https://pbs.proxmox.com/mediawiki/api.php?action=feedcontributions&feedformat=atom&user=S.ivanovProxmox Backup Server - User contributions [en]2026-04-07T18:18:06ZUser contributionsMediaWiki 1.43.6https://pbs.proxmox.com/mediawiki/index.php?title=Upgrade_from_3_to_4&diff=156Upgrade from 3 to 42025-09-19T08:08:18Z<p>S.ivanov: /* Add the Proxmox Backup Server 4 Package Repository */</p>
<hr />
<div>= Introduction =<br />
<br />
Proxmox Backup Server 4 is based on Debian 13 Trixie, a new major release, and introduces several new major features and changes.<br />
You should plan the upgrade carefully, '''make and verify backups''' before beginning, and test extensively.<br />
Depending on the existing configuration, several manual steps — including some downtime — may be required.<br />
<br />
'''Note:''' A valid and tested backup is ''always'' required before starting the upgrade process.<br />
You can test the backup beforehand, for example, in a (virtualized) test lab setup.<br />
<br />
In case the system is customized and/or uses additional packages or any other third party repositories/packages, ensure those packages are also upgraded to and compatible with Debian Trixie.<br />
<br />
= In-place Upgrade =<br />
<br />
== Prerequisites ==<br />
<br />
* Perform these actions via SSH, a physical console or a remote management console like iKVM or IPMI.<br />
** If you use SSH, you should use a terminal multiplexer (for example, tmux or screen) to ensure the upgrade can continue even if the SSH connection gets interrupted.<br />
** Do not carry out the upgrade via the web UI console directly, as this will get interrupted during the upgrade.<br />
<br />
* Upgraded to the latest version of Proxmox Backup Server 3.4, see the [[Roadmap#Release History|roadmap]] for potential important changes in the stable release.<br />
*: Use <code>apt update</code> and <code>apt dist-upgrade</code> (still with Debian Bookworm repos setup) to upgrade to latest 3.4<br />
** Verify version: The command <code>proxmox-backup-manager versions</code> should print:<br />
**:<code>proxmox-backup-server 3.4.2-1 running version: 3.4.2</code> (or higher)<br />
** If you do not get updates check correct [https://pbs.proxmox.com/docs/installation.html#debian-package-repositories package repository] configuration.<br />
<br />
* Make a backup of <code>/etc/proxmox-backup</code> to ensure that in the worst case, any relevant configuration can be recovered:<br />
tar czf "pbs3-etc-backup-$(date -I).tar.gz" -C "/etc" "proxmox-backup"<br />
<br />
* Ensure that you have at least 10 GB free disk space on the root mount point:<br />
df -h /<br />
<br />
In-place upgrades are carried out via APT. Basic familiarity with APT is required to proceed with this upgrade mechanism.<br />
<br />
=== Installed alongside Proxmox VE ===<br />
<br />
For systems with Proxmox VE and Proxmox Backup Server installed together, you should also read the [https://pve.proxmox.com/wiki/Upgrade_from_8_to_9 Proxmox VE upgrade from 8 to 9 how-to] carefully.<br />
<br />
You can upgrade both in one go, by syncing the steps in which the APT repositories are changed.<br />
<br />
== Actions Step-by-Step ==<br />
Before starting the upgrade process, ensure that your Proxmox Backup Server 3.x host is up-to-date.<br />
<br />
=== Continuously use the pbs3to4 checklist script ===<br />
<br />
A small checklist program named pbs3to4 is included in the latest Proxmox Backup Server 3.4 packages. The program will provide hints and warnings about potential issues before, during and after the upgrade process. You can call it by executing:<br />
<br />
pbs3to4<br />
<br />
To run it with all checks enabled, execute:<br />
<br />
pbs3to4 --full<br />
<br />
Make sure to run the full checks at least once before the upgrade.<br />
<br />
This script only checks and reports things. By default, no changes to the system are made and thus, none of the issues will be automatically fixed. You should keep in mind that Proxmox Backup Server can be heavily customized, so the script may not recognize all the possible problems with a particular setup!<br />
<br />
It is recommended to re-run the script after each attempt to fix an issue. This ensures that the actions taken actually fixed the respective warning. <br />
<br />
=== Optional: Enable Maintenance Mode ===<br />
<br />
Enabling the read-only [https://pbs.proxmox.com/docs/maintenance.html#maintenance-mode maintenance mode] on all datastores ensures that no new backup can be started during the upgrade, while keeping existing ones available to read.<br />
The read-only maintenance mode allows you to enforce a known and stable datastore state and reduces the I/O and general load of the Proxmox Backup Server during the upgrade, making that faster.<br />
<br />
You can enable and disable the maintenance mode either via the web UI, in the Options tab of each datastore menu entry, or using the command line interface (CLI):<br />
# enable read-only mode (replace DATASTORE-ID with actual value)<br />
proxmox-backup-manager datastore update DATASTORE-ID --maintenance-mode read-only<br />
# disable read-only mode<br />
proxmox-backup-manager datastore update DATASTORE-ID --delete maintenance-mode<br />
<br />
=== Update the Configured APT Repositories ===<br />
<br />
First, make sure that the system is using the latest Proxmox Backup Server 3.4 packages:<br />
<br />
apt update<br />
apt dist-upgrade<br />
proxmox-backup-manager versions<br />
<br />
The last command should report at least <code>3.4.2-1</code> or newer.<br />
<br />
==== Update Debian Base Repositories to Trixie ====<br />
<br />
Update all repository entries to Trixie:<br />
<br />
sed -i 's/bookworm/trixie/g' /etc/apt/sources.list<br />
<br />
Ensure that there are no remaining Debian Bookworm specific repositories left. You can place a <code>#</code> symbol at the start of the respective line to comment such a repository out, disabling it.<br />
Check all files in the </code>/etc/apt/sources.list.d/</code> folder (like <code>pbs-enterprise.list</code>) and also the top-level <code>/etc/apt/sources.list</code> file.<br />
See [https://pbs.proxmox.com/docs/installation.html#debian-package-repositories Package Repositories] section in the reference docs for the correct Proxmox Backup Server 4 / Debian Trixie repositories.<br />
<br />
==== Add the Proxmox Backup Server 4 Package Repository ====<br />
<br />
Update the enterprise repository to Trixie in the new deb822 format with the following command:<br />
<br />
cat > /etc/apt/sources.list.d/pbs-enterprise.sources << EOF<br />
Types: deb<br />
URIs: https://enterprise.proxmox.com/debian/pbs<br />
Suites: trixie<br />
Components: pbs-enterprise<br />
Signed-By: /usr/share/keyrings/proxmox-archive-keyring.gpg<br />
EOF<br />
<br />
After you added the new enterprise repository as above, check that <code>apt</code> picks it up correctly. You can do so by first running <code>apt update</code> followed by <code>apt policy</code>. Make sure that no errors are shown and that <code>apt policy</code> only outputs the desired repositories. Then you can remove the old <code>/etc/apt/sources.list.d/pbs-enterprise.list</code> file. Run <code>apt update</code> and <code>apt policy</code> again to be certain that the old repo has been removed.<br />
If using the no-subscription repository, see [[Package Repositories]]. You should be able to add the Proxmox Backup Server 4 no-subscription repository with this command:<br />
cat > /etc/apt/sources.list.d/proxmox.sources << EOF<br />
Types: deb<br />
URIs: http://download.proxmox.com/debian/pbs<br />
Suites: trixie<br />
Components: pbs-no-subscription<br />
Signed-By: /usr/share/keyrings/proxmox-archive-keyring.gpg<br />
EOF<br />
<br />
As with the enterprise repository, make sure that <code>apt</code> picks it up correctly with <code>apt update</code> followed by <code>apt policy</code>. Then remove the previous Proxmox Backup Server 3 no-subscription repository from either the <code>/etc/apt/sources.list</code>, <code>/etc/apt/sources-list.d/pbs-install-repo.list</code> or any other <code>.list</code> file you may have added it to. Run <code>apt update</code> and <code>apt policy</code> again to be certain that the old repo has been removed.<br />
<br />
Instead of removing older repositories, you can also disable them. In <code>.list</code> simply comment them out by adding a <code>#</code> to the beginning of the line. In <code>.sources</code> files, you can add the line <code>Enabled: no</code> to any stanza you want to disable.<br />
<br />
Make sure to check that all the <code>.list</code> files you added in /etc/apt/sources.list.d/ got switched over to Trixie correctly.<br />
<br />
After you checked that all repositories get picked up correctly with <code>apt policy</code>, update the repositories' package index:<br />
apt update<br />
Note that this command does not start the upgrade itself, it only refreshes the package index and must not return any error.<br />
<br />
=== Upgrade the System ===<br />
<br />
Note that the time required for finishing this step heavily depends on the system's performance, especially the root filesystem's IOPS and bandwidth.<br />
A slow spinner can take up to 60 minutes or more, while for a high-performance server with SSD storage, the dist-upgrade can be finished in less than 5 minutes.<br />
<br />
{{Note|While the packages are being upgraded certain operations and requests to the API might fail (for example logging in as system user in the <code>pam</code> realm)|reminder}}<br />
<br />
To get the initial set of upgraded packages, run:<br />
apt update<br />
apt dist-upgrade<br />
<br />
During the above step, you will be asked to approve changes to configuration files and some service restarts, where the default config has been updated by their respective package.<br />
<br />
You may also be shown the output of <code>apt-listchanges</code>, you can simply exit there by pressing "q". If you get prompted for your default keyboard selection, simply use the arrow keys to navigate to the one applicable in your case and hit enter.<br />
<br />
For questions about service restarts (like <code>Restart services during package upgrades without asking?</code>) use the default if unsure, as the reboot after the upgrade will restart all services cleanly anyway.<br />
<br />
For questions about (default) configuration changes, it's suggested to check the difference for each file in question and choose the answer accordingly to what's most appropriate for your setup.<br />
<br />
Common configuration files with changes, and the recommended choices are: <br />
* <code>/etc/issue</code> -> Proxmox Backup Server will auto-generate this file on boot, and it has only cosmetic effects on the login console.<br />
*: Using the default "No" (keep your currently-installed version) is safe here.<br />
<br />
* <code>/etc/ssh/sshd_config</code> -> If you have not changed this file manually, the only differences should be a replacement of <code>ChallengeResponseAuthentication no</code> with <code>KbdInteractiveAuthentication no</code> and some irrelevant changes in comments (lines starting with <code>#</code>).<br />
*: If this is the case, both options are safe, though we would recommend installing the package maintainer's version in order to move away from the deprecated <code>ChallengeResponseAuthentication</code> option. If there are other changes, we suggest to inspect them closely and decide accordingly.<br />
<br />
* <code>/etc/default/grub</code> -> Here you may want to take special care, as this is normally only asked for if you changed it manually, e.g., for adding some kernel command line option.<br />
*: It's recommended to check the difference for any relevant change, note that changes in comments (lines starting with <code>#</code>) are not relevant.<br />
*: If unsure, we suggested to selected "No" (keep your currently-installed version)<br />
<br />
=== Check Result & Reboot Into Updated Kernel ===<br />
<br />
If the command exits successfully, you can reboot the system in order to enable the new kernel. <br />
systemctl reboot<br />
<br />
