VisibleThread Help Center

    Customer managed patches to the VisibleThread Server

    Follow

    The VisibleThread VM is built on top of Ubuntu Linux, and from time to time critical patches are made available to the operating system and its components.

     

    Customers can choose to run their own patching program with some restrictions. Essentially we require that some critical parts of the VisibleThread architecture are 'pinned' to required supported versions. This is necessary to ensure the VisibleThread Application remains compatible with any patches or updates that may be applied to the server by your patching team.

     

    Note: You should always ensure you have backed up/snapshotted your VisibleThread VM before applying updates as there may be unintended consequences. It is also good policy to test the updates on a test environment first.

     

    Setting up for customer managed updates

     

    Note: These instructions apply only to customers who are running the Ubuntu 16.04 operating system. 

    You can check which version of the operating system you are running by typing 'lsb_release -a' at the command line.

    Before you begin you should insure that there is a file called 'preferences' located at '/etc/apt'. The file should have the following contents:

     

    Package: postgresql*
    Pin: version 10*
    Pin-Priority: 550
    
    Package: openssl* 
    Pin: version 1.0.2* 
    Pin-Priority: 550 
    
    Package: apache2 
    Pin: version 2.4.18* 
    Pin-Priority: 550
    
    Package: supervisor
    Pin: version 3.2*
    Pin-Priority: 550

     

    Once this file is in place you can apply any updates using the Ubuntu package manager without overwriting services the VisibleThread application relies upon.

     

    How to apply critical security updates on the Ubuntu OS

    You can apply any available critical security updates to the VM from the command line using a utility script installed on the VM.

     

    cd /home/visiblethread/VisibleThreadTools
    ./security-update.sh

    It's good practice to run these updates on a Monthly basis. 

    Was this article helpful?
    0 out of 0 found this helpful

    Comments