Veritas NetBackup™ Appliance Upgrade Guide
- About upgrades to NetBackup appliance software version 3.1.1 and the Red Hat Enterprise Linux operating system
- Upgrade planning
- Pre-upgrade tasks
- Performing the upgrade
- Methods for downloading appliance software release updates
- Post upgrade tasks
Installing a NetBackup appliance software update using the NetBackup Appliance Shell Menu
Use the following procedure to start the appliance upgrade.
If you have enabled the STIG feature on an appliance and you need to upgrade it or install an EEB on it, do not plan such installations during the 4:00am - 4:30am time frame. By following this best practice, you can avoid interrupting the automatic update of the
AIDE database and any monitored files, which can cause multiple alert messages from the appliance.
To install a downloaded release update using the NetBackup Appliance Shell Menu
- Check to make sure that the following pre-upgrade tasks have already been performed:
All jobs have been stopped or suspended and all SLPs have been paused.
The Support > Test Software command has been run and it returned a Pass result.
All of the necessary RHEL plug-in packages have been copied into the appropriate location.
- Log in to the NetBackup Appliance Shell Menu from the IPMI console.
Veritas recommends that you log in using the shell menu from the IPMI console instead of an SSH session. The IPMI console is also known as the Veritas Remote Manager interface. For details about how to access and use the Veritas Remote Manager, refer to the following document: NetBackup Appliance Hardware Installation Guide.
- To install the software release update, run the following command:
Main_Menu > Manage > Software > Install patch_name
Where patch_name is the name of the release update to install. Make sure that this patch name is the one that you want to install.
- Monitor the preflight check and watch for any Check failed messages.
If no Check failed messages appear, you are prompted to continue to the next step to start the upgrade.
If any Check failed messages appear, the upgrade is not allowed. You must resolve the reported failures, then launch the upgrade script again so that the preflight check can verify that the failures have been resolved. Click on the UMI links (V-409-xxx-xxxx) for information about how to resolve the reported issues.
If any Check failed messages indicate that a RHEL version third-party plug-in was not found, you must obtain the plug-in from the appropriate vendor. Refer to the following topic for installation details:
- After all preflight check items have passed, you may need to trust the CA certificate and the host ID-based certificate to start the upgrade process.
To trust and deploy the CA certificates, do the following:
Verify the CA certificate detail and enter yes to trust the CA certificate, as follows:
To continue with the upgrade, verify the following CA certificate detail and enter "yes" to trust the CA certificate. CA Certificate Details: Subject Name : /CN=nbatd/OUemail@example.com/O=vx Start Date : Jul 14 12:59:18 2017 GMT Expiry Date : Jul 09 14:14:18 2037 GMT SHA1 Fingerprint : 31:E9:97:2E:50:11:51:7C:D6:25:7F:32:86:3D: 6B:D5:33:5C:11:E2 >> Do you want to trust the CA certificate? [yes, no](yes)
If the security level of the master server is Very High, you must manually enter an authorization token to deploy the host ID-based certificate on the appliance, as follows:
>> Enter token:
If the appliance is ever factory reset or re-imaged after it has been upgraded to version 3.1 or later, a reissue token is required for the next upgrade.
If the security level of the master server is High or Medium, the authentication token is not required. The host ID-based certificate is automatically deployed onto the appliance.
For more information about security certificates, refer to the chapter "Security certificates in NetBackup" in the NetBackup Security and Encryption Guide.
- To check the upgrade status before the AIM window appears, enter the following command:
Main_Menu > Manage > Software >UpgradeStatus
The system reboots at least two times during the upgrade process. After the first reboot, the NetBackup Appliance Web Console and any SSH-based connections to the server are unavailable until the reboot process has completed. This condition may last two hours or more, depending on the complexity of the appliance configuration. It is important that you do not attempt to manually reboot the appliance during this time. You can use the Veritas Remote Management interface (IPMI) to view the system status. In addition, you may view the logs under
/logor wait for the appliance to send an email upon completion of the upgrade process.
During the upgrade process, you can open the AIM window to view the upgrade progress and the estimated remaining time.
- If problems are detected during the post-upgrade self-test, the AIM window shows the upgrade status as Paused. Other SSH sessions and email notifications also indicate this status.
To clear the Paused status, perform the following tasks:
Press the V key to switch to the Verbose view to see the logs. If there are any Unique Message Identification (UMI) codes for the errors, search for them on the Veritas Support website to get more detailed information.
Try to fix the problem that the AIM window reports.
If you need to use the shell menu, log on to the NetBackup Appliance Shell Menu through an SSH session. When the AIM window appears, press the S key to close it.
Go back to the AIM window on the IPMI console.
If you tried fixing the problem, press the A key to attempt the self-test again. If you cannot fix the problem, contact Technical Support or press the R key to roll back the appliance to the previous software version.
A rollback occurs automatically after one hour if there is no user response on the AIM window during a pause condition.
- After the upgrade has completed, the AIM window shows a summary of the upgrade results.
the disk pools are back online, the appliance runs a self-diagnostic test. Refer to the following file for the test results:
If SMTP is configured, an email notification that contains the self-test result is sent.
- Complete this step only if your backup environment includes SAN client computers.
The Fibre Channel (FC) ports must be re-scanned to allow any SAN client computers to reconnect to the Fibre Transport (FT) devices. The re-scan must be done from the NetBackup CLI view on the appliance.
To re-scan the FC ports:
Enter the following command to see a list of NetBackup user accounts:
Manage > NetBackupCLI > List
Log on to this appliance as one of the listed NetBackup users.
Run the following command to rescan the FC ports:
If any SAN clients still do not work, run the following commands on each of those clients in the order as shown:
On UNIX clients:
On Windows clients:
If any SAN clients still do not work, manually initiate a SCSI device refresh at the OS level. The refresh method depends on the operating system of the client. Once the refresh has completed, attempt the nbftconfig -rescanallclients command again.
If any SAN clients still do not work, reboot those clients.
If you have SLES 10 or SLES 11 SAN clients that still do not work, Veritas recommends upgrading the QLogic driver on those clients. For the affected SLES 10 clients, upgrade to version 8.04.00.06.10.3-K. For the affected SLES 11 clients, upgrade to version 8.04.00.06.11.1.
- Refer to the following topic for tasks that may be required after the upgrade has completed: