Security Server Update
X-tee Security Server software repositories:
TEST | http://x-tee.ee/packages/test/xroad | We recommend using this repository for X-tee development (ee-dev) and test (ee-test) environments if you want early access to the latest X-Road version and to make sure that newer software works without errors. |
LIVE | http://x-tee.ee/packages/live/xroad | Stable and tested release. Production ready. |
Official installation instructions for the newest version: https://x-tee.ee/docs/live/xroad/ig-ss_x-road_v7_security_server_installation_guide.html
The Security Server updating process depends on which version is currently in use on the Security Server.
Ubuntu Upgrade
7.2.X X-road version needs Ubuntu 20 or 22. Ubuntu 18 must be upgraded. NIIS upgrade documentation:
Adding RIA's X-tee repository and key
wget -O - https://x-tee.ee/packages/live/xroad/xroad.pub | apt-key add -
echo "deb http://x-tee.ee/packages/live/xroad $(lsb_release -sc)-current main" > /etc/apt/sources.list.d/xroad.list
apt update
Upgrading the security server from the previous version to the latest version
If the "xroad-database-remote" package is installed on the Security Server and the database of the Security Server is located on a separate server, we recommend using the commands for updating:
sudo apt update
sudo apt install xroad-database-remote
# All X-Road packages should be with dpkg prefix "ii"
dpkg -l | grep xroad
# last do a general OS upgrade
sudo apt dist-upgrade
If the "xroad-database-remote" package is not installed on the Security Server, we recommend using the following commands to update:
sudo apt update
sudo apt install xroad-securityserver-ee
# All X-Road packages should be with dpkg prefix "ii"
dpkg -l | grep xroad
# last do a general OS upgrade
sudo apt dist-upgrade
Before upgrading to 7.3.0
Since X-Road v7.3 the support for Java 8 is removed. Some recommended steps:
- it's best to install v7.3.1 instead which removes Java8 from local conf files.
- if you still haven't deleted /etc/xroad/services/local.conf file, then transfer all necessary parameters to local.properties, like in migration steps and delete local.conf
- uninstall Java 8 from your server
My security server is on version 6.26
Upgrading to version 7.0.0 can only be done from version 6.26
Some important changes must be done after upgrade to v7.0:
- automatic backups doesn't contain xroad/services/local.conf file
- all parameters from local.conf must be converted into local.properties
- support Java 11
- after changing [message-log] system parameters, new service xroad-addon-messagelog must be restarted
- all changes are listed in here https://confluence.niis.org/display/XRDKB/Migration+Guide+from+X-Road+6+to+X-Road+7
After upgrading to version 7.0.0 it is required to take into use Java 11.
1) Upgrade the security server from 6.26 to version 7.0: apt update; apt install xroad-securityserver-ee
2) Remove the JAVA_HOME parameter (if it exists) from /etc/xroad/services/local.conf
3) Make sure you are using Java 11:
a) To view the current version of Java: java -version
b) If necessary, specify the default version of Java: update-java-alternatives
4) It is recommended to remove unused versions. To remove AdoptOpenJDK: apt remove adoptopenjdk-8-hotspot-jre
As OpenJDK 8 is no longer supported as of April 2021, it is recommended that you upgrade your security server to version 7.0, as it supports Java 11.
I have a Security Server with a previous software version 6.22.x, 6.23.x, 6.24.x or 6.25.x
Please upgrade your security server to 6.26. To update the security server, you must update the APT repo and install version 6.26. Don't forget to update your operating system yourself! As of version 6.25, Ubuntu 20.04 (focal) support has been added.