Please note that you should reboot even if you already used the 6.2 kernel previously, through the opt-in package on Proxmox Backup Server 3.<br />
<br />
== Following the Proxmox Backup Server upgrade ==<br />
<br />
Empty the browser cache and/or force-reload (<kbd>CTRL</kbd> + <kbd>SHIFT</kbd> + <kbd>R</kbd>, or for MacOS <kbd>⌘</kbd> + <kbd>Alt</kbd> + <kbd>R</kbd>) the Web UI.<br />
<br />
=== Check Status of Services ===<br />
<br />
Check that the statuses of the main services are <code>active (running)</code><br />
<br />
systemctl status proxmox-backup-proxy.service proxmox-backup.service<br />
<br />
=== Optional: Disable Maintenance Mode Again ===<br />
<br />
If you enabled the maintenance mode before the upgrade, don't forget to disable it again.<br />
You can do it via the web UI, in the Options tab of each datastore menu entry, or using the command line interface (CLI): <br />
<br />
# disable read-only mode (replace DATASTORE-ID with actual value)<br />
proxmox-backup-manager datastore update DATASTORE-ID --delete maintenance-mode<br />
<br />
=== Optional: Modernize apt Repository Sources ===<br />
<br />
You can migrate existing repository sources to the recommended deb822 style format, by running:<br />
<br />
apt modernize-sources<br />
<br />
By answering the following prompt with "n" you can check the changes the command would make before applying them. To apply them simply run the command again and respond to the prompt with "Y". <br />
<br />
The command will also keep the old <code>.list</code> files around by appending <code>.bak</code> to them. So you will have the new <code>.sources</code> files and the old repository configurations in the <code>.list.bak</code> files. You can remove the leftover backup files once you verified that everything works smoothly with the new format.<br />
<br />
= Potential Issues = <br />
<br />
== General ==<br />
As a Debian based distribution, Proxmox Backup Server is affected by most issues and changes affecting Debian.<br />
Thus, ensure that you read the [https://www.debian.org/releases/trixie/release-notes/issues.en.html upgrade specific issues for Debian Trixie].<br />
<br />
Please also check the known issue list from the Proxmox Backup Server 4.0 changelog: https://pbs.proxmox.com/wiki/index.php/Roadmap#4.0-known-issues<br />
<br />
== Older Hardware and New 6.14 Kernel ==<br />
<br />
Compatibility of old hardware (released >= 10 years ago) is not as thoroughly tested as more recent hardware.<br />
For old hardware we highly recommend testing compatibility of Proxmox Backup Server 4 with identical (or at least similar) hardware before upgrading any production machines.<br />
<br />
We will expand this section with potential pitfalls and workarounds once they arise.<br />
<br />
== Network ==<br />
<br />
=== Network Interface Name Change ===<br />
<br />
Due to the new kernel recognizing more features of some hardware, like for example virtual functions, and interface naming often derives from the PCI(e) address, some NICs may change their name, in which case the network configuration needs to be adapted.<br />
<br />
In general, it's recommended to either have an independent remote connection to the Proxmox Backup Server's host console, for example, through IPMI or iKVM, or physical access for managing the server even when its own network doesn't come up after a major upgrade or network change.<br />
<br />
The latest version of Proxmox Backup Server 3.4 and 4.0 provide a package called <code>proxmox-network-interface-pinning</code> that you can install.<br />
This package offers a CLI tool that helps you pin all network interfaces to NIC-based names and update the network configuration simultaneously.<br />
<br />
<div id="sd-boot-warning"></div><br />
=== Systemd-boot meta-package changes the bootloader configuration automatically and should be uninstalled ===<br />
With Debian Trixie the <code>systemd-boot</code> package got split up a bit further into <code>systemd-boot-efi</code> (containing the EFI-binary used for booting), <br />
<code>systemd-boot-tools</code> (containing <code>bootctl</code>) and the <code>systemd-boot</code> meta-package (containing hooks which run upon upgrades of itself and other packages<br />
and install systemd-boot as bootloader).<br />
As Proxmox Systems usually use <code>systemd-boot</code> for booting only in some configurations (ZFS on root and UEFI booted without secure boot), which are managed by <code>proxmox-boot-tool</code>, the meta-package <code>systemd-boot</code> should be removed.<br />
The package was automatically shipped for systems installed from the PBS 3.0 to PBS 3.4 ISOs, as it contained <code>bootctl</code> in bookworm.<br />
If the <code>pbs3to4</code> checklist script suggests it, the <code>systemd-boot</code> meta-package is safe to remove unless you manually installed it and are using <code>systemd-boot</code> as a bootloader. Should <code>systemd-boot-efi</code> and <code>systemd-boot-tools</code> be required, <code>pbs3to4</code> will warn you accordingly.<br />
The <code>pbs3to4</code> checklist script will change its output depending on the state of the upgrade, and should be [[Upgrade from 3 to 4#Continuously_use_the_pbs3to4_checklist_script|run continuously before and after the upgrade]].<br />
It will print which packages should be removed or added at the appropriate time.<br />
The only situation where you should keep the meta-package <code>systemd-boot</code> installed is if you manually setup <code>systemd-boot</code> for your system.<br />
See also [https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1110177 the filed bug for systemd-boot].<br />
<br />
<br />
[[Category: Upgrade]]</div>S.ivanovhttps://pbs.proxmox.com/mediawiki/index.php?title=Upgrade_from_3_to_4&diff=152Upgrade from 3 to 42025-08-08T17:07:21Z<p>S.ivanov: sync sd-boot changes from pve wiki /* Systemd-boot meta-package changes the bootloader configuration automatically and should be uninstalled */</p>
<hr />
<div>= Introduction =<br />
<br />
Proxmox Backup Server 4 is based on Debian 13 Trixie, a new major release, and introduces several new major features and changes.<br />
You should plan the upgrade carefully, '''make and verify backups''' before beginning, and test extensively.<br />
Depending on the existing configuration, several manual steps — including some downtime — may be required.<br />
<br />
'''Note:''' A valid and tested backup is ''always'' required before starting the upgrade process.<br />
You can test the backup beforehand, for example, in a (virtualized) test lab setup.<br />
<br />
In case the system is customized and/or uses additional packages or any other third party repositories/packages, ensure those packages are also upgraded to and compatible with Debian Trixie.<br />
<br />
= In-place Upgrade =<br />
<br />
== Prerequisites ==<br />
<br />
* Perform these actions via SSH, a physical console or a remote management console like iKVM or IPMI.<br />
** If you use SSH, you should use a terminal multiplexer (for example, tmux or screen) to ensure the upgrade can continue even if the SSH connection gets interrupted.<br />
** Do not carry out the upgrade via the web UI console directly, as this will get interrupted during the upgrade.<br />
<br />
* Upgraded to the latest version of Proxmox Backup Server 3.4, see the [[Roadmap#Release History|roadmap]] for potential important changes in the stable release.<br />
*: Use <code>apt update</code> and <code>apt dist-upgrade</code> (still with Debian Bookworm repos setup) to upgrade to latest 3.4<br />
** Verify version: The command <code>proxmox-backup-manager versions</code> should print:<br />
**:<code>proxmox-backup-server 3.4.2-1 running version: 3.4.2</code> (or higher)<br />
** If you do not get updates check correct [https://pbs.proxmox.com/docs/installation.html#debian-package-repositories package repository] configuration.<br />
<br />
* Make a backup of <code>/etc/proxmox-backup</code> to ensure that in the worst case, any relevant configuration can be recovered:<br />
tar czf "pbs3-etc-backup-$(date -I).tar.gz" -C "/etc" "proxmox-backup"<br />
<br />
* Ensure that you have at least 10 GB free disk space on the root mount point:<br />
df -h /<br />
<br />
In-place upgrades are carried out via APT. Basic familiarity with APT is required to proceed with this upgrade mechanism.<br />
<br />
=== Installed alongside Proxmox VE ===<br />
<br />
For systems with Proxmox VE and Proxmox Backup Server installed together, you should also read the [https://pve.proxmox.com/wiki/Upgrade_from_8_to_9 Proxmox VE upgrade from 8 to 9 how-to] carefully.<br />
<br />
You can upgrade both in one go, by syncing the steps in which the APT repositories are changed.<br />
<br />
== Actions Step-by-Step ==<br />
Before starting the upgrade process, ensure that your Proxmox Backup Server 3.x host is up-to-date.<br />
<br />
=== Continuously use the pbs3to4 checklist script ===<br />
<br />
A small checklist program named pbs3to4 is included in the latest Proxmox Backup Server 3.4 packages. The program will provide hints and warnings about potential issues before, during and after the upgrade process. You can call it by executing:<br />
<br />
pbs3to4<br />
<br />
To run it with all checks enabled, execute:<br />
<br />
pbs3to4 --full<br />
<br />
Make sure to run the full checks at least once before the upgrade.<br />
<br />
This script only checks and reports things. By default, no changes to the system are made and thus, none of the issues will be automatically fixed. You should keep in mind that Proxmox Backup Server can be heavily customized, so the script may not recognize all the possible problems with a particular setup!<br />
<br />
It is recommended to re-run the script after each attempt to fix an issue. This ensures that the actions taken actually fixed the respective warning. <br />
<br />
=== Optional: Enable Maintenance Mode ===<br />
<br />
Enabling the read-only [https://pbs.proxmox.com/docs/maintenance.html#maintenance-mode maintenance mode] on all datastores ensures that no new backup can be started during the upgrade, while keeping existing ones available to read.<br />
The read-only maintenance mode allows you to enforce a known and stable datastore state and reduces the I/O and general load of the Proxmox Backup Server during the upgrade, making that faster.<br />
<br />
You can enable and disable the maintenance mode either via the web UI, in the Options tab of each datastore menu entry, or using the command line interface (CLI):<br />
# enable read-only mode (replace DATASTORE-ID with actual value)<br />
proxmox-backup-manager datastore update DATASTORE-ID --maintenance-mode read-only<br />
# disable read-only mode<br />
proxmox-backup-manager datastore update DATASTORE-ID --delete maintenance-mode<br />
<br />
=== Update the Configured APT Repositories ===<br />
<br />
First, make sure that the system is using the latest Proxmox Backup Server 3.4 packages:<br />
<br />
apt update<br />
apt dist-upgrade<br />
proxmox-backup-manager versions<br />
<br />
The last command should report at least <code>3.4.2-1</code> or newer.<br />
<br />
==== Update Debian Base Repositories to Trixie ====<br />
<br />
Update all repository entries to Trixie:<br />
<br />
sed -i 's/bookworm/trixie/g' /etc/apt/sources.list<br />
<br />
Ensure that there are no remaining Debian Bookworm specific repositories left. You can place a <code>#</code> symbol at the start of the respective line to comment such a repository out, disabling it.<br />
Check all files in the </code>/etc/apt/sources.list.d/</code> folder (like <code>pbs-enterprise.list</code>) and also the top-level <code>/etc/apt/sources.list</code> file.<br />
See [https://pbs.proxmox.com/docs/installation.html#debian-package-repositories Package Repositories] section in the reference docs for the correct Proxmox Backup Server 4 / Debian Trixie repositories.<br />
<br />
==== Add the Proxmox Backup Server 4 Package Repository ====<br />
<br />
Update the enterprise repository to Trixie in the new deb822 format with the following command:<br />
<br />
