We've experienced a lot of extra work after installing 'just' some minor Veeam patches (e.g. v11a and also v11a CP). After installing the patches to our B&R CC server all of our hardened repositories changed to the 'Unavalaible' state which resulted in a lot of failed jobs.
Currently it requires a lot of extra steps to get the hardened linux server online/reachable, enable SSH, add veeam user to sudo, manually enter credentials for all linux servers in Veeam and the rest of the steps in reverse...
It's arguable that those extra steps are not that bad when only one or two hardened repositories are used but for multiple hardened repositories (or for cloud connect providers like we are) it doesn't make sense to not be notified about it prior to installing the patches.
Is it normal behavior that Linux servers/Hardened repositories directly go into an incompatible state in the first place instead of just showing as 'Out of date' like other components do? If yes maybe it's a good idea to mention this breaking parts in the release notes for future patches so it doesn't have to be a suprise to anyone.
-
MarvinSt
- Service Provider
- Posts: 13
- Liked: 2 times
- Joined: Feb 29, 2012 8:25 am
- Full Name: Marvin
- Contact:
minor Veeam patches breaking hardened repositories
Veeam Certified Engineer
-
veremin
- Product Manager
- Posts: 20284
- Liked: 2258 times
- Joined: Oct 26, 2012 3:28 pm
- Full Name: Vladimir Eremin
- Contact:
Re: minor Veeam patches breaking hardened repositories
According to the QA team, this is what should happen after product updated:
* Linux server is marked as "Out of date" (if this does not happen, it's worth opening a support ticket)
* User enables SSH access on the server
* User passes repository wizard again
* User disable SSH access on the server
We do understand that the process might be a bit complicated, so we are actively working on improving it:
* Linux server is marked as "Out of date" (if this does not happen, it's worth opening a support ticket)
* User enables SSH access on the server
* User passes repository wizard again
* User disable SSH access on the server
We do understand that the process might be a bit complicated, so we are actively working on improving it:
Thanks!Gostev wrote:Q: I disabled all remote access interfaces on my hardened backup repository as you suggested. Unfortunately, having SSH Server disabled turned installing Veeam updates into a nightmare as I need to be physically present at the repository server. And for me this means N miles long drive to M different sites each and every time!
A: We're already working on addressing this issue with some architecture changes. In future, updating Veeam components on a hardened repository will not require temporarily enabling SSH access, as hardened repository will be able to download and install [signed] update packages by itself.
Who is online
Users browsing this forum: Semrush [Bot] and 66 guests