Upgrading to Veeam Backup for AWS 6a
To upgrade Veeam Backup for AWS to version 6a, a Veeam Backup for AWS appliance must be running version 4.0 or later. To upgrade the appliance, check the prerequisites and follow the instructions provided in section Upgrading Appliances.
During upgrade, the backup appliance operating system will be updated from Ubuntu 18.04 LTS to Ubuntu 22.04 LTS, and the configuration database will be upgraded to PostgreSQL 15. Consider that during upgrade the original root volume of the backup appliance will be replaced with the new one.
How Upgrade to Version 6a Works
When upgrading Veeam Backup for AWS appliances to version 6a, Veeam Backup & Replication performs the following steps:
- Instructs Veeam Backup for AWS to create a cloud-native snapshot of the original appliance. If the upgrade process fails, the appliance will be reverted to the created snapshot.
Consider that this snapshot will be automatically removed by Veeam Backup & Replication from AWS after the upgrade operation completes successfully.
- Upgrades version of the appliance configuration database to PostgreSQL 15: creates a new PostgreSQL database on the data volume, copies all configuration data to this database and removes the old database.
- Saves the following configuration files and settings to the data volume: the appliance configuration file (/etc/awsbackup/config.ini), nginx configuration files (/etc/nginx/nginx.conf, /etc/nginx/proxy_params), users, MFA and timezone settings, and Linux environment (/etc/ssh/, /root/, /home/).
- Launches a new EC2 instance from Veeam Backup for AWS 6a AMI that contains Ubuntu 22.04 LTS as an operating system.
- Detaches the root volume from the newly created EC2 instance and removes the EC2 instance.
- Detaches the outdated root volume and attaches the new root volume to the original appliance.
- Removes the outdated root volume from infrastructure.
- Restores configuration files and settings saved at step 3 to the new root volume.
Before you start the upgrade process, consider the following requirements and limitations:
- The IAM user whose one-time access keys specified when deploying a Veeam Backup for AWS appliance or connecting to the appliance must be assigned permissions required to perform upgrade. For the list of required permissions, see Permissions.
- Outbound internet access must be allowed from the Veeam Backup for AWS appliance to the PostgreSQL Apt Repository (apt.postgresql.org) through the 80 port over the HTTP protocol.
- Outbound internet access must be allowed from the Veeam Backup for AWS appliance to the PostgreSQL through the 443 port over the HTTPS protocol to download the file https://www.postgresql.org/media/keys/ACCC4CF8.asc.
- Outbound internet access must be allowed from the Veeam Backup for AWS appliance to the Veeam Update Notification Server (repository.veeam.com) through the 443 port over the HTTPS protocol.
- Outbound internet access must be allowed from the Veeam Backup for AWS appliance to the Ubuntu Security Update repository (security.ubuntu.com) through the 80 port over the HTTP protocol.
- During upgrade, the data volume of the Veeam Backup for AWS appliance will temporarily contain files of 2 databases. That is why the size of the data volume must be twice the total amount of storage space used by the configuration database.
- During upgrade, Veeam Backup & Replication will create the new root volume with the default settings. That is why if you have modified root disk settings, for example have increased volume size or enabled volume encryption, these settings will not be transferred, and custom 3rd-party software installed on the Veeam Backup for AWS appliance will not be migrated.
- During upgrade, Veeam Backup & Replication will overwrite custom settings of the /etc/fstab configuration file on the Veeam Backup for AWS appliance with the default settings. That is why if you have attached an additional EBS volume to the backup appliance, you must re-mount the volume by adding its label or UUID to the /etc/fstab file.
- After the upgrade process completes, the original root volume will be automatically deleted from AWS.
Eliminating Warnings Received During Upgrade
During upgrade to version 6a, Veeam Backup & Replication will verify whether the IAM user whose one-time access keys are used to connect to the appliance has sufficient permissions to upgrade the appliance. If some permissions are missing, you will receive a warning.
You can manually grant missing permissions to the IAM user in AWS or instruct Veeam Backup & Replication to do it:
- If you want to grant the missing permissions manually, do the following:
- Click Copy permissions to Clipboard.
Note that the list of copied permissions will contain all the permissions required to perform the upgrade operation, not the list of missing permissions.
- In AWS, create an IAM policy with the missing permissions and attach the policy to the IAM user whose permissions are used to connect to the appliance.
To learn how to create IAM policies, see the Veeam Backup for AWS User Guide, section Appendix B. Creating IAM Policies in AWS.
- Back to the Veeam Backup & Replication console, click Proceed.
- If you want to instruct Veeam Backup & Replication to grant the missing permissions automatically, click Grant and provide one-time access keys of an IAM user that is authorized to grant IAM permissions in the opened window. Note that the specified user must belong to the same AWS account in which the Veeam Backup for AWS appliance is deployed.
Veeam Backup & Replication will create an IAM policy with missing permissions and attach the policy to the IAM user whose permissions are used to connect to the appliance.
Veeam Backup & Replication does not store the provided one-time access keys in the configuration database.