Update proxmox 6.4.x to 7.x

Updating a proxmox system from version 6.4.x to 7.x using https://pve.proxmox.com/wiki/Upgrade_from_6.x_to_7.0

Proxmox VE 6.x is based on Debian 10.x which is called “buster”.
Proxmox VE 7.x is based on Debian 11.x which is called “bullseye”.

  1. Make sure you have a backup of all VMs, Containers, Proxmox itself etc.
  2. Login via SSH/CLI
  3. Check your sources.list file, should look like this:

    cat /etc/apt/sources.list

    deb http://deb.debian.org/debian     bullseye main contrib
    deb http://deb.debian.org/debian     bullseye-updates main contrib
    # security updates
    deb http://security.debian.org     bullseye/updates main contrib

    You may use sed -i 's/buster\/updates/bullseye-security/g;s/buster/bullseye/g' /etc/apt/sources.list to update "buster" to "bullseye".

  4. Check the enterprise repository:

    cat /etc/apt/sources.list.d/pve-enterprise.list

    When running Proxmox VE 7.x with No-Subscription use:

    deb http://download.proxmox.com/debian/pve bullseye pve-no-subscription

    When running Proxmox VE 7.x with a subscription use:

    deb https://enterprise.proxmox.com/debian/pve     bullseye pve-enterprise

  5. Check Proxmox version using:

    pveversion -v

  6. Run the pve6to7 script

    root@prxmx024a:~# pve6to7
    = CHECKING VERSION INFORMATION FOR PVE PACKAGES =

    Checking for package updates..
    PASS: all packages uptodate

    Checking proxmox-ve package version..
    PASS: proxmox-ve package has version >= 6.4-1

    Checking running kernel version..
    PASS: expected running kernel '5.4.203-1-pve'.

    = CHECKING CLUSTER HEALTH/SETTINGS =

    SKIP: standalone node.

    = CHECKING HYPER-CONVERGED CEPH STATUS =

    SKIP: no hyper-converged ceph setup detected!

    = CHECKING CONFIGURED STORAGES =

    PASS: storage 'local' enabled and active.
    PASS: storage 'local-lvm' enabled and active.
    PASS: storage 'storageusbhdd01' enabled and active.

    = MISCELLANEOUS CHECKS =

    INFO: Checking common daemon services..
    PASS: systemd unit 'pveproxy.service' is in state 'active'
    PASS: systemd unit 'pvedaemon.service' is in state 'active'
    PASS: systemd unit 'pvestatd.service' is in state 'active'
    INFO: Checking for running guests..
    PASS: no running guest detected.
    INFO: Checking if the local node's hostname 'proxmox1' is resolvable..
    INFO: Checking if resolved IP is configured on local node..
    PASS: Resolved node IP '192.168.2.106' configured and active on single interface.
    INFO: Checking backup retention settings..
    INFO: storage 'local' - no backup retention settings defined - by default, PVE 7.x will no longer keep only the last backup, but all backups
    PASS: no problems found.
    INFO: checking CIFS credential location..
    PASS: no CIFS credentials at outdated location found.
    INFO: Checking custom roles for pool permissions..
    INFO: Checking node and guest description/note legnth..
    PASS: All node config descriptions fit in the new limit of 64 KiB
    PASS: All guest config descriptions fit in the new limit of 8 KiB
    INFO: Checking container configs for deprecated lxc.cgroup entries
    PASS: No legacy 'lxc.cgroup' keys found.
    INFO: Checking storage content type configuration..
    PASS: no problems found
    INFO: Checking if the suite for the Debian security repository is correct..
    INFO: Make sure to change the suite of the Debian security repository from 'buster/updates' to 'bullseye-security' - in /etc/apt/sources.list:6
    SKIP: NOTE: Expensive checks, like CT cgroupv2 compat, not performed without '--full' parameter

    = SUMMARY =

    TOTAL:    20
    PASSED:   17
    SKIPPED:  3
    WARNINGS: 0
    FAILURES: 0
    root@prxmx024a:~#
    root@prxmx024a:~#


  7. Run the pve6to7 script with the parameter -full

    root@prxmx024a:~#
    root@prxmx024a:~# pve6to7 --full
    = CHECKING VERSION INFORMATION FOR PVE PACKAGES =

    Checking for package updates..
    PASS: all packages uptodate

    Checking proxmox-ve package version..
    PASS: proxmox-ve package has version >= 6.4-1

    Checking running kernel version..
    PASS: expected running kernel '5.4.203-1-pve'.

    = CHECKING CLUSTER HEALTH/SETTINGS =

    SKIP: standalone node.

    = CHECKING HYPER-CONVERGED CEPH STATUS =

    SKIP: no hyper-converged ceph setup detected!

    = CHECKING CONFIGURED STORAGES =

    PASS: storage 'local' enabled and active.
    PASS: storage 'local-lvm' enabled and active.
    PASS: storage 'storageusbhdd01' enabled and active.

