Linux VDA self-update through Azure
This feature helps to automatically update your Linux VDA software - immediately, or at a scheduled time. It is beneficial when you create Linux VDAs in Citrix DaaS Standard for Azure (formerly Citrix Virtual Apps and Desktops Standard for Azure). You need no administrator privileges of the VMs in Azure. For more information, see Create Linux VDAs in Citrix DaaS Standard for Azure.
Configuration
To use this feature, complete the following steps:
Step 1: Upload update information and new VDA packages to your Azure container
Step 1a: Create a container under your Azure storage account and set your container access level to Blob (Anonymous read access for blobs only).
Note:
Azure containers and blobs are exclusively held and managed by customers. Citrix is not liable for any security issues with them. To ensure data security and cost efficiency, set your container access level to Private (no anonymous access) after each self-update.
Step1b: Incorporate your VDA update information to a JSON file named UpdateInfo.json. For an example of the file format, see the following block:
{
"Version": "21.04.200.4",
"Distributions":[
{
"TargetOS": "RHEL7_9",
"PackageName": "",
"PackageHash": ""
},
{
"TargetOS": "UBUNTU18_04",
"PackageName": "xendesktopvda_21.04.200.4-1.ubuntu18.04_amd64.deb",
"PackageHash": "4148cc3f25d3717e3cbc19bd953b42c72bd38ee3fcd7f7034c2cd6f2b15b3c5a"
},
{
"TargetOS": "UBUNTU20_04",
"PackageName": "",
"PackageHash": ""
}
]
}
<!--NeedCopy-->
Where, “Version” indicates the new VDA version and “Distributions” is an array of update objects. Each object contains three items:
-
“TargetOS”: must be “RHEL7_9” (for RHEL 7, CentOS 7, and Amazon Linux 2), “UBUNTU18_04”, or “UBUNTU20_04.” The
ctxmonitorservice
does not recognize any other distributions. - “PackageName”: Full name of the VDA package of the specified version.
-
“PackageHash”: SHA-256 value that you compute by using the
shasum -a 256 <pkgname>
command.
Step1c: Upload the JSON file and the new version of Linux VDA packages to your Azure container.
Step 2: Enable the self-update feature on the master image or on each VDA
By default, self-update is disabled. If you create Linux VDAs in Citrix DaaS Standard for Azure, the feature enablement must be conducted on the master image. Otherwise, enable the feature on each target VDA directly.
To enable self-update, run commands similar to the following to edit the registry key at HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Citrix\SelfUpdate.
/opt/Citrix/VDA/bin/ctxreg create -k "HKLM\System\CurrentControlSet\Control\Citrix\SelfUpdate" -t "REG_DWORD" -v "fEnabled" -d "0x00000001" --force
/opt/Citrix/VDA/bin/ctxreg create -k "HKLM\System\CurrentControlSet\Control\Citrix\SelfUpdate" -t "REG_SZ" -v "ScheduledTime" -d "Immediately" --force
/opt/Citrix/VDA/bin/ctxreg create -k "HKLM\System\CurrentControlSet\Control\Citrix\SelfUpdate" -t "REG_SZ" -v "Url" -d "<Your-Azure-Container-Url>" --force
/opt/Citrix/VDA/bin/ctxreg create -k "HKLM\System\CurrentControlSet\Control\Citrix\SelfUpdate" -t "REG_SZ" -v "CaCertificate" -d "<Local-Certificate-Path-of-PortalAzureCom>" --force
<!--NeedCopy-->
The following table describes the registry settings.
Registry setting | Description |
---|---|
fEnabled | This setting is required. By default, the value is 0, which means self-update is disabled. You can set it to 1 to enable self-update. |
Url | This setting is required. It sets the URL of your Azure container to get the update information and new VDA packages. |
ScheduledTime | This setting is required. You can set it to Immediately or NextStart. Immediately means to run an update immediately after downloading VDA packages. This option is appropriate when the download speed is high and your update is urgent. But it can disrupt the user experience if there are any live sessions when you download the package. NextStart means to run an update upon the next start of the ctxmonitorservice . This option is appropriate when the download speed is not high and your update is not urgent. |
CaCertificate | This setting is optional. It sets the full path of a PEM certificate to verify the URL of your Azure container. For Azure blobs, it can be the certificate of portal.azure.com that is retrieved from the browser and then converted to PEM. For security, we recommend you add this registry setting, but it is supported only on Ubuntu. On RHEL, it misses linking some NSS libraries for the curl command. Make sure to set the least privileges of the certificate. |
When the ctxmonitorservice
restarts, it first queries Url to get the UpdateInfo.json file and retrieves the update version from the JSON file. Then the ctxmonitorservice
compares the update version with the current version. If the current version is earlier, the service downloads the new version of the VDA package from Azure and saves it locally. After that, it runs an update according to the setting of ScheduledTime. For an on-premises deployment, you can restart the ctxmonitorservice
directly to trigger the update. However, in Citrix DaaS Standard for Azure where you have no administrator privileges to the VMs, the ctxmonitorservice
can be restarted only after the VDA machine is restarted. If an update fails, your VDA is rolled back to the existing version.
Note:
- The registry settings you configured on the master image cannot be changed.
- If all VMs in an environment download a package at the same time, the local network can be congested.
- User data is lost if both an update and rollback fail.
- If an update fails but rollback succeeds, users on the same network might have different versions of the Linux VDA. This case is suboptimal.
- An update typically takes several minutes to complete. There is no status indicator in Citrix Studio.