4.14. Updates#

In the standard case, the appliance retrieves its updates from a download server of the maintainers. An update key is used to authenticate the appliance when requesting an update. This case is described here. If the appliance was installed with the Offline Installer, this is also the case. But it is possible to install additional software or updates with an offline installer CD.

Note

For this update procedure the appliance needs to access the internet.

If you are running a virtual appliance, the updates are based on the serial number, you entered during installation.

4.14.1. Automatic Scheduled Updates#

In the appliance dashboard (https:<LINOTP>:8443) on the tab System Updates you can specify when the system should look for updates automatically and if it should reboot when the kernel was updated. As kernel updates can happen every time, you can also configure to boot the machine automatically on certain days of the week.

../_images/automatic_updates.png

4.14.2. Manual Updates#

Alternatively the update can be performed manually e.g. during a maintenance window.

  1. Connect to the SVA via SSH/putty

  2. Perform update via the command appliance-update.sh

Warning

Please empty the browser cache after the update (e.g. via CTRL+F5). Otherwise strange effects can occur (like missing options) due to the aggressive caching mechanism of recent browser.

Note

We recommend to perform updates on a regular base in order to keep the operating system secure and to benefit from newer versions of LinOTP and the appliance itself.

4.14.3. Update the Appliance from offline installer#

You have a newer offline installer to update, then use it. You can request the download link to the latest offline installer from your support if the old link no longer works. If there is no internet access, even through a proxy, this method can be used.

If the Offline Installer is the only usable installation source, all existing online installation sources are commented out first.

  • Adjusting the installation sources

    • Log in to the SVA via ssh/putty and use the ‘unsupported’ mode

    • Use the command ‘apt edit-sources’ to comment out the online sources

#deb http://linotp-appliance.lsexperts.de/f1c0f...722e6/debian jessie main
#deb http://linotp-appliance.lsexperts.de/f1c0f...722e6/linotp jessie linotp appliance
#deb http://linotp-appliance.lsexperts.de/f1c0f...722e6/debian-security jessie/updates main
#deb http://linotp-appliance.lsexperts.de/f1c0f...722e6/debian jessie-updates main
  • Adding the offline repository

    • Insert the image of the just downloaded offline installer into the virtual drive of the VM.

    • If not already done. Log in to the SVA via ssh/putty and use the ‘unsupported’ mode

    • Use the command ‘apt-cdrom -a add’ to add the offline installer as a repository

apt-cdrom -a add
  Using CD-ROM mount point /media/cdrom/
  Unmounting CD-ROM...
  Waiting for disc...
  Please insert a Disc in the drive and press enter
  Mounting CD-ROM...
  Identifying... [feeabbafc734cb7fed8431e778706801-2]
  Scanning disc for index files...
  Found 1 package indexes, 0 source indexes, 0 translation indexes and 0 signatures
  This disc is called:
  'Debian GNU/Linux 10.Y _Buster_ - amd64 CD Binary-1 20170307-16:48'
  Reading Package Indexes... Done
  Writing new source list
  Source list entries for this disc are:
  deb cdrom:[Debian GNU/Linux 8.5 _Jessie_ - amd64 CD Binary-1 20170307-16:48]/ jessie main
  Unmounting CD-ROM...
  Repeat this process for the rest of the CDs in your set.
  • Performing the update

    • Use the command ‘apt-get update && apt-get -y dist-upgrade’ to update from offline installer

    • In special cases, you do not want to update certain packages first. You can user ‘apt-mark hold packetname’. Do not forget afterwards ‘apt-mark unhold packetname’