Skip to main content
Version: 2.7

Upgrade Portworx Backup in air-gapped environment

If you are in air-gapped environment, then follow the steps below to upgrade Portworx Backup from the prior versions to 2.7.2:

  1. To pull the Docker images listed in Air-gapped install and push them to an internal registry:

    a. Download the pxcentral-ag-install-backup.sh air-gapped bootstrap Portworx Backup install script:

    curl -o pxcentral-ag-install-backup.sh -L "https://install.portworx.com/pxcentral-air-gapped?px-backup=true"

    You can also download the install script for a specific release by specifying version in the query.

    For example:

    curl -o pxcentral-ag-install-backup.sh -L "https://install.portworx.com/pxcentral-air-gapped?version=2.7.2&px-backup=true"

    b. Provide execute permission for the install script:

    chmod +x pxcentral-ag-install-backup.sh

    c. Pull the container images using the pxcentral-ag-install-backup.sh script:

    ./pxcentral-ag-install-backup.sh pull

    d. Push the images to a local registry server, accessible by the air-gapped nodes. Replace <repo> with your registry location:

    ./pxcentral-ag-install-backup.sh push <repo>
  2. To generate the customized values-px-central.yaml for Portworx Backup installation spec (Helm command):

    a. Access Portworx Central portal.

    b. From the home page, navigate to Backup Services under Explore our Products.

    c. Click I agree to EULA and go through the Portworx Products Terms of Use carefully.

    d. Navigate back to the Portworx Central portal and click Start Free Trial.

    e. In the Spec Details provide the following values:

    • Backup Version: select the required version of Portworx Backup from the dropdown list

    • Namespace: provide the name of the namespace where you want an instance of Portworx Backup to be installed

    • Install using: choose Helm 3

    • Select your environment: choose On-Premises or Cloud based on your storage environment

    • StorageClass Name: name of the StorageClass, refer tooltip for more details

    • Use your OIDC: Select this option only if your external authorization provider is Auth0 and key in the following fields:

      • Endpoint
      • Client ID
      • Client Secret

      These values can be fetched from the Auth0 web console.

    • Use existing Prometheus: select this checkbox if you have to use your existing Prometheus stack to monitor Portworx Backup and enter the values for the following fields:

      • Prometheus Endpoint: enter details of the endpoint where your Prometheus is installed
      • Alertmanager Endpoint: enter details of the endpoint where your Alertmanager is installed
      • Prometheus secret name: enter secret name of your Prometheus stack
      • Alertmanager secret name: enter secret name of your Alertmanager
      • Custom email template from PX-Backup: select to upload Portworx Backup's custom email template to your pre-configured Alertmanager for email notifications
    • Use custom registry: for air-gapped environments

      • Custom Image Repository Location: path of custom image repository
      • Image Pull Secret(s): create a secret only if image pulling from an internal repository requires credentials
      note

      Create a secret only if pulling image from an internal repository requires credentials.

  3. Click Next to navigate to Finish tab.

  4. Under Step 2 in the web console, click values-px-central.yaml file to download the default options.

  5. Retrieve all custom values you used during the Portworx Backup installation. Enter the following helm get values command to generate a YAML file, replacing the <namespace> and <release-name> parameters to match your environment:

    helm get values --namespace <namespace> <release-name> -o yaml> values.yaml
  6. Modify the values-px-central.yaml downloaded from Portworx Central portal in Step 4 with the changed values from values.yaml.

    For example, replace storage class value in values-px-central.yaml with that of values.yaml.

  7. (Optional) Delete the Prometheus operator deployment upgrade to avoid conflicts:

    kubectl delete deploy prometheus-operator -n <px-backup namespace>
    note

    Execute this step only if you have configured Prometheus and Grafana following the steps mentioned in the topic Configure Prometheus and Grafana.

  8. Delete the post install hook job:

    kubectl delete job pxcentral-post-install-hook --namespace <namespace>
  9. From the machine where you run the helm3 command:

    a. Download the latest px-central package with the following command.

    curl -O  https://raw.githubusercontent.com/portworx/helm/master/stable/px-central-2.7.2.tgz

    b. Modify the Helm command generated from Step 2 of web console to provide the helm package, instead of providing the repository.

    For example:

    helm upgrade px-central px-central-2.7.2.tgz --namespace <name of namespace> --create-namespace --version 2.7.2 -f values-px-central.yaml
    note

    Portworx Backup supports object lock from release version 2.2.0. For more information, refer to S3 Object Lock in Portworx Backup. You need the permissions listed below to check if the bucket configured in the backup location supports object lock. If you are upgrading to Portworx Backup 2.2.0 from any lower version, ensure that the following object lock related permissions are enabled in the AWS web console:

    • s3:GetBucketObjectLockConfiguration
    • s3:GetObjectLegalHold
    • s3:GetObjectRetention

Access permissions in Portworx Backup 2.x.x

Users with admin role can access the following resources in the Portworx Backup web console:

  • Can view and backup clusters that you added
  • Can view all user created backups in the Backups page
  • Can view all Portworx backup security objects such as cloud credentials, backup locations, schedule policies, and backup rules of all users
  • Cannot view all non-Portworx backup security objects

The access permissions available to a user in case of backup sync are:

  • If a user is the owner of a bucket, then the Backups page lists backups of all users who used that bucket

  • If a user is a collaborator, then the user can view own backups only

Was this page helpful?