cat > /etc/apt/sources.list.d/pbs-enterprise.sources << EOF<br />
Types: deb<br />
URIs: https://enterprise.proxmox.com/debian/pbs<br />
Suites: trixie<br />
Components: pbs-enterprise<br />
Signed-By: /usr/share/keyrings/proxmox-archive-keyring.gpg<br />
EOF<br />
<br />
After you added the new enterprise repository as above, check that <code>apt</code> picks it up correctly. You can do so by first running <code>apt update</code> followed by <code>apt policy</code>. Make sure that no errors are shown and that <code>apt policy</code> only outputs the desired repositories. Then you can remove the old <code>/etc/apt/sources.list.d/pbs-enterprise.list</code> file. Run <code>apt update</code> and <code>apt policy</code> again to be certain that the old repo has been removed.<br />
If using the no-subscription repository, see [[Package Repositories]]. You should be able to add the Proxmox Backup Server 4 no-subscription repository with this command:<br />
cat > /etc/apt/sources.list.d/proxmox.sources << EOF<br />
Types: deb<br />
URIs: http://download.proxmox.com/debian/pbs<br />
Suites: trixie<br />
Components: pbs-no-subscription<br />
Signed-By: /usr/share/keyrings/proxmox-archive-keyring.gpg<br />
EOF<br />
<br />
As with the enterprise repository, make sure that <code>apt</code> picks it up correctly with <code>apt update</code> followed by <code>apt policy</code>. Then remove the previous Proxmox Backup Server 8 no-subscription repository from either the <code>/etc/apt/sources.list</code>, <code>/etc/apt/sources-list.d/pbs-install-repo.list</code> or any other <code>.list</code> file you may have added it to. Run <code>apt update</code> and <code>apt policy</code> again to be certain that the old repo has been removed.<br />
<br />
Make sure that <code>apt</code> picks it up correctly with <code>apt policy</code>. Then remove the previous Proxmox Backup Server 3 repository from either the <code>/etc/apt/sources.list</code>, <code>/etc/apt/sources-list.d/pbs-install-repo.list</code> or any other <code>.list</code> file you may have added it to. You can use apt policy again to make sure the old repository is not being used anymore. <br />
<br />
Instead of removing older repositories, you can also disable them. In <code>.list</code> simply comment them out by adding a <code>#</code> to the beginning of the line. In <code>.sources</code> files, you can add the line <code>Enabled: false</code> to any stanza you want to disable.<br />
<br />
Make sure to check that all the <code>.list</code> files you added in /etc/apt/sources.list.d/ got switched over to Trixie correctly.<br />
<br />
After you checked that all repositories get picked up correctly with <code>apt policy</code>, update the repositories' package index:<br />
apt update<br />
Note that this command does not start the upgrade itself, it only refreshes the package index and must not return any error.<br />
<br />
=== Upgrade the System ===<br />
<br />
Note that the time required for finishing this step heavily depends on the system's performance, especially the root filesystem's IOPS and bandwidth.<br />
A slow spinner can take up to 60 minutes or more, while for a high-performance server with SSD storage, the dist-upgrade can be finished in less than 5 minutes.<br />
<br />
{{Note|While the packages are being upgraded certain operations and requests to the API might fail (for example logging in as system user in the <code>pam</code> realm)|reminder}}<br />
<br />
To get the initial set of upgraded packages, run:<br />
apt update<br />
apt dist-upgrade<br />
<br />
During the above step, you will be asked to approve changes to configuration files and some service restarts, where the default config has been updated by their respective package.<br />
<br />
You may also be shown the output of <code>apt-listchanges</code>, you can simply exit there by pressing "q". If you get prompted for your default keyboard selection, simply use the arrow keys to navigate to the one applicable in your case and hit enter.<br />
<br />
For questions about service restarts (like <code>Restart services during package upgrades without asking?</code>) use the default if unsure, as the reboot after the upgrade will restart all services cleanly anyway.<br />
<br />
For questions about (default) configuration changes, it's suggested to check the difference for each file in question and choose the answer accordingly to what's most appropriate for your setup.<br />
<br />
Common configuration files with changes, and the recommended choices are: <br />
* <code>/etc/issue</code> -> Proxmox Backup Server will auto-generate this file on boot, and it has only cosmetic effects on the login console.<br />
*: Using the default "No" (keep your currently-installed version) is safe here.<br />
<br />
* <code>/etc/ssh/sshd_config</code> -> If you have not changed this file manually, the only differences should be a replacement of <code>ChallengeResponseAuthentication no</code> with <code>KbdInteractiveAuthentication no</code> and some irrelevant changes in comments (lines starting with <code>#</code>).<br />
*: If this is the case, both options are safe, though we would recommend installing the package maintainer's version in order to move away from the deprecated <code>ChallengeResponseAuthentication</code> option. If there are other changes, we suggest to inspect them closely and decide accordingly.<br />
<br />
* <code>/etc/default/grub</code> -> Here you may want to take special care, as this is normally only asked for if you changed it manually, e.g., for adding some kernel command line option.<br />
*: It's recommended to check the difference for any relevant change, note that changes in comments (lines starting with <code>#</code>) are not relevant.<br />
*: If unsure, we suggested to selected "No" (keep your currently-installed version)<br />
<br />
=== Check Result & Reboot Into Updated Kernel ===<br />
<br />
If the command exits successfully, you can reboot the system in order to enable the new kernel. <br />
systemctl reboot<br />
<br />
Please note that you should reboot even if you already used the 6.2 kernel previously, through the opt-in package on Proxmox Backup Server 3.<br />
<br />
== Following the Proxmox Backup Server upgrade ==<br />
<br />
Empty the browser cache and/or force-reload (<kbd>CTRL</kbd> + <kbd>SHIFT</kbd> + <kbd>R</kbd>, or for MacOS <kbd>⌘</kbd> + <kbd>Alt</kbd> + <kbd>R</kbd>) the Web UI.<br />
<br />
=== Check Status of Services ===<br />
<br />
Check that the statuses of the main services are <code>active (running)</code><br />
<br />
systemctl status proxmox-backup-proxy.service proxmox-backup.service<br />
<br />
=== Optional: Disable Maintenance Mode Again ===<br />
<br />
If you enabled the maintenance mode before the upgrade, don't forget to disable it again.<br />
You can do it via the web UI, in the Options tab of each datastore menu entry, or using the command line interface (CLI): <br />
<br />
# disable read-only mode (replace DATASTORE-ID with actual value)<br />
proxmox-backup-manager datastore update DATASTORE-ID --delete maintenance-mode<br />
<br />
=== Optional: Modernize apt Repository Sources ===<br />
<br />
You can migrate existing repository sources to the recommended deb822 style format, by running:<br />
<br />
apt modernize-sources<br />
<br />
By answering the following prompt with "n" you can check the changes the command would make before applying them. To apply them simply run the command again and respond to the prompt with "Y". <br />
<br />
The command will also keep the old <code>.list</code> files around by appending <code>.bak</code> to them. So you will have the new <code>.sources</code> files and the old repository configurations in the <code>.list.bak</code> files. You can remove the leftover backup files once you verified that everything works smoothly with the new format.<br />
<br />
= Potential Issues = <br />
<br />
== General ==<br />
As a Debian based distribution, Proxmox Backup Server is affected by most issues and changes affecting Debian.<br />
Thus, ensure that you read the [https://www.debian.org/releases/trixie/release-notes/issues.en.html upgrade specific issues for Debian Trixie].<br />
<br />
Please also check the known issue list from the Proxmox Backup Server 4.0 changelog: https://pbs.proxmox.com/wiki/index.php/Roadmap#4.0-known-issues<br />
<br />
== Older Hardware and New 6.14 Kernel ==<br />
<br />
Compatibility of old hardware (released >= 10 years ago) is not as thoroughly tested as more recent hardware.<br />
For old hardware we highly recommend testing compatibility of Proxmox Backup Server 4 with identical (or at least similar) hardware before upgrading any production machines.<br />
<br />
We will expand this section with potential pitfalls and workarounds once they arise.<br />
<br />
== Network ==<br />
<br />
=== Network Interface Name Change ===<br />
<br />
Due to the new kernel recognizing more features of some hardware, like for example virtual functions, and interface naming often derives from the PCI(e) address, some NICs may change their name, in which case the network configuration needs to be adapted.<br />
<br />
In general, it's recommended to either have an independent remote connection to the Proxmox Backup Server's host console, for example, through IPMI or iKVM, or physical access for managing the server even when its own network doesn't come up after a major upgrade or network change.<br />
<br />
The latest version of Proxmox Backup Server 3.4 and 4.0 provide a package called <code>proxmox-network-interface-pinning</code> that you can install.<br />
This package offers a CLI tool that helps you pin all network interfaces to NIC-based names and update the network configuration simultaneously.<br />
<br />
<div id="sd-boot-warning"></div><br />
=== Systemd-boot meta-package changes the bootloader configuration automatically and should be uninstalled ===<br />
With Debian Trixie the <code>systemd-boot</code> package got split up a bit further into <code>systemd-boot-efi</code> (containing the EFI-binary used for booting), <br />
<code>systemd-boot-tools</code> (containing <code>bootctl</code>) and the <code>systemd-boot</code> meta-package (containing hooks which run upon upgrades of itself and other packages<br />
and install systemd-boot as bootloader).<br />
As Proxmox Systems usually use <code>systemd-boot</code> for booting only in some configurations (ZFS on root and UEFI booted without secure boot), which are managed by <code>proxmox-boot-tool</code>, the meta-package <code>systemd-boot</code> should be removed.<br />
The package was automatically shipped for systems installed from the PBS 3.0 to PBS 3.4 ISOs, as it contained <code>bootctl</code> in bookworm.<br />
If the <code>pbs3to4</code> checklist script suggests it, the <code>systemd-boot</code> meta-package is safe to remove unless you manually installed it and are using <code>systemd-boot</code> as a bootloader. Should <code>systemd-boot-efi</code> and <code>systemd-boot-tools</code> be required, <code>pbs8to9</code> will warn you accordingly.<br />
The <code>pbs3to4</code> checklist script will change its output depending on the state of the upgrade, and should be [[Upgrade from 3 to 4#Continuously_use_the_pbs3to4_checklist_script|run continuously before and after the upgrade]].<br />
It will print which packages should be removed or added at the appropriate time.<br />
The only situation where you should keep the meta-package <code>systemd-boot</code> installed is if you manually setup <code>systemd-boot</code> for your system.<br />
See also [https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1110177 the filed bug for systemd-boot].<br />
<br />
<br />
[[Category: Upgrade]]</div>S.ivanovhttps://pbs.proxmox.com/mediawiki/index.php?title=Upgrade_from_3_to_4&diff=150Upgrade from 3 to 42025-08-06T17:57:20Z<p>S.ivanov: /* Update the Configured APT Repositories */</p>
<hr />
<div>= Introduction =<br />
<br />
Proxmox Backup Server 4 is based on Debian 13 Trixie, a new major release, and introduces several new major features and changes.<br />
You should plan the upgrade carefully, '''make and verify backups''' before beginning, and test extensively.<br />
