobType portainer.JobType) ([]portain

 // Create assign an ID to a new schedule and saves it.
 func (service *Service) CreateSchedule(schedule *portainer.Schedule) error {
-	return service.connection.CreateObjectWithId(BucketName, int(schedule.ID), schedule)
+	return service.connection.CreateObjectWithSetSequence(BucketName, int(schedule.ID), schedule)
 }

 // GetNextIdentifier returns the next identifier for a schedule.
--- a/api/dataservices/snapshot/snapshot.go
+++ b/api/dataservices/snapshot/snapshot.go
@@ -1,77 +0,0 @@
-package snapshot
-
-import (
-	"fmt"
-
-	portainer "github.com/portainer/portainer/api"
-
-	"github.com/rs/zerolog/log"
-)
-
-const (
-	BucketName = "snapshots"
-)
-
-type Service struct {
-	connection portainer.Connection
-}
-
-func (service *Service) BucketName() string {
-	return BucketName
-}
-
-func NewService(connection portainer.Connection) (*Service, error) {
-	err := connection.SetServiceName(BucketName)
-	if err != nil {
-		return nil, err
-	}
-
-	return &Service{
-		connection: connection,
-	}, nil
-}
-
-func (service *Service) Snapshot(endpointID portainer.EndpointID) (*portainer.Snapshot, error) {
-	var snapshot portainer.Snapshot
-	identifier := service.connection.ConvertToKey(int(endpointID))
-
-	err := service.connection.GetObject(BucketName, identifier, &snapshot)
-	if err != nil {
-		return nil, err
-	}
-
-	return &snapshot, nil
-}
-
-func (service *Service) Snapshots() ([]portainer.Snapshot, error) {
-	var snapshots = make([]portainer.Snapshot, 0)
-
-	err := service.connection.GetAllWithJsoniter(
-		BucketName,
-		&portainer.Snapshot{},
-		func(obj interface{}) (interface{}, error) {
-			snapshot, ok := obj.(*portainer.Snapshot)
-			if !ok {
-				log.Debug().Str("obj", fmt.Sprintf("%#v", obj)).Msg("failed to convert to Snapshot object")
-				return nil, fmt.Errorf("failed to convert to Snapshot object: %s", obj)
-			}
-			snapshots = append(snapshots, *snapshot)
-			return &portainer.Snapshot{}, nil
-		})
-
-	return snapshots, err
-}
-
-func (service *Service) UpdateSnapshot(snapshot *portainer.Snapshot) error {
-	identifier := service.connection.ConvertToKey(int(snapshot.EndpointID))
-	return service.connection.UpdateObject(BucketName, identifier, snapshot)
-}
-
-func (service *Service) DeleteSnapshot(endpointID portainer.EndpointID) error {
-	identifier := service.connection.ConvertToKey(int(endpointID))
-	return service.connection.DeleteObject(BucketName, identifier)
-}
-
-func (service *Service) Create(snapshot *portainer.Snapshot) error {
-	return service.connection.CreateObjectWithId(BucketName, int(snapshot.EndpointID), snapshot)
-}
--- a/api/dataservices/stack/stack.go
+++ b/api/dataservices/stack/stack.go
@@ -4,10 +4,10 @@ import (
 	"fmt"
 	"strings"

+	"github.com/sirupsen/logrus"
+
 	portainer "github.com/portainer/portainer/api"
 	"github.com/portainer/portainer/api/dataservices/errors"
-
-	"github.com/rs/zerolog/log"
 )

 const (
@@ -60,15 +60,13 @@ func (service *Service) StackByName(name string) (*portainer.Stack, error) {
 		func(obj interface{}) (interface{}, error) {
 			stack, ok := obj.(*portainer.Stack)
 			if !ok {
-				log.Debug().Str("obj", fmt.Sprintf("%#v", obj)).Msg("failed to convert to Stack object")
+				logrus.WithField("obj", obj).Errorf("Failed to convert to Stack object")
 				return nil, fmt.Errorf("Failed to convert to Stack object: %s", obj)
 			}
-
 			if stack.Name == name {
 				s = stack
 				return nil, stop
 			}
-
 			return &portainer.Stack{}, nil
 		})
 	if err == stop {
@@ -91,14 +89,12 @@ func (service *Service) StacksByName(name string) ([]portainer.Stack, error) {
 		func(obj interface{}) (interface{}, error) {
 			stack, ok := obj.(portainer.Stack)
 			if !ok {
-				log.Debug().Str("obj", fmt.Sprintf("%#v", obj)).Msg("failed to convert to Stack object")
+				logrus.WithField("obj", obj).Errorf("Failed to convert to Stack object")
 				return nil, fmt.Errorf("Failed to convert to Stack object: %s", obj)
 			}
-
 			if stack.Name == name {
 				stacks = append(stacks, stack)
 			}
-
 			return &portainer.Stack{}, nil
 		})

@@ -115,12 +111,10 @@ func (service *Service) Stacks() ([]portainer.Stack, error) {
 		func(obj interface{}) (interface{}, error) {
 			stack, ok := obj.(*portainer.Stack)
 			if !ok {
-				log.Debug().Str("obj", fmt.Sprintf("%#v", obj)).Msg("failed to convert to Stack object")
+				logrus.WithField("obj", obj).Errorf("Failed to convert to Stack object")
 				return nil, fmt.Errorf("Failed to convert to Stack object: %s", obj)
 			}
-
 			stacks = append(stacks, *stack)
-
 			return &portainer.Stack{}, nil
 		})

@@ -134,7 +128,7 @@ func (service *Service) GetNextIdentifier() int {

 // CreateStack creates a new stack.
 func (service *Service) Create(stack *portainer.Stack) error {
-	return service.connection.CreateObjectWithId(BucketName, int(stack.ID), stack)
+	return service.connection.CreateObjectWithSetSequence(BucketName, int(stack.ID), stack)
 }

 // UpdateStack updates a stack.
@@ -162,15 +156,13 @@ func (service *Service) StackByWebhookID(id string) (*portainer.Stack, error) {
 			s, ok = obj.(*portainer.Stack)

 			if !ok {
-				log.Debug().Str("obj", fmt.Sprintf("%#v", obj)).Msg("failed to convert to Stack object")
-
+				logrus.WithField("obj", obj).Errorf("Failed to convert to Stack object")
 				return &portainer.Stack{}, nil
 			}

 			if s.AutoUpdate != nil && strings.EqualFold(s.AutoUpdate.Webhook, id) {
 				return nil, stop
 			}
-
 			return &portainer.Stack{}, nil
 		})
 	if err == stop {
@@ -194,14 +186,12 @@ func (service *Service) RefreshableStacks() ([]portainer.Stack, error) {
 		func(obj interface{}) (interface{}, error) {
 			stack, ok := obj.(*portainer.Stack)
 			if !ok {
-				log.Debug().Str("obj", fmt.Sprintf("%#v", obj)).Msg("failed to convert to Stack object")
+				logrus.WithField("obj", obj).Errorf("Failed to convert to Stack object")
 				return nil, fmt.Errorf("Failed to convert to Stack object: %s", obj)
 			}
-
 			if stack.AutoUpdate != nil && stack.AutoUpdate.Interval != "" {
 				stacks = append(stacks, *stack)
 			}
-
 			return &portainer.Stack{}, nil
 		})

--- a/api/dataservices/stack/tests/stack_test.go
+++ b/api/dataservices/stack/tests/stack_test.go
@@ -29,7 +29,7 @@ func TestService_StackByWebhookID(t *testing.T) {
 	if testing.Short() {
 		t.Skip("skipping test in short mode. Normally takes ~1s to run.")
 	}
-	_, store, teardown := datastore.MustNewTestStore(t, true, true)
+	_, store, teardown := datastore.MustNewTestStore(true)
 	defer teardown()

 	b := stackBuilder{t: t, store: store}
@@ -87,7 +87,7 @@ func Test_RefreshableStacks(t *testing.T) {
 	if testing.Short() {
 		t.Skip("skipping test in short mode. Normally takes ~1s to run.")
 	}
-	_, store, teardown := datastore.MustNewTestStore(t, true, true)
+	_, store, teardown := datastore.MustNewTestStore(true)
 	defer teardown()

 	staticStack := portainer.Stack{ID: 1}
--- a/api/dataservices/tag/tag.go
+++ b/api/dataservices/tag/tag.go
@@ -4,8 +4,7 @@ import (
 	"fmt"

 	portainer "github.com/portainer/portainer/api"
-
-	"github.com/rs/zerolog/log"
+	"github.com/sirupsen/logrus"
 )

 const (
@@ -44,12 +43,10 @@ func (service *Service) Tags() ([]portainer.Tag, error) {
 		func(obj interface{}) (interface{}, error) {
 			tag, ok := obj.(*portainer.Tag)
 			if !ok {
-				log.Debug().Str("obj", fmt.Sprintf("%#v", obj)).Msg("failed to convert to Tag object")
+				logrus.WithField("obj", obj).Errorf("Failed to convert to Tag object")
 				return nil, fmt.Errorf("Failed to convert to Tag object: %s", obj)
 			}
-
 			tags = append(tags, *tag)
-
 			return &portainer.Tag{}, nil
 		})

@@ -80,24 +77,12 @@ func (service *Service) Create(tag *portainer.Tag) error {
 	)
 }

-// Deprecated: Use UpdateTagFunc instead.
+// UpdateTag updates a tag.
 func (service *Service) UpdateTag(ID portainer.TagID, tag *portainer.Tag) error {
 	identifier := service.connection.ConvertToKey(int(ID))
 	return service.connection.UpdateObject(BucketName, identifier, tag)
 }

-// UpdateTagFunc updates a tag inside a transaction avoiding data races.
-func (service *Service) UpdateTagFunc(ID portainer.TagID, updateFunc func(tag *portainer.Tag)) error {
-	id := service.connection.ConvertToKey(int(ID))
-	tag := &portainer.Tag{}
-
-	service.connection.UpdateObjectFunc(BucketName, id, tag, func() {
-		updateFunc(tag)
-	})
-
-	return nil
-}
-
 // DeleteTag deletes a tag.
 func (service *Service) DeleteTag(ID portainer.TagID) error {
 	identifier := service.connection.ConvertToKey(int(ID))
--- a/api/dataservices/team/team.go
+++ b/api/dataservices/team/team.go
@@ -4,10 +4,10 @@ import (
 	"fmt"
 	"strings"

