Security Server Update

X-tee Security Server software repositories:

TEST	http://x-tee.ee/packages/test/xroad	We recommend using this repository for X-tee development (ee-dev) and test (ee-test) environments if you want early access to the latest X-Road version and to make sure that newer software works without errors.
LIVE	http://x-tee.ee/packages/live/xroad	Stable and tested release. Production ready.

Official installation instructions for the newest version: https://x-tee.ee/docs/live/xroad/ig-ss_x-road_v7_security_server_installation_guide.html

The Security Server updating process depends on which version is currently in use on the Security Server.

Ubuntu Upgrade

7.2.X X-road version needs Ubuntu 20 or 22. Ubuntu 18 must be upgraded. NIIS upgrade documentation:

Ubuntu 18 → Ubuntu 20

Ubuntu 20 → Ubuntu 22

Adding RIA's X-tee repository and key

wget -O -  https://x-tee.ee/packages/live/xroad/xroad.pub | apt-key add -
echo "deb http://x-tee.ee/packages/live/xroad $(lsb_release -sc)-current main" > /etc/apt/sources.list.d/xroad.list
apt update

CODE

Upgrading the security server from the previous version to the latest version

If the "xroad-database-remote" package is installed on the Security Server and the database of the Security Server is located on a separate server, we recommend using the commands for updating:

sudo apt update
sudo apt install xroad-database-remote
 
# All X-Road packages should be with dpkg prefix "ii"
dpkg -l | grep xroad
 
# last do a general OS upgrade
sudo apt dist-upgrade

CODE

If the "xroad-database-remote" package is not installed on the Security Server, we recommend using the following commands to update:

sudo apt update
sudo apt install xroad-securityserver-ee

# All X-Road packages should be with dpkg prefix "ii"
dpkg -l | grep xroad

# last do a general OS upgrade
sudo apt dist-upgrade

CODE

Before upgrading to 7.3.0

Since X-Road v7.3 the support for Java 8 is removed. Some recommended steps:

it's best to install v7.3.1 instead which removes Java8 from local conf files.
if you still haven't deleted /etc/xroad/services/local.conf file, then transfer all necessary parameters to local.properties, like in migration steps and delete local.conf
uninstall Java 8 from your server

My security server is on version 6.26

Upgrading to version 7.0.0 can only be done from version 6.26

Some important changes must be done after upgrade to v7.0:

automatic backups doesn't contain xroad/services/local.conf file
all parameters from local.conf must be converted into local.properties
support Java 11
after changing [message-log] system parameters, new service xroad-addon-messagelog must be restarted
all changes are listed in here https://confluence.niis.org/display/XRDKB/Migration+Guide+from+X-Road+6+to+X-Road+7

After upgrading to version 7.0.0 it is required to take into use Java 11.

1) Upgrade the security server from 6.26 to version 7.0: apt update; apt install xroad-securityserver-ee
2) Remove the JAVA_HOME parameter (if it exists) from /etc/xroad/services/local.conf
3) Make sure you are using Java 11:
	a) To view the current version of Java: java -version
	b) If necessary, specify the default version of Java: update-java-alternatives
4) It is recommended to remove unused versions. To remove AdoptOpenJDK: apt remove adoptopenjdk-8-hotspot-jre

CODE

As OpenJDK 8 is no longer supported as of April 2021, it is recommended that you upgrade your security server to version 7.0, as it supports Java 11.

I have a Security Server with a previous software version 6.22.x, 6.23.x, 6.24.x or 6.25.x

Please upgrade your security server to 6.26. To update the security server, you must update the APT repo and install version 6.26. Don't forget to update your operating system yourself! As of version 6.25, Ubuntu 20.04 (focal) support has been added.

