Upgrading Cloud Scale Technology

This section describes a high level procedure for upgrading Cloud Scale Technology.

Table: Steps for upgrading Cloud Scale Technology

Steps	Description
Step 1	Ensure that all the prerequisites are met as mentioned in the following section:
Step 2	Upgrade the following add-ons: cert-manager trust-manager
Step 3 (Applicable only when using non-official Veritas registry)	Upload the new images to your private registry. Extract contents of `VRTSk8s-netbackup-<version>.tar` file as follows: sudo mkdir /path/to/extracted sudo chmod -R 777 /path/to/extracted *tar -xvf /path/to/VRTSk8s-netbackup-<version>.tar -C /path/to/extracted* *cd /path/to/extracted/VRTSk8s-netbackup-<version>/scripts* Run one of the following command (update the registry/build information only): *REGISTRY='XXXXXXXXXX.dkr.ecr.us-east-1.amazonaws.com' PKG_ROOT='/path/to/extracted/VRTSk8s-netbackup-<version>' ./tag_push_images.sh* *REGISTRY='XXXXXXXXXX.azurecr.io' TAR_FILE='/path/to/VRTSk8s-netbackup-<version>.tar' ./tag_push_images.sh* For example, REGISTRY='XXXXXXXXXX.azurecr.io' TAR_FILE='/home/azureuser/VRTSk8s-netbackup-11.1.x.x.xxxx.tar' ./tag_push_images.sh For more information, refer to the following section: See Loading docker images.
Step 4	Log into the primary server and use the following command to suspend the backup job processing: kubectl exec -it pod/<primary-pod-name> -n netbackup -- bash nbpemreq -suspend_scheduling
Step 5 (Applicable only for upgrade of DBaaS 10.4 )	Upgrade PostgreSQL DBaaS version from 14 to 16 for Azure/AWS: For Azure: Execute the kubectl command into 10.4 primary pod and create the `/tmp/grant_admin_option_to_roles.sql` file. Execute the following command to execute `grant_admin_option_to_roles.sql` file: /usr/openv/db/bin/psql "host=$(< /tmp/.nb-pgdb/dbserver) port=$(< /tmp/.nb-pgdb/dbport) dbname=NBDB user=$(< /tmp/.nb-pgdb/dbadminlogin) password=$(< /tmp/.nb-pgdb/dbadminpassword) sslmode=verify-full sslrootcert='/tmp/.db-cert/dbcertpem'" -f /tmp/grant_admin_option_to_roles.sql /* Azure PostgreSQL upgrade from 14 to 16 does not grant the NetBackup database administrator role the ADMIN OPTION for NetBackup roles. This script will grant the NetBackup database administrator role the ADMIN OPTION so that it can manage NetBackup roles. */ GRANT ADTR_MAIN TO current_user WITH ADMIN OPTION; GRANT AUTH_MAIN TO current_user WITH ADMIN OPTION; GRANT DARS_MAIN TO current_user WITH ADMIN OPTION; GRANT DBM_MAIN TO current_user WITH ADMIN OPTION; GRANT EMM_MAIN TO current_user WITH ADMIN OPTION; GRANT JOBD_MAIN TO current_user WITH ADMIN OPTION; GRANT PEM_MAIN TO current_user WITH ADMIN OPTION; GRANT RB_MAIN TO current_user WITH ADMIN OPTION; GRANT SLP_MAIN TO current_user WITH ADMIN OPTION; GRANT NBPGBOUNCER TO current_user WITH ADMIN OPTION; GRANT NBWEBSVC TO current_user WITH ADMIN OPTION; GRANT AZ_DBA TO current_user WITH ADMIN OPTION; Exit 10.4 primary pod. Ready for 10.4 with PostgreSQL to 10.5 with PostgreSQL 16 upgrade. Upgrade Azure PostgreSQL version from 14 to 16 using Azure portal.
For AWS: Upgrade AWS PostgreSQL RDS version from 14 to 16 using AWS Management Console. Navigate to RDS page, select the database instance and click Modify to change the engine version. For more information, see Upgrading the PostgreSQL DB engine for Amazon RDS.
Step 6 (This step is applicable only when upgrading from version 10.3 and 10.3.0.1)	Perform the following (AWS/Azure) to create Secret containing DBaaS CA certificates: For AWS: TLS_FILE_NAME='/tmp/tls.crt' PROXY_FILE_NAME='/tmp/proxy.pem' rm -f ${TLS_FILE_NAME} ${PROXY_FILE_NAME} DB_CERT_URL="https://truststore.pki.rds.amazonaws.com/global/global-bundle.pem" DB_PROXY_CERT_URL="https://www.amazontrust.com/repository/AmazonRootCA1.pem" curl ${DB_CERT_URL} --output ${TLS_FILE_NAME} curl ${DB_PROXY_CERT_URL} --output ${PROXY_FILE_NAME} cat ${PROXY_FILE_NAME} >> ${TLS_FILE_NAME} kubectl -n netbackup create secret generic postgresql-netbackup-ca --from-file ${TLS_FILE_NAME}
For Azure: DIGICERT_ROOT_CA='/tmp/root_ca.pem' DIGICERT_ROOT_G2='/tmp/root_g2.pem' MS_ROOT_CRT='/tmp/ms_root.crt' COMBINED_CRT_PEM='/tmp/tls.crt' DIGICERT_ROOT_CA_URL="https://cacerts.digicert.com/DigiCertGlobalRootCA.crt.pem"; DIGICERT_ROOT_G2_URL="https://cacerts.digicert.com/DigiCertGlobalRootG2.crt.pem"; MS_ROOT_CRT_URL="http://www.microsoft.com/pkiops/certs/Microsoft%20RSA%20Root%20Certificate%20Authority%202017.crt"; curl ${DIGICERT_ROOT_CA_URL} --output ${DIGICERT_ROOT_CA} curl ${DIGICERT_ROOT_G2_URL} --output ${DIGICERT_ROOT_G2} curl ${MS_ROOT_CRT_URL} --output ${MS_ROOT_CRT} openssl x509 -inform DER -in ${MS_ROOT_CRT} -out ${COMBINED_CRT_PEM} -outform PEM cat ${DIGICERT_ROOT_CA} ${DIGICERT_ROOT_G2} >> ${COMBINED_CRT_PEM} kubectl -n netbackup create secret generic postgresql-netbackup-ca --from-file ${COMBINED_CRT_PEM}
Step 7	Create db-cert bundle if it does not exists.
Step 8	Upgrade Cloud Scale. See Upgrade Cloud Scale using the kubectl plugin.