-	portainer "github.com/portainer/portainer/api"
 	"github.com/portainer/portainer/api/dataservices/errors"
+	"github.com/sirupsen/logrus"

-	"github.com/rs/zerolog/log"
+	portainer "github.com/portainer/portainer/api"
 )

 const (
@@ -60,15 +60,13 @@ func (service *Service) TeamByName(name string) (*portainer.Team, error) {
 		func(obj interface{}) (interface{}, error) {
 			team, ok := obj.(*portainer.Team)
 			if !ok {
-				log.Debug().Str("obj", fmt.Sprintf("%#v", obj)).Msg("failed to convert to Team object")
+				logrus.WithField("obj", obj).Errorf("Failed to convert to Team object")
 				return nil, fmt.Errorf("Failed to convert to Team object: %s", obj)
 			}
-
 			if strings.EqualFold(team.Name, name) {
 				t = team
 				return nil, stop
 			}
-
 			return &portainer.Team{}, nil
 		})
 	if err == stop {
@@ -91,12 +89,10 @@ func (service *Service) Teams() ([]portainer.Team, error) {
 		func(obj interface{}) (interface{}, error) {
 			team, ok := obj.(*portainer.Team)
 			if !ok {
-				log.Debug().Str("obj", fmt.Sprintf("%#v", obj)).Msg("failed to convert to Team object")
+				logrus.WithField("obj", obj).Errorf("Failed to convert to Team object")
 				return nil, fmt.Errorf("Failed to convert to Team object: %s", obj)
 			}
-
 			teams = append(teams, *team)
-
 			return &portainer.Team{}, nil
 		})

--- a/api/dataservices/team/tests/team_test.go
+++ b/api/dataservices/team/tests/team_test.go
@@ -10,7 +10,7 @@ import (

 func Test_teamByName(t *testing.T) {
 	t.Run("When store is empty should return ErrObjectNotFound", func(t *testing.T) {
-		_, store, teardown := datastore.MustNewTestStore(t, true, true)
+		_, store, teardown := datastore.MustNewTestStore(true)
 		defer teardown()

 		_, err := store.Team().TeamByName("name")
@@ -19,7 +19,7 @@ func Test_teamByName(t *testing.T) {
 	})

 	t.Run("When there is no object with the same name should return ErrObjectNotFound", func(t *testing.T) {
-		_, store, teardown := datastore.MustNewTestStore(t, true, true)
+		_, store, teardown := datastore.MustNewTestStore(true)
 		defer teardown()

 		teamBuilder := teamBuilder{
@@ -35,7 +35,7 @@ func Test_teamByName(t *testing.T) {
 	})

 	t.Run("When there is an object with the same name should return the object", func(t *testing.T) {
-		_, store, teardown := datastore.MustNewTestStore(t, true, true)
+		_, store, teardown := datastore.MustNewTestStore(true)
 		defer teardown()

 		teamBuilder := teamBuilder{
--- a/api/dataservices/teammembership/teammembership.go
+++ b/api/dataservices/teammembership/teammembership.go
@@ -4,8 +4,7 @@ import (
 	"fmt"

 	portainer "github.com/portainer/portainer/api"
-
-	"github.com/rs/zerolog/log"
+	"github.com/sirupsen/logrus"
 )

 const (
@@ -57,12 +56,10 @@ func (service *Service) TeamMemberships() ([]portainer.TeamMembership, error) {
 		func(obj interface{}) (interface{}, error) {
 			membership, ok := obj.(*portainer.TeamMembership)
 			if !ok {
-				log.Debug().Str("obj", fmt.Sprintf("%#v", obj)).Msg("failed to convert to TeamMembership object")
+				logrus.WithField("obj", obj).Errorf("Failed to convert to TeamMembership object")
 				return nil, fmt.Errorf("Failed to convert to TeamMembership object: %s", obj)
 			}
-
 			memberships = append(memberships, *membership)
-
 			return &portainer.TeamMembership{}, nil
 		})

@@ -79,14 +76,12 @@ func (service *Service) TeamMembershipsByUserID(userID portainer.UserID) ([]port
 		func(obj interface{}) (interface{}, error) {
 			membership, ok := obj.(*portainer.TeamMembership)
 			if !ok {
-				log.Debug().Str("obj", fmt.Sprintf("%#v", obj)).Msg("failed to convert to TeamMembership object")
+				logrus.WithField("obj", obj).Errorf("Failed to convert to TeamMembership object")
 				return nil, fmt.Errorf("Failed to convert to TeamMembership object: %s", obj)
 			}
-
 			if membership.UserID == userID {
 				memberships = append(memberships, *membership)
 			}
-
 			return &portainer.TeamMembership{}, nil
 		})

@@ -103,14 +98,12 @@ func (service *Service) TeamMembershipsByTeamID(teamID portainer.TeamID) ([]port
 		func(obj interface{}) (interface{}, error) {
 			membership, ok := obj.(*portainer.TeamMembership)
 			if !ok {
-				log.Debug().Str("obj", fmt.Sprintf("%#v", obj)).Msg("failed to convert to TeamMembership object")
+				logrus.WithField("obj", obj).Errorf("Failed to convert to TeamMembership object")
 				return nil, fmt.Errorf("Failed to convert to TeamMembership object: %s", obj)
 			}
-
 			if membership.TeamID == teamID {
 				memberships = append(memberships, *membership)
 			}
-
 			return &portainer.TeamMembership{}, nil
 		})

@@ -147,15 +140,13 @@ func (service *Service) DeleteTeamMembershipByUserID(userID portainer.UserID) er
 		func(obj interface{}) (id int, ok bool) {
 			membership, ok := obj.(portainer.TeamMembership)
 			if !ok {
-				log.Debug().Str("obj", fmt.Sprintf("%#v", obj)).Msg("failed to convert to TeamMembership object")
+				logrus.WithField("obj", obj).Errorf("Failed to convert to TeamMembership object")
 				//return fmt.Errorf("Failed to convert to TeamMembership object: %s", obj)
 				return -1, false
 			}
-
 			if membership.UserID == userID {
 				return int(membership.ID), true
 			}
-
 			return -1, false
 		})
 }
@@ -167,15 +158,13 @@ func (service *Service) DeleteTeamMembershipByTeamID(teamID portainer.TeamID) er
 		func(obj interface{}) (id int, ok bool) {
 			membership, ok := obj.(portainer.TeamMembership)
 			if !ok {
-				log.Debug().Str("obj", fmt.Sprintf("%#v", obj)).Msg("failed to convert to TeamMembership object")
+				logrus.WithField("obj", obj).Errorf("Failed to convert to TeamMembership object")
 				//return fmt.Errorf("Failed to convert to TeamMembership object: %s", obj)
 				return -1, false
 			}
-
 			if membership.TeamID == teamID {
 				return int(membership.ID), true
 			}
-
 			return -1, false
 		})
 }
--- a/api/dataservices/user/user.go
+++ b/api/dataservices/user/user.go
@@ -4,10 +4,10 @@ import (
 	"fmt"
 	"strings"

-	portainer "github.com/portainer/portainer/api"
 	"github.com/portainer/portainer/api/dataservices/errors"
+	"github.com/sirupsen/logrus"

-	"github.com/rs/zerolog/log"
+	portainer "github.com/portainer/portainer/api"
 )

 const (
@@ -59,23 +59,18 @@ func (service *Service) UserByUsername(username string) (*portainer.User, error)
 		func(obj interface{}) (interface{}, error) {
 			user, ok := obj.(*portainer.User)
 			if !ok {
-				log.Debug().Str("obj", fmt.Sprintf("%#v", obj)).Msg("failed to convert to User object")
-
+				logrus.WithField("obj", obj).Errorf("Failed to convert to User object")
 				return nil, fmt.Errorf("Failed to convert to User object: %s", obj)
 			}
-
 			if strings.EqualFold(user.Username, username) {
 				u = user
 				return nil, stop
 			}
-
 			return &portainer.User{}, nil
 		})
-
 	if err == stop {
 		return u, nil
 	}
-
 	if err == nil {
 		return nil, errors.ErrObjectNotFound
 	}
@@ -93,13 +88,10 @@ func (service *Service) Users() ([]portainer.User, error) {
 		func(obj interface{}) (interface{}, error) {
 			user, ok := obj.(*portainer.User)
 			if !ok {
-				log.Debug().Str("obj", fmt.Sprintf("%#v", obj)).Msg("failed to convert to User object")
-
+				logrus.WithField("obj", obj).Errorf("Failed to convert to User object")
 				return nil, fmt.Errorf("Failed to convert to User object: %s", obj)
 			}
-
 			users = append(users, *user)
-
 			return &portainer.User{}, nil
 		})

@@ -116,15 +108,12 @@ func (service *Service) UsersByRole(role portainer.UserRole) ([]portainer.User,
 		func(obj interface{}) (interface{}, error) {
 			user, ok := obj.(*portainer.User)
 			if !ok {
-				log.Debug().Str("obj", fmt.Sprintf("%#v", obj)).Msg("failed to convert to User object")
-
+				logrus.WithField("obj", obj).Errorf("Failed to convert to User object")
 				return nil, fmt.Errorf("Failed to convert to User object: %s", obj)
 			}
-
 			if user.Role == role {
 				users = append(users, *user)
 			}
-
 			return &portainer.User{}, nil
 		})

--- a/api/dataservices/webhook/webhook.go
+++ b/api/dataservices/webhook/webhook.go
@@ -5,8 +5,7 @@ import (

 	portainer "github.com/portainer/portainer/api"
 	"github.com/portainer/portainer/api/dataservices/errors"
-
-	"github.com/rs/zerolog/log"
+	"github.com/sirupsen/logrus"
 )

 const (
@@ -35,7 +34,7 @@ func NewService(connection portainer.Connection) (*Service, error) {
 	}, nil
 }

