Proxmox Backup Server 3.0 wurde veröffentlicht
Die Backup-Lösung Proxmox Backup Server, die wir auch für unsere NMMN Managed Shared Cloud und für die individuellen NMMN Hosted Private Clouds nutzen, in der Version 3.0.1 veröffentlicht wurde. Die Version 3.0 wurde am 28. Juni 2023 veröffentlicht. Diese Version basiert auf Debian Bookwork (12) und bietet vor allem einen neuen Kernel und aktualisierte Komponenten.
Der neueste Linux-Kernel 6.2 wird jetzt verwendet und das ZFS-Dateisystem wurde auf Version 2.1.12 aktualisiert.
Ansonsten sind nur wenige Neuerungen mit diesem Release-Wechsel von Proxmox Backup Server verbunden. Es werden genannt:
- Unzählige Verbesserungen bei der Bandverarbeitung: Die Aufnahme der Bandsicherungs-/Wiederherstellungsaufgaben in die „Aufgabenübersicht“ des GUI-Dashboards sorgt für eine bessere Übersicht. Beim Wiederherstellen eines einzelnen Snapshots zeigt die Proxmox Backup-Lösung nun eine Liste der benötigten Bänder an. Beim Wiederherstellen von Backups bricht der Task den Job nicht ab, wenn ein Band im Wechsler fehlt, sondern wartet darauf, dass das richtige Band eingelegt wird.
- Flexible Synchronisierung: Auf Client-Seite wird jetzt ein „transfer-last“-Parameter für Sync-Jobs unterstützt. Dies bietet mehr Flexibilität, da es möglich ist, die Anzahl der letzten zu übertragenden Backups anzugeben.
- Sichere Sperrung für TFA/TOTP: Um die Sicherheit weiter zu verbessern, werden Benutzerkonten mit wiederholt fehlgeschlagenen Anmeldeversuchen – also fehlgeschlagener Zweitfaktor-Authentifizierung – gesperrt. Dies schützt vor Angriffen, bei denen das Benutzerpasswort abgerufen und versucht wird, den zweiten Faktor mit Brute-Force-Methode zu erraten. Mit einem Wiederherstellungsschlüssel oder manuell durch einen Administrator kann das Benutzerkonto wieder entsperrt werden.
- Textbasierte Benutzeroberfläche (TUI) für die Installer-ISO: Eine textbasierte Benutzeroberfläche wurde hinzugefügt und kann nun optional zum Sammeln aller erforderlichen Informationen verwendet werden. Dies behebt potenzielle Probleme beim Starten des GTK-basierten grafischen Installationsprogramms auf sehr neuer und eher alter Hardware.
Hier noch die offiziellen Release-Notes zu Proxmox Backup Server aus dem Proxmox-Forum.
Proxmox Backup Server 3.0
Released 28. June 2023
- Based on Debian Bookworm (12.0)
- Latest 6.2 Kernel as stable default
- ZFS 2.1.12
Highlights
- New major release based on the great Debian Bookworm.
- Seamless upgrade from Proxmox Backup Server 2.4, see Upgrade from 2 to 3
- Increase the flexibility of sync-jobs with the new
transfer-lastoption.
- Add new text-based UI mode for the installation ISO, written in Rust using the Cursive TUI (Text User Interface) library.
Changelog Overview
Enhancements in the web interface (GUI)
- Improved Dark color theme:
- The Dark color theme, introduced in Proxmox Backup Server 2.4, received a lot of positive feedback from our community, which resulted in further improvements.
- Tape backup and restore tasks are now included in the task summary.
- When labeling a tape in a changer, the default value cannot be overridden in the GUI anymore:
- Proxmox Backup Server relies on the label being identical to the barcode, so it is not advisable to change the label. If having a different label is required, then it is still possible to override this via the CLI.
- Fixed an issue where the GUI would not immediately refresh the subscription information after uploading a subscription key.
- Improved translations, among others:
- Ukrainian (NEW)
- Japanese
- Simplified Chinese
- Traditional Chinese
- The size units (Bytes, KB, MiB,…) are now passed through the translation framework as well, allowing localized variants (e.g., for French).
- The language selection is now localized and displayed in the currently selected language
General backend improvements
- Chunk store now handles specific edge cases during insertion more gracefully.
- Updated the kernel of the image that
proxmox-backup-restore-imageuses to 6.2.16 and ZFS 2.1.12.- This can be particularly useful when trying to restore from guests that used newer features of a filesystem that are only supported by newer kernel versions, for example with Btrfs or ZFS volumes.
