Software updates
Software updates are provided as image files.
- Operating system: The operation system image, called
neviscd2_<version>_os_<type>.img
(for LTS-19 and LTS-21) ornevisappliance-<type>-os-<version>.img
(for Rolling Release), includes all CentOS system files as well as any additional third-party software. All this software is licensed under the terms of the GNU General Public License - GPL. - Nevis software: The Nevis products and components are bundled in the image called
neviscd2_<cluster version>_nevis_<type>.img
(for LTS-19 and LTS-21) ornevisappliance-<type>-nevis-<version>.img
(for Rolling Release).
Update tasks:
- Copy the images to the nevisAppliance, e.g., using SSH.
- Install the image by using the
update-nevis.sh
- Note: You can execute the update-nevis.sh script only once for an OS image. You need to reboot the server before you can execute the script again.
- Activate the new software by rebooting the server.
Example (please give full path to the images):
update-nevis.sh /path/to/nevisappliance-extended-os-7.2402.0.1107.img /path/to/nevisappliance-extended-nevis-7.2402.0.1107.img
# [update-nevis.sh] start update........o......+...............n...................
# [update-nevis.sh] normal end
After the reboot you can check the installed nevisAppliance version in the /etc/nevisappliance file. This file contains the version number of the operating system image. To check the installed Nevis product and component version, issue the nevisappliance -v
command:
Example:
[root@extended ~]# nevisappliance -v
version=2.202208.1005 image=20220816105805 rev=279787a extended
cluster=2.202208.1005 extended, installed on Wed Aug 17 09:37:39 2022
system=Rocky Linux release 8.6 (Green Obsidian) java=openjdk version "1.8.0_342" SELinux=PERMISSIVE
adnooprint 1.2.1.928552561
nevisadapt 1.11.0.6
nevisauth 4.36.0.4
nevisbase 1.1.2
neviscred 2.0.20.0
nevisdetect 1.11.0.6
nevisdetectcl 1.11.0.6
nevisdp 2.21.0.2695501393
nevisfido 2.0.1.6
nevisfidocl 2.0.1.6
nevisidm 2.86.0.2833457136
nevisidmcl 2.86.0.2833457136
nevisidmdb 7.6.0.2301361554
neviskeybox 2.2.4.3
nevislogrend 1.18.0.2
nevismeta 1.16.0.1
nevisproxy 5.3.0.1
Image types
nevisAppliance is available in different image types:
- The base image contains the Nevis core products and components such as nevisProxy, nevisAuth, nevisLogRend, and nevisAdmin. This image is used for most installations.
- The extended image contains additional Nevis software required for identity management or mobile authentication, such as nevisIDM, nevisFIDO, nevisWorkflow, nevisDataPorter, as well as the necessary printing services.
- The administration image is suited to be used for administration purposes. It is available as nevisAdmin v3 or nevisAdmin v4 variant.
- The reports image contains the nevisReports components, including Logstash and Elasticsearch. Use this image if you want to collect and report insights into your Nevis infrastructure.
- The database image features MariaDB, which can be used as a database server for session clustering or nevisIDM.
The dmz image contains the Nevis core products and components nevisProxy, nevisAuth, and nevisLogRend.
neviscd2_<version>_os_base.img neviscd2_<version>_nevis_base.img
Included components: nevisProxy, nevisAuth, nevisLogRend, nevisAdmin v3, ClamAV. Deprecated : nevisPortal, MySQL Cluster
The base
image is used to set up servers hosting nevisProxy, nevisAuth, and nevisLogRend.
neviscd2_<version>_os_extended.img neviscd2_<version>_nevis_extended.img
Included components: nevisProxy, nevisAuth, nevisLogRend, nevisIDM, nevisWorkflow, nevisDataPorter, nevisFIDO, nevisMeta, adnooprint, CUPS, nevisAdmin v3, OpenLDAP, NFS. Deprecated : nevisPortal, MySQL Cluster, Couchbase server
The extended
image is used to set up servers hosting nevisIDM, in addition to the base Nevis products and components.
neviscd2_<version>_os_admin.imgneviscd2_<version>_nevis_admin.img
Included components: nevisAdmin v3, rsyslog, logviewer, NFS. Deprecated : MySQL Cluster, ELK
Use this image to set up a server for administration purposes with nevisAdmin v3.
neviscd2_<version>_os_admin4.imgneviscd2_<version>_nevis_admin4.img
Included components: nevisAdmin v4, MariaDB.
