Comprehensive data protection for all workloads
Post Reply
HansMeiser
Enthusiast
Posts: 43
Liked: 3 times
Joined: Jul 11, 2022 6:59 am
Contact:

Upgrading Bundled PostgreSQL for security reasons

Post by HansMeiser »

Hello,

during Upgrade to latest 12.2 our service contractor switched from MS-Express to the bundled PostgreSQL 15.8-1.
Now some security updates were published https://www.postgresql.org/about/news/p ... ased-2955/

We want to update within next fews days, In preparation i have some questions.

Is the bundled Version of PostgreSQL adjusted/changed in any way by veeam or is it same package which is downloadable on postgreSQL webpage itself?
If yes, will veeam publish a new version or should we download this update on postgreSQL webpage?
Are there some basic tutorials which helps to handle veeam during update? this includes all preparation on veeams side such as stopping/starting services etc.

Thanks,
Hans
Mildur
Product Manager
Posts: 9777
Liked: 2582 times
Joined: May 13, 2017 4:51 pm
Full Name: Fabian K.
Location: Switzerland
Contact:

Re: Upgrading Bundled PostgreSQL for security reasons

Post by Mildur »

Hi Hans
Is the bundled Version of PostgreSQL adjusted/changed in any way by veeam or is it same package which is downloadable on postgreSQL webpage itself?
We use the default PostgreSQL installer but apply optimized configuration settings. You can always reapply these recommended settings using the following PowerShell cmdlet: Set-VBRPSQLDatabaseServerLimits

If yes, will veeam publish a new version or should we download this update on postgreSQL webpage?
Each Veeam Backup & Replication ISO includes the latest PostgreSQL installer available at the time of release. However, we do not upgrade your PostgreSQL server when you update Veeam Backup & Replication. We aim to implement this feature in future versions.

Today, you have to download the PostgreSQL installer from the PostgreSQL webpage and run the update yourself. For Veeam Backup & Replication v12.2, we support PostgreSQL 14.x and 15.x.
Are there some basic tutorials which helps to handle veeam during update? this includes all preparation on veeams side such as stopping/starting services etc.
Make sure to have a current configuration backup. Then stop all backup/restore activities and Veeam services before proceeding with the PostgreSQL application update.

Best,
Fabian
Product Management Analyst @ Veeam Software
HansMeiser
Enthusiast
Posts: 43
Liked: 3 times
Joined: Jul 11, 2022 6:59 am
Contact:

Re: Upgrading Bundled PostgreSQL for security reasons

Post by HansMeiser »

Hello,

thank you for your help. I will run some testinstallations on testserver to see how it works, after that i run the update on our backup server.
I think requests to this issue and postgres in general will increase in next months. I plead to add this info to your currentyl great collection of infos and tutorials.

Thank you,
Hans
HansMeiser
Enthusiast
Posts: 43
Liked: 3 times
Joined: Jul 11, 2022 6:59 am
Contact:

Re: Upgrading Bundled PostgreSQL for security reasons

Post by HansMeiser »

Hello,

my test installations proceeded well.I hope this works on our backupserver the same way.
I think there should be some "official" tutorials and hints, especially for the case when upgrade fails and may be we have worst case with reinstallation of postgreSQL and restore configuration database.

Thank you,
Hans
HansMeiser
Enthusiast
Posts: 43
Liked: 3 times
Joined: Jul 11, 2022 6:59 am
Contact:

Re: Upgrading Bundled PostgreSQL for security reasons

Post by HansMeiser »

Hello,

we did successful update of our production server, we had no problem. Thank you for your help.
I do not know if Set-VBRPSQLDatabaseServerLimits was run at initial postgresql-installation, so i repeated this step and restartet all parts again.
I assume this step can be skipped during future updates or should one repeat this every time?

Thanks,
Hajo
Mildur
Product Manager
Posts: 9777
Liked: 2582 times
Joined: May 13, 2017 4:51 pm
Full Name: Fabian K.
Location: Switzerland
Contact:

Re: Upgrading Bundled PostgreSQL for security reasons

Post by Mildur »

Hi Hans

Thank you for your feedback. Updating the PostgreSQL server within the supported versions should always just work.
You may have been doing this unknowingly for many years with Microsoft SQL for the configuration database, where Windows Update handled the patching process of the Microsoft SQL server.
I do not know if Set-VBRPSQLDatabaseServerLimits was run at initial postgresql-installation
The command is applied automatically if you installed a new Veeam Backup & Replication V12 server. If you use a remote PostgreSQL server, then the command must be applied by you. You can read more about it in the "detailed description" section.
I assume this step can be skipped during future updates or should one repeat this every time?
It's not necessary when patching the PostgreSQL server, but I recommend running the command (Set-VBRPSQLDatabaseServerLimits) just to ensure our enhanced settings are applied. Although I'm not a PostgreSQL specialist, it's possible in rare cases that some settings might be overwritten during a PostgreSQL upgrade. Reapplying the command makes sure that you use our recommended settings.

Additionally, since version 12.1, we notify you through the Security and Compliance analyzer if the PostgreSQL server isn't using the recommended settings.

Best,
Fabian
Product Management Analyst @ Veeam Software
Post Reply

Who is online

Users browsing this forum: Bing [Bot], Semrush [Bot] and 2 guests