    = MISCELLANEOUS CHECKS =

    INFO: Checking common daemon services..
    PASS: systemd unit 'pveproxy.service' is in state 'active'
    PASS: systemd unit 'pvedaemon.service' is in state 'active'
    PASS: systemd unit 'pvestatd.service' is in state 'active'
    INFO: Checking for running guests..
    PASS: no running guest detected.
    INFO: Checking if the local node's hostname 'proxmox1' is resolvable..
    INFO: Checking if resolved IP is configured on local node..
    PASS: Resolved node IP '192.168.2.106' configured and active on single interface.
    INFO: Checking backup retention settings..
    INFO: storage 'local' - no backup retention settings defined - by default, PVE 7.x will no longer keep only the last backup, but all backups
    PASS: no problems found.
    INFO: checking CIFS credential location..
    PASS: no CIFS credentials at outdated location found.
    INFO: Checking custom roles for pool permissions..
    INFO: Checking node and guest description/note legnth..
    PASS: All node config descriptions fit in the new limit of 64 KiB
    PASS: All guest config descriptions fit in the new limit of 8 KiB
    INFO: Checking container configs for deprecated lxc.cgroup entries
    PASS: No legacy 'lxc.cgroup' keys found.
    INFO: Checking storage content type configuration..
    PASS: no problems found
    INFO: Checking if the suite for the Debian security repository is correct..
    INFO: Make sure to change the suite of the Debian security repository from 'buster/updates' to 'bullseye-security' - in /etc/apt/sources.list:6
    SKIP: No containers on node detected.

    = SUMMARY =

    TOTAL:    20
    PASSED:   17
    SKIPPED:  3
    WARNINGS: 0
    FAILURES: 0
    root@prxmx024a:~#

  8. Update your repository and packages:

    apt update

  9. Now upgrade the packages:

    apt dist-upgrade

  10. Reboot to activate the new Kernel, to check if you got all packages, run 'pveversion -v' and compare your output (all packages should have equal or higher version numbers): 
  11. Check Proxmox version using  

    pveversion -v



Example:

root@prxmx024a:~#
root@prxmx024a:~# pve6to7
= CHECKING VERSION INFORMATION FOR PVE PACKAGES =

Checking for package updates..
PASS: all packages uptodate

Checking proxmox-ve package version..
PASS: proxmox-ve package has version >= 6.4-1

Checking running kernel version..
PASS: expected running kernel '5.4.203-1-pve'.

= CHECKING CLUSTER HEALTH/SETTINGS =

SKIP: standalone node.

= CHECKING HYPER-CONVERGED CEPH STATUS =

SKIP: no hyper-converged ceph setup detected!

= CHECKING CONFIGURED STORAGES =

PASS: storage 'local' enabled and active.
PASS: storage 'local-lvm' enabled and active.
PASS: storage 'storageusbhdd01' enabled and active.

= MISCELLANEOUS CHECKS =

INFO: Checking common daemon services..
PASS: systemd unit 'pveproxy.service' is in state 'active'
PASS: systemd unit 'pvedaemon.service' is in state 'active'
PASS: systemd unit 'pvestatd.service' is in state 'active'
INFO: Checking for running guests..
PASS: no running guest detected.
INFO: Checking if the local node's hostname 'proxmox1' is resolvable..
INFO: Checking if resolved IP is configured on local node..
PASS: Resolved node IP '192.168.2.106' configured and active on single interface.
INFO: Checking backup retention settings..
INFO: storage 'local' - no backup retention settings defined - by default, PVE 7.x will no longer keep only the last backup, but all backups
PASS: no problems found.
INFO: checking CIFS credential location..
PASS: no CIFS credentials at outdated location found.
INFO: Checking custom roles for pool permissions..
INFO: Checking node and guest description/note legnth..
PASS: All node config descriptions fit in the new limit of 64 KiB
PASS: All guest config descriptions fit in the new limit of 8 KiB
INFO: Checking container configs for deprecated lxc.cgroup entries
PASS: No legacy 'lxc.cgroup' keys found.
INFO: Checking storage content type configuration..
PASS: no problems found
INFO: Checking if the suite for the Debian security repository is correct..
INFO: Make sure to change the suite of the Debian security repository from 'buster/updates' to 'bullseye-security' - in /etc/apt/sources.list:6
SKIP: NOTE: Expensive checks, like CT cgroupv2 compat, not performed without '--full' parameter

= SUMMARY =

TOTAL:    20
PASSED:   17
SKIPPED:  3
WARNINGS: 0
FAILURES: 0
root@prxmx024a:~#
root@prxmx024a:~#
root@prxmx024a:~#
root@prxmx024a:~# pve6to7 --full
= CHECKING VERSION INFORMATION FOR PVE PACKAGES =

Checking for package updates..
PASS: all packages uptodate

Checking proxmox-ve package version..
PASS: proxmox-ve package has version >= 6.4-1

Checking running kernel version..
PASS: expected running kernel '5.4.203-1-pve'.