Use this image to set up a server for administration purposes with nevisAdmin v4.
neviscd2_<version>_os_reports.imgneviscd2_<version>_nevis_reports.img
Included components: nevisReports, Logstash, Elasticsearch, MariaDB.
The reports
image is built for reporting on the Nevis infrastructure by means of nevisReports.
neviscd2_<version>_os_db.imgneviscd2_<version>_nevis db.img
Included components: MariaDB, NFS. Deprecated : Couchbase server
The database
image can be used to set up a database server for session clustering, nevisIDM or nevisWF, see the chapter Database appliance for nevisIDM.
neviscd2_<version>_os_dmz.img neviscd2_<version>_nevis_dmz.img
Included components: nevisProxy, nevisAuth, nevisLogRend, ClamAV Deprecated : MySQL Cluster
The dmz
image is used to set up servers hosting nevisProxy, nevisAuth, and nevisLogRend only.
All image types provide the necessary base Nevis product and components like the Java runtime environment, the J2EE containers, nevisKeybox/nevisCred, nevisAgent, ClamAV, and all necessary system tools.
Image signatures
The updated images include an internal digital signature which is automatically verified when you install the image. A modified image (corrupt file download or a manipulated image) can't be installed without modifying the updating script.
For the ISO image, we provide an external GnuPG signature which can be validated using the following public key.
GnuPG signing key
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v2.0.22 (GNU/Linux)
mQENBFZDVkYBCAC3V6cAV9xyZMs1TBRkEtjiP1mlatWxQ3GouHvM6hOIyimtN9YY
8DiiKuLghS1wjrGC0K+sZIjj50ZSCpLvc9KkQf/q0PTlc52w00j90zkyCtlxv8LD
aglgTpQgr+9irwLO2j38U5uDW6I/dmlC9IyP+pvELZvCnhB5iWhHr99TpihN8z34
87h0E4eEZguAcMootlE3WVrKusIr1G+B/s5e77Up1OGCjc4GDEBJcYXuJZ7ER0vh
Ser7PZ50LLnlrmQfH3Wr3rdNrUH53+xUjSOu0Vg6fn1+JN61Ue8Y3jgruKg2k0yc
hoo+JzUlaEBoaGAQetRT7p382Egm0XU1EhFHABEBAAG0LU5ldmlzIEFwcGxpYW5j
ZSBWMiBCdWlsZCA8c3VwcG9ydEBhZG5vdnVtLmNoPokBOQQTAQIAIwUCVkNWRgIb
AwcLCQgHAwIBBhUIAgkKCwQWAgMBAh4BAheAAAoJEI7vDni7GZLyp/0H/RrXKq64
lY8m4vUKzuLxdYO8uKfN5B3pwKbW8xn6k9G0BqNhDVsdEIUvgs70Z+Os3GAumyT/
q8pHJWnpmOWhOQMGZmoz9jSVJYf96RO1bNTwiJrmbyJwiwQrjAdgHyrymfYPepRY
h+ZEy0XqNVxlKjat+3m51b/jtYsUTKVr4tCUIz26oRpr2iy9P4LVMuyxVvtrkqEB
om4t3SZ8CC+21s9aDsvrpTNobmmnDI+yxnWZblJ0kXcu/175hp3NpyCVsWw6ATHi
by+gCqNfQisWeuPUgSHd6yTZL6GYu2NQDMD8glkPJsIkJ8G9WWNrh+iU5Te+O1Go
1mr1xUZHCl9fiP65AQ0EVkNWRgEIAPRkoaXp+aDvjNYErR+fOzEl0vWbWysfhIWe
eSmTb62R8Q4krJLHBSPkpOWeGt95kJu5XmxcDJc2mBCf7aJ2nuerImkneTX43RlS
b8mZn6s74m3xVdfh4IUWs4CRBlXkte7y/ptONeqDanlFd/hnpYTvZChhSUot6JIC
Ebd6Y2oqYBZrFCneOzeizntoWBQ1S9kBT6NzS3YgzmKAajG9p5i18qlFcGfIfGzV
fmNEDPZmp6xNHYR8pODPb/+OJrV1dVizD2tEYgba8AV9hwjUibRwaE91nMQB7/VG
NNvpn/e3S7f1cbizdxlMeb6Hz0zMwyAvF03D27JGs7DLKYqptpsAEQEAAYkBHwQY
AQIACQUCVkNWRgIbDAAKCRCO7w54uxmS8gNiB/9fEi/Jd4hsJ/aWvZgIk8yqXTSf
sELqLN2Lld1YTfKRXQ00LpmNKIXnooCMrXatT8i3aUItbOjk74iBIo15UGUeN0kJ