sudo apt update
# The next long command needs to be entered in its entirety
sudo apt install -y xroad-securityserver-ee = 6.26.3-1.ubuntu18.04 xroad-securityserver = 6.26.3-1.ubuntu18.04 xroad-addon-opmonitoring = 6.26.3-1.ubuntu18.04 xroad- proxy = 6.26.3-1.ubuntu18.04 xroad-opmonitor = 6.26.3-1.ubuntu18.04 xroad-addon-metaservices = 6.26.3-1.ubuntu18.04 xroad-addon-messagelog = 6.26.3-1 .ubuntu18.04 xroad-addon-proxymonitor = 6.26.3-1.ubuntu18.04 xroad-addon-wsdlvalidator = 6.26.3-1.ubuntu18.04 xroad-base = 6.26.3-1.ubuntu18.04 xroad-confclient = 6.26.3-1.ubuntu18.04 xroad-proxy-ui-api = 6.26.3-1.ubuntu18.04 xroad-signer = 6.26.3-1. ubuntu18.04 xroad-monitor = 6.26.3-1.ubuntu18.04 xroad-addon-hwtokens = 6.26.3-1.ubuntu18.04
# It is necessary to mark packages as installed automatically, otherwise there will be a manual flag for them
sudo apt-mark auto xroad-securityserver xroad-addon-opmonitoring xroad-proxy xroad-opmonitor xroadaddon-metaservices xroad-addon-messagelog xroad-addon-proxymonitor xroad-addon-wsdlvalidator xroadbase xroad-confclient xroad-proxy-ui-api xroad-signer xroad-monitor xroad-addon-hwtokens xroad-addon-metaservices xroad-base
Some X-Road packages are in the state "rc" others "ii"
Since v6.24.0 xroad-jetty9 and xroad-nginx packages aren't used any more. They can be removed using "apt purge package-name"
$ dpkg -l | grep xroad
ii xroad-addon-messagelog 6.24.0-1.ubuntu18.04 all X-Road AddOn: messagelog
ii xroad-addon-metaservices 6.24.0-1.ubuntu18.04 all X-Road AddOn: metaservices
ii xroad-addon-opmonitoring 6.24.0-1.ubuntu18.04 all X-Road AddOn: operations monitoring service
ii xroad-addon-proxymonitor 6.24.0-1.ubuntu18.04 all X-Road AddOn: proxy monitoring metaservice
ii xroad-addon-wsdlvalidator 6.24.0-1.ubuntu18.04 all X-Road AddOn: wsdlvalidator
ii xroad-base 6.24.0-1.ubuntu18.04 amd64 X-Road base components
ii xroad-confclient 6.24.0-1.ubuntu18.04 amd64 X-Road configuration client components
rc xroad-jetty9 6.23.0-1.ubuntu18.04 all Jetty9 for X-Road purposes
ii xroad-monitor 6.24.0-1.ubuntu18.04 all X-Road monitoring service
rc xroad-nginx 6.23.0-1.ubuntu18.04 amd64 X-Road nginx component
ii xroad-opmonitor 6.24.0-1.ubuntu18.04 all X-Road operations monitoring daemon
ii xroad-proxy 6.24.0-1.ubuntu18.04 all X-Road security server
ii xroad-proxy-ui-api 6.24.0-1.ubuntu18.04 all X-Road proxy UI REST API
ii xroad-securityserver 6.24.0-1.ubuntu18.04 all X-Road security server
ii xroad-securityserver-ee 6.24.0-1.ubuntu18.04 all X-Road security server with Estonian settings
ii xroad-signer 6.24.0-1.ubuntu18.04 amd64 X-Road signer component
# to removesudo apt purge xroad-jetty9 xroad-nginx
The first two letters in the list of available packages indicate the status of the installation:
- "ii" means that the package is installed correctly
- "rc" indicates that the package has been removed from the server and only its configuration files (conf) remain
All X-Road packages in the "rc" state can be safely removed with the command:
sudo apt purge xroad-jetty9 xroad-nginx
NB: Version 6.24 also changes the structure of security server URLs due to the addition of the # symbol. For example: https://internalAddress:4000/#/clients.
The easiest way to access the admin interface is through port 4000: https://internalAddress:4000. This will take you to the correct address.