-// Webhooks returns an array of all webhooks
+//Webhooks returns an array of all webhooks
 func (service *Service) Webhooks() ([]portainer.Webhook, error) {
 	var webhooks = make([]portainer.Webhook, 0)

@@ -45,12 +44,10 @@ func (service *Service) Webhooks() ([]portainer.Webhook, error) {
 		func(obj interface{}) (interface{}, error) {
 			webhook, ok := obj.(*portainer.Webhook)
 			if !ok {
-				log.Debug().Str("obj", fmt.Sprintf("%#v", obj)).Msg("failed to convert to Webhook object")
+				logrus.WithField("obj", obj).Errorf("Failed to convert to Webhook object")
 				return nil, fmt.Errorf("Failed to convert to Webhook object: %s", obj)
 			}
-
 			webhooks = append(webhooks, *webhook)
-
 			return &portainer.Webhook{}, nil
 		})

@@ -80,23 +77,18 @@ func (service *Service) WebhookByResourceID(ID string) (*portainer.Webhook, erro
 		func(obj interface{}) (interface{}, error) {
 			webhook, ok := obj.(*portainer.Webhook)
 			if !ok {
-				log.Debug().Str("obj", fmt.Sprintf("%#v", obj)).Msg("failed to convert to Webhook object")
-
+				logrus.WithField("obj", obj).Errorf("Failed to convert to Webhook object")
 				return nil, fmt.Errorf("Failed to convert to Webhook object: %s", obj)
 			}
-
 			if webhook.ResourceID == ID {
 				w = webhook
 				return nil, stop
 			}
-
 			return &portainer.Webhook{}, nil
 		})
-
 	if err == stop {
 		return w, nil
 	}
-
 	if err == nil {
 		return nil, errors.ErrObjectNotFound
 	}
@@ -114,23 +106,18 @@ func (service *Service) WebhookByToken(token string) (*portainer.Webhook, error)
 		func(obj interface{}) (interface{}, error) {
 			webhook, ok := obj.(*portainer.Webhook)
 			if !ok {
-				log.Debug().Str("obj", fmt.Sprintf("%#v", obj)).Msg("failed to convert to Webhook object")
-
+				logrus.WithField("obj", obj).Errorf("Failed to convert to Webhook object")
 				return nil, fmt.Errorf("Failed to convert to Webhook object: %s", obj)
 			}
-
 			if webhook.Token == token {
 				w = webhook
 				return nil, stop
 			}
-
 			return &portainer.Webhook{}, nil
 		})
-
 	if err == stop {
 		return w, nil
 	}
-
 	if err == nil {
 		return nil, errors.ErrObjectNotFound
 	}
--- a/api/datastore/backup.go
+++ b/api/datastore/backup.go
@@ -6,7 +6,7 @@ import (
 	"path"
 	"time"

-	"github.com/rs/zerolog/log"
+	plog "github.com/portainer/portainer/api/datastore/log"
 )

 var backupDefaults = struct {
@@ -17,6 +17,8 @@ var backupDefaults = struct {
 	"common",
 }

+var backupLog = plog.NewScopedLog("database, backup")
+
 //
 // Backup Helpers
 //
@@ -27,7 +29,7 @@ func (store *Store) createBackupFolders() {
 	commonDir := store.commonBackupDir()
 	if exists, _ := store.fileService.FileExists(commonDir); !exists {
 		if err := os.MkdirAll(commonDir, 0700); err != nil {
-			log.Error().Err(err).Msg("error while creating common backup folder")
+			backupLog.Error("Error while creating common backup folder", err)
 		}
 	}
 }
@@ -41,13 +43,11 @@ func (store *Store) commonBackupDir() string {
 }

 func (store *Store) copyDBFile(from string, to string) error {
-	log.Info().Str("from", from).Str("to", to).Msg("copying DB file")
-
+	backupLog.Info(fmt.Sprintf("Copying db file from %s to %s", from, to))
 	err := store.fileService.Copy(from, to, true)
 	if err != nil {
-		log.Error().Err(err).Msg("failed")
+		backupLog.Error("Failed", err)
 	}
-
 	return err
 }

@@ -69,11 +69,6 @@ func getBackupRestoreOptions(backupDir string) *BackupOptions {
 	}
 }

-// Backup current database with default options
-func (store *Store) Backup() (string, error) {
-	return store.backupWithOptions(nil)
-}
-
 func (store *Store) setupOptions(options *BackupOptions) *BackupOptions {
 	if options == nil {
 		options = &BackupOptions{}
@@ -99,32 +94,12 @@ func (store *Store) setupOptions(options *BackupOptions) *BackupOptions {

 // BackupWithOptions backup current database with options
 func (store *Store) backupWithOptions(options *BackupOptions) (string, error) {
-	log.Info().Msg("creating DB backup")
-
+	backupLog.Info("creating db backup")
 	store.createBackupFolders()

 	options = store.setupOptions(options)
-	dbPath := store.databasePath()

-	if err := store.Close(); err != nil {
-		return options.BackupPath, fmt.Errorf(
-			"error closing datastore before creating backup: %v",
-			err,
-		)
-	}
-
-	if err := store.copyDBFile(dbPath, options.BackupPath); err != nil {
-		return options.BackupPath, err
-	}
-
-	if _, err := store.Open(); err != nil {
-		return options.BackupPath, fmt.Errorf(
-			"error opening datastore after creating backup: %v",
-			err,
-		)
-	}
-
-	return options.BackupPath, nil
+	return options.BackupPath, store.copyDBFile(store.databasePath(), options.BackupPath)
 }

 // RestoreWithOptions previously saved backup for the current Edition  with options
@@ -137,19 +112,17 @@ func (store *Store) restoreWithOptions(options *BackupOptions) error {
 	// Check if backup file exist before restoring
 	_, err := os.Stat(options.BackupPath)
 	if os.IsNotExist(err) {
-		log.Error().Str("path", options.BackupPath).Err(err).Msg("backup file to restore does not exist %s")
-
+		backupLog.Error(fmt.Sprintf("Backup file to restore does not exist %s", options.BackupPath), err)
 		return err
 	}

 	err = store.Close()
 	if err != nil {
-		log.Error().Err(err).Msg("error while closing store before restore")
-
+		backupLog.Error("Error while closing store before restore", err)
 		return err
 	}

-	log.Info().Msg("restoring DB backup")
+	backupLog.Info("Restoring db backup")
 	err = store.copyDBFile(options.BackupPath, store.databasePath())
 	if err != nil {
 		return err
@@ -161,22 +134,20 @@ func (store *Store) restoreWithOptions(options *BackupOptions) error {

 // RemoveWithOptions removes backup database based on supplied options
 func (store *Store) removeWithOptions(options *BackupOptions) error {
-	log.Info().Msg("removing DB backup")
+	backupLog.Info("Removing db backup")

 	options = store.setupOptions(options)
 	_, err := os.Stat(options.BackupPath)

 	if os.IsNotExist(err) {
-		log.Error().Str("path", options.BackupPath).Err(err).Msg("backup file to remove does not exist")
-
+		backupLog.Error(fmt.Sprintf("Backup file to remove does not exist %s", options.BackupPath), err)
 		return err
 	}

-	log.Info().Str("path", options.BackupPath).Msg("removing DB file")
+	backupLog.Info(fmt.Sprintf("Removing db file at %s", options.BackupPath))
 	err = os.Remove(options.BackupPath)
 	if err != nil {
-		log.Error().Err(err).Msg("failed")
-
+		backupLog.Error("Failed", err)
 		return err
 	}

--- a/api/datastore/backup_test.go
+++ b/api/datastore/backup_test.go
@@ -10,7 +10,7 @@ import (
 )

 func TestCreateBackupFolders(t *testing.T) {
-	_, store, teardown := MustNewTestStore(t, false, true)
+	_, store, teardown := MustNewTestStore(false)
 	defer teardown()

 	connection := store.GetConnection()
@@ -27,7 +27,7 @@ func TestCreateBackupFolders(t *testing.T) {
 }

 func TestStoreCreation(t *testing.T) {
-	_, store, teardown := MustNewTestStore(t, true, true)
+	_, store, teardown := MustNewTestStore(true)
 	defer teardown()

 	if store == nil {
@@ -40,7 +40,7 @@ func TestStoreCreation(t *testing.T) {
 }

 func TestBackup(t *testing.T) {
-	_, store, teardown := MustNewTestStore(t, true, true)
+	_, store, teardown := MustNewTestStore(true)
 	connection := store.GetConnection()
 	defer teardown()

@@ -67,7 +67,7 @@ func TestBackup(t *testing.T) {
 }

 func TestRemoveWithOptions(t *testing.T) {
-	_, store, teardown := MustNewTestStore(t, true, true)
+	_, store, teardown := MustNewTestStore(true)
 	defer teardown()

 	t.Run("successfully removes file if existent", func(t *testing.T) {
@@ -86,7 +86,7 @@ func TestRemoveWithOptions(t *testing.T) {

 		err = store.removeWithOptions(options)
 		if err != nil {
-			t.Errorf("RemoveWithOptions should successfully remove file; err=%v", err)
+			t.Errorf("RemoveWithOptions should successfully remove file; err=%w", err)
 		}

 		if isFileExist(f.Name()) {
--- a/api/datastore/datastore.go
+++ b/api/datastore/datastore.go
@@ -9,8 +9,7 @@ import (

 	portainer "github.com/portainer/portainer/api"
 	portainerErrors "github.com/portainer/portainer/api/dataservices/errors"
-
-	"github.com/rs/zerolog/log"
+	"github.com/sirupsen/logrus"
 )

 func (store *Store) version() (int, error) {
@@ -74,8 +73,7 @@ func (store *Store) Open() (newStore bool, err error) {
 	}

 	if version > 0 {
-		log.Debug().Int("version", version).Msg("opened existing store")
-
+		logrus.WithField("version", version).Infof("Opened existing store")
 		return false, nil
 	}

@@ -123,21 +121,19 @@ func (store *Store) encryptDB() error {

 	// The DB is not currently encrypted.  First save the encrypted db filename
 	oldFilename := store.connection.GetDatabaseFilePath()
-	log.Info().Msg("encrypting database")
+	logrus.Infof("Encrypting database")