Depending on the existing configuration, several manual steps — including some downtime — may be required.<br />
<br />
'''Note:''' A valid and tested backup is ''always'' required before starting the upgrade process.<br />
You can test the backup beforehand, for example, in a (virtualized) test lab setup.<br />
<br />
In case the system is customized and/or uses additional packages or any other third party repositories/packages, ensure those packages are also upgraded to and compatible with Debian Trixie.<br />
<br />
= In-place Upgrade =<br />
<br />
== Prerequisites ==<br />
<br />
* Perform these actions via SSH, a physical console or a remote management console like iKVM or IPMI.<br />
** If you use SSH, you should use a terminal multiplexer (for example, tmux or screen) to ensure the upgrade can continue even if the SSH connection gets interrupted.<br />
** Do not carry out the upgrade via the web UI console directly, as this will get interrupted during the upgrade.<br />
<br />
* Upgraded to the latest version of Proxmox Backup Server 3.4, see the [[Roadmap#Release History|roadmap]] for potential important changes in the stable release.<br />
*: Use <code>apt update</code> and <code>apt dist-upgrade</code> (still with Debian Bookworm repos setup) to upgrade to latest 3.4<br />
** Verify version: The command <code>proxmox-backup-manager versions</code> should print:<br />
**:<code>proxmox-backup-server 3.4.2-1 running version: 3.4.2</code> (or higher)<br />
** If you do not get updates check correct [https://pbs.proxmox.com/docs/installation.html#debian-package-repositories package repository] configuration.<br />
<br />
* Make a backup of <code>/etc/proxmox-backup</code> to ensure that in the worst case, any relevant configuration can be recovered:<br />
tar czf "pbs3-etc-backup-$(date -I).tar.gz" -C "/etc" "proxmox-backup"<br />
<br />
* Ensure that you have at least 10 GB free disk space on the root mount point:<br />
df -h /<br />
<br />
In-place upgrades are carried out via APT. Basic familiarity with APT is required to proceed with this upgrade mechanism.<br />
<br />
=== Installed alongside Proxmox VE ===<br />
<br />
For systems with Proxmox VE and Proxmox Backup Server installed together, you should also read the [https://pve.proxmox.com/wiki/Upgrade_from_8_to_9 Proxmox VE upgrade from 8 to 9 how-to] carefully.<br />
<br />
You can upgrade both in one go, by syncing the steps in which the APT repositories are changed.<br />
<br />
== Actions Step-by-Step ==<br />
Before starting the upgrade process, ensure that your Proxmox Backup Server 3.x host is up-to-date.<br />
<br />
=== Continuously use the pbs3to4 checklist script ===<br />
<br />
A small checklist program named pbs3to4 is included in the latest Proxmox Backup Server 3.4 packages. The program will provide hints and warnings about potential issues before, during and after the upgrade process. You can call it by executing:<br />
<br />
pbs3to4<br />
<br />
To run it with all checks enabled, execute:<br />
<br />
pbs3to4 --full<br />
<br />
Make sure to run the full checks at least once before the upgrade.<br />
<br />
This script only checks and reports things. By default, no changes to the system are made and thus, none of the issues will be automatically fixed. You should keep in mind that Proxmox Backup Server can be heavily customized, so the script may not recognize all the possible problems with a particular setup!<br />
<br />
It is recommended to re-run the script after each attempt to fix an issue. This ensures that the actions taken actually fixed the respective warning. <br />
<br />
=== Optional: Enable Maintenance Mode ===<br />
<br />
Enabling the read-only [https://pbs.proxmox.com/docs/maintenance.html#maintenance-mode maintenance mode] on all datastores ensures that no new backup can be started during the upgrade, while keeping existing ones available to read.<br />
The read-only maintenance mode allows you to enforce a known and stable datastore state and reduces the I/O and general load of the Proxmox Backup Server during the upgrade, making that faster.<br />
<br />
You can enable and disable the maintenance mode either via the web UI, in the Options tab of each datastore menu entry, or using the command line interface (CLI):<br />
# enable read-only mode (replace DATASTORE-ID with actual value)<br />
proxmox-backup-manager datastore update DATASTORE-ID --maintenance-mode read-only<br />
# disable read-only mode<br />
proxmox-backup-manager datastore update DATASTORE-ID --delete maintenance-mode<br />
<br />
=== Update the Configured APT Repositories ===<br />
<br />
First, make sure that the system is using the latest Proxmox Backup Server 3.4 packages:<br />
<br />
apt update<br />
apt dist-upgrade<br />
proxmox-backup-manager versions<br />
<br />
The last command should report at least <code>3.4.2-1</code> or newer.<br />
<br />
==== Update Debian Base Repositories to Trixie ====<br />
<br />
Update all repository entries to Trixie:<br />
<br />
sed -i 's/bookworm/trixie/g' /etc/apt/sources.list<br />
<br />
Ensure that there are no remaining Debian Bookworm specific repositories left. You can place a <code>#</code> symbol at the start of the respective line to comment such a repository out, disabling it.<br />
Check all files in the </code>/etc/apt/sources.list.d/</code> folder (like <code>pbs-enterprise.list</code>) and also the top-level <code>/etc/apt/sources.list</code> file.<br />
See [https://pbs.proxmox.com/docs/installation.html#debian-package-repositories Package Repositories] section in the reference docs for the correct Proxmox Backup Server 4 / Debian Trixie repositories.<br />
<br />
==== Add the Proxmox Backup Server 4 Package Repository ====<br />
<br />
Update the enterprise repository to Trixie in the new deb822 format with the following command:<br />
<br />
cat > /etc/apt/sources.list.d/pbs-enterprise.sources << EOF<br />
Types: deb<br />
URIs: https://enterprise.proxmox.com/debian/pbs<br />
Suites: trixie<br />
Components: pbs-enterprise<br />
Signed-By: /usr/share/keyrings/proxmox-archive-keyring.gpg<br />
EOF<br />
<br />
After you added the new enterprise repository as above, check that <code>apt</code> picks it up correctly. You can do so by first running <code>apt update</code> followed by <code>apt policy</code>. Make sure that no errors are shown and that <code>apt policy</code> only outputs the desired repositories. Then you can remove the old <code>/etc/apt/sources.list.d/pbs-enterprise.list</code> file. Run <code>apt update</code> and <code>apt policy</code> again to be certain that the old repo has been removed.<br />
If using the no-subscription repository, see [[Package Repositories]]. You should be able to add the Proxmox Backup Server 4 no-subscription repository with this command:<br />
cat > /etc/apt/sources.list.d/proxmox.sources << EOF<br />
Types: deb<br />
URIs: http://download.proxmox.com/debian/pbs<br />
Suites: trixie<br />
Components: pbs-no-subscription<br />
Signed-By: /usr/share/keyrings/proxmox-archive-keyring.gpg<br />
EOF<br />
<br />
As with the enterprise repository, make sure that <code>apt</code> picks it up correctly with <code>apt update</code> followed by <code>apt policy</code>. Then remove the previous Proxmox Backup Server 8 no-subscription repository from either the <code>/etc/apt/sources.list</code>, <code>/etc/apt/sources-list.d/pbs-install-repo.list</code> or any other <code>.list</code> file you may have added it to. Run <code>apt update</code> and <code>apt policy</code> again to be certain that the old repo has been removed.<br />
<br />
Make sure that <code>apt</code> picks it up correctly with <code>apt policy</code>. Then remove the previous Proxmox Backup Server 3 repository from either the <code>/etc/apt/sources.list</code>, <code>/etc/apt/sources-list.d/pbs-install-repo.list</code> or any other <code>.list</code> file you may have added it to. You can use apt policy again to make sure the old repository is not being used anymore. <br />
<br />
Instead of removing older repositories, you can also disable them. In <code>.list</code> simply comment them out by adding a <code>#</code> to the beginning of the line. In <code>.sources</code> files, you can add the line <code>Enabled: false</code> to any stanza you want to disable.<br />
<br />
Make sure to check that all the <code>.list</code> files you added in /etc/apt/sources.list.d/ got switched over to Trixie correctly.<br />
<br />
After you checked that all repositories get picked up correctly with <code>apt policy</code>, update the repositories' package index:<br />
apt update<br />
Note that this command does not start the upgrade itself, it only refreshes the package index and must not return any error.<br />
<br />
=== Upgrade the System ===<br />
<br />
Note that the time required for finishing this step heavily depends on the system's performance, especially the root filesystem's IOPS and bandwidth.<br />
A slow spinner can take up to 60 minutes or more, while for a high-performance server with SSD storage, the dist-upgrade can be finished in less than 5 minutes.<br />
<br />
{{Note|While the packages are being upgraded certain operations and requests to the API might fail (for example logging in as system user in the <code>pam</code> realm)|reminder}}<br />
<br />
To get the initial set of upgraded packages, run:<br />
apt update<br />
apt dist-upgrade<br />
<br />
During the above step, you will be asked to approve changes to configuration files and some service restarts, where the default config has been updated by their respective package.<br />
<br />
You may also be shown the output of <code>apt-listchanges</code>, you can simply exit there by pressing "q". If you get prompted for your default keyboard selection, simply use the arrow keys to navigate to the one applicable in your case and hit enter.<br />
<br />
For questions about service restarts (like <code>Restart services during package upgrades without asking?</code>) use the default if unsure, as the reboot after the upgrade will restart all services cleanly anyway.<br />
<br />
For questions about (default) configuration changes, it's suggested to check the difference for each file in question and choose the answer accordingly to what's most appropriate for your setup.<br />
<br />
Common configuration files with changes, and the recommended choices are: <br />
* <code>/etc/issue</code> -> Proxmox Backup Server will auto-generate this file on boot, and it has only cosmetic effects on the login console.<br />
*: Using the default "No" (keep your currently-installed version) is safe here.<br />
<br />
* <code>/etc/ssh/sshd_config</code> -> If you have not changed this file manually, the only differences should be a replacement of <code>ChallengeResponseAuthentication no</code> with <code>KbdInteractiveAuthentication no</code> and some irrelevant changes in comments (lines starting with <code>#</code>).<br />
*: If this is the case, both options are safe, though we would recommend installing the package maintainer's version in order to move away from the deprecated <code>ChallengeResponseAuthentication</code> option. If there are other changes, we suggest to inspect them closely and decide accordingly.<br />
<br />
* <code>/etc/default/grub</code> -> Here you may want to take special care, as this is normally only asked for if you changed it manually, e.g., for adding some kernel command line option.<br />
*: It's recommended to check the difference for any relevant change, note that changes in comments (lines starting with <code>#</code>) are not relevant.<br />
*: If unsure, we suggested to selected "No" (keep your currently-installed version)<br />
<br />
=== Check Result & Reboot Into Updated Kernel ===<br />
<br />
If the command exits successfully, you can reboot the system in order to enable the new kernel. <br />
systemctl reboot<br />
<br />
Please note that you should reboot even if you already used the 6.2 kernel previously, through the opt-in package on Proxmox Backup Server 3.<br />
<br />
== Following the Proxmox Backup Server upgrade ==<br />
