[SOLVED] Download PVE8 packages and continue upgrade offline

[keeka]

AIUI it is recommended to perform the upgrade with all guests shutdown. My home router is a proxmox guest, so I wondered if I will encounter problems if I download packages, stop that guest, and continue with the upgrade offline:

apt update
apt dist-upgrade --download-only
qm shutdown 100
apt dist-upgrade

 

[Brian Read]

I've got the same problem (and the server is in my garage!). In the past I've configured a router/modem and attached that to the network, killed the router VM, altered the gateway address and then followed the update instructions.

However I'd be glad to hear that your technique would work. Save me a lot of trouble.

 

[keeka]

However I'd be glad to hear that your technique would work. Save me a lot of trouble.

I have just upgraded offline after downloading packages. It worked fine. No issues or workarounds needed in my case.
Just to add, I also performed the upgrade with shared storage disconnected (forgot to disable it) without impact.

 

[Brian Read]

Good news. I'll try it (I've already got good backups of all my VMs and containers). I'll report here - maybe not for a day or so though.

 

[Brian Read]

PS Forgot to ask - did you do it remotely or directly connected to the server?

 

[keeka]

did you do it remotely or directly connected to the server?

Yes, I did it over ssh. I took a chance. I first made full guest backups and imaged the host system disk.

Something I've just noticed, sshd's (default) config has changed resulting in this error for the login from my laptop:

sshd[111287]: userauth_pubkey: signature algorithm ssh-rsa not in PubkeyAcceptedAlgorithms [preauth]

So I added /etc/ssh/sshd_config.d/pubkey.conf

PubkeyAcceptedAlgorithms +ssh-rsa

and restart sshd.

SSH is restarted during the upgrade, but it shouldn't affect the existing session over which the upgrade is administered, thankfully!
Still, it might be safer to add that config snippet first, if you use an rsa pubkey.

EDIT: Actually this seems to be an issue specific to the PuTTY generated key I used to coonect from my laptop.
https://bbs.archlinux.org