 	// export file path for backup
 	exportFilename := path.Join(store.databasePath() + "." + fmt.Sprintf("backup-%d.json", time.Now().Unix()))

-	log.Info().Str("filename", exportFilename).Msg("exporting database backup")
-
+	logrus.Infof("Exporting database backup to %s", exportFilename)
 	err = store.Export(exportFilename)
 	if err != nil {
-		log.Error().Str("filename", exportFilename).Err(err).Msg("failed to export")
-
+		logrus.WithError(err).Debugf("Failed to export to %s", exportFilename)
 		return err
 	}

-	log.Info().Msg("database backup exported")
+	logrus.Infof("Database backup exported")

 	// Close existing un-encrypted db so that we can delete the file later
 	store.connection.Close()
@@ -156,24 +152,22 @@ func (store *Store) encryptDB() error {
 	if err != nil {
 		// Remove the new encrypted file that we failed to import
 		os.Remove(store.connection.GetDatabaseFilePath())
-
-		log.Fatal().Err(portainerErrors.ErrDBImportFailed).Msg("")
+		logrus.Fatal(portainerErrors.ErrDBImportFailed.Error())
 	}

 	err = os.Remove(oldFilename)
 	if err != nil {
-		log.Error().Msg("failed to remove the un-encrypted db file")
+		logrus.Errorf("Failed to remove the un-encrypted db file")
 	}

 	err = os.Remove(exportFilename)
 	if err != nil {
-		log.Error().Msg("failed to remove the json backup file")
+		logrus.Errorf("Failed to remove the json backup file")
 	}

 	// Close db connection
 	store.connection.Close()

-	log.Info().Msg("database successfully encrypted")
-
+	logrus.Info("Database successfully encrypted")
 	return nil
 }
--- a/api/datastore/datastore_test.go
+++ b/api/datastore/datastore_test.go
@@ -27,7 +27,7 @@ const (
 // TestStoreFull an eventually comprehensive set of tests for the Store.
 // The idea is what we write to the store, we should read back.
 func TestStoreFull(t *testing.T) {
-	_, store, teardown := MustNewTestStore(t, true, true)
+	_, store, teardown := MustNewTestStore(true)
 	defer teardown()

 	testCases := map[string]func(t *testing.T){
--- a/api/datastore/init.go
+++ b/api/datastore/init.go
@@ -22,21 +22,25 @@ func (store *Store) Init() error {
 		return err
 	}

-	return store.checkOrCreateDefaultData()
+	err = store.checkOrCreateDefaultData()
+	if err != nil {
+		return err
+	}
+
+	return nil
 }

 func (store *Store) checkOrCreateInstanceID() error {
-	_, err := store.VersionService.InstanceID()
+	instanceID, err := store.VersionService.InstanceID()
 	if store.IsErrObjectNotFound(err) {
 		uid, err := uuid.NewV4()
 		if err != nil {
 			return err
 		}

-		instanceID := uid.String()
+		instanceID = uid.String()
 		return store.VersionService.StoreInstanceID(instanceID)
 	}
-
 	return err
 }

@@ -45,12 +49,9 @@ func (store *Store) checkOrCreateDefaultSettings() error {
 	settings, err := store.SettingsService.Settings()
 	if store.IsErrObjectNotFound(err) {
 		defaultSettings := &portainer.Settings{
-			EnableTelemetry:      false,
+			EnableTelemetry:      true,
 			AuthenticationMethod: portainer.AuthenticationInternal,
 			BlackListedLabels:    make([]portainer.Pair, 0),
-			InternalAuthSettings: portainer.InternalAuthSettings{
-				RequiredPasswordLength: 12,
-			},
 			LDAPSettings: portainer.LDAPSettings{
 				AnonymousMode:   true,
 				AutoCreateUsers: true,
@@ -89,6 +90,7 @@ func (store *Store) checkOrCreateDefaultSettings() error {

 func (store *Store) checkOrCreateDefaultSSLSettings() error {
 	_, err := store.SSLSettings().Settings()
+
 	if store.IsErrObjectNotFound(err) {
 		defaultSSLSettings := &portainer.SSLSettings{
 			HTTPEnabled: true,
@@ -96,7 +98,6 @@ func (store *Store) checkOrCreateDefaultSSLSettings() error {

 		return store.SSLSettings().UpdateSettings(defaultSSLSettings)
 	}
-
 	return err
 }

--- a/api/datastore/log/log.go
+++ b/api/datastore/log/log.go
@@ -0,0 +1,41 @@
+package log
+
+import (
+	"fmt"
+	"log"
+)
+
+const (
+	INFO  = "INFO"
+	ERROR = "ERROR"
+	DEBUG = "DEBUG"
+	FATAL = "FATAL"
+)
+
+type ScopedLog struct {
+	scope string
+}
+
+func NewScopedLog(scope string) *ScopedLog {
+	return &ScopedLog{scope: scope}
+}
+
+func (slog *ScopedLog) print(kind string, message string) {
+	log.Printf("[%s] [%s] %s", kind, slog.scope, message)
+}
+
+func (slog *ScopedLog) Debug(message string) {
+	slog.print(DEBUG, fmt.Sprintf("[message: %s]", message))
+}
+
+func (slog *ScopedLog) Info(message string) {
+	slog.print(INFO, fmt.Sprintf("[message: %s]", message))
+}
+
+func (slog *ScopedLog) Error(message string, err error) {
+	slog.print(ERROR, fmt.Sprintf("[message: %s] [error: %s]", message, err))
+}
+
+func (slog *ScopedLog) NotImplemented(method string) {
+	log.Fatalf("[%s] [%s] [%s]", FATAL, slog.scope, fmt.Sprintf("%s is not yet implemented", method))
+}
--- a/api/datastore/migrate_data.go
+++ b/api/datastore/migrate_data.go
@@ -4,30 +4,26 @@ import (
 	"fmt"
 	"runtime/debug"

-	portainer "github.com/portainer/portainer/api"
 	"github.com/portainer/portainer/api/cli"
 	"github.com/portainer/portainer/api/dataservices/errors"
+	plog "github.com/portainer/portainer/api/datastore/log"
 	"github.com/portainer/portainer/api/datastore/migrator"
 	"github.com/portainer/portainer/api/internal/authorization"

 	werrors "github.com/pkg/errors"
-	"github.com/rs/zerolog/log"
+	portainer "github.com/portainer/portainer/api"
 )

 const beforePortainerVersionUpgradeBackup = "portainer.db.bak"

+var migrateLog = plog.NewScopedLog("database, migrate")
+
 func (store *Store) MigrateData() error {
 	version, err := store.version()
 	if err != nil {
 		return err
 	}

-	// Backup Database
-	backupPath, err := store.Backup()
-	if err != nil {
-		return werrors.Wrap(err, "while backing up db before migration")
-	}
-
 	migratorParams := &migrator.MigratorParameters{
 		DatabaseVersion:         version,
 		EndpointGroupService:    store.EndpointGroupService,
@@ -40,7 +36,6 @@ func (store *Store) MigrateData() error {
 		RoleService:             store.RoleService,
 		ScheduleService:         store.ScheduleService,
 		SettingsService:         store.SettingsService,
-		SnapshotService:         store.SnapshotService,
 		StackService:            store.StackService,
 		TagService:              store.TagService,
 		TeamMembershipService:   store.TeamMembershipService,
@@ -51,26 +46,7 @@ func (store *Store) MigrateData() error {
 		AuthorizationService:    authorization.NewService(store),
 	}

-	// restore on error
-	err = store.connectionMigrateData(migratorParams)
-	if err != nil {
-		log.Error().Err(err).Msg("while DB migration, restoring DB")
-
-		// Restore options
-		options := BackupOptions{
-			BackupPath: backupPath,
-		}
-
-		err := store.restoreWithOptions(&options)
-		if err != nil {
-			log.Fatal().
-				Str("database_file", store.databasePath()).
-				Str("backup", options.BackupPath).Err(err).
-				Msg("failed restoring the backup, Portainer database file needs to restored manually by replacing the database file with a recent backup")
-		}
-	}
-
-	return err
+	return store.connectionMigrateData(migratorParams)
 }

 // FailSafeMigrate backup and restore DB if migration fail
@@ -108,15 +84,10 @@ func (store *Store) connectionMigrateData(migratorParams *migrator.MigratorParam
 	}

 	if migrator.Version() < portainer.DBVersion {
-		log.Info().
-			Int("migrator_version", migrator.Version()).
-			Int("db_version", portainer.DBVersion).
-			Msg("migrating database")
-
+		migrateLog.Info(fmt.Sprintf("Migrating database from version %v to %v.\n", migrator.Version(), portainer.DBVersion))
 		err = store.FailSafeMigrate(migrator)
 		if err != nil {
-			log.Error().Err(err).Msg("an error occurred during database migration")
-
+			migrateLog.Error("An error occurred during database migration", err)
 			return err
 		}
 	}
@@ -126,19 +97,17 @@ func (store *Store) connectionMigrateData(migratorParams *migrator.MigratorParam

 // backupVersion will backup the database or panic if any errors occur
 func (store *Store) backupVersion(migrator *migrator.Migrator) error {
-	log.Info().Msg("backing up database prior to version upgrade")
+	migrateLog.Info("Backing up database prior to version upgrade...")

 	options := getBackupRestoreOptions(store.commonBackupDir())

 	_, err := store.backupWithOptions(options)
 	if err != nil {
-		log.Error().Err(err).Msg("an error occurred during database backup")
-
+		migrateLog.Error("An error occurred during database backup", err)
 		removalErr := store.removeWithOptions(options)
 		if removalErr != nil {
-			log.Error().Err(err).Msg("an error occurred during store removal prior to backup")
+			migrateLog.Error("An error occurred during store removal prior to backup", err)
 		}
-
 		return err
 	}

--- a/api/datastore/migrate_data_test.go
+++ b/api/datastore/migrate_data_test.go
@@ -1,20 +1,13 @@
 package datastore

 import (
-	"bytes"
-	"encoding/json"
 	"fmt"
-	"io"
-	"os"
+	"log"
 	"path/filepath"
 	"strings"
 	"testing"

 	portainer "github.com/portainer/portainer/api"
-	"github.com/portainer/portainer/api/database/boltdb"
-
-	"github.com/google/go-cmp/cmp"
-	"github.com/rs/zerolog/log"
 )

