This article is a slight deviation from my other articles as it’s target audience is administrators and stake pool operators as opposed to ordinary users of Cardano.
Nevertheless, I decided to release it instead of just having it updated in SPOT Check as I believe it will benefit a lot of SPO’s. I myself needed a document like this just a week ago so I’m sure it will be appreciated by the technical part of our community. This will be a summary of a longer article I documented in SPOT Check. To read the full article which includes specific commands, you can go to SPOT Check at this link.
Administrtors of Linux machines may sometimes be required to update the Operating system of servers that are not connected to the internet. These servers may not have any internet access for a variety of reasons including:
- They are at locatiions that have extremely slow and unusable or even no internet connections.
- They were purposely disconnected from the internet for security reasons
These servers are called offline or air gapped machines.
In Cardano, stake pool operators are required to maintain an offline machine. For security reasons, this machine should never be connected to the internet.
On a regular basis (sometimes even daily), Operating System updates are released. These may include bug fixes, security updates and new features or enhancements.
- Online machines that are Internet connected can benefit from these updates whenever the operator does regular maintenance or sometimes automatically for some updates that can be auto installed
- Offline machines that are not internet connected receive none of these updates. Nevertheless, these machines can be used for months or even years without having any updates as long as there is no need to update them
For Cardano Stake Pool Operators, there was no real requirement to update the Operating System (OS) of their offline machine until version 1.35 required the installation of a new package (libsecp256k1). While only one new package was required, installing this package required other OS packages to be installed beforehand. These other packages were dependent on other packages to also be installed first and the cycle repeats.
Some operators are able to quickly resolve the issue by connecting their offline machine to the internet. This is not a valid solution in my opinion as it can compromise security— defeating the purpose of having an offline machine in the first place
Research and troubleshooting led me to four of the better ways to update an offline machine. They are:
- Manual Installation
- Package Managers (e.g. Synaptic)
Of course there are other ways including creating your own package repository. However, these are the methods that I recommend as they are easier and more practical to use. Each method has their advantages and disadvantages which I have fully documented in SPOT Check.
Of the options above, the most effective option I found is option 3 (Synaptic). It is not without its flaws however, so administrators should also consider option 4 (Rebuild) if a major update is required.
WISH Pool is the creator of Cardano SPOT Check, an online resource for Cardano Stake Pool Operators for maintaining their nodes. We are part of the Ardana ISPO and were a recipient of the IOG delegation in 2021 and the Cardano Foundation delegation in 2022. If you like this article, we greatly appreciate if you will delegate your ADA to WISH Pool. You will be earning interest rewards while helping the lives of disadvantaged children. This is because we pledge to give at least 10% of our own profit to educational charities so that successful students can help get their families out of poverty. Let’s help grow the community together!