Proxmox Backup Server 2.X to 3.X 更新
Proxmox Backup Server 已經釋放出新版的 3.0 版,改版內容如下或者連到官方看修改什麼內容 官方 wiki 公告內容
官方最新消息 Proxmox Backup Server 3.0 available
此版改版內容
Released 28. June 2023
- Based on Debian Bookworm (12.0)
- Latest 6.2 Kernel as stable default
- ZFS 2.1.12
Highlights
- New major release based on the great Debian Bookworm.
- Seamless upgrade from Proxmox Backup Server 2.4, see Upgrade from 2 to 3
- Increase the flexibility of sync-jobs with the new
transfer-last
option. - Add new text-based UI mode for the installation ISO, written in Rust using the Cursive TUI (Text User Interface) library.
Changelog Overview
Enhancements in the web interface (GUI)
- Improved Dark color theme:
The Dark color theme, introduced in Proxmox Backup Server 2.4, received a lot of positive feedback from our community, which resulted in further improvements. - Tape backup and restore tasks are now included in the task summary.
- When labeling a tape in a changer, the default value cannot be overridden in the GUI anymore:
Proxmox Backup Server relies on the label being identical to the barcode, so it is not advisable to change the label. If having a different label is required, then it is still possible to override this via the CLI. - Fixed an issue where the GUI would not immediately refresh the subscription information after uploading a subscription key.
- Improved translations, among others:
- Ukrainian (NEW)
- Japanese
- Simplified Chinese
- Traditional Chinese
- The size units (Bytes, KB, MiB,...) are now passed through the translation framework as well, allowing localized variants (e.g., for French).
- The language selection is now localized and displayed in the currently selected language
General backend improvements
- Chunk store now handles specific edge cases during insertion more gracefully.
- Updated the kernel of the image that
proxmox-backup-restore-image
uses to 6.2.16 and ZFS 2.1.12.
This can be particularly useful when trying to restore from guests that used newer features of a filesystem that are only supported by newer kernel versions, for example with Btrfs or ZFS volumes. - In HTTP error responses, mention the requested path instead of the filesystem path, to avoid triggering automated security scanners.
- When authenticating via PAM, pass the
PAM_RHOST
item. With this, it is possible to manually configure PAM such that certain users (for example root@pam) can only log in from certain hosts.
Client improvements
- Increase the flexibility of sync-jobs with the new
transfer-last
option:
Specifying this parameter will only transfer the newestn
backups, instead of all backups. - Improved log output for sync jobs: In order to improve readability, the log now contains one opening line for every backup group.
-
proxmox-backup-manager
user tfa now supportslist
anddelete
commands (issue #4734).
These can be used to list all currently configured TFA tokens as well as delete them. -
proxmox-file-restore
now honors the environment variablePBS_QEMU_DEBUG
. - Fix an issue where running the
status
command would fail with a traceback (issue #4638). - Improved error handling when zipping a directory fails, by exiting early if a fatal error occurs.
Tape backup
- Improved reading attributes from tapes that use medium auxiliary memory (MAM).
- Show a list of required tapes when restoring a single snapshot, like it has been the case for full restores already.
- Added a fallback mode for tapes only supporting the 6 byte variant of the
MODE SENSE
orSELECT
commands. This improves compatibility with some tape drives and libraries, for example the StarWind VTL. - When restoring backups, instead of aborting when a tape is missing in the changer, the task now waits for the correct tape to be inserted (issue #4719).
- Fixed an issue with media-sets that have multiple datastores, where trying to restore a single datastore via the GUI would inadvertently restore all datastores.
Access control
- Add TFA/TOTP lockout to protect against an attacker who has obtained the user password and attempts to guess the second factor:
If TFA fails too many times in a row, this user account is locked out of TFA for an hour. If TOTP fails too many times in a row, TOTP is disabled for the user account. Using a recovery key will unlock a user account. - The configuration for LDAP realms is now actively tested by attempting to connect before adding such a realm to the configuration.
- Surround user filter expressions with parentheses if they are not already present, similarly to Proxmox VE.