<br />
Empty the browser cache and/or force-reload (<kbd>CTRL</kbd> + <kbd>SHIFT</kbd> + <kbd>R</kbd>, or for MacOS <kbd>⌘</kbd> + <kbd>Alt</kbd> + <kbd>R</kbd>) the Web UI.<br />
<br />
=== Check Status of Services ===<br />
<br />
Check that the statuses of the main services are <code>active (running)</code><br />
<br />
systemctl status proxmox-backup-proxy.service proxmox-backup.service<br />
<br />
=== Optional: Disable Maintenance Mode Again ===<br />
<br />
If you enabled the maintenance mode before the upgrade, don't forget to disable it again.<br />
You can do it via the web UI, in the Options tab of each datastore menu entry, or using the command line interface (CLI): <br />
<br />
# disable read-only mode (replace DATASTORE-ID with actual value)<br />
proxmox-backup-manager datastore update DATASTORE-ID --delete maintenance-mode<br />
<br />
=== Optional: Modernize apt Repository Sources ===<br />
<br />
You can migrate existing repository sources to the recommended deb822 style format, by running:<br />
<br />
apt modernize-sources<br />
<br />
By answering the following prompt with "n" you can check the changes the command would make before applying them. To apply them simply run the command again and respond to the prompt with "Y". <br />
<br />
The command will also keep the old <code>.list</code> files around by appending <code>.bak</code> to them. So you will have the new <code>.sources</code> files and the old repository configurations in the <code>.list.bak</code> files. You can remove the leftover backup files once you verified that everything works smoothly with the new format.<br />
<br />
= Potential Issues = <br />
<br />
== General ==<br />
As a Debian based distribution, Proxmox Backup Server is affected by most issues and changes affecting Debian.<br />
Thus, ensure that you read the [https://www.debian.org/releases/trixie/release-notes/issues.en.html upgrade specific issues for Debian Trixie].<br />
<br />
Please also check the known issue list from the Proxmox Backup Server 4.0 changelog: https://pbs.proxmox.com/wiki/index.php/Roadmap#4.0-known-issues<br />
<br />
== Older Hardware and New 6.14 Kernel ==<br />
<br />
Compatibility of old hardware (released >= 10 years ago) is not as thoroughly tested as more recent hardware.<br />
For old hardware we highly recommend testing compatibility of Proxmox Backup Server 4 with identical (or at least similar) hardware before upgrading any production machines.<br />
<br />
We will expand this section with potential pitfalls and workarounds once they arise.<br />
<br />
== Network ==<br />
<br />
=== Network Interface Name Change ===<br />
<br />
Due to the new kernel recognizing more features of some hardware, like for example virtual functions, and interface naming often derives from the PCI(e) address, some NICs may change their name, in which case the network configuration needs to be adapted.<br />
<br />
In general, it's recommended to either have an independent remote connection to the Proxmox Backup Server's host console, for example, through IPMI or iKVM, or physical access for managing the server even when its own network doesn't come up after a major upgrade or network change.<br />
<br />
The latest version of Proxmox Backup Server 3.4 and 4.0 provide a package called <code>proxmox-network-interface-pinning</code> that you can install.<br />
This package offers a CLI tool that helps you pin all network interfaces to NIC-based names and update the network configuration simultaneously.<br />
<br />
=== Systemd-boot meta-package changes the bootloader configuration automatically and should be uninstalled ===<br />
<br />
With Debian Trixie the <code>systemd-boot</code> package got split up a bit further into <code>systemd-boot-efi</code> (containing the EFI-binary used for booting), <br />
<code>systemd-boot-tools</code> (containing <code>bootctl</code>) and the <code>systemd-boot</code> meta-package (containing hooks which run upon upgrades of itself and other packages<br />
and install systemd-boot as bootloader).<br />
<br />
As Proxmox Systems usually handle the installation of <code>systemd-boot</code> as bootloader using <code>proxmox-boot-tool</code> the meta-package should be removed.<br />
The package was automatically shipped for systems installed from the Proxmox Backup Server 3.1 to Proxmox Backup Server 3.4 ISOs, as it contained <code>bootctl</code> in bookworm.<br />
<br />
See also [https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1110177 bug for systemd-boot]<br />
<br />
[[Category: Upgrade]]</div>S.ivanovhttps://pbs.proxmox.com/mediawiki/index.php?title=Upgrade_from_3_to_4&diff=149Upgrade from 3 to 42025-08-06T14:19:09Z<p>S.ivanov: </p>
<hr />
<div>= Introduction =<br />
<br />
Proxmox Backup Server 4 is based on Debian 13 Trixie, a new major release, and introduces several new major features and changes.<br />
You should plan the upgrade carefully, '''make and verify backups''' before beginning, and test extensively.<br />
Depending on the existing configuration, several manual steps — including some downtime — may be required.<br />
<br />
'''Note:''' A valid and tested backup is ''always'' required before starting the upgrade process.<br />
You can test the backup beforehand, for example, in a (virtualized) test lab setup.<br />
<br />
In case the system is customized and/or uses additional packages or any other third party repositories/packages, ensure those packages are also upgraded to and compatible with Debian Trixie.<br />
<br />
= In-place Upgrade =<br />
<br />
== Prerequisites ==<br />
<br />
* Perform these actions via SSH, a physical console or a remote management console like iKVM or IPMI.<br />
** If you use SSH, you should use a terminal multiplexer (for example, tmux or screen) to ensure the upgrade can continue even if the SSH connection gets interrupted.<br />
** Do not carry out the upgrade via the web UI console directly, as this will get interrupted during the upgrade.<br />
<br />
* Upgraded to the latest version of Proxmox Backup Server 3.4, see the [[Roadmap#Release History|roadmap]] for potential important changes in the stable release.<br />
*: Use <code>apt update</code> and <code>apt dist-upgrade</code> (still with Debian Bookworm repos setup) to upgrade to latest 3.4<br />
** Verify version: The command <code>proxmox-backup-manager versions</code> should print:<br />
**:<code>proxmox-backup-server 3.4.2-1 running version: 3.4.2</code> (or higher)<br />
** If you do not get updates check correct [https://pbs.proxmox.com/docs/installation.html#debian-package-repositories package repository] configuration.<br />
<br />
* Make a backup of <code>/etc/proxmox-backup</code> to ensure that in the worst case, any relevant configuration can be recovered:<br />
tar czf "pbs3-etc-backup-$(date -I).tar.gz" -C "/etc" "proxmox-backup"<br />
<br />
* Ensure that you have at least 10 GB free disk space on the root mount point:<br />
df -h /<br />
<br />
In-place upgrades are carried out via APT. Basic familiarity with APT is required to proceed with this upgrade mechanism.<br />
<br />
=== Installed alongside Proxmox VE ===<br />
<br />
For systems with Proxmox VE and Proxmox Backup Server installed together, you should also read the [https://pve.proxmox.com/wiki/Upgrade_from_8_to_9 Proxmox VE upgrade from 8 to 9 how-to] carefully.<br />
<br />
You can upgrade both in one go, by syncing the steps in which the APT repositories are changed.<br />
<br />
== Actions Step-by-Step ==<br />
Before starting the upgrade process, ensure that your Proxmox Backup Server 3.x host is up-to-date.<br />
<br />
=== Continuously use the pbs3to4 checklist script ===<br />
<br />
A small checklist program named pbs3to4 is included in the latest Proxmox Backup Server 3.4 packages. The program will provide hints and warnings about potential issues before, during and after the upgrade process. You can call it by executing:<br />
<br />
pbs3to4<br />
<br />
To run it with all checks enabled, execute:<br />
<br />
pbs3to4 --full<br />
<br />
Make sure to run the full checks at least once before the upgrade.<br />
<br />
This script only checks and reports things. By default, no changes to the system are made and thus, none of the issues will be automatically fixed. You should keep in mind that Proxmox Backup Server can be heavily customized, so the script may not recognize all the possible problems with a particular setup!<br />
<br />
It is recommended to re-run the script after each attempt to fix an issue. This ensures that the actions taken actually fixed the respective warning. <br />
<br />
=== Optional: Enable Maintenance Mode ===<br />
<br />
Enabling the read-only [https://pbs.proxmox.com/docs/maintenance.html#maintenance-mode maintenance mode] on all datastores ensures that no new backup can be started during the upgrade, while keeping existing ones available to read.<br />
The read-only maintenance mode allows you to enforce a known and stable datastore state and reduces the I/O and general load of the Proxmox Backup Server during the upgrade, making that faster.<br />
<br />
You can enable and disable the maintenance mode either via the web UI, in the Options tab of each datastore menu entry, or using the command line interface (CLI):<br />
# enable read-only mode (replace DATASTORE-ID with actual value)<br />
proxmox-backup-manager datastore update DATASTORE-ID --maintenance-mode read-only<br />
# disable read-only mode<br />
proxmox-backup-manager datastore update DATASTORE-ID --delete maintenance-mode<br />
<br />
=== Update the Configured APT Repositories ===<br />
<br />
First, make sure that the system is using the latest Proxmox Backup Server 3.4 packages:<br />
<br />
apt update<br />
apt dist-upgrade<br />
proxmox-backup-manager versions<br />
<br />
The last command should report at least <code>3.4.2-1</code> or newer.<br />
<br />
==== Update Debian Base Repositories to Trixie ====<br />
<br />
Update all repository entries to Trixie:<br />
<br />
sed -i 's/bookworm/trixie/g' /etc/apt/sources.list<br />
<br />
Ensure that there are no remaining Debian Bookworm specific repositories left. You can place a <code>#</code> symbol at the start of the respective line to comment such a repository out, disabling it.<br />
Check all files in the </code>/etc/apt/sources.list.d/</code> folder (like <code>pbs-enterprise.list</code>) and also the top-level <code>/etc/apt/sources.list</code> file.<br />
See [https://pbs.proxmox.com/docs/installation.html#debian-package-repositories Package Repositories] section in the reference docs for the correct Proxmox Backup Server 4 / Debian Trixie repositories.<br />
<br />
==== Add the Proxmox Backup Server 4 Package Repository ====<br />
<br />
Update the enterprise repository to Trixie in the new deb822 format with the following command:<br />
<br />
cat > /etc/apt/sources.list.d/pbs-enterprise.sources << EOF<br />
Types: deb<br />
URIs: https://enterprise.proxmox.com/debian/pbs<br />
Suites: trixie<br />
Components: pbs-enterprise<br />
Signed-By: /usr/share/keyrings/proxmox-archive-keyring.gpg<br />
EOF<br />
<br />
After you added the new enterprise repository as above, check that <code>apt</code> picks it up correctly. You can do so by first running <code>apt update</code> followed by <code>apt policy</code>. Make sure that no errors are shown and that <code>apt policy</code> only outputs the desired repositories. Then you can remove the old <code>/etc/apt/sources.list.d/pve-enterprise.list</code> file. Run <code>apt update</code> and <code>apt policy</code> again to be certain that the old repo has been removed.<br />
If using the no-subscription repository, see [[Package Repositories]]. You should be able to add the Proxmox Backup Server 4 no-subscription repository with this command:<br />
cat > /etc/apt/sources.list.d/proxmox.sources << EOF<br />
Types: deb<br />
URIs: http://download.proxmox.com/debian/pbs<br />
Suites: trixie<br />
Components: pbs-no-subscription<br />
Signed-By: /usr/share/keyrings/proxmox-archive-keyring.gpg<br />
EOF<br />
<br />