sudo apt update

# The next long command needs to be entered in its entirety
sudo apt install -y xroad-securityserver-ee = 6.26.3-1.ubuntu18.04 xroad-securityserver = 6.26.3-1.ubuntu18.04 xroad-addon-opmonitoring = 6.26.3-1.ubuntu18.04 xroad- proxy = 6.26.3-1.ubuntu18.04 xroad-opmonitor = 6.26.3-1.ubuntu18.04 xroad-addon-metaservices = 6.26.3-1.ubuntu18.04 xroad-addon-messagelog = 6.26.3-1 .ubuntu18.04 xroad-addon-proxymonitor = 6.26.3-1.ubuntu18.04 xroad-addon-wsdlvalidator = 6.26.3-1.ubuntu18.04 xroad-base = 6.26.3-1.ubuntu18.04 xroad-confclient = 6.26.3-1.ubuntu18.04 xroad-proxy-ui-api = 6.26.3-1.ubuntu18.04 xroad-signer = 6.26.3-1. ubuntu18.04 xroad-monitor = 6.26.3-1.ubuntu18.04 xroad-addon-hwtokens = 6.26.3-1.ubuntu18.04


# It is necessary to mark packages as installed automatically, otherwise there will be a manual flag for them
sudo apt-mark auto xroad-securityserver xroad-addon-opmonitoring xroad-proxy xroad-opmonitor xroadaddon-metaservices xroad-addon-messagelog xroad-addon-proxymonitor xroad-addon-wsdlvalidator xroadbase xroad-confclient xroad-proxy-ui-api xroad-signer xroad-monitor xroad-addon-hwtokens xroad-addon-metaservices xroad-base

CODE

Some X-Road packages are in the state "rc" others "ii"

Since v6.24.0 xroad-jetty9 and xroad-nginx packages aren't used any more. They can be removed using "apt purge package-name"

$ dpkg -l | grep xroad
ii  xroad-addon-messagelog           6.24.0-1.ubuntu18.04                all          X-Road AddOn: messagelog
ii  xroad-addon-metaservices         6.24.0-1.ubuntu18.04                all          X-Road AddOn: metaservices
ii  xroad-addon-opmonitoring         6.24.0-1.ubuntu18.04                all          X-Road AddOn: operations monitoring service
ii  xroad-addon-proxymonitor         6.24.0-1.ubuntu18.04                all          X-Road AddOn: proxy monitoring metaservice
ii  xroad-addon-wsdlvalidator        6.24.0-1.ubuntu18.04                all          X-Road AddOn: wsdlvalidator
ii  xroad-base                       6.24.0-1.ubuntu18.04                amd64        X-Road base components
ii  xroad-confclient                 6.24.0-1.ubuntu18.04                amd64        X-Road configuration client components
rc  xroad-jetty9                     6.23.0-1.ubuntu18.04                all          Jetty9 for X-Road purposes
ii  xroad-monitor                    6.24.0-1.ubuntu18.04                all          X-Road monitoring service
rc  xroad-nginx                      6.23.0-1.ubuntu18.04                amd64        X-Road nginx component
ii  xroad-opmonitor                  6.24.0-1.ubuntu18.04                all          X-Road operations monitoring daemon
ii  xroad-proxy                      6.24.0-1.ubuntu18.04                all          X-Road security server
ii  xroad-proxy-ui-api               6.24.0-1.ubuntu18.04                all          X-Road proxy UI REST API
ii  xroad-securityserver             6.24.0-1.ubuntu18.04                all          X-Road security server
ii  xroad-securityserver-ee          6.24.0-1.ubuntu18.04                all          X-Road security server with Estonian settings
ii  xroad-signer                     6.24.0-1.ubuntu18.04                amd64        X-Road signer component


# to removesudo apt purge xroad-jetty9 xroad-nginx

CODE

The first two letters in the list of available packages indicate the status of the installation:

"ii" means that the package is installed correctly
"rc" indicates that the package has been removed from the server and only its configuration files (conf) remain

All X-Road packages in the "rc" state can be safely removed with the command:

sudo apt purge xroad-jetty9 xroad-nginx

CODE

NB: Version 6.24 also changes the structure of security server URLs due to the addition of the # symbol. For example: https://internalAddress:4000/#/clients.

The easiest way to access the admin interface is through port 4000: https://internalAddress:4000. This will take you to the correct address.