 // testVersion is a helper which tests current store version against wanted version
@@ -29,32 +22,8 @@ func testVersion(store *Store, versionWant int, t *testing.T) {
 }

 func TestMigrateData(t *testing.T) {
-	snapshotTests := []struct {
-		testName string
-		srcPath  string
-		wantPath string
-	}{
-		{
-			testName: "migrate version 24 to latest",
-			srcPath:  "test_data/input_24.json",
-			wantPath: "test_data/output_24_to_latest.json",
-		},
-	}
-	for _, test := range snapshotTests {
-		t.Run(test.testName, func(t *testing.T) {
-			err := migrateDBTestHelper(t, test.srcPath, test.wantPath)
-			if err != nil {
-				t.Errorf(
-					"Failed migrating mock database %v: %v",
-					test.srcPath,
-					err,
-				)
-			}
-		})
-	}
-
 	t.Run("MigrateData for New Store & Re-Open Check", func(t *testing.T) {
-		newStore, store, teardown := MustNewTestStore(t, false, true)
+		newStore, store, teardown := MustNewTestStore(false)
 		defer teardown()

 		if !newStore {
@@ -81,7 +50,7 @@ func TestMigrateData(t *testing.T) {
 		{version: 21, expectedVersion: portainer.DBVersion},
 	}
 	for _, tc := range tests {
-		_, store, teardown := MustNewTestStore(t, true, true)
+		_, store, teardown := MustNewTestStore(true)
 		defer teardown()

 		// Setup data
@@ -106,7 +75,7 @@ func TestMigrateData(t *testing.T) {
 	}

 	t.Run("Error in MigrateData should restore backup before MigrateData", func(t *testing.T) {
-		_, store, teardown := MustNewTestStore(t, false, true)
+		_, store, teardown := MustNewTestStore(false)
 		defer teardown()

 		version := 17
@@ -118,7 +87,7 @@ func TestMigrateData(t *testing.T) {
 	})

 	t.Run("MigrateData should create backup file upon update", func(t *testing.T) {
-		_, store, teardown := MustNewTestStore(t, false, true)
+		_, store, teardown := MustNewTestStore(false)
 		defer teardown()
 		store.VersionService.StoreDBVersion(0)

@@ -132,7 +101,7 @@ func TestMigrateData(t *testing.T) {
 	})

 	t.Run("MigrateData should fail to create backup if database file is set to updating", func(t *testing.T) {
-		_, store, teardown := MustNewTestStore(t, false, true)
+		_, store, teardown := MustNewTestStore(false)
 		defer teardown()

 		store.VersionService.StoreIsUpdating(true)
@@ -147,7 +116,7 @@ func TestMigrateData(t *testing.T) {
 	})

 	t.Run("MigrateData should not create backup on startup if portainer version matches db", func(t *testing.T) {
-		_, store, teardown := MustNewTestStore(t, false, true)
+		_, store, teardown := MustNewTestStore(false)
 		defer teardown()

 		store.MigrateData()
@@ -158,48 +127,48 @@ func TestMigrateData(t *testing.T) {
 			t.Errorf("Backup file should not exist for dirty database; file=%s", options.BackupPath)
 		}
 	})
+
 }

 func Test_getBackupRestoreOptions(t *testing.T) {
-	_, store, teardown := MustNewTestStore(t, false, true)
+	_, store, teardown := MustNewTestStore(false)
 	defer teardown()

 	options := getBackupRestoreOptions(store.commonBackupDir())

 	wantDir := store.commonBackupDir()
 	if !strings.HasSuffix(options.BackupDir, wantDir) {
-		log.Fatal().Str("got", options.BackupDir).Str("want", wantDir).Msg("incorrect backup dir")
+		log.Fatalf("incorrect backup dir; got=%s, want=%s", options.BackupDir, wantDir)
 	}

 	wantFilename := "portainer.db.bak"
 	if options.BackupFileName != wantFilename {
-		log.Fatal().Str("got", options.BackupFileName).Str("want", wantFilename).Msg("incorrect backup file")
+		log.Fatalf("incorrect backup file; got=%s, want=%s", options.BackupFileName, wantFilename)
 	}
 }

 func TestRollback(t *testing.T) {
 	t.Run("Rollback should restore upgrade after backup", func(t *testing.T) {
 		version := 21
-		_, store, teardown := MustNewTestStore(t, false, true)
+		_, store, teardown := MustNewTestStore(false)
 		defer teardown()
 		store.VersionService.StoreDBVersion(version)

 		_, err := store.backupWithOptions(getBackupRestoreOptions(store.commonBackupDir()))
 		if err != nil {
-			log.Fatal().Err(err).Msg("")
+			log.Fatal(err)
 		}

 		// Change the current edition
 		err = store.VersionService.StoreDBVersion(version + 10)
 		if err != nil {
-			log.Fatal().Err(err).Msg("")
+			log.Fatal(err)
 		}

 		err = store.Rollback(true)
 		if err != nil {
 			t.Logf("Rollback failed: %s", err)
 			t.Fail()
-
 			return
 		}

@@ -216,250 +185,3 @@ func isFileExist(path string) bool {
 	}
 	return len(matches) > 0
 }
-
-// migrateDBTestHelper loads a json representation of a bolt database from srcPath,
-// parses it into a database, runs a migration on that database, and then
-// compares it with an expected output database.
-func migrateDBTestHelper(t *testing.T, srcPath, wantPath string) error {
-	srcJSON, err := os.ReadFile(srcPath)
-	if err != nil {
-		t.Fatalf("failed loading source JSON file %v: %v", srcPath, err)
-	}
-
-	// Parse source json to db.
-	_, store, teardown := MustNewTestStore(t, true, false)
-	defer teardown()
-	err = importJSON(t, bytes.NewReader(srcJSON), store)
-	if err != nil {
-		return err
-	}
-
-	// Run the actual migrations on our input database.
-	err = store.MigrateData()
-	if err != nil {
-		return err
-	}
-
-	// Assert that our database connection is using bolt so we can call
-	// exportJson rather than ExportRaw. The exportJson function allows us to
-	// strip out the metadata which we don't want for our tests.
-	// TODO: update connection interface in CE to allow us to use ExportRaw and pass meta false
-	err = store.connection.Close()
-	if err != nil {
-		t.Fatalf("err closing bolt connection: %v", err)
-	}
-	con, ok := store.connection.(*boltdb.DbConnection)
-	if !ok {
-		t.Fatalf("backing database is not using boltdb, but the migrations test requires it")
-	}
-
-	// Convert database back to json.
-	databasePath := con.GetDatabaseFilePath()
-	if _, err := os.Stat(databasePath); err != nil {
-		return fmt.Errorf("stat on %s failed: %s", databasePath, err)
-	}
-
-	gotJSON, err := con.ExportJSON(databasePath, false)
-	if err != nil {
-		t.Logf(
-			"failed re-exporting database %s to JSON: %v",
-			databasePath,
-			err,
-		)
-	}
-
-	wantJSON, err := os.ReadFile(wantPath)
-	if err != nil {
-		t.Fatalf("failed loading want JSON file %v: %v", wantPath, err)
-	}
-
-	// Compare the result we got with the one we wanted.
-	if diff := cmp.Diff(wantJSON, gotJSON); diff != "" {
-		gotPath := filepath.Join(os.TempDir(), "portainer-migrator-test-fail.json")
-		os.WriteFile(
-			gotPath,
-			gotJSON,
-			0600,
-		)
-		t.Errorf(
-			"migrate data from %s to %s failed\nwrote migrated input to %s\nmismatch (-want +got):\n%s",
-			srcPath,
-			wantPath,
-			gotPath,
-			diff,
-		)
-	}
-	return nil
-}
-
-// importJSON reads input JSON and commits it to a portainer datastore.Store.
-// Errors are logged with the testing package.
-func importJSON(t *testing.T, r io.Reader, store *Store) error {
-	objects := make(map[string]interface{})
-
-	// Parse json into map of objects.
-	d := json.NewDecoder(r)
-	d.UseNumber()
-	err := d.Decode(&objects)
-	if err != nil {
-		return err
-	}
-
-	// Get database connection from store.
-	con := store.connection
-
-	for k, v := range objects {
-		switch k {
-		case "version":
-			versions, ok := v.(map[string]interface{})
-			if !ok {
-				t.Logf("failed casting %s to map[string]interface{}", k)
-			}
-
-			dbVersion, ok := versions["DB_VERSION"]
-			if !ok {
-				t.Logf("failed getting DB_VERSION from %s", k)
-			}
-
-			numDBVersion, ok := dbVersion.(json.Number)
-			if !ok {
-				t.Logf("failed parsing DB_VERSION as json number from %s", k)
-			}
-
-			intDBVersion, err := numDBVersion.Int64()
-			if err != nil {
-				t.Logf("failed casting %v to int: %v", numDBVersion, intDBVersion)
-			}
-
-			err = con.CreateObjectWithStringId(
-				k,
-				[]byte("DB_VERSION"),
-				int(intDBVersion),
-			)
-			if err != nil {
-				t.Logf("failed writing DB_VERSION in %s: %v", k, err)
-			}
-
-			instanceID, ok := versions["INSTANCE_ID"]
-			if !ok {
-				t.Logf("failed getting INSTANCE_ID from %s", k)
-			}
-
-			err = con.CreateObjectWithStringId(
-				k,
-				[]byte("INSTANCE_ID"),
-				instanceID,
-			)
-			if err != nil {
-				t.Logf("failed writing INSTANCE_ID in %s: %v", k, err)
-			}
-
-		case "dockerhub":
-			obj, ok := v.([]interface{})
-			if !ok {
-				t.Logf("failed to cast %s to []interface{}", k)
-			}
-			err := con.CreateObjectWithStringId(
-				k,
-				[]byte("DOCKERHUB"),
-				obj[0],
-			)
-			if err != nil {
-				t.Logf("failed writing DOCKERHUB in %s: %v", k, err)
-			}
-
-		case "ssl":
-			obj, ok := v.(map[string]interface{})
-			if !ok {
-				t.Logf("failed to case %s to map[string]interface{}", k)
-			}
-			err := con.CreateObjectWithStringId(
-				k,
-				[]byte("SSL"),
-				obj,
-			)
-			if err != nil {
-				t.Logf("failed writing SSL in %s: %v", k, err)
-			}
-
-		case "settings":
-			obj, ok := v.(map[string]interface{})
-			if !ok {
-				t.Logf("failed to case %s to map[string]interface{}", k)
-			}
-			err := con.CreateObjectWithStringId(
-				k,
-				[]byte("SETTINGS"),
-				obj,
-			)
-			if err != nil {
-				t.Logf("failed writing SETTINGS in %s: %v", k, err)
-			}
-
-		case "tunnel_server":
-			obj, ok := v.(map[string]interface{})
-			if !ok {
-				t.Logf("failed to case %s to map[string]interface{}", k)
-			}
-			err := con.CreateObjectWithStringId(
-				k,
-				[]byte("INFO"),
-				obj,
-			)
-			if err != nil {
-				t.Logf("failed writing INFO in %s: %v", k, err)
-			}
-		case "templates":
-			continue
-
-		default:
-			objlist, ok := v.([]interface{})
-			if !ok {
-				t.Logf("failed to cast %s to []interface{}", k)
-			}
-
-			for _, obj := range objlist {
-				value, ok := obj.(map[string]interface{})
-				if !ok {
-					t.Logf("failed to cast %v to map[string]interface{}", obj)
-				} else {
-					var ok bool
-					var id interface{}
-					switch k {
-					case "endpoint_relations":
-						// TODO: need to make into an int, then do that weird
-						// stringification
-						id, ok = value["EndpointID"]
-					default:
-						id, ok = value["Id"]
-					}
-					if !ok {
-						// endpoint_relations: EndpointID
-						t.Logf("missing Id field: %s", k)
-						id = "error"
-					}
-					n, ok := id.(json.Number)
-					if !ok {
-						t.Logf("failed to cast %v to json.Number in %s", id, k)
-					} else {
-						key, err := n.Int64()
-						if err != nil {
-							t.Logf("failed to cast %v to int in %s", n, k)
-						} else {
-							err := con.CreateObjectWithId(
-								k,
-								int(key),
-								value,
-							)
-							if err != nil {
-								t.Logf("failed writing %v in %s: %v", key, k, err)
-							}
-						}
-					}
-				}
-			}
-		}
-	}
-
-	return nil
-}
--- a/api/datastore/migrate_dbversion29_test.go
+++ b/api/datastore/migrate_dbversion29_test.go
@@ -33,7 +33,7 @@ func setup(store *Store) error {
 }

