X-tee Security Server software repositories:

TESThttp://x-tee.ee/packages/test/xroadWe recommend using this repository for X-tee development (ee-dev) and test (ee-test) environments if you want early access to the latest X-Road version and to make sure that newer software works without errors.
LIVEhttp://x-tee.ee/packages/live/xroad

Stable and tested release. Production ready.


Official installation instructions for the newest version: https://x-tee.ee/docs/live/xroad/ig-ss_x-road_v7_security_server_installation_guide.html

The Security Server updating process depends on which version is currently in use on the Security Server.


Adding RIA's X-tee repository and key

wget -O -  https://x-tee.ee/packages/live/xroad/xroad.pub | apt-key add -
echo "deb http://x-tee.ee/packages/live/xroad $(lsb_release -sc)-current main" > /etc/apt/sources.list.d/xroad.list
apt update
CODE


Upgrading the security server from the previous version to the latest version

sudo apt update
sudo apt install xroad-securityserver-ee

# All X-Road packages should be with dpkg prefix "ii"
dpkg -l | grep xroad

# last do a general OS upgrade
sudo apt dist-upgrade
CODE

My security server is on version 6.26

Upgrading to version 7.0.0 can only be done from version 6.26

Some important changes must be done after upgrade to v7.0:

After upgrading to version 7.0.0 it is required to take into use Java 11.

1) Upgrade the security server from 6.26 to version 7.0: apt update; apt install xroad-securityserver-ee
2) Remove the JAVA_HOME parameter (if it exists) from /etc/xroad/services/local.conf
3) Make sure you are using Java 11:
	a) To view the current version of Java: java -version
	b) If necessary, specify the default version of Java: update-java-alternatives
4) It is recommended to remove unused versions. To remove AdoptOpenJDK: apt remove adoptopenjdk-8-hotspot-jre
CODE

As OpenJDK 8 is no longer supported as of April 2021, it is recommended that you upgrade your security server to version 7.0, as it supports Java 11.

I have a Security Server with a previous software version 6.22.x, 6.23.x, 6.24.x or 6.25.x

Please upgrade your security server to 6.26. To update the security server, you must update the APT repo and install version 6.26. Don't forget to update your operating system yourself! As of version 6.25, Ubuntu 20.04 (focal) support has been added.

sudo apt update

# The next long command needs to be entered in its entirety
sudo apt install -y xroad-securityserver-ee = 6.26.3-1.ubuntu18.04 xroad-securityserver = 6.26.3-1.ubuntu18.04 xroad-addon-opmonitoring = 6.26.3-1.ubuntu18.04 xroad- proxy = 6.26.3-1.ubuntu18.04 xroad-opmonitor = 6.26.3-1.ubuntu18.04 xroad-addon-metaservices = 6.26.3-1.ubuntu18.04 xroad-addon-messagelog = 6.26.3-1 .ubuntu18.04 xroad-addon-proxymonitor = 6.26.3-1.ubuntu18.04 xroad-addon-wsdlvalidator = 6.26.3-1.ubuntu18.04 xroad-base = 6.26.3-1.ubuntu18.04 xroad-confclient = 6.26.3-1.ubuntu18.04 xroad-proxy-ui-api = 6.26.3-1.ubuntu18.04 xroad-signer = 6.26.3-1. ubuntu18.04 xroad-monitor = 6.26.3-1.ubuntu18.04 xroad-addon-hwtokens = 6.26.3-1.ubuntu18.04


# It is necessary to mark packages as installed automatically, otherwise there will be a manual flag for them
sudo apt-mark auto xroad-securityserver xroad-addon-opmonitoring xroad-proxy xroad-opmonitor xroadaddon-metaservices xroad-addon-messagelog xroad-addon-proxymonitor xroad-addon-wsdlvalidator xroadbase xroad-confclient xroad-proxy-ui-api xroad-signer xroad-monitor xroad-addon-hwtokens xroad-addon-metaservices xroad-base
CODE

Some X-Road packages are in the state "rc" others "ii"

Since v6.24.0 xroad-jetty9 and xroad-nginx packages aren't used any more. They can be removed using "apt purge package-name"

$ dpkg -l | grep xroad
ii  xroad-addon-messagelog           6.24.0-1.ubuntu18.04                all          X-Road AddOn: messagelog
ii  xroad-addon-metaservices         6.24.0-1.ubuntu18.04                all          X-Road AddOn: metaservices
ii  xroad-addon-opmonitoring         6.24.0-1.ubuntu18.04                all          X-Road AddOn: operations monitoring service
ii  xroad-addon-proxymonitor         6.24.0-1.ubuntu18.04                all          X-Road AddOn: proxy monitoring metaservice
ii  xroad-addon-wsdlvalidator        6.24.0-1.ubuntu18.04                all          X-Road AddOn: wsdlvalidator
ii  xroad-base                       6.24.0-1.ubuntu18.04                amd64        X-Road base components
ii  xroad-confclient                 6.24.0-1.ubuntu18.04                amd64        X-Road configuration client components
rc  xroad-jetty9                     6.23.0-1.ubuntu18.04                all          Jetty9 for X-Road purposes
ii  xroad-monitor                    6.24.0-1.ubuntu18.04                all          X-Road monitoring service
rc  xroad-nginx                      6.23.0-1.ubuntu18.04                amd64        X-Road nginx component
ii  xroad-opmonitor                  6.24.0-1.ubuntu18.04                all          X-Road operations monitoring daemon
ii  xroad-proxy                      6.24.0-1.ubuntu18.04                all          X-Road security server
ii  xroad-proxy-ui-api               6.24.0-1.ubuntu18.04                all          X-Road proxy UI REST API
ii  xroad-securityserver             6.24.0-1.ubuntu18.04                all          X-Road security server
ii  xroad-securityserver-ee          6.24.0-1.ubuntu18.04                all          X-Road security server with Estonian settings
ii  xroad-signer                     6.24.0-1.ubuntu18.04                amd64        X-Road signer component


# to removesudo apt purge xroad-jetty9 xroad-nginx
CODE

The first two letters in the list of available packages indicate the status of the installation:

  • "ii" means that the package is installed correctly
  • "rc" indicates that the package has been removed from the server and only its configuration files (conf) remain

All X-Road packages in the "rc" state can be safely removed with the command:

sudo apt purge xroad-jetty9 xroad-nginx
CODE

NB: Version 6.24 also changes the structure of security server URLs due to the addition of the # symbol. For example: https://internalAddress:4000/#/clients.

The easiest way to access the admin interface is through port 4000: https://internalAddress:4000. This will take you to the correct address.