As with the enterprise repository, make sure that <code>apt</code> picks it up correctly with <code>apt update</code> followed by <code>apt policy</code>. Then remove the previous Proxmox Backup Server 8 no-subscription repository from either the <code>/etc/apt/sources.list</code>, <code>/etc/apt/sources-list.d/pve-install-repo.list</code> or any other <code>.list</code> file you may have added it to. Run <code>apt update</code> and <code>apt policy</code> again to be certain that the old repo has been removed.<br />
<br />
Make sure that <code>apt</code> picks it up correctly with <code>apt policy</code>. Then remove the previous Proxmox Backup Server 3 repository from either the <code>/etc/apt/sources.list</code>, <code>/etc/apt/sources-list.d/pbs-install-repo.list</code> or any other <code>.list</code> file you may have added it to. You can use apt policy again to make sure the old repository is not being used anymore. <br />
<br />
Instead of removing older repositories, you can also disable them. In <code>.list</code> simply comment them out by adding a <code>#</code> to the beginning of the line. In <code>.sources</code> files, you can add the line <code>Enabled: false</code> to any stanza you want to disable.<br />
<br />
Make sure to check that all the <code>.list</code> files you added in /etc/apt/sources.list.d/ got switched over to Trixie correctly.<br />
<br />
After you checked that all repositories get picked up correctly with <code>apt policy</code>, update the repositories' package index:<br />
apt update<br />
Note that this command does not start the upgrade itself, it only refreshes the package index and must not return any error.<br />
<br />
=== Upgrade the System ===<br />
<br />
Note that the time required for finishing this step heavily depends on the system's performance, especially the root filesystem's IOPS and bandwidth.<br />
A slow spinner can take up to 60 minutes or more, while for a high-performance server with SSD storage, the dist-upgrade can be finished in less than 5 minutes.<br />
<br />
{{Note|While the packages are being upgraded certain operations and requests to the API might fail (for example logging in as system user in the <code>pam</code> realm)|reminder}}<br />
<br />
To get the initial set of upgraded packages, run:<br />
apt update<br />
apt dist-upgrade<br />
<br />
During the above step, you will be asked to approve changes to configuration files and some service restarts, where the default config has been updated by their respective package.<br />
<br />
You may also be shown the output of <code>apt-listchanges</code>, you can simply exit there by pressing "q". If you get prompted for your default keyboard selection, simply use the arrow keys to navigate to the one applicable in your case and hit enter.<br />
<br />
For questions about service restarts (like <code>Restart services during package upgrades without asking?</code>) use the default if unsure, as the reboot after the upgrade will restart all services cleanly anyway.<br />
<br />
For questions about (default) configuration changes, it's suggested to check the difference for each file in question and choose the answer accordingly to what's most appropriate for your setup.<br />
<br />
Common configuration files with changes, and the recommended choices are: <br />
* <code>/etc/issue</code> -> Proxmox Backup Server will auto-generate this file on boot, and it has only cosmetic effects on the login console.<br />
*: Using the default "No" (keep your currently-installed version) is safe here.<br />
<br />
* <code>/etc/ssh/sshd_config</code> -> If you have not changed this file manually, the only differences should be a replacement of <code>ChallengeResponseAuthentication no</code> with <code>KbdInteractiveAuthentication no</code> and some irrelevant changes in comments (lines starting with <code>#</code>).<br />
*: If this is the case, both options are safe, though we would recommend installing the package maintainer's version in order to move away from the deprecated <code>ChallengeResponseAuthentication</code> option. If there are other changes, we suggest to inspect them closely and decide accordingly.<br />
<br />
* <code>/etc/default/grub</code> -> Here you may want to take special care, as this is normally only asked for if you changed it manually, e.g., for adding some kernel command line option.<br />
*: It's recommended to check the difference for any relevant change, note that changes in comments (lines starting with <code>#</code>) are not relevant.<br />
*: If unsure, we suggested to selected "No" (keep your currently-installed version)<br />
<br />
=== Check Result & Reboot Into Updated Kernel ===<br />
<br />
If the command exits successfully, you can reboot the system in order to enable the new kernel. <br />
systemctl reboot<br />
<br />
Please note that you should reboot even if you already used the 6.2 kernel previously, through the opt-in package on Proxmox Backup Server 3.<br />
<br />
== Following the Proxmox Backup Server upgrade ==<br />
<br />
Empty the browser cache and/or force-reload (<kbd>CTRL</kbd> + <kbd>SHIFT</kbd> + <kbd>R</kbd>, or for MacOS <kbd>⌘</kbd> + <kbd>Alt</kbd> + <kbd>R</kbd>) the Web UI.<br />
<br />
=== Check Status of Services ===<br />
<br />
Check that the statuses of the main services are <code>active (running)</code><br />
<br />
systemctl status proxmox-backup-proxy.service proxmox-backup.service<br />
<br />
=== Optional: Disable Maintenance Mode Again ===<br />
<br />
If you enabled the maintenance mode before the upgrade, don't forget to disable it again.<br />
You can do it via the web UI, in the Options tab of each datastore menu entry, or using the command line interface (CLI): <br />
<br />
# disable read-only mode (replace DATASTORE-ID with actual value)<br />
proxmox-backup-manager datastore update DATASTORE-ID --delete maintenance-mode<br />
<br />
=== Optional: Modernize apt Repository Sources ===<br />
<br />
You can migrate existing repository sources to the recommended deb822 style format, by running:<br />
<br />
apt modernize-sources<br />
<br />
By answering the following prompt with "n" you can check the changes the command would make before applying them. To apply them simply run the command again and respond to the prompt with "Y". <br />
<br />
The command will also keep the old <code>.list</code> files around by appending <code>.bak</code> to them. So you will have the new <code>.sources</code> files and the old repository configurations in the <code>.list.bak</code> files. You can remove the leftover backup files once you verified that everything works smoothly with the new format.<br />
<br />
= Potential Issues = <br />
<br />
== General ==<br />
As a Debian based distribution, Proxmox Backup Server is affected by most issues and changes affecting Debian.<br />
Thus, ensure that you read the [https://www.debian.org/releases/trixie/release-notes/issues.en.html upgrade specific issues for Debian Trixie].<br />
<br />
Please also check the known issue list from the Proxmox Backup Server 4.0 changelog: https://pbs.proxmox.com/wiki/index.php/Roadmap#4.0-known-issues<br />
<br />
== Older Hardware and New 6.14 Kernel ==<br />
<br />
Compatibility of old hardware (released >= 10 years ago) is not as thoroughly tested as more recent hardware.<br />
For old hardware we highly recommend testing compatibility of Proxmox Backup Server 4 with identical (or at least similar) hardware before upgrading any production machines.<br />
<br />
We will expand this section with potential pitfalls and workarounds once they arise.<br />
<br />
== Network ==<br />
<br />
=== Network Interface Name Change ===<br />
<br />
Due to the new kernel recognizing more features of some hardware, like for example virtual functions, and interface naming often derives from the PCI(e) address, some NICs may change their name, in which case the network configuration needs to be adapted.<br />
<br />
In general, it's recommended to either have an independent remote connection to the Proxmox Backup Server's host console, for example, through IPMI or iKVM, or physical access for managing the server even when its own network doesn't come up after a major upgrade or network change.<br />
<br />
The latest version of Proxmox Backup Server 3.4 and 4.0 provide a package called <code>proxmox-network-interface-pinning</code> that you can install.<br />
This package offers a CLI tool that helps you pin all network interfaces to NIC-based names and update the network configuration simultaneously.<br />
<br />
=== Systemd-boot meta-package changes the bootloader configuration automatically and should be uninstalled ===<br />
<br />
With Debian Trixie the <code>systemd-boot</code> package got split up a bit further into <code>systemd-boot-efi</code> (containing the EFI-binary used for booting), <br />
<code>systemd-boot-tools</code> (containing <code>bootctl</code>) and the <code>systemd-boot</code> meta-package (containing hooks which run upon upgrades of itself and other packages<br />
and install systemd-boot as bootloader).<br />
<br />
As Proxmox Systems usually handle the installation of <code>systemd-boot</code> as bootloader using <code>proxmox-boot-tool</code> the meta-package should be removed.<br />
The package was automatically shipped for systems installed from the Proxmox Backup Server 3.1 to Proxmox Backup Server 3.4 ISOs, as it contained <code>bootctl</code> in bookworm.<br />
<br />
See also [https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1110177 bug for systemd-boot]<br />
<br />
[[Category: Upgrade]]</div>S.ivanovhttps://pbs.proxmox.com/mediawiki/index.php?title=Fail2ban&diff=128Fail2ban2024-05-27T16:19:02Z<p>S.ivanov: Add initial page - adaptations contributed by Lukas Fülling</p>
<hr />
<div>Here we describe in short how you can set up <code>fail2ban</code> for the Proxmox Backup Server API to block IP addresses (temporarily) if there were too many wrong login attempts submitted through them.<br />
The page is based upon the [https://pve.proxmox.com/wiki/Fail2ban HOWTO for Proxmox VE]<br />
<br />
== Install fail2ban ==<br />
<br />
Execute the following commands as root in a shell on the Proxmox Backup Server host, for example connected through SSH or via the web console in the Proxmox Backup Server web interface.<br />
<br />
apt update<br />
apt install fail2ban<br />
<br />
== Setup Base Config ==<br />
<br />
We recommend to use the <code>/etc/fail2ban/jail.local</code> file, as settings in this file take precedence over identical settings of <code>jail.conf</code>.<br />
<br />
Use <code>jail.conf</code> as a template:<br />
<br />
cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local<br />
<br />
And adapt the settings to your needs in the copied over <code>jail.local</code>.<br />
<br />
The main reason for using this separate file is that the original <code>jail.conf</code> could be overwritten by fail2ban package updates, while the copied <code>jail.local</code> will not, so you can better manage updates that way.<br />
<br />
== Setup Jail ==<br />
<br />
=== Base Config ===<br />
Add the following to the end of the copied over file <code>/etc/fail2ban/jail.local</code>:<br />
<br />
<pre><br />
[proxmox-backup-server]<br />
enabled = true<br />
port = https,http,8007<br />
filter = proxmox-backup-server<br />
logpath = /var/log/proxmox-backup/api/auth.log<br />
maxretry = 3<br />
findtime = 2d<br />
bantime = 1h<br />
</pre><br />
<br />
Tip: Time properties like <code>bantime</code> and <code>findtime</code> also allow combinations like <code>2m 30s</code>. You can test if a value is valid and what the actually resulting ban seconds are using the <code>fail2ban-client --str2sec '1d 12h'</code> command.<br />
See the <code>jail.conf</code> manual page<ref><code>jail.conf</code> manual page https://manpages.debian.org/stable/fail2ban/jail.conf.5.en.html</ref> for description of all options.<br />
<br />
=== Filter Config ===<br />
Create the file <code>/etc/fail2ban/filter.d/proxmox-backup-server.conf</code> with the following content:<br />
<br />
<pre><br />
[Definition]<br />
failregex = authentication failure; rhost=\[<HOST>\]:\d+ user=.* msg=.*<br />
ignoreregex =<br />
<br />
</pre><br />