 func TestMigrateSettings(t *testing.T) {
-	_, store, teardown := MustNewTestStore(t, false, true)
+	_, store, teardown := MustNewTestStore(false)
 	defer teardown()

 	err := setup(store)
--- a/api/datastore/migrate_dbversion33_test.go
+++ b/api/datastore/migrate_dbversion33_test.go
@@ -10,7 +10,7 @@ import (
 )

 func TestMigrateStackEntryPoint(t *testing.T) {
-	_, store, teardown := MustNewTestStore(t, false, true)
+	_, store, teardown := MustNewTestStore(false)
 	defer teardown()

 	stackService := store.Stack()
--- a/api/datastore/migrations/1645580390_users_to_db_18.go
+++ b/api/datastore/migrations/1645580390_users_to_db_18.go
@@ -0,0 +1,53 @@
+package migrations
+
+import (
+	portainer "github.com/portainer/portainer/api"
+	"github.com/portainer/portainer/api/datastore/migrations/types"
+)
+
+func init() {
+	migrator.AddMigration(types.Migration{
+		Version:   17,
+		Timestamp: 1645580390,
+		Up:        v17_up_users_to_18,
+		Down:      v17_down_users_from_18,
+		Name:      "Users to 18",
+	})
+}
+
+func v17_up_users_to_18() error {
+	legacyUsers, err := migrator.store.UserService.Users()
+	if err != nil {
+		return err
+	}
+
+	for _, user := range legacyUsers {
+		user.PortainerAuthorizations = map[portainer.Authorization]bool{
+			portainer.OperationPortainerDockerHubInspect:        true,
+			portainer.OperationPortainerEndpointGroupList:       true,
+			portainer.OperationPortainerEndpointList:            true,
+			portainer.OperationPortainerEndpointInspect:         true,
+			portainer.OperationPortainerEndpointExtensionAdd:    true,
+			portainer.OperationPortainerEndpointExtensionRemove: true,
+			portainer.OperationPortainerExtensionList:           true,
+			portainer.OperationPortainerMOTD:                    true,
+			portainer.OperationPortainerRegistryList:            true,
+			portainer.OperationPortainerRegistryInspect:         true,
+			portainer.OperationPortainerTeamList:                true,
+			portainer.OperationPortainerTemplateList:            true,
+			portainer.OperationPortainerTemplateInspect:         true,
+			portainer.OperationPortainerUserList:                true,
+			portainer.OperationPortainerUserMemberships:         true,
+		}
+
+		err = migrator.store.UserService.UpdateUser(user.ID, &user)
+		if err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+func v17_down_users_from_18() error {
+	return nil
+}
--- a/api/datastore/migrations/1645580396_endpoints_to_db_18.go
+++ b/api/datastore/migrations/1645580396_endpoints_to_db_18.go
@@ -0,0 +1,50 @@
+package migrations
+
+import (
+	portainer "github.com/portainer/portainer/api"
+	"github.com/portainer/portainer/api/datastore/migrations/types"
+)
+
+func init() {
+	migrator.AddMigration(types.Migration{
+		Version:   17,
+		Timestamp: 1645580396,
+		Up:        v17_up_endpoints_to_18,
+		Down:      v17_down_endpoints_from_18,
+		Name:      "Endpoints to 18",
+	})
+}
+
+func v17_up_endpoints_to_18() error {
+	legacyEndpoints, err := migrator.store.EndpointService.Endpoints()
+	if err != nil {
+		return err
+	}
+
+	for _, endpoint := range legacyEndpoints {
+		endpoint.UserAccessPolicies = make(portainer.UserAccessPolicies)
+		for _, userID := range endpoint.AuthorizedUsers {
+			endpoint.UserAccessPolicies[userID] = portainer.AccessPolicy{
+				RoleID: 4,
+			}
+		}
+
+		endpoint.TeamAccessPolicies = make(portainer.TeamAccessPolicies)
+		for _, teamID := range endpoint.AuthorizedTeams {
+			endpoint.TeamAccessPolicies[teamID] = portainer.AccessPolicy{
+				RoleID: 4,
+			}
+		}
+
+		err = migrator.store.EndpointService.UpdateEndpoint(endpoint.ID, &endpoint)
+		if err != nil {
+			return err
+		}
+	}
+
+	return nil
+}
+
+func v17_down_endpoints_from_18() error {
+	return nil
+}
--- a/api/datastore/migrations/1645580400_endpoints_groups_to_db_18.go
+++ b/api/datastore/migrations/1645580400_endpoints_groups_to_db_18.go
@@ -0,0 +1,50 @@
+package migrations
+
+import (
+	portainer "github.com/portainer/portainer/api"
+	"github.com/portainer/portainer/api/datastore/migrations/types"
+)
+
+func init() {
+	migrator.AddMigration(types.Migration{
+		Version:   17,
+		Timestamp: 1645580400,
+		Up:        v17_up_endpoints_groups_to_18,
+		Down:      v17_down_endpoints_groups_from_18,
+		Name:      "Endpoints groups to 18",
+	})
+}
+
+func v17_up_endpoints_groups_to_18() error {
+	legacyEndpointGroups, err := migrator.store.EndpointGroupService.EndpointGroups()
+	if err != nil {
+		return err
+	}
+
+	for _, endpointGroup := range legacyEndpointGroups {
+		endpointGroup.UserAccessPolicies = make(portainer.UserAccessPolicies)
+		for _, userID := range endpointGroup.AuthorizedUsers {
+			endpointGroup.UserAccessPolicies[userID] = portainer.AccessPolicy{
+				RoleID: 4,
+			}
+		}
+
+		endpointGroup.TeamAccessPolicies = make(portainer.TeamAccessPolicies)
+		for _, teamID := range endpointGroup.AuthorizedTeams {
+			endpointGroup.TeamAccessPolicies[teamID] = portainer.AccessPolicy{
+				RoleID: 4,
+			}
+		}
+
+		err = migrator.store.EndpointGroupService.UpdateEndpointGroup(endpointGroup.ID, &endpointGroup)
+		if err != nil {
+			return err
+		}
+	}
+
+	return nil
+}
+
+func v17_down_endpoints_groups_from_18() error {
+	return nil
+}
--- a/api/datastore/migrations/1645580420_registries_to_db_18.go
+++ b/api/datastore/migrations/1645580420_registries_to_db_18.go
@@ -0,0 +1,46 @@
+package migrations
+
+import (
+	portainer "github.com/portainer/portainer/api"
+	"github.com/portainer/portainer/api/datastore/migrations/types"
+)
+
+func init() {
+	migrator.AddMigration(types.Migration{
+		Version:   17,
+		Timestamp: 1645580420,
+		Up:        v17_up_registries_to_18,
+		Down:      v17_down_registries_to_18,
+		Name:      "Registries to 18",
+	})
+}
+
+func v17_up_registries_to_18() error {
+	legacyRegistries, err := migrator.store.RegistryService.Registries()
+	if err != nil {
+		return err
+	}
+
+	for _, registry := range legacyRegistries {
+		registry.UserAccessPolicies = make(portainer.UserAccessPolicies)
+		for _, userID := range registry.AuthorizedUsers {
+			registry.UserAccessPolicies[userID] = portainer.AccessPolicy{}
+		}
+
+		registry.TeamAccessPolicies = make(portainer.TeamAccessPolicies)
+		for _, teamID := range registry.AuthorizedTeams {
+			registry.TeamAccessPolicies[teamID] = portainer.AccessPolicy{}
+		}
+
+		err =  migrator.store.RegistryService.UpdateRegistry(registry.ID, &registry)
+		if err != nil {
+			return err
+		}
+	}
+
+	return nil
+}
+
+func v17_down_registries_to_18() error {
+	return nil
+}
--- a/api/datastore/migrations/1645677508_settings_to_db_19.go
+++ b/api/datastore/migrations/1645677508_settings_to_db_19.go
@@ -0,0 +1,33 @@
+package migrations
+
+import (
+	portainer "github.com/portainer/portainer/api"
+	"github.com/portainer/portainer/api/datastore/migrations/types"
+)
+
+func init() {
+	migrator.AddMigration(types.Migration{
+		Version:   18,
+		Timestamp: 1645677508,
+		Up:        v18_up_settings_to_db_19,
+		Down:      v18_down_settings_to_db_19,
+		Name:      "settings to db 19",
+	})
+}
+
+func v18_up_settings_to_db_19() error {
+	legacySettings, err := migrator.store.SettingsService.Settings()
+	if err != nil {
+		return err
+	}
+
+	if legacySettings.EdgeAgentCheckinInterval == 0 {
+		legacySettings.EdgeAgentCheckinInterval = portainer.DefaultEdgeAgentCheckinIntervalInSeconds
+	}
+
+	return migrator.store.SettingsService.UpdateSettings(legacySettings)
+}
+
+func v18_down_settings_to_db_19() error {
+	return nil
+}
--- a/api/datastore/migrations/1645736810_users_to_db_20.go
+++ b/api/datastore/migrations/1645736810_users_to_db_20.go
@@ -0,0 +1,23 @@
+package migrations
+
+import (
+	"github.com/portainer/portainer/api/datastore/migrations/types"
+)
+
+func init() {
+	migrator.AddMigration(types.Migration{
