Upgrade Portworx Backup in air-gapped environment
Prerequisites
- Make sure all the mongoDB pods are in
Ready
state
If you are in air-gapped environment, then follow the steps below to upgrade Portworx Backup from the prior versions to 2.7.3:
-
To pull the Docker images listed in Air-gapped install and push them to an internal registry:
a. Download the
pxcentral-ag-install-backup.sh
air-gapped bootstrap Portworx Backup install script:curl -o pxcentral-ag-install-backup.sh -L "https://install.portworx.com/pxcentral-air-gapped?px-backup=true"
You can also download the install script for a specific release by specifying version in the query.
For example:
curl -o pxcentral-ag-install-backup.sh -L "https://install.portworx.com/pxcentral-air-gapped?version=2.7.3&px-backup=true"
b. Provide execute permission for the install script:
chmod +x pxcentral-ag-install-backup.sh
c. Pull the container images using the
pxcentral-ag-install-backup.sh
script:./pxcentral-ag-install-backup.sh pull
d. Push the images to a local registry server, accessible by the air-gapped nodes. Replace
<repo>
with your registry location:./pxcentral-ag-install-backup.sh push <repo>
-
To generate the customized
values-px-central.yaml
for Portworx Backup installation spec (Helm command):a. Access Portworx Central portal.
b. From the home page, navigate to Backup Services under Explore our Products.
c. Click I agree to EULA and go through the Portworx Products Terms of Use carefully.
d. Navigate back to the Portworx Central portal and click Start Free Trial.
e. In the Spec Details provide the following values:
-
Backup Version: select the required version of Portworx Backup from the drop-down list
-
Namespace: provide the name of the namespace where you want an instance of Portworx Backup to be installed
-
Install using: choose Helm 3
-
Select your environment: choose On-Premises or Cloud based on your storage environment
-
StorageClass Name: name of the StorageClass, refer tooltip for more details
-
Use your OIDC: Select this option only if your external authorization provider is Auth0 and key in the following fields:
- Endpoint
- Client ID
- Client Secret
These values can be fetched from the Auth0 web console.
-
Use existing Prometheus: select this checkbox if you have to use your existing Prometheus stack to monitor Portworx Backup and enter the values for the following fields:
- Prometheus Endpoint: enter details of the endpoint where your Prometheus is installed
- Alertmanager Endpoint: enter details of the endpoint where your Alertmanager is installed
- Prometheus secret name: enter secret name of your Prometheus stack
- Alertmanager secret name: enter secret name of your Alertmanager
- Custom email template from PX-Backup: select to upload Portworx Backup's custom email template to your pre-configured Alertmanager for email notifications
-
Use custom registry: for air-gapped environments
- Custom Image Repository Location: path of custom image repository
- Image Pull Secret(s): create a secret only if image pulling from an internal repository requires credentials
noteCreate a secret only if pulling image from an internal repository requires credentials.
-
-
Click Next to navigate to Finish tab.
-
Under Step 2 in the web console, click
values-px-central.yaml
file to download the default options. -
Retrieve all custom values you used during the Portworx Backup installation. Enter the following helm get values command to generate a YAML file, replacing the
<namespace>
and<release-name>
parameters to match your environment:helm get values --namespace <namespace> <release-name> -o yaml> values.yaml
-
Append the following text to
values.yaml
at the end ofimages
section:mysqlInitImage:
registry: <custom-registry-path>
repo: <custom-repo-path>
preUpgradeHookImage:
registry: <custom-registry-path>
repo: <custom-repo-path>
mongodbImageMap:
registry: <custom-registry-path>
repo: <custom-repo-path> -
Modify the
values-px-central.yaml
downloaded from Portworx Central portal in Step 4 with the changed values fromvalues.yaml
.For example, replace storage class value in
values-px-central.yaml
with that ofvalues.yaml
. -
(Optional) Delete the Prometheus operator deployment upgrade to avoid conflicts:
kubectl delete deploy prometheus-operator -n <px-backup namespace>
noteExecute this step only if you have configured Prometheus and Grafana following the steps mentioned in the topic Configure Prometheus and Grafana.
-
Delete the post install hook job:
kubectl delete job pxcentral-post-install-hook --namespace <namespace>
-
From the machine where you run the helm3 command:
a. Download the latest px-central package with the following command.
curl -O https://raw.githubusercontent.com/portworx/helm/master/stable/px-central-2.7.3.tgz
b. Modify the Helm command generated from Step 2 of web console to provide the helm package, instead of providing the repository. Also ensure that, you update the helm command timeout parameter to
120m
without fail as shown in the following command:helm upgrade px-central px-central-2.7.3.tgz --namespace <name of namespace> --create-namespace --version 2.7.3 -f values-px-central.yaml --timeout=120m
notePortworx Backup supports object lock from release version 2.2.0. For more information, refer to S3 Object Lock in Portworx Backup. You need the permissions listed below to check if the bucket configured in the backup location supports object lock. If you are upgrading to Portworx Backup 2.2.0 from any lower version, ensure that the following object lock related permissions are enabled in the AWS web console:
s3:GetBucketObjectLockConfiguration
s3:GetObjectLegalHold
s3:GetObjectRetention
Access permissions in Portworx Backup 2.x.x
Users with admin role can access the following resources in the Portworx Backup web console:
- Can view and backup clusters that you added
- Can view all user created backups in the Backups page
- Can view all Portworx backup security objects such as cloud credentials, backup locations, schedule policies, and backup rules of all users
- Cannot view all non-Portworx backup security objects
The access permissions available to a user in case of backup sync are:
-
If a user is the owner of a bucket, then the Backups page lists backups of all users who used that bucket
-
If a user is a collaborator, then the user can view own backups only