Steps

Description

Step 1

Ensure that all the prerequisites are met as mentioned in the following section:

Step 2

Upgrade the following add-ons:

cert-manager
trust-manager

Step 3

(Applicable only when using non-official Veritas registry)

Upload the new images to your private registry.

Extract contents of VRTSk8s-netbackup-<version>.tar file as follows:
sudo mkdir /path/to/extracted
sudo chmod -R 777 /path/to/extracted
tar -xvf /path/to/VRTSk8s-netbackup-<version>.tar -C /path/to/extracted
cd /path/to/extracted/VRTSk8s-netbackup-<version>/scripts
Run one of the following command (update the registry/build information only):
REGISTRY='XXXXXXXXXX.dkr.ecr.us-east-1.amazonaws.com' PKG_ROOT='/path/to/extracted/VRTSk8s-netbackup-<version>' ./tag_push_images.sh
REGISTRY='XXXXXXXXXX.azurecr.io' TAR_FILE='/path/to/VRTSk8s-netbackup-<version>.tar' ./tag_push_images.sh
For example,
REGISTRY='XXXXXXXXXX.azurecr.io' TAR_FILE='/home/azureuser/VRTSk8s-netbackup-11.1.x.x.xxxx.tar' ./tag_push_images.sh

For more information, refer to the following section:

See Loading docker images.

Step 4

Log into the primary server and use the following command to suspend the backup job processing:

kubectl exec -it pod/<primary-pod-name> -n netbackup -- bash

nbpemreq -suspend_scheduling

Step 5

(Applicable only for upgrade of DBaaS 10.4 )

Upgrade PostgreSQL DBaaS version from 14 to 16 for Azure/AWS:

For Azure: Execute the kubectl command into 10.4 primary pod and create the /tmp/grant_admin_option_to_roles.sql file.

