15. Updates

Updates can be done at the level of the same distribution version, i.e. Jessie or Buster, in different ways:

  1. automatic update - the easiest way

  2. manual update - using appliance-update.sh on the console

  3. update from the latest offline installer

For the first two points you need access to the Internet either directly (default) or via a proxy. The latter can be configured as an anonymous proxy for https directly in the GUI. For more complex requirements please ask for assistance at support mail address which you can find under help in the menu of LinOTP manage.

Normally, the appliance retrieves its updates from a download server of the software publisher. An update key is used to authenticate the appliance on the update request. If there is no Internet connection, a current offline installer can be used as an alternative. But this only works for an offline installer of the same major Debian release version, Debian Jessie or Buster. A major Debian upgrade is not supported in this way.

Note

For this update procedure the appliance needs to access the internet.

If you are running a virtual appliance, the updates are based on the serial number, you entered during installation.

15.1. Automatic Scheduled Updates

In the appliance dashboard (https:<LINOTP>:8443) on the tab System Updates you can specify when the system should look for updates automatically and if it should reboot when the kernel was updated. As kernel updates can happen every time, you can also configure to boot the machine automatically on certain days of the week.

../_images/automatic_updates.png

15.2. Manual Updates

Alternatively the update can be performed manually e.g. during a maintenance window.

  1. Connect to the SVA via SSH/putty

  2. Perform update via the command appliance-update.sh

Warning

Please empty the browser cache after the update (e.g. via CTRL+F5). Otherwise strange effects can occur (like missing options) due to the aggressive caching mechanism of recent browser.

Note

We recommend to perform updates on a regular base in order to keep the operating system secure and to benefit from newer versions of LinOTP and the appliance itself.

15.3. Update the Appliance from offline installer ISO

You need the latest version of the offline installer image, for the latest download link please contact our support.

If the Offline Installer is the only usable installation source, all existing online installation sources are commented out first.

  • Adjusting the installation sources

    • Log in to the SVA via ssh/putty and use the ‘unsupported’ mode

    • Use the command ‘apt edit-sources’ to comment out the online sources

#deb http://linotp-appliance.lsexperts.de/f1c0f...722e6/debian jessie main
#deb http://linotp-appliance.lsexperts.de/f1c0f...722e6/linotp jessie linotp appliance
#deb http://linotp-appliance.lsexperts.de/f1c0f...722e6/debian-security jessie/updates main
#deb http://linotp-appliance.lsexperts.de/f1c0f...722e6/debian jessie-updates main
  • Adding the offline repository

    • Insert the image of the just downloaded offline installer into the virtual drive of the VM.

    • If not already done. Log in to the SVA via ssh/putty and use the ‘unsupported’ mode

    • Use the command ‘apt-cdrom -a add’ to add the offline installer as a repository

# apt-cdrom -a add
Using CD-ROM mount point /media/cdrom/
Unmounting CD-ROM...
Waiting for disc...
Please insert a Disc in the drive and press enter
Mounting CD-ROM...
…
Unmounting CD-ROM...
Repeat this process for the rest of the CDs in your set.
  • Performing the update

    • Use the command ‘apt-get update && apt-get -y dist-upgrade’ to update from the offline installer

Hint

In special cases, you may want to to not update certain packages. You can use ‘apt-mark hold <packetname>’ to ensure that the package <packagename is not upgraded. Do not forget to remove the hold afterwards: ‘apt-mark unhold packetname’.