Security Server Update
X-tee Security Server software repositories:
| TEST | http://x-tee.ee/packages/test/xroad | We recommend using this repository for X-tee development (ee-dev) and test (ee-test) environments if you want early access to the latest X-Road version and to make sure that newer software works without errors. |
| LIVE | http://x-tee.ee/packages/live/xroad | Stable and tested release. Production ready. |
Official installation instructions for the newest version: https://x-tee.ee/docs/live/xroad/ig-ss_x-road_v7_security_server_installation_guide.html
The Security Server updating process depends on which version is currently in use on the Security Server.
Adding RIA's X-tee repository and key
wget -O - https://x-tee.ee/packages/live/xroad/xroad.pub | apt-key add -
echo "deb http://x-tee.ee/packages/live/xroad $(lsb_release -sc)-current main" > /etc/apt/sources.list.d/xroad.list
apt updateUpgrading the security server from the previous version to the latest version
sudo apt update
sudo apt install xroad-securityserver-ee
# All X-Road packages should be with dpkg prefix "ii"
dpkg -l | grep xroad
# last do a general OS upgrade
sudo apt dist-upgradeMy security server is on version 6.26
Upgrading to version 7.0.0 can only be done from version 6.26
Some important changes must be done after upgrade to v7.0:
- automatic backups doesn't contain xroad/services/local.conf file
- all parameters from local.conf must be converted into local.properties
- Java 11
- after changing [message-log] system parameters, new service xroad-addon-messagelog must be restarted
- all changes are listed in here https://confluence.niis.org/display/XRDKB/Migration+Guide+from+X-Road+6+to+X-Road+7
After upgrading to version 7.0.0 it is required to take into use Java 11.
1) Upgrade the security server from 6.26 to version 7.0: apt update; apt install xroad-securityserver-ee
2) Remove the JAVA_HOME parameter (if it exists) from /etc/xroad/services/local.conf
3) Make sure you are using Java 11:
a) To view the current version of Java: java -version
b) If necessary, specify the default version of Java: update-java-alternatives
4) It is recommended to remove unused versions. To remove AdoptOpenJDK: apt remove adoptopenjdk-8-hotspot-jreAs OpenJDK 8 is no longer supported as of April 2021, it is recommended that you upgrade your security server to version 7.0, as it supports Java 11.
I have a Security Server with a previous software version 6.22.x, 6.23.x, 6.24.x or 6.25.x
Please upgrade your security server to 6.26. To update the security server, you must update the APT repo and install version 6.26. Don't forget to update your operating system yourself! As of version 6.25, Ubuntu 20.04 (focal) support has been added.
sudo apt update
# The next long command needs to be entered in its entirety
sudo apt install -y xroad-securityserver-ee = 6.26.3-1.ubuntu18.04 xroad-securityserver = 6.26.3-1.ubuntu18.04 xroad-addon-opmonitoring = 6.26.3-1.ubuntu18.04 xroad- proxy = 6.26.3-1.ubuntu18.04 xroad-opmonitor = 6.26.3-1.ubuntu18.04 xroad-addon-metaservices = 6.26.3-1.ubuntu18.04 xroad-addon-messagelog = 6.26.3-1 .ubuntu18.04 xroad-addon-proxymonitor = 6.26.3-1.ubuntu18.04 xroad-addon-wsdlvalidator = 6.26.3-1.ubuntu18.04 xroad-base = 6.26.3-1.ubuntu18.04 xroad-confclient = 6.26.3-1.ubuntu18.04 xroad-proxy-ui-api = 6.26.3-1.ubuntu18.04 xroad-signer = 6.26.3-1. ubuntu18.04 xroad-monitor = 6.26.3-1.ubuntu18.04 xroad-addon-hwtokens = 6.26.3-1.ubuntu18.04
# It is necessary to mark packages as installed automatically, otherwise there will be a manual flag for them
sudo apt-mark auto xroad-securityserver xroad-addon-opmonitoring xroad-proxy xroad-opmonitor xroadaddon-metaservices xroad-addon-messagelog xroad-addon-proxymonitor xroad-addon-wsdlvalidator xroadbase xroad-confclient xroad-proxy-ui-api xroad-signer xroad-monitor xroad-addon-hwtokens xroad-addon-metaservices xroad-baseSome X-Road packages are in the state "rc" others "ii"
Since v6.24.0 xroad-jetty9 and xroad-nginx packages aren't used any more. They can be removed using "apt purge package-name"
$ dpkg -l | grep xroad
ii xroad-addon-messagelog 6.24.0-1.ubuntu18.04 all X-Road AddOn: messagelog
ii xroad-addon-metaservices 6.24.0-1.ubuntu18.04 all X-Road AddOn: metaservices
ii xroad-addon-opmonitoring 6.24.0-1.ubuntu18.04 all X-Road AddOn: operations monitoring service
ii xroad-addon-proxymonitor 6.24.0-1.ubuntu18.04 all X-Road AddOn: proxy monitoring metaservice
ii xroad-addon-wsdlvalidator 6.24.0-1.ubuntu18.04 all X-Road AddOn: wsdlvalidator
ii xroad-base 6.24.0-1.ubuntu18.04 amd64 X-Road base components
ii xroad-confclient 6.24.0-1.ubuntu18.04 amd64 X-Road configuration client components
rc xroad-jetty9 6.23.0-1.ubuntu18.04 all Jetty9 for X-Road purposes
ii xroad-monitor 6.24.0-1.ubuntu18.04 all X-Road monitoring service
rc xroad-nginx 6.23.0-1.ubuntu18.04 amd64 X-Road nginx component
ii xroad-opmonitor 6.24.0-1.ubuntu18.04 all X-Road operations monitoring daemon
ii xroad-proxy 6.24.0-1.ubuntu18.04 all X-Road security server
ii xroad-proxy-ui-api 6.24.0-1.ubuntu18.04 all X-Road proxy UI REST API
ii xroad-securityserver 6.24.0-1.ubuntu18.04 all X-Road security server
ii xroad-securityserver-ee 6.24.0-1.ubuntu18.04 all X-Road security server with Estonian settings
ii xroad-signer 6.24.0-1.ubuntu18.04 amd64 X-Road signer component
# to removesudo apt purge xroad-jetty9 xroad-nginxThe first two letters in the list of available packages indicate the status of the installation:
- "ii" means that the package is installed correctly
- "rc" indicates that the package has been removed from the server and only its configuration files (conf) remain
All X-Road packages in the "rc" state can be safely removed with the command:
sudo apt purge xroad-jetty9 xroad-nginxNB: Version 6.24 also changes the structure of security server URLs due to the addition of the # symbol. For example: https://internalAddress:4000/#/clients.
The easiest way to access the admin interface is through port 4000: https://internalAddress:4000. This will take you to the correct address.