Veritas NetBackup™ Appliance Upgrade Guide

Last Published:
Product(s): Appliances (4.0)
Platform: NetBackup Appliance OS

Installing a NetBackup appliance software update using the NetBackup Appliance Shell Menu

Use the following procedure to start the appliance upgrade.

Note:

If you have enabled the STIG feature on an appliance and you need to upgrade it or install an EEB on it, do not plan such installations during the 4:00am - 4:30am time frame. By following this best practice, you can avoid interrupting the automatic update of the AIDE database and any monitored files, which can cause multiple alert messages from the appliance.

To install a downloaded release update using the NetBackup Appliance Shell Menu

  1. Check to make sure that the following required updates and pre-upgrade tasks have already been performed:
    • All required pre-upgrade updates have been completed. For a complete list of required updates prior to 4.0 upgrades, refer to the following article:

      https://www.veritas.com/support/en_US/article.100046066

    • All jobs have been stopped or suspended and all SLPs have been paused.

    • The Support > Test Software command has been run and it returned a Pass result.

  2. Log in to the NetBackup Appliance Shell Menu from the IPMI console.

    Note:

    Veritas recommends that you log in using the shell menu from the IPMI console instead of an SSH session. The IPMI console is also known as the Veritas Remote Manager interface. For details about how to access and use the Veritas Remote Manager, refer to the following document: NetBackup Appliance Hardware Installation Guide.

  3. Make sure that you have downloaded and have run the latest version of the Appliance Upgrade Readiness Analyzer tool. The analyzer tool must produce a pass result before you can continue to the next step.
  4. To install the software release update, run the following command:

    Main_Menu > Manage > Software > Install patch_name

    Where patch_name is the name of the release update to install. Make sure that this patch name is the one that you want to install.

  5. Monitor the preflight check and watch for any Check failed messages.
    • If no Check failed messages appear, you are prompted to continue to the next step to start the upgrade.

    • If any Check failed messages appear, the upgrade is not allowed. You must resolve the reported failures, then launch the upgrade script again so that the preflight check can verify that the failures have been resolved.

    • If any Check failed messages indicate that a RHEL version third-party plug-in was not found, you must obtain the plug-in from the appropriate vendor.

  6. After all preflight check items have passed, and before the upgrade begins, you must first select how the upgrade process should respond if any errors occur during the upgrade. The following prompt appears:
    If an error occurs during the upgrade, do you want to
    immediately enforce an automatic rollback? [yes, no]

    Enter yes to immediately enforce an automatic rollback.

    Enter no to pause the upgrade process and investigate the errors.

  7. After all preflight check items have passed, you may need to trust the CA certificate and the host ID-based certificate to start the upgrade process.

    To trust and deploy the CA certificates, do the following:

    • Verify the CA certificate detail and enter yes to trust the CA certificate, as follows:

      To continue with the upgrade, verify the following CA 
      certificate detail and enter "yes" to trust the CA certificate.
      CA Certificate Details:
           Subject Name : /CN=nbatd/OU=root@abc.example.com/O=vx
             Start Date : Jul 14 12:59:18 2017 GMT
            Expiry Date : Jul 09 14:14:18 2037 GMT
       SHA1 Fingerprint : 31:E9:97:2E:50:11:51:7C:D6:25:7F:32:86:3D:
                          6B:D5:33:5C:11:E2
      
      >> Do you want to trust the CA certificate? [yes, no](yes) 
      
    • If the security level of the master server is Very High, you must manually enter an authorization token to deploy the host ID-based certificate on the appliance, as follows:

      >> Enter token:

      Note:

      If the appliance does not have a valid host-id certificate before the next upgrade to a later version, a reissue token is required for the next upgrade.

    • If the security level of the master server is High or Medium, the authentication token is not required. The host ID-based certificate is automatically deployed onto the appliance.

    For more information about security certificates, refer to the chapter "Security certificates in NetBackup" in the NetBackup Security and Encryption Guide.