= CHECKING CLUSTER HEALTH/SETTINGS =

SKIP: standalone node.

= CHECKING HYPER-CONVERGED CEPH STATUS =

SKIP: no hyper-converged ceph setup detected!

= CHECKING CONFIGURED STORAGES =

PASS: storage 'local' enabled and active.
PASS: storage 'local-lvm' enabled and active.
PASS: storage 'storageusbhdd01' enabled and active.

= MISCELLANEOUS CHECKS =

INFO: Checking common daemon services..
PASS: systemd unit 'pveproxy.service' is in state 'active'
PASS: systemd unit 'pvedaemon.service' is in state 'active'
PASS: systemd unit 'pvestatd.service' is in state 'active'
INFO: Checking for running guests..
PASS: no running guest detected.
INFO: Checking if the local node's hostname 'proxmox1' is resolvable..
INFO: Checking if resolved IP is configured on local node..
PASS: Resolved node IP '192.168.2.106' configured and active on single interface.
INFO: Checking backup retention settings..
INFO: storage 'local' - no backup retention settings defined - by default, PVE 7.x will no longer keep only the last backup, but all backups
PASS: no problems found.
INFO: checking CIFS credential location..
PASS: no CIFS credentials at outdated location found.
INFO: Checking custom roles for pool permissions..
INFO: Checking node and guest description/note legnth..
PASS: All node config descriptions fit in the new limit of 64 KiB
PASS: All guest config descriptions fit in the new limit of 8 KiB
INFO: Checking container configs for deprecated lxc.cgroup entries
PASS: No legacy 'lxc.cgroup' keys found.
INFO: Checking storage content type configuration..
PASS: no problems found
INFO: Checking if the suite for the Debian security repository is correct..
INFO: Make sure to change the suite of the Debian security repository from 'buster/updates' to 'bullseye-security' - in /etc/apt/sources.list:6
SKIP: No containers on node detected.

= SUMMARY =

TOTAL:    20
PASSED:   17
SKIPPED:  3
WARNINGS: 0
FAILURES: 0
root@prxmx024a:~#
root@prxmx024a:~# cat /etc/apt/sources.list
deb http://deb.debian.org/debian buster main contrib

deb http://deb.debian.org/debian buster-updates main contrib

# security updates
deb http://security.debian.org buster/updates main contrib

root@prxmx024a:~#
root@prxmx024a:~#
root@prxmx024a:~# sed -i 's/buster\/updates/bullseye-security/g;s/buster/bullseye/g' /etc/apt/sources.list
root@prxmx024a:~#
root@prxmx024a:~# cat /etc/apt/sources.list
deb http://deb.debian.org/debian bullseye main contrib

deb http://deb.debian.org/debian bullseye-updates main contrib

# security updates
deb http://security.debian.org bullseye-security main contrib

root@prxmx024a:~#
root@prxmx024a:~# cat /etc/apt/sources.list.d/pve-enterprise.list
deb http://download.proxmox.com/debian/pve buster pve-no-subscription
#deb https://enterprise.proxmox.com/debian/pve buster pve-enterprise
root@prxmx024a:~#
root@prxmx024a:~# vi /etc/apt/sources.list.d/pve-enterprise.list
root@prxmx024a:~#
root@prxmx024a:~# cat /etc/apt/sources.list.d/pve-enterprise.list
deb http://download.proxmox.com/debian/pve bullseye pve-no-subscription
#deb http://download.proxmox.com/debian/pve buster pve-no-subscription
#deb https://enterprise.proxmox.com/debian/pve buster pve-enterprise
root@prxmx024a:~#
root@prxmx024a:~#
root@prxmx024a:~#
root@prxmx024a:~# apt update
Hit:1 http://deb.debian.org/debian bullseye InRelease
Get:2 http://download.proxmox.com/debian/pve bullseye InRelease [2,768 B]
Get:3 http://deb.debian.org/debian bullseye-updates InRelease [44.1 kB]
Hit:4 http://security.debian.org bullseye-security InRelease
Get:5 http://download.proxmox.com/debian/pve bullseye/pve-no-subscription amd64 Packages [427 kB]
Fetched 474 kB in 0s (1,022 kB/s)
Reading package lists... Done
Building dependency tree
Reading state information... Done
582 packages can be upgraded. Run 'apt list --upgradable' to see them.
root@prxmx024a:~#
root@prxmx024a:~# apt list --upgradable
[...]
root@prxmx024a:~# apt dist-upgrade
[...]
root@prxmx024a:~# reboot

at No comments:
Labels: ,
Subscribe to: Posts (Atom)

Splunk UseCase for attacks against FortiGate Firewall management interfaces

If you are using Splunk as your SIEM you can try to detect attacks against your FortiGate firewalls by using the following SPL query: index...