<br />
=== Restart Service to Enable Config ===<br />
Use:<br />
systemctl restart fail2ban<br />
to activate the config addition and arm fail2ban for the Proxmox Backup Server API.<br />
<br />
== Test fail2ban Config ==<br />
You can test your configuration by trying to log in through the web interface with a wrong password or a wrong user, and then issue the command:<br />
<br />
<pre><br />
fail2ban-regex /var/log/proxmox-backup/api/auth.log /etc/fail2ban/filter.d/proxmox-backup-server.conf<br />
</pre><br />
<br />
You should have *at least* a "Failregex: 1 total" at the top of the "Results" section (and "1 matched" at the bottom)<br />
<br />
Note, if you tried too often and got yourself banned (your IP is reported by <code>fail2ban-client get proxmox-backup-server banned</code>) you can use <code>fail2ban-client unban <IP></code> (replace <code><IP></code> with the IP address) to manually unblock yourself.<br />
<br />
== Links ==<br />
* [http://www.fail2ban.org/wiki/index.php/Main_Page Fail2Ban ]<br />
<br />
[[Category: HOW-TO]]</div>S.ivanovhttps://pbs.proxmox.com/mediawiki/index.php?title=Upgrade_from_1.1_to_2.x&diff=64Upgrade from 1.1 to 2.x2021-07-13T09:53:56Z<p>S.ivanov: /* Upgrade the system */</p>
<hr />
<div>= Introduction =<br />
Proxmox Backup Server 2.x is based on a new major version of Debian. You should plan the upgrade carefully, '''make and verify backups''' before beginning, and test extensively. Depending on the existing configuration, several manual steps — including some downtime — may be required.<br />
<br />
'''Note:''' A valid and tested backup is ''always'' required before starting the upgrade process. Test the backup beforehand in a test lab setup.<br />
<br />
In case the system is customized and/or uses additional packages or any other third party repositories/packages, ensure those packages are also upgraded to and compatible with Debian Bullseye.<br />
<br />
= In-place Upgrade =<br />
<br />
== Preconditions ==<br />
<br />
Perform these actions via console or SSH. If you use SSH, you should use a terminal multiplexer (for example, tmux or screen) to ensure the upgrade can continue even if the SSH connection gets interrupted.<br />
<br />
Do not carry out the upgrade via the web-interface (GUI) console, as this will get interrupted during the upgrade.<br />
<br />
* Upgrade to the latest version of Proxmox Backup Server 1.1:<br />
apt update<br />
apt dist-upgrade<br />
# verify version:<br />
proxmox-backup-manager versions<br />
proxmox-backup-server 1.1.11-1 running version: 1.1.11 (or higher)<br />
<br />
* Make a backup of <code>/etc/proxmox-backup</code> to ensure that in the worst case, any relevant configuration can be recovered:<br />
tar czf "pbs1-etc-backup-$(date -I).tar.gz" -C "/etc" "proxmox-backup"<br />
<br />
* Ensure that you have at least 4 GiB free disk space on the root mount point: <br />
df -h /<br />
<br />
In-place upgrades are carried out via APT. '''Familiarity with APT is required to proceed with this upgrade mechanism. '''<br />
<br />
== Actions step-by-step ==<br />
Before starting the upgrade process, ensure that your Proxmox Backup Server 1.x host is up-to-date. If you use a Linux bridge setup on your server, please also refer to the [https://pve.proxmox.com/wiki/Upgrade_from_6.x_to_7.0#Check_Linux_Network_Bridge_MAC Proxmox VE Upgrade Guide's] section regarding possible issues.<br />
<br />
=== Update the configured APT repositories ===<br />
<br />
Change the apt sources to Bullseye - see [https://pbs.proxmox.com/docs/installation.html#debian-package-repositories Package Repositories].<br />
Update all Debian repository entries to Bullseye.<br />
<br />
sed -i 's/buster\/updates/bullseye-security/g;s/buster/bullseye/g' /etc/apt/sources.list<br />
<br />
Note that for bullseye, Debian changed its security update repository from <code>deb http://security.debian.org buster/updates main</code> to <code>deb http://security.debian.org bullseye-security main</code> for more consistency.<br />
The above command accounts for this change already.<br />
<br />
Update the enterprise repository to bullseye: <br />
<br />
echo "deb https://enterprise.proxmox.com/debian/pbs bullseye pbs-enterprise" > /etc/apt/sources.list.d/pbs-enterprise.list<br />
<br />
If you have other PBS repositories configured, you can run the below command to update them:<br />
sed -i 's/buster/bullseye/g' /etc/apt/sources.list.d/pbs-repo.list<br />
<br />
Make sure to also edit all the extra files you added in /etc/apt/sources.list.d/ to Bullseye accordingly. <br />
<br />
Finally, update the repositories' package index:<br />
apt update<br />
Note that this command does not start the upgrade itself, it only refreshes the package index and must not return any error.<br />
<br />
=== Stop services before upgrade ===<br />
<br />
This is only necessary if you use tape backup, as the lock file's path has been changed. Alternatively, you can also ensure that no tape-related backup or restore jobs are running during the upgrade.<br />
<br />
Note that stopping the services will abort all running tasks (backup, restore, garbage-collect, etc.), so make sure none is active.<br />
<br />
systemctl stop proxmox-backup-proxy.service proxmox-backup.service<br />
<br />
=== Upgrade the system ===<br />
<br />
Note that the time required for finishing this step heavily depends on the system's performance, especially the root filesystem's IOPS and bandwidth. A slow spinner can take up to 60 minutes or more, while for a high-performance server with SSD storage, the dist-upgrade can be finished in 5 minutes. While the packages are being upgraded certain operations and requests to the API might fail (for example logging in as system user in the <code>pam</code> realm)<br />
<br />
To get the initial set of upgraded packages, run:<br />
apt update<br />
apt dist-upgrade<br />
<br />
During the above step, you may be asked to approve some new packages, that want to replace certain configuration files. These are not relevant to the Proxmox Backup Server upgrade, so you can choose what's most appropriate for your setup.<br />
<br />
If the command exits successfully, you can reboot the system in order to enable the new kernel. <br />
systemctl reboot<br />
<br />
== Following the Proxmox Backup Server upgrade ==<br />
<br />
Start services again, if you stopped them for the upgrade:<br />
<br />
systemctl start proxmox-backup-proxy.service proxmox-backup.service<br />
<br />
Check that the statuses of the main services are <code>active (running)</code><br />
<br />
systemctl status proxmox-backup-proxy.service proxmox-backup.service<br />
<br />
= Potential issues =<br />
<br />
== General ==<br />
<br />
As a Debian based Distribution, Proxmox Backup Server is affected by most issues and changes affecting Debian.<br />
Thus, make sure to read the [https://www.debian.org/releases/bullseye/amd64/release-notes/ch-information.en.html Upgrade specific issues for bullseye]</div>S.ivanovhttps://pbs.proxmox.com/mediawiki/index.php?title=Upgrade_from_1.1_to_2.x&diff=63Upgrade from 1.1 to 2.x2021-07-13T09:53:35Z<p>S.ivanov: /* Upgrade the system */</p>
<hr />
<div>= Introduction =<br />
Proxmox Backup Server 2.x is based on a new major version of Debian. You should plan the upgrade carefully, '''make and verify backups''' before beginning, and test extensively. Depending on the existing configuration, several manual steps — including some downtime — may be required.<br />
<br />
'''Note:''' A valid and tested backup is ''always'' required before starting the upgrade process. Test the backup beforehand in a test lab setup.<br />
<br />
In case the system is customized and/or uses additional packages or any other third party repositories/packages, ensure those packages are also upgraded to and compatible with Debian Bullseye.<br />
<br />
= In-place Upgrade =<br />
<br />
== Preconditions ==<br />
<br />
Perform these actions via console or SSH. If you use SSH, you should use a terminal multiplexer (for example, tmux or screen) to ensure the upgrade can continue even if the SSH connection gets interrupted.<br />
<br />
Do not carry out the upgrade via the web-interface (GUI) console, as this will get interrupted during the upgrade.<br />
<br />
* Upgrade to the latest version of Proxmox Backup Server 1.1:<br />
apt update<br />
apt dist-upgrade<br />
# verify version:<br />
proxmox-backup-manager versions<br />
proxmox-backup-server 1.1.11-1 running version: 1.1.11 (or higher)<br />
<br />
* Make a backup of <code>/etc/proxmox-backup</code> to ensure that in the worst case, any relevant configuration can be recovered:<br />
tar czf "pbs1-etc-backup-$(date -I).tar.gz" -C "/etc" "proxmox-backup"<br />
<br />
* Ensure that you have at least 4 GiB free disk space on the root mount point: <br />
df -h /<br />
<br />
In-place upgrades are carried out via APT. '''Familiarity with APT is required to proceed with this upgrade mechanism. '''<br />
<br />
== Actions step-by-step ==<br />
Before starting the upgrade process, ensure that your Proxmox Backup Server 1.x host is up-to-date. If you use a Linux bridge setup on your server, please also refer to the [https://pve.proxmox.com/wiki/Upgrade_from_6.x_to_7.0#Check_Linux_Network_Bridge_MAC Proxmox VE Upgrade Guide's] section regarding possible issues.<br />
<br />
=== Update the configured APT repositories ===<br />
<br />
Change the apt sources to Bullseye - see [https://pbs.proxmox.com/docs/installation.html#debian-package-repositories Package Repositories].<br />
Update all Debian repository entries to Bullseye.<br />
<br />
sed -i 's/buster\/updates/bullseye-security/g;s/buster/bullseye/g' /etc/apt/sources.list<br />
<br />
Note that for bullseye, Debian changed its security update repository from <code>deb http://security.debian.org buster/updates main</code> to <code>deb http://security.debian.org bullseye-security main</code> for more consistency.<br />
The above command accounts for this change already.<br />
<br />
Update the enterprise repository to bullseye: <br />
<br />
echo "deb https://enterprise.proxmox.com/debian/pbs bullseye pbs-enterprise" > /etc/apt/sources.list.d/pbs-enterprise.list<br />
<br />
If you have other PBS repositories configured, you can run the below command to update them:<br />
sed -i 's/buster/bullseye/g' /etc/apt/sources.list.d/pbs-repo.list<br />
<br />
Make sure to also edit all the extra files you added in /etc/apt/sources.list.d/ to Bullseye accordingly. <br />
<br />
Finally, update the repositories' package index:<br />
apt update<br />
Note that this command does not start the upgrade itself, it only refreshes the package index and must not return any error.<br />
<br />
=== Stop services before upgrade ===<br />
<br />
This is only necessary if you use tape backup, as the lock file's path has been changed. Alternatively, you can also ensure that no tape-related backup or restore jobs are running during the upgrade.<br />
<br />
Note that stopping the services will abort all running tasks (backup, restore, garbage-collect, etc.), so make sure none is active.<br />
<br />
systemctl stop proxmox-backup-proxy.service proxmox-backup.service<br />
<br />
=== Upgrade the system ===<br />
<br />
Note that the time required for finishing this step heavily depends on the system's performance, especially the root filesystem's IOPS and bandwidth. A slow spinner can take up to 60 minutes or more, while for a high-performance server with SSD storage, the dist-upgrade can be finished in 5 minutes. While the packages are being upgraded certain operations and requests to the API might fail (e.g. logging in as system user in the <code>pam</code> realm)<br />
<br />
To get the initial set of upgraded packages, run:<br />
apt update<br />
apt dist-upgrade<br />
<br />
During the above step, you may be asked to approve some new packages, that want to replace certain configuration files. These are not relevant to the Proxmox Backup Server upgrade, so you can choose what's most appropriate for your setup.<br />
<br />
If the command exits successfully, you can reboot the system in order to enable the new kernel. <br />
