Go directly to contents.
Suomi.fi Data Exchange Layer

Instructions for updating the Security Server Software for RHEL Security Servers

This article provides instructions on how to update the software to the latest supported version on an RHEL 7 or 8 Security Server connected to the test environment (FI-TEST) or the production environment (FI) of the Suomi.fi Data Exchange Layer.

NOTE! The software update to the new version is only supported for the two previous X-Road versions!

Software upgrades from earlier versions directly to the new version have not been tested and may cause issues. We recommend keeping your software versions up to date at all times.

DO NOT use these instructions for installing a new Security Server. The update process is described in separate instructions:

With these instructions, you can update the Security Server software to version 6.20.0 or later.

Before the update

Back up the Security Server

Before you update the Security Server software to a new version, take a thorough backup of the server.

When you have a snapshot of the Security Server’s disk or an otherwise comprehensive backup, you can restore the old version if problems occur in the update. At a minimum, back up the configuration of the Security Server through the UI: Back Up and Restore > BACK UP CONFIGURATION.

Performing the update

NOTE! First, make sure that the update from the current software version of your Security Server to the new version is supported. We always support the two previous versions.

  1. Make sure you have backups and snapshots before you update.
  2. Check which version of X-Road your Security Server is using. The version is stated at the bottom of the Security Server graphical user interface when logged in. You can connect to the user interface at https://liityntapalvelimesi-nimi:4000
  3. On the Version Updates page, check which version of X-Road the Data Exchange Layer is using to see which version you should update your Security Server to.
  4. Check whether the version run by the Data Exchange Layer supports the current X-Road version of your Security Server at the NIIS version releases pageOpens in a new window.. Information on supported versions is provided in the Supported versions section in the page of the relevant version update.
  5. If the update to the version run by the Data Exchange Layer is not supported from the X-Road version run by your Security Server, please contact the support at palveluvayla@palveluvayla.fiOpens in a new window.. The administration of the Data Exchange Layer will provide you with instructions for the update.
  6. If the update to the version run by the Data Exchange Layer is supported from the X-Road version run by your Security Server, follow the steps below to update the software.

Update to software version 6.20.0 or later

1. Open an SSH session on the server. Retrieve the new signature key of the installation packages based on the environment in which you are performing the update.

Development environment (FI-DEV)

RHEL 7:

rpm --import http://www.nic.funet.fi/pub/csc/x-road/client/rhel7-dev-current/niis.public.asc

RHEL 8:

rpm --import http://www.nic.funet.fi/pub/csc/x-road/client/rhel8-dev-current/niis.public.asc

Test environment (FI-TEST)

RHEL 7:

rpm --import http://www.nic.funet.fi/pub/csc/x-road/client/rhel7-test-current/niis.public.asc

RHEL 8:

rpm --import http://www.nic.funet.fi/pub/csc/x-road/client/rhel8-test-current/niis.public.asc

Production environment (FI)

RHEL 7:

rpm --import http://www.nic.funet.fi/pub/csc/x-road/client/rhel7-prod-current/niis.public.asc

RHEL 8:

rpm --import http://www.nic.funet.fi/pub/csc/x-road/client/rhel8-prod-current/niis.public.asc

2. After that, enter the following commands:

sudo su -l
yum update

Troubleshooting

The Security Server UI does not respond or gives an error message

1. Check whether the /tmp directory has been mounted with the noexec switch.

If the /tmp directory has been mounted with the noexec switch, the admin UI will not start, since it needs the /tmp directory to function.

Use the mount command to check this:

mount

Check whether the resulting printout contains the identifiers /tmp and noexec. Sample printout:

/dev/loop0 on /tmp type ext3 (rw,noexec,nosuid,nodev)

If the printout contains /tmp and noexec (such as in the sample above), you need to modify the /etc/fstab file to delete the noexec switch. Furthermore, to apply the changes immediately, the directory must be remounted with the following command:

mount -o remount,exec /tmp

2. Check whether IPv6 is enabled. Open the following file with an editor:

#vi /etc/sysctl.conf

Check whether the setting on the following lines is 0:

# disable IPv6 
net.ipv6.conf.all.disable_ipv6 = 0 
net.ipv6.conf.default.disable_ipv6 = 0 
net.ipv6.conf.lo.disable_ipv6 = 0

If this is the case, change the setting to 1:

# disable IPv6 
net.ipv6.conf.all.disable_ipv6 = 1 
net.ipv6.conf.default.disable_ipv6 = 1 
net.ipv6.conf.lo.disable_ipv6 = 1

Save the file and exit from the editor. Apply the changes you made by typing the following command:

# sysctl -p
Updated: 9/10/2024

Are you satisfied with the content on this page?