- In HTTP error responses, mention the requested path instead of the filesystem path, to avoid triggering automated security scanners.
- When authenticating via PAM, pass the
PAM_RHOSTitem. With this, it is possible to manually configure PAM such that certain users (for example root@pam) can only log in from certain hosts.
Client improvements
- Increase the flexibility of sync-jobs with the new
transfer-lastoption:- Specifying this parameter will only transfer the newest
nbackups, instead of all backups.
- Specifying this parameter will only transfer the newest
- Improved log output for sync jobs: In order to improve readability, the log now contains one opening line for every backup group.
proxmox-backup-manager user tfanow supportslistanddeletecommands (issue #4734).- These can be used to list all currently configured TFA tokens as well as delete them.
proxmox-file-restorenow honors the environment variablePBS_QEMU_DEBUG.- Fix an issue where running the
statuscommand would fail with a traceback (issue #4638). - Improved error handling when zipping a directory fails, by exiting early if a fatal error occurs.
Tape backup
- Improved reading attributes from tapes that use medium auxiliary memory (MAM).
- Show a list of required tapes when restoring a single snapshot, like it has been the case for full restores already.
- Added a fallback mode for tapes only supporting the 6 byte variant of the
MODE SENSEorSELECTcommands. This improves compatibility with some tape drives and libraries, for example the StarWind VTL. - When restoring backups, instead of aborting when a tape is missing in the changer, the task now waits for the correct tape to be inserted (issue #4719).
- Fixed an issue with media-sets that have multiple datastores, where trying to restore a single datastore via the GUI would inadvertently restore all datastores.
Access control
- Add TFA/TOTP lockout to protect against an attacker who has obtained the user password and attempts to guess the second factor:
- If TFA fails too many times in a row, this user account is locked out of TFA for an hour. If TOTP fails too many times in a row, TOTP is disabled for the user account. Using a recovery key will unlock a user account.
- The configuration for LDAP realms is now actively tested by attempting to connect before adding such a realm to the configuration.
- Surround user filter expressions with parentheses if they are not already present, similarly to Proxmox VE.
- Remove support for unauthenticated LDAP binds (where no password is given), which are not supported in Proxmox VE either.
Installation ISO
- Add new text-based UI mode for the installation ISO, written in Rust using the Cursive TUI (Text User Interface) library:
- You can use the new TUI mode to work around issues with launching the GTK based graphical installer, sometimes observed on both very new and rather old hardware.
- The new text mode executes the same code for the actual installation as the existing graphical mode.
- The version of BusyBox shipped with the ISO was updated to version 1.36.1.
- Detection of unreasonable system time.
- If the system time is older than the time the installer was created, the system notifies the user with a warning.
ethtoolis now shipped with the ISO and installed on all systems.systemd-bootis provided by its own package instead ofsystemdin Debian Bookworm and is installed with the new ISO.
Notable bug fixes
- Fixed an issue where certain prune job tasks did not show up in the task summary.
- Fixed an issue where garbage collection would incorrectly show warnings when namespaces were used by a datastore (issue #4357).
- Fixed a bug that prevented entering netmasks for networks with CIDR prefix length smaller than /8 in the network interface configuration (issue #4722).
- Restoring files from a ZFS snapshot directory now works with
proxmox-file-restore(issue #4477).
Known Issues & Breaking Changes
- User accounts will now be locked after too many attempts to authenticate with a second factor. This is intended to protect against an attacker who has obtained the user password and attempts to guess the second factor. Unlocking requires either a successful login with a recovery key or a manual unlock by an administrator.
- Systems booting via UEFI from a ZFS on root setup should install the
systemd-bootpackage after the upgrade.- The
systemd-bootwas split out from thesystemdpackage for Debian Bookworm based releases. It won’t get installed automatically upon upgrade from Proxmox VE 7.4 as it can cause trouble on systems not booting from UEFI with ZFS on root setup by the Proxmox VE installer. - Systems which have ZFS on root and boot in UEFI mode will need to manually install it if they need to initialize a new ESP (see the output of
proxmox-boot-tool statusand the relevant documentation). - Note that the system remains bootable even without the package installed (the boot-loader that was copied to the ESPs during intialization remains untouched), so you can also install it after the upgrade was finished.
- It is not recommended installing
systemd-booton systems which don’t need it, as it would replacegrubas bootloader in itspostinstscript.
- The