ocWcaczNOoWy5g7DFMMiTrV9LFyIEdMtDid71uoVzpqi6uk/91JxJoXNkcY4Do40
v+2g9h6+LvSHw58J2cFF/ffVcaH0i1TvWls9Jln/r8+73kAsbBsoJ0uhsfLEtNvJ
o49hLEcfETx8hstKVOKIhhfDramaA4LMCNG2Z56RzjNSVV9J9ZaTkOwtCyoxLF6F
/8M5hRLfEV99r5DSJY/84RPjKB9ztiIhvGnsPnOilIgqIsKyVgjY/VHiBxm7
=7AeV
-----END PGP PUBLIC KEY BLOCK-----
Import this key to your local keystore and validate the image signature by using the gpg --verify
command.
Example:
# gpg --verify neviscd2_2.201709.0.iso.asc neviscd2_2.201709.0.iso
gpg: Signature made Thu 26 Nov 2015 02:25:41 PM CET using RSA key ID BB1992F2
gpg: checking the trustdb
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0 valid: 2 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 2u
gpg: Good signature from "Nevis Appliance V2 Build <[email protected]>"
nevisIDM
You most likely need to update the database setup and property files of nevisIDM. These tasks have to be performed manually after the software update (server has been rebooted). Refer to the nevisIDM reference guide and release notes for more information about this task.
See also the chapter Upgrading a nevisIDM version if you are using a remote Oracle or MariaDB database.
nevisIDM is not started at server reboot. Start nevisIDM manually after you have finished all other migration tasks. Starting nevisIDM will then perform an automatic re-deployment of the nevisIDM application files.
Switching between nevisIDM 2.68.x (EELS) and the latest version
Since nevisAppliance 2.201807, nevisIDM is delivered in an Exceptional Extended Life Support (EELS) release and a latest version. The EELS version retains support for JBoss, in-process deployment and older SOAP WebService interfaces.
By default, the nevisAppliance is configured to run the latest version of nevisIDM.
For more details about the differences, see the nevisIDM Reference Guide and Release Notes.
- To switch to the 2.68.x EELS version of nevisIDM, edit the
/etc/nevis.policy
file and replace with:
/etc/nevis.policy
NEVISIDM_RELEASE=eels
To switch back to the latest nevisIDM version, set the value to: latest
2. Reboot the nevisAppliance for changes to take effect:
reboot
nevisWorkflow
Similar to nevisIDM, it might be necessary to apply database patches when updating nevisWorkflow. Therefore, nevisWorkflow does not start automatically after the nevisAppliance update. You have to start it manually after you have applied the changes mentioned in the nevisWorkflow release notes and reference guide.
nevisAdmin
nevisAdmin may require user interaction to update (re-deploy) the software in adnglassfish due to the password protection of the container's console.
Restart nevisAdmin manually after the server reboot to activate the new software version if you did not store the passphrase of the console within the specified file (see nevisAdmin Reference Guide chapter "Package").