- Remove support for unauthenticated LDAP binds (where no password is given), which are not supported in Proxmox VE either.
Installation ISO
- Add new text-based UI mode for the installation ISO, written in Rust using the Cursive TUI (Text User Interface) library:
You can use the new TUI mode to work around issues with launching the GTK based graphical installer, sometimes observed on both very new and rather old hardware.
The new text mode executes the same code for the actual installation as the existing graphical mode. - The version of BusyBox shipped with the ISO was updated to version 1.36.1.
- Detection of unreasonable system time.
If the system time is older than the time the installer was created, the system notifies the user with a warning. -
ethtool
is now shipped with the ISO and installed on all systems. -
systemd-boot
is provided by its own package instead ofsystemd
in Debian Bookworm and is installed with the new ISO.
Notable bug fixes
- Fixed an issue where certain prune job tasks did not show up in the task summary.
- Fixed an issue where garbage collection would incorrectly show warnings when namespaces were used by a datastore (issue #4357).
- Fixed a bug that prevented entering netmasks for networks with CIDR prefix length smaller than /8 in the network interface configuration (issue #4722).
- Restoring files from a ZFS snapshot directory now works with
proxmox-file-restore
(issue #4477).
Known Issues & Breaking Changes
- User accounts will now be locked after too many attempts to authenticate with a second factor. This is intended to protect against an attacker who has obtained the user password and attempts to guess the second factor. Unlocking requires either a successful login with a recovery key or a manual unlock by an administrator.
- Systems booting via UEFI from a ZFS on root setup should install the
systemd-boot
package after the upgrade.
Thesystemd-boot
was split out from thesystemd
package for Debian Bookworm based releases. It won't get installed automatically upon upgrade from Proxmox VE 7.4 as it can cause trouble on systems not booting from UEFI with ZFS on root setup by the Proxmox VE installer. Systems which have ZFS on root and boot in UEFI mode will need to manually install it if they need to initialize a new ESP (see the output ofproxmox-boot-tool status
and the relevant documentation). Note that the system remains bootable even without the package installed (the boot-loader that was copied to the ESPs during intialization remains untouched), so you can also install it after the upgrade was finished. It is not recommended installingsystemd-boot
on systems which don't need it, as it would replace grub as bootloader in itspostinst
script.
2.x版更新到3.x版
- 先把現行的 2.X 更新到最新版本
apt update && apt dist-upgrade -y
- 重啟該主機
reboot -nf
- 備份設定檔
/etc/proxmox-backup
tar czf "pbs2-etc-backup-$(date -I).tar.gz" -C "/etc" "proxmox-backup"
更新來源庫
- 更新來源庫
sources.list
sed -i 's/bullseye/bookworm/g' /etc/apt/sources.list
- 更新訂閱版來源庫
pbs-enterprise.list
,如果沒有用訂閱版來源庫,記要進去註解
sed -i -e 's/bullseye/bookworm/g' /etc/apt/sources.list.d/*.list
因 BUBU 的環境是在 Debian 環境下進行 PBS 服務安裝,因此需要安裝密鑰後續安裝會有問題無法正常更新
- 安裝密鑰
wget https://enterprise.proxmox.com/debian/proxmox-release-bookworm.gpg -O /etc/apt/trusted.gpg.d/proxmox-release-bookworm.gpg
- 驗證密鑰 SHA512
sha512sum /etc/apt/trusted.gpg.d/proxmox-release-bookworm.gpg
- 驗證密鑰
md5sum /etc/apt/trusted.gpg.d/proxmox-release-bookworm.gpg
- 更新來源庫
apt update
更新前先停止服務
systemctl stop proxmox-backup-proxy.service proxmox-backup.service
更新服務
- 開始更新 PBS 服務
apt update && apt dist-upgrade -y
- 更新完重啟主機
systemctl reboot
啟動服務
- 啟動 PBS 服務
systemctl start proxmox-backup-proxy.service proxmox-backup.service
- 查看 PBS 狀態
systemctl status proxmox-backup-proxy.service proxmox-backup.service