systemctl reboot<br />
<br />
== Following the Proxmox Backup Server upgrade ==<br />
<br />
Start services again, if you stopped them for the upgrade:<br />
<br />
systemctl start proxmox-backup-proxy.service proxmox-backup.service<br />
<br />
Check that the statuses of the main services are <code>active (running)</code><br />
<br />
systemctl status proxmox-backup-proxy.service proxmox-backup.service<br />
<br />
= Potential issues =<br />
<br />
== General ==<br />
<br />
As a Debian based Distribution, Proxmox Backup Server is affected by most issues and changes affecting Debian.<br />
Thus, make sure to read the [https://www.debian.org/releases/bullseye/amd64/release-notes/ch-information.en.html Upgrade specific issues for bullseye]</div>S.ivanovhttps://pbs.proxmox.com/mediawiki/index.php?title=Upgrade_from_1.1_to_2.x&diff=62Upgrade from 1.1 to 2.x2021-07-13T09:52:22Z<p>S.ivanov: /* Stop services before upgrade */</p>
<hr />
<div>= Introduction =<br />
Proxmox Backup Server 2.x is based on a new major version of Debian. You should plan the upgrade carefully, '''make and verify backups''' before beginning, and test extensively. Depending on the existing configuration, several manual steps — including some downtime — may be required.<br />
<br />
'''Note:''' A valid and tested backup is ''always'' required before starting the upgrade process. Test the backup beforehand in a test lab setup.<br />
<br />
In case the system is customized and/or uses additional packages or any other third party repositories/packages, ensure those packages are also upgraded to and compatible with Debian Bullseye.<br />
<br />
= In-place Upgrade =<br />
<br />
== Preconditions ==<br />
<br />
Perform these actions via console or SSH. If you use SSH, you should use a terminal multiplexer (for example, tmux or screen) to ensure the upgrade can continue even if the SSH connection gets interrupted.<br />
<br />
Do not carry out the upgrade via the web-interface (GUI) console, as this will get interrupted during the upgrade.<br />
<br />
* Upgrade to the latest version of Proxmox Backup Server 1.1:<br />
apt update<br />
apt dist-upgrade<br />
# verify version:<br />
proxmox-backup-manager versions<br />
proxmox-backup-server 1.1.11-1 running version: 1.1.11 (or higher)<br />
<br />
* Make a backup of <code>/etc/proxmox-backup</code> to ensure that in the worst case, any relevant configuration can be recovered:<br />
tar czf "pbs1-etc-backup-$(date -I).tar.gz" -C "/etc" "proxmox-backup"<br />
<br />
* Ensure that you have at least 4 GiB free disk space on the root mount point: <br />
df -h /<br />
<br />
In-place upgrades are carried out via APT. '''Familiarity with APT is required to proceed with this upgrade mechanism. '''<br />
<br />
== Actions step-by-step ==<br />
Before starting the upgrade process, ensure that your Proxmox Backup Server 1.x host is up-to-date. If you use a Linux bridge setup on your server, please also refer to the [https://pve.proxmox.com/wiki/Upgrade_from_6.x_to_7.0#Check_Linux_Network_Bridge_MAC Proxmox VE Upgrade Guide's] section regarding possible issues.<br />
<br />
=== Update the configured APT repositories ===<br />
<br />
Change the apt sources to Bullseye - see [https://pbs.proxmox.com/docs/installation.html#debian-package-repositories Package Repositories].<br />
Update all Debian repository entries to Bullseye.<br />
<br />
sed -i 's/buster\/updates/bullseye-security/g;s/buster/bullseye/g' /etc/apt/sources.list<br />
<br />
Note that for bullseye, Debian changed its security update repository from <code>deb http://security.debian.org buster/updates main</code> to <code>deb http://security.debian.org bullseye-security main</code> for more consistency.<br />
The above command accounts for this change already.<br />
<br />
Update the enterprise repository to bullseye: <br />
<br />
echo "deb https://enterprise.proxmox.com/debian/pbs bullseye pbs-enterprise" > /etc/apt/sources.list.d/pbs-enterprise.list<br />
<br />
If you have other PBS repositories configured, you can run the below command to update them:<br />
sed -i 's/buster/bullseye/g' /etc/apt/sources.list.d/pbs-repo.list<br />
<br />
Make sure to also edit all the extra files you added in /etc/apt/sources.list.d/ to Bullseye accordingly. <br />
<br />
Finally, update the repositories' package index:<br />
apt update<br />
Note that this command does not start the upgrade itself, it only refreshes the package index and must not return any error.<br />
<br />
=== Stop services before upgrade ===<br />
<br />
This is only necessary if you use tape backup, as the lock file's path has been changed. Alternatively, you can also ensure that no tape-related backup or restore jobs are running during the upgrade.<br />
<br />
Note that stopping the services will abort all running tasks (backup, restore, garbage-collect, etc.), so make sure none is active.<br />
<br />
systemctl stop proxmox-backup-proxy.service proxmox-backup.service<br />
<br />
=== Upgrade the system ===<br />
<br />
Note that the time required for finishing this step heavily depends on the system's performance, especially the root filesystem's IOPS and bandwidth. A slow spinner can take up to 60 minutes or more, while for a high-performance server with SSD storage, the dist-upgrade can be finished in 5 minutes. <br />
<br />
To get the initial set of upgraded packages, run:<br />
apt update<br />
apt dist-upgrade<br />
<br />
During the above step, you may be asked to approve some new packages, that want to replace certain configuration files. These are not relevant to the Proxmox Backup Server upgrade, so you can choose what's most appropriate for your setup.<br />
<br />
If the command exits successfully, you can reboot the system in order to enable the new kernel. <br />
systemctl reboot<br />
<br />
== Following the Proxmox Backup Server upgrade ==<br />
<br />
Start services again, if you stopped them for the upgrade:<br />
<br />
systemctl start proxmox-backup-proxy.service proxmox-backup.service<br />
<br />
Check that the statuses of the main services are <code>active (running)</code><br />
<br />
systemctl status proxmox-backup-proxy.service proxmox-backup.service<br />
<br />
= Potential issues =<br />
<br />
== General ==<br />
<br />
As a Debian based Distribution, Proxmox Backup Server is affected by most issues and changes affecting Debian.<br />
Thus, make sure to read the [https://www.debian.org/releases/bullseye/amd64/release-notes/ch-information.en.html Upgrade specific issues for bullseye]</div>S.ivanovhttps://pbs.proxmox.com/mediawiki/index.php?title=HTTPS_Certificate_Configuration&diff=49HTTPS Certificate Configuration2021-02-11T10:03:41Z<p>S.ivanov: add section about parallel installations</p>
<hr />
<div>== Introduction ==<br />
<br />
This is a how-to for changing the web server certificate used by Proxmox Backup Server, in order to enable the usage of publicly trusted certificates issued by a CA of your choice (like Let's Encrypt or a commercial CA).<br />
<br />
== Important Note ==<br />
<br />
Creating a new certificate requires changes the fingerprint a client will see when connecting to the server.<br />
You need to update it for all clients, else they will refuse connecting to the server!<br />
<br />
With a trusted certificate clients do not require a fingerprint to verify the server, if your certificate is trusted you should drop the fingerprint from all client configurations to avoid updating it.<br />
<br />
== Certificate and Key File ==<br />
<br />
The certificate and key, which are used for the TLS encryption by <code>proxmox-backup-proxy</code> are:<br />
* <code>/etc/proxmox-backup/proxy.pem</code> (certificate)<br />
: The pem file contains the certificate, potentially including one or more intermediate certificates<br />
* <code>/etc/proxmox-backup/proxy.key</code> (key)<br />
: The key file contains the private key used for the certificate.<br />
<br />
=== File Owner and Permissions ===<br />
<br />
Both files need to be owned by the <code>root</code> user and the <code>backup</code> group and should not be readable by others (mode <code>o640</code>):<br />
<br />
chown root:backup /etc/proxmox-backup/proxy.pem /etc/proxmox-backup/proxy.key<br />
chmod 640 /etc/proxmox-backup/proxy.pem /etc/proxmox-backup/proxy.key<br />
<br />
=== Activating Certificate Change ===<br />
<br />
Once the certificate and key files are changed you need to reload (avoid restart, they interrupt running (backup) jobs) the proxy daemon:<br />
systemctl reload proxmox-backup-proxy<br />
<br />
== Revert to Default Configuration ==<br />
<br />
You can always recreate a fresh self-signed certificate and start fresh by running:<br />
proxmox-backup-manager cert update --force<br />
systemctl reload proxmox-backup-proxy<br />
<br />
'''WARNING''': Creating a new certificate requires you to update the fingerprint for all clients, else they will refuse connecting to the server!<br />
<br />
== Let's Encrypt using acme.sh ==<br />
<br />
Until Proxmox Backup Server handles issuing certificates from Let's Encrypt itself you can configure getting and refreshing certificates with external tools.<br />
<br />
This how-to shows how to get a publicly trusted certificate from Let's Encrypt using [https://github.com/acmesh-official/acme.sh acme.sh]<br />
<br />
The how-to only provides minimal instructions - read up on other options, which might be more fitting in your environment, for example, using the DNS challenge.<br />
<br />
=== Download and Installation ===<br />
<br />
You can obtain acme.sh directly from GitHub and install it to <code>root</code> account:<br />
<br />
git clone https://github.com/acmesh-official/acme.sh.git<br />
cd acme.sh && ./acme.sh --install --accountemail <your-email><br />
<br />
=== Issuing and Configuration ===<br />
<br />
To write the files to the appropriate location, with fitting owner and mode for <code>domain.example</code><br />
<br />
acme.sh --issue -d domain.example --standalone \<br />
--cert-file /etc/proxmox-backup/proxy.pem \<br />
--key-file /etc/proxmox-backup/proxy.key \<br />
--fullchain-file /etc/proxmox-backup/proxy.pem \<br />
--reloadcmd "chown root:backup /etc/proxmox-backup/proxy.pem /etc/proxmox-backup/proxy.key; chmod 640 /etc/proxmox-backup/proxy.pem /etc/proxmox-backup/proxy.key ; systemctl reload proxmox-backup-proxy"<br />
<br />
'''TIP''': With a trusted certificate clients do not require a fingerprint to verify the server. You can drop the fingerprint from all client configurations to avoid the need to update it every two-three months, after a new Let's Encrypt certificate is required.<br />
<br />
=== Automatic Renewal ===<br />
<br />
In order to automatically refresh the certificates and to reload the proxy service you also need to append the reload command as <code>renew-hook</code> in the generated cronjob (by running <code>crontab -e</code>)<br />
and editing so that the line looks like:<br />
<br />
20 0 * * * "/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" --renew-hook "chown root:backup /etc/proxmox-backup/proxy.pem /etc/proxmox-backup/proxy.key; chmod 640 /etc/proxmox-backup/proxy.pem /etc/proxmox-backup/proxy.key ; systemctl reload proxmox-backup-proxy" > /dev/null<br />
<br />
<br />
== Using Certificates from Proxmox VE ==<br />
<br />
If you have installed Proxmox Backup Server in parallel a system which also runs Proxmox VE, you can use the certificates you created with Proxmox VE's ACME integration also for the Proxmox Backup Server proxy.<br />
<br />
You only need to schedule the copying of the certificate and key after each renewal (e.g. by creating an appropriate cronjob or systemd-timer)<br />
<br />
The necessary commands for copying are:<br />
NODE=$(hostname)<br />
cp /etc/pve/nodes/${NODE}/pveproxy-ssl.pem /etc/proxmox-backup/proxy.pem<br />
cp /etc/pve/nodes/${NODE}/pveproxy-ssl.key /etc/proxmox-backup/proxy.key<br />
chmod 640 /etc/proxmox-backup/proxy.key /etc/proxmox-backup/proxy.pem<br />
chgrp backup /etc/proxmox-backup/proxy.key /etc/proxmox-backup/proxy.pem<br />
systemctl restart proxmox-backup-proxy.service<br />
<br />
[[Category:HOW-TO]]</div>S.ivanov