Execute the following command to execute grant_admin_option_to_roles.sql file:

/usr/openv/db/bin/psql "host=$(< /tmp/.nb-pgdb/dbserver) port=$(< /tmp/.nb-pgdb/dbport) dbname=NBDB user=$(< /tmp/.nb-pgdb/dbadminlogin) password=$(< /tmp/.nb-pgdb/dbadminpassword) sslmode=verify-full sslrootcert='/tmp/.db-cert/dbcertpem'" -f /tmp/grant_admin_option_to_roles.sql

/*
Azure PostgreSQL upgrade from 14 to 16 does not grant the NetBackup database administrator role the ADMIN OPTION for NetBackup roles.
This script will grant the NetBackup database administrator role the ADMIN OPTION so that it can manage NetBackup roles.
*/
  
GRANT ADTR_MAIN TO current_user WITH ADMIN OPTION;
GRANT AUTH_MAIN TO current_user WITH ADMIN OPTION;
GRANT DARS_MAIN TO current_user WITH ADMIN OPTION;
GRANT DBM_MAIN TO current_user WITH ADMIN OPTION;
GRANT EMM_MAIN TO current_user WITH ADMIN OPTION;
GRANT JOBD_MAIN TO current_user WITH ADMIN OPTION;
GRANT PEM_MAIN TO current_user WITH ADMIN OPTION;
GRANT RB_MAIN TO current_user WITH ADMIN OPTION;
GRANT SLP_MAIN TO current_user WITH ADMIN OPTION;
GRANT NBPGBOUNCER TO current_user WITH ADMIN OPTION;
GRANT NBWEBSVC TO current_user WITH ADMIN OPTION;
GRANT AZ_DBA TO current_user WITH  ADMIN OPTION;

Exit 10.4 primary pod. Ready for 10.4 with PostgreSQL to 10.5 with PostgreSQL 16 upgrade.

Upgrade Azure PostgreSQL version from 14 to 16 using Azure portal.

For AWS: Upgrade AWS PostgreSQL RDS version from 14 to 16 using AWS Management Console. Navigate to RDS page, select the database instance and click Modify to change the engine version.

For more information, see Upgrading the PostgreSQL DB engine for Amazon RDS.

Step 6

(This step is applicable only when upgrading from version 10.3 and 10.3.0.1)

Perform the following (AWS/Azure) to create Secret containing DBaaS CA certificates:

For AWS:

TLS_FILE_NAME='/tmp/tls.crt'
PROXY_FILE_NAME='/tmp/proxy.pem'
 
rm -f ${TLS_FILE_NAME} ${PROXY_FILE_NAME}
 
DB_CERT_URL="https://truststore.pki.rds.amazonaws.com/global/global-bundle.pem"
DB_PROXY_CERT_URL="https://www.amazontrust.com/repository/AmazonRootCA1.pem"
 
curl ${DB_CERT_URL} --output ${TLS_FILE_NAME}
curl ${DB_PROXY_CERT_URL} --output ${PROXY_FILE_NAME}
 
cat ${PROXY_FILE_NAME} >> ${TLS_FILE_NAME}
 
kubectl -n netbackup create secret generic postgresql-netbackup-ca --from-file ${TLS_FILE_NAME}

For Azure:

DIGICERT_ROOT_CA='/tmp/root_ca.pem'
DIGICERT_ROOT_G2='/tmp/root_g2.pem'
MS_ROOT_CRT='/tmp/ms_root.crt'
COMBINED_CRT_PEM='/tmp/tls.crt'
  
DIGICERT_ROOT_CA_URL="https://cacerts.digicert.com/DigiCertGlobalRootCA.crt.pem";
DIGICERT_ROOT_G2_URL="https://cacerts.digicert.com/DigiCertGlobalRootG2.crt.pem";
MS_ROOT_CRT_URL="http://www.microsoft.com/pkiops/certs/Microsoft%20RSA%20Root%20Certificate%20Authority%202017.crt";
  
curl ${DIGICERT_ROOT_CA_URL} --output ${DIGICERT_ROOT_CA}
curl ${DIGICERT_ROOT_G2_URL} --output ${DIGICERT_ROOT_G2}
curl ${MS_ROOT_CRT_URL} --output ${MS_ROOT_CRT}
  
openssl x509 -inform DER -in ${MS_ROOT_CRT} -out ${COMBINED_CRT_PEM} -outform PEM
cat ${DIGICERT_ROOT_CA} ${DIGICERT_ROOT_G2} >> ${COMBINED_CRT_PEM}
 
kubectl -n netbackup create secret generic postgresql-netbackup-ca --from-file ${COMBINED_CRT_PEM}

Step 7

Create db-cert bundle if it does not exists.

Step 8

Upgrade Cloud Scale.

See Upgrade Cloud Scale using the kubectl plugin.

More Information

Prerequisites for Cloud Scale Technology upgrade

Upgrading Cloud Scale Technology

Feedback

Feedback