+		Version:   19,
+		Timestamp: 1645736810,
+		Up:        v19_up_users_to_db_20,
+		Down:      v19_down_users_to_db_20,
+		Name:      "users to db 20",
+	})
+}
+
+func v19_up_users_to_db_20() error {
+	return migrator.store.AuthorizationService.UpdateUsersAuthorizations()
+}
+
+func v19_down_users_to_db_20() error {
+	return nil
+}
--- a/api/datastore/migrations/1645737700_settings_to_db_20.go
+++ b/api/datastore/migrations/1645737700_settings_to_db_20.go
@@ -0,0 +1,30 @@
+package migrations
+
+import (
+	"github.com/portainer/portainer/api/datastore/migrations/types"
+)
+
+func init() {
+	migrator.AddMigration(types.Migration{
+		Version:   19,
+		Timestamp: 1645737700,
+		Up:        v19_up_settings_to_db_20,
+		Down:      v19_down_settings_to_db_20,
+		Name:      "settings to db 20",
+	})
+}
+
+func v19_up_settings_to_db_20() error {
+	legacySettings, err := migrator.store.SettingsService.Settings()
+	if err != nil {
+		return err
+	}
+
+	legacySettings.AllowVolumeBrowserForRegularUsers = false
+
+	return migrator.store.SettingsService.UpdateSettings(legacySettings)
+}
+
+func v19_down_settings_to_db_20() error {
+	return nil
+}
--- a/api/datastore/migrations/1645737802_schedules_to_db_20.go
+++ b/api/datastore/migrations/1645737802_schedules_to_db_20.go
@@ -0,0 +1,58 @@
+package migrations
+
+import (
+	"strings"
+
+	"github.com/portainer/portainer/api/datastore/migrations/types"
+)
+
+const scheduleScriptExecutionJobType = 1
+
+func init() {
+	migrator.AddMigration(types.Migration{
+		Version:   19,
+		Timestamp: 1645737802,
+		Up:        v19_up_schedules_to_db_20,
+		Down:      v19_down_schedules_to_db_20,
+		Name:      "schedules to db 20",
+	})
+}
+
+func v19_up_schedules_to_db_20() error {
+	legacySchedules, err := migrator.store.ScheduleService.Schedules()
+	if err != nil {
+		return err
+	}
+
+	for _, schedule := range legacySchedules {
+		if schedule.JobType == scheduleScriptExecutionJobType {
+			if schedule.CronExpression == "0 0 * * *" {
+				schedule.CronExpression = "0 * * * *"
+			} else if schedule.CronExpression == "0 0 0/2 * *" {
+				schedule.CronExpression = "0 */2 * * *"
+			} else if schedule.CronExpression == "0 0 0 * *" {
+				schedule.CronExpression = "0 0 * * *"
+			} else {
+				revisedCronExpression := strings.Split(schedule.CronExpression, " ")
+				if len(revisedCronExpression) == 5 {
+					continue
+				}
+
+				revisedCronExpression = revisedCronExpression[1:]
+				schedule.CronExpression = strings.Join(revisedCronExpression, " ")
+			}
+
+			err := migrator.store.ScheduleService.UpdateSchedule(schedule.ID, &schedule)
+			if err != nil {
+				return err
+			}
+		}
+
+	}
+
+	return nil
+}
+
+func v19_down_schedules_to_db_20() error {
+	return nil
+}
--- a/api/datastore/migrations/1646090591_resource_control_to_22.go
+++ b/api/datastore/migrations/1646090591_resource_control_to_22.go
@@ -0,0 +1,37 @@
+package migrations
+
+import (
+	"github.com/portainer/portainer/api/datastore/migrations/types"
+)
+
+func init() {
+	migrator.AddMigration(types.Migration{
+		Version:   20,
+		Timestamp: 1646090591,
+		Up:        v20_up_resource_control_to_22,
+		Down:      v20_down_resource_control_to_22,
+		Name:      "resource control to 22",
+	})
+}
+
+func v20_up_resource_control_to_22() error {
+	legacyResourceControls, err := migrator.store.ResourceControlService.ResourceControls()
+	if err != nil {
+		return err
+	}
+
+	for _, resourceControl := range legacyResourceControls {
+		resourceControl.AdministratorsOnly = false
+
+		err := migrator.store.ResourceControlService.UpdateResourceControl(resourceControl.ID, &resourceControl)
+		if err != nil {
+			return err
+		}
+	}
+
+	return nil
+}
+
+func v20_down_resource_control_to_22() error {
+	return nil
+}
--- a/api/datastore/migrations/1646090646_user_and_roles_to_22.go
+++ b/api/datastore/migrations/1646090646_user_and_roles_to_22.go
@@ -0,0 +1,82 @@
+package migrations
+
+import (
+	portainer "github.com/portainer/portainer/api"
+	"github.com/portainer/portainer/api/datastore/migrations/types"
+	"github.com/portainer/portainer/api/internal/authorization"
+)
+
+func init() {
+	migrator.AddMigration(types.Migration{
+		Version:   20,
+		Timestamp: 1646090646,
+		Up:        v20_up_user_and_roles_to_22,
+		Down:      v20_down_user_and_roles_to_22,
+		Name:      "user and roles to 22",
+	})
+}
+
+func v20_up_user_and_roles_to_22() error {
+	legacyUsers, err := migrator.store.UserService.Users()
+	if err != nil {
+		return err
+	}
+
+	settings, err := migrator.store.SettingsService.Settings()
+	if err != nil {
+		return err
+	}
+
+	for _, user := range legacyUsers {
+		user.PortainerAuthorizations = authorization.DefaultPortainerAuthorizations()
+		err = migrator.store.UserService.UpdateUser(user.ID, &user)
+		if err != nil {
+			return err
+		}
+	}
+
+	endpointAdministratorRole, err := migrator.store.RoleService.Role(portainer.RoleID(1))
+	if err != nil {
+		return err
+	}
+	endpointAdministratorRole.Priority = 1
+	endpointAdministratorRole.Authorizations = authorization.DefaultEndpointAuthorizationsForEndpointAdministratorRole()
+
+	err = migrator.store.RoleService.UpdateRole(endpointAdministratorRole.ID, endpointAdministratorRole)
+
+	helpDeskRole, err := migrator.store.RoleService.Role(portainer.RoleID(2))
+	if err != nil {
+		return err
+	}
+	helpDeskRole.Priority = 2
+	helpDeskRole.Authorizations = authorization.DefaultEndpointAuthorizationsForHelpDeskRole(settings.AllowVolumeBrowserForRegularUsers)
+
+	err = migrator.store.RoleService.UpdateRole(helpDeskRole.ID, helpDeskRole)
+
+	standardUserRole, err := migrator.store.RoleService.Role(portainer.RoleID(3))
+	if err != nil {
+		return err
+	}
+	standardUserRole.Priority = 3
+	standardUserRole.Authorizations = authorization.DefaultEndpointAuthorizationsForStandardUserRole(settings.AllowVolumeBrowserForRegularUsers)
+
+	err = migrator.store.RoleService.UpdateRole(standardUserRole.ID, standardUserRole)
+
+	readOnlyUserRole, err := migrator.store.RoleService.Role(portainer.RoleID(4))
+	if err != nil {
+		return err
+	}
+	readOnlyUserRole.Priority = 4
+	readOnlyUserRole.Authorizations = authorization.DefaultEndpointAuthorizationsForReadOnlyUserRole(settings.AllowVolumeBrowserForRegularUsers)
+
+	err = migrator.store.RoleService.UpdateRole(readOnlyUserRole.ID, readOnlyUserRole)
+	if err != nil {
+		return err
+	}
+
+	return migrator.store.AuthorizationService.UpdateUsersAuthorizations()
+}
+
+func v20_down_user_and_roles_to_22() error {
+	return nil
+}
--- a/api/datastore/migrations/1646090838_tags_to_23.go
+++ b/api/datastore/migrations/1646090838_tags_to_23.go
@@ -0,0 +1,39 @@
+package migrations
+
+import (
+	portainer "github.com/portainer/portainer/api"
+	"github.com/portainer/portainer/api/datastore/migrations/types"
+	"github.com/sirupsen/logrus"
+)
+
+func init() {
+	migrator.AddMigration(types.Migration{
+		Version:   22,
+		Timestamp: 1646090838,
+		Up:        v22_up_tags_to_23,
+		Down:      v22_down_tags_to_23,
+		Name:      "tags to 23",
+	})
+}
+
+func v22_up_tags_to_23() error {
+	logrus.Info("Updating tags")
+	tags, err := migrator.store.TagService.Tags()
+	if err != nil {
+		return err
+	}
+
+	for _, tag := range tags {
+		tag.EndpointGroups = make(map[portainer.EndpointGroupID]bool)
+		tag.Endpoints = make(map[portainer.EndpointID]bool)
+		err = migrator.store.TagService.UpdateTag(tag.ID, &tag)
+		if err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+func v22_down_tags_to_23() error {
+	return nil
+}
--- a/api/datastore/migrations/1646091011_endpoints_and_endpoint_groups_to_23.go
+++ b/api/datastore/migrations/1646091011_endpoints_and_endpoint_groups_to_23.go
@@ -0,0 +1,94 @@
+package migrations
+
+import (
+	portainer "github.com/portainer/portainer/api"
