How to Upgrade Security Server to Ubuntu 22.04 Using a Configuration Backup?

This document describes the steps required for migrating a stand-alone Security Server from an existing Ubuntu 20.04 LTS host to a new Ubuntu 22.04 LTS host. The migration is done taking a backup of the security server configuration on the Ubuntu 20.04 host and restoring the backup on the Ubuntu 22.04 LTS host. Please read carefully through the whole document before starting the upgrade process.

This document assumes that you are using two different server hosts concurrently during the upgrade process: 

  • old server, which runs Ubuntu 20.04 LTS

  • new server, which runs Ubuntu 22.04 LTS

Terms old server and new server will be used to refer to these.

It is also possible to upgrade to Ubuntu 22 with configuration backups, using just one server, but this document does not cover that method.

Preparation

If upgrading a system that uses a hardware security module: Please verify that the HSM is compatible with Ubuntu 22.04 and check the HSM module documentation for upgrade instructions. Connecting a hardware security module (HSM) to a new server may require additional steps that are not covered by these instructions.

  • Ensure that the X-Road software is at version 7.2.0

  • On the old server, use the admin UI to take a backup of the security server configuration and download it to a safe location.

  • In order to route traffic to the new server after the upgrade is complete, prepare to update your network configuration.

    • After the upgrade, you may need to change the new server's public IP address(es) to match the old public addresses and/or update DNS,  firewall, NAT, or other network configuration so that other security servers and your information systems can reach the new server. The exact steps depend on your network setup and are not covered in this guide. Note that if the publicly visible IP address of the upgraded security server changes, you may need to contact your X-Road Instance operator and/or other members for firewall rule changes.

Upgrade process

 

  • Switch over to the new server (stop the old server and update your network configuration accordingly).