  8. Master server upgrades from software versions 3.1.1 and earlier require you to provide a Veritas Usage Insights registration key. To obtain the registration key, follow the onscreen instructions.
  9. To check the upgrade status before the AIM window appears, enter the following command:

    Main_Menu > Manage > Software >UpgradeStatus

    The system reboots one or more times during the upgrade process. After the first reboot, the NetBackup Appliance Web Console and any SSH-based connections to the server are unavailable until the appliance has booted up. This condition may last two hours or more, depending on the complexity of the appliance configuration. It is important that you do not attempt to manually reboot the appliance during this time. You can use the Veritas Remote Management interface (IPMI) to view the system status. In addition, you may view the logs under /log or wait for the appliance to send an email upon completion of the upgrade process.

    During the upgrade process, you can open the AIM window to view the upgrade progress and the estimated remaining time.

  10. If problems are detected during the post-upgrade self-test, the AIM window shows the upgrade status as Paused. Other SSH sessions and email notifications also indicate this status.

    To clear the Paused status, perform the following tasks:

    • Press the V key to switch to the Verbose view to see the logs. If there are any Unique Message Identification (UMI) codes for the errors, search for them on the Veritas Support website to get more detailed information.

    • Try to fix the problem that the AIM window reports.

      If you need to use the shell menu, log on to the NetBackup Appliance Shell Menu through an SSH session. When the AIM window appears, press the S key to close it.

    • Go back to the AIM window on the IPMI console.

      If you tried fixing the problem, press the A key to attempt the self-test again. If you cannot fix the problem, contact Veritas Support or press the R key to roll back the appliance to the previous software version.

      Note:

      Starting with the 3.1.2 release, if the post-upgrade self-test fails, an automatic rollback is no longer enforced. If you select Attempt again and the self-test still fails, the upgrade pauses again and prompts with the same options.

  11. After the upgrade has completed, the AIM window shows a summary of the upgrade results.

    After the disk pools are back online, the appliance runs a self-diagnostic test. Refer to the following file for the test results:

    /log/selftest_report_<appliance_serial>_<timedate>.txt

    If SMTP is configured, an email notification that contains the self-test result is sent.

  12. For HA setups only:

    After you have completed the upgrade on the first node, immediately perform the following tasks in the order as shown:

    • On the upgraded node, run the Manage > High Availability > Switchover command to switch the MSDP services over to the upgraded node.

    • On the upgraded node, run the Support > Test Software command to verify the status of various appliance software components. If the test passes, log in to the other node and upgrade it using all of the previous steps.

  13. Complete this step only if your backup environment includes SAN client computers.

    The Fibre Channel (FC) ports must be re-scanned to allow any SAN client computers to reconnect to the Fibre Transport (FT) devices. The re-scan must be done from the NetBackup CLI view on the appliance.

    To re-scan the FC ports:

    • Enter the following command to see a list of NetBackup user accounts:

      Manage > NetBackupCLI > List

    • Log on to this appliance as one of the listed NetBackup users.

    • Run the following command to rescan the FC ports:

      nbftconfig -rescanallclients

    • If any SAN clients still do not work, run the following commands on each of those clients in the order as shown:

      On UNIX clients:

      /usr/openv/netbackup/bin/bp.kill_all

      /usr/openv/netbackup/bin/bp.start_all

      On Windows clients:

      <install_path>\NetBackup\bin\bpdown

      <install_path>\NetBackup\bin\bpup

    • If any SAN clients still do not work, manually initiate a SCSI device refresh at the OS level. The refresh method depends on the operating system of the client. Once the refresh has completed, attempt the nbftconfig -rescanallclients command again.

    • If any SAN clients still do not work, reboot those clients.

      Note:

      If you have SLES 10 or SLES 11 SAN clients that still do not work, Veritas recommends upgrading the QLogic driver on those clients. For the affected SLES 10 clients, upgrade to version 8.04.00.06.10.3-K. For the affected SLES 11 clients, upgrade to version 8.04.00.06.11.1.