+	"github.com/portainer/portainer/api/datastore/migrations/types"
+	"github.com/sirupsen/logrus"
+)
+
+func init() {
+	migrator.AddMigration(types.Migration{
+		Version:   22,
+		Timestamp: 1646091011,
+		Up:        v22_up_endpoints_and_endpoint_groups_to_23,
+		Down:      v22_down_endpoints_and_endpoint_groups_to_23,
+		Name:      "endpoints and endpoint groups to 23",
+	})
+}
+
+func v22_up_endpoints_and_endpoint_groups_to_23() error {
+	logrus.Info("Updating endpoints and endpoint groups")
+	tags, err := migrator.store.TagService.Tags()
+	if err != nil {
+		return err
+	}
+
+	tagsNameMap := make(map[string]portainer.Tag)
+	for _, tag := range tags {
+		tagsNameMap[tag.Name] = tag
+	}
+
+	endpoints, err := migrator.store.EndpointService.Endpoints()
+	if err != nil {
+		return err
+	}
+
+	for _, endpoint := range endpoints {
+		endpointTags := make([]portainer.TagID, 0)
+		for _, tagName := range endpoint.Tags {
+			tag, ok := tagsNameMap[tagName]
+			if ok {
+				endpointTags = append(endpointTags, tag.ID)
+				tag.Endpoints[endpoint.ID] = true
+			}
+		}
+		endpoint.TagIDs = endpointTags
+		err = migrator.store.EndpointService.UpdateEndpoint(endpoint.ID, &endpoint)
+		if err != nil {
+			return err
+		}
+
+		relation := &portainer.EndpointRelation{
+			EndpointID: endpoint.ID,
+			EdgeStacks: map[portainer.EdgeStackID]bool{},
+		}
+
+		err = migrator.store.EndpointRelationService.Create(relation)
+		if err != nil {
+			return err
+		}
+	}
+
+	endpointGroups, err := migrator.store.EndpointGroupService.EndpointGroups()
+	if err != nil {
+		return err
+	}
+
+	for _, endpointGroup := range endpointGroups {
+		endpointGroupTags := make([]portainer.TagID, 0)
+		for _, tagName := range endpointGroup.Tags {
+			tag, ok := tagsNameMap[tagName]
+			if ok {
+				endpointGroupTags = append(endpointGroupTags, tag.ID)
+				tag.EndpointGroups[endpointGroup.ID] = true
+			}
+		}
+		endpointGroup.TagIDs = endpointGroupTags
+		err = migrator.store.EndpointGroupService.UpdateEndpointGroup(endpointGroup.ID, &endpointGroup)
+		if err != nil {
+			return err
+		}
+	}
+
+	for _, tag := range tagsNameMap {
+		err = migrator.store.TagService.UpdateTag(tag.ID, &tag)
+		if err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+func v22_down_endpoints_and_endpoint_groups_to_23() error {
+	return nil
+}
--- a/api/datastore/migrations/1646091296_settings_to_24.go
+++ b/api/datastore/migrations/1646091296_settings_to_24.go
@@ -0,0 +1,41 @@
+package migrations
+
+import (
+	portainer "github.com/portainer/portainer/api"
+	"github.com/portainer/portainer/api/datastore/migrations/types"
+	"github.com/sirupsen/logrus"
+)
+
+func init() {
+	migrator.AddMigration(types.Migration{
+		Version:   23,
+		Timestamp: 1646091296,
+		Up:        v23_up_settings_to_24,
+		Down:      v23_down_settings_to_24,
+		Name:      "settings to 25",
+	})
+}
+
+func v23_up_settings_to_24() error {
+	logrus.Info("Updating settings")
+
+	legacySettings, err := migrator.store.SettingsService.Settings()
+	if err != nil {
+		return err
+	}
+
+	if legacySettings.TemplatesURL == "" {
+		legacySettings.TemplatesURL = portainer.DefaultTemplatesURL
+	}
+
+	legacySettings.UserSessionTimeout = portainer.DefaultUserSessionTimeout
+	legacySettings.EnableTelemetry = true
+
+	legacySettings.AllowContainerCapabilitiesForRegularUsers = true
+
+	return migrator.store.SettingsService.UpdateSettings(legacySettings)
+}
+
+func v23_down_settings_to_24() error {
+	return nil
+}
--- a/api/datastore/migrations/1646095944_endpoint_settings_to_25.go
+++ b/api/datastore/migrations/1646095944_endpoint_settings_to_25.go
@@ -0,0 +1,68 @@
+package migrations
+
+import (
+	portainer "github.com/portainer/portainer/api"
+	"github.com/portainer/portainer/api/datastore/migrations/types"
+	"github.com/sirupsen/logrus"
+)
+
+func init() {
+	migrator.AddMigration(types.Migration{
+		Version:   24,
+		Timestamp: 1646095944,
+		Up:        v24_up_endpoint_settings_to_25,
+		Down:      v24_down_endpoint_settings_to_25,
+		Name:      "endpoint settings to 25",
+	})
+}
+
+func v24_up_endpoint_settings_to_25() error {
+	logrus.Info("Updating endpoint settings")
+	settings, err := migrator.store.SettingsService.Settings()
+	if err != nil {
+		return err
+	}
+
+	endpoints, err := migrator.store.EndpointService.Endpoints()
+	if err != nil {
+		return err
+	}
+
+	for i := range endpoints {
+		endpoint := endpoints[i]
+
+		securitySettings := portainer.EndpointSecuritySettings{}
+
+		if endpoint.Type == portainer.EdgeAgentOnDockerEnvironment ||
+			endpoint.Type == portainer.AgentOnDockerEnvironment ||
+			endpoint.Type == portainer.DockerEnvironment {
+
+			securitySettings = portainer.EndpointSecuritySettings{
+				AllowBindMountsForRegularUsers:            settings.AllowBindMountsForRegularUsers,
+				AllowContainerCapabilitiesForRegularUsers: settings.AllowContainerCapabilitiesForRegularUsers,
+				AllowDeviceMappingForRegularUsers:         settings.AllowDeviceMappingForRegularUsers,
+				AllowHostNamespaceForRegularUsers:         settings.AllowHostNamespaceForRegularUsers,
+				AllowPrivilegedModeForRegularUsers:        settings.AllowPrivilegedModeForRegularUsers,
+				AllowStackManagementForRegularUsers:       settings.AllowStackManagementForRegularUsers,
+			}
+
+			if endpoint.Type == portainer.AgentOnDockerEnvironment || endpoint.Type == portainer.EdgeAgentOnDockerEnvironment {
+				securitySettings.AllowVolumeBrowserForRegularUsers = settings.AllowVolumeBrowserForRegularUsers
+				securitySettings.EnableHostManagementFeatures = settings.EnableHostManagementFeatures
+			}
+		}
+
+		endpoint.SecuritySettings = securitySettings
+
+		err = migrator.store.EndpointService.UpdateEndpoint(endpoint.ID, &endpoint)
+		if err != nil {
+			return err
+		}
+	}
+
+	return nil
+}
+
+func v24_down_endpoint_settings_to_25() error {
+	return nil
+}
--- a/api/datastore/migrations/1646096711_stack_resource_control_to_27.go
+++ b/api/datastore/migrations/1646096711_stack_resource_control_to_27.go
@@ -0,0 +1,57 @@
+package migrations
+
+import (
+	portainer "github.com/portainer/portainer/api"
+	"github.com/portainer/portainer/api/dataservices/errors"
+	"github.com/portainer/portainer/api/datastore/migrations/types"
+	"github.com/portainer/portainer/api/internal/stackutils"
+	"github.com/sirupsen/logrus"
+)
+
+func init() {
+	migrator.AddMigration(types.Migration{
+		Version:   26,
+		Timestamp: 1646096711,
+		Up:        v26_up_stack_resource_control_to_27,
+		Down:      v26_down_stack_resource_control_to_27,
+		Name:      "stack resource control to 27",
+	})
+}
+
+func v26_up_stack_resource_control_to_27() error {
+	logrus.Info("Updating stack resource controls")
+	resourceControls, err := migrator.store.ResourceControlService.ResourceControls()
+	if err != nil {
+		return err
+	}
+
+	for _, resource := range resourceControls {
+		if resource.Type != portainer.StackResourceControl {
+			continue
+		}
+
+		stackName := resource.ResourceID
+
+		stack, err := migrator.store.StackService.StackByName(stackName)
+		if err != nil {
+			if err == errors.ErrObjectNotFound {
+				continue
+			}
+
+			return err
+		}
+
+		resource.ResourceID = stackutils.ResourceControlID(stack.EndpointID, stack.Name)
+
+		err = migrator.store.ResourceControlService.UpdateResourceControl(resource.ID, &resource)
+		if err != nil {
+			return err
+		}
+	}
+
+	return nil
+}
+
+func v26_down_stack_resource_control_to_27() error {
+	return nil
+}
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Prabhat Khera	733013e484	WIP: migrade data	2022-03-02 11:13:44 +13:00
Prabhat Khera	6c7b8f87a9	WIP: improvements	2022-03-01 09:43:03 +13:00
Prabhat Khera	690f6e8af3	WIP: migrating code	2022-02-25 14:01:48 +13:00
Prabhat Khera	abcf73a415	WIP: migration improvements	2022-02-24 13:55:32 +13:00