Configuration Proxy Ubuntu 18.04 to 20.04 In-place Upgrade.

This document describes the steps required for upgrading a Configuration Proxy host from Ubuntu 18.04 LTS host to Ubuntu 20.04 LTS. Please read carefully through the whole document before starting the upgrade process. It is assumed that the reader is familiar with the Ubuntu Linux distribution and has experience of Ubuntu release upgrades.

Preparations

If you use a hardware security module, please verify that the HSM is compatible with Ubuntu 18.04 and check the HSM module documentation for upgrade instructions.

  • Review the Ubuntu release notes and upgrade instructions:
  • Update all packages to the latest versions:

    apt update && apt full-upgrade
  • Ensure that the X-Road software version is 6.25.0.
  • Stop xroad-signer and take backup of /etc/xroad directory and download it into a safe place. It is possible to restore the configuration to a new host if the upgrade fails

    sudo systemctl stop xroad-signer 
    sudo tar cvf $HOME/confproxy-backup.tar /etc/xroad
  • Recommended: Make sure that you have an up-to-date backup (or a virtual machine snapshot) of the server.

Upgrading Ubuntu 18.04 to 20.04

  • Install update-manager-core and software-properties-common if not already installed.

    apt install update-manager-core software-properties-common
  • Make sure the Prompt line in /etc/update-manager/release-upgrades is set to lts (long-term support)
  • Launch the upgrade tool with the command

    sudo do-release-upgrade
  • Follow the on-screen instructions.
  • When the upgrade is finished, reboot when prompted.

Upgrading the X-Road software

Update the X-Road package repository to point to the Ubuntu 20.04 packages

  • Update the X-Road apt repository (remove old and add new):

    apt-add-repository -r "deb https://artifactory.niis.org/xroad-release-deb bionic-current main"
    apt-add-repository "deb https://artifactory.niis.org/xroad-release-deb focal-current main"
  • Alternatively, find the repository definition in /etc/apt/sources.list and edit it directly.

Upgrade the packages

sudo apt update && sudo apt full-upgrade

Verify the upgrade

Check that all services are running and activate the security tokens if xroad-autologin is not configured.

Example output
$ sudo dpkg -l | grep "xroad*" ii  xroad-base                     6.25.0-1.ubuntu20.04              amd64        X-Road base components
ii  xroad-confclient               6.25.0-1.ubuntu20.04              amd64        X-Road configuration client components
ii  xroad-confproxy                6.25.0-1.ubuntu20.04              all          X-Road configuration proxy
ii  xroad-nginx                    6.25.0-1.ubuntu20.04              amd64        X-Road nginx component
ii  xroad-signer                   6.25.0-1.ubuntu20.04              amd64        X-Road signer component

$ sudo systemctl list-units "xroad*" nginx.service   
  UNIT                 LOAD   ACTIVE SUB     DESCRIPTION                                             
  nginx.service        loaded active running A high performance web server and a reverse proxy server
  xroad-base.service   loaded active exited  X-Road initialization                                   
  xroad-signer.service loaded active running X-Road signer   signer 

# activate security token(s)
$ sudo -iu xroad signer-console login-token 0
PIN:***********


$ sudo -iu xroad confproxy-view-conf -a 
Configuration for proxy 'PROXY1'
Validity interval: 600 s.

anchor.xml
==================================================
(... output truncated ...)

Troubleshooting

  • If recovery from a upgrade failure is not possible and there is a backup/snapshot available, one can restore it and start over
  • If you have the configuration backup available:
    • Install a new configuration proxy to a Ubuntu 20.04 host (see the Configuration Proxy Manual)
    • Restore the configuration and activate the security token(s).

      Example
      sudo systemctl stop xroad-signer nginx
      sudo tar xvf confproxy-backup.tar -C /
      sudo systemctl start xroad-signer nginx
      sudo -iu xroad signer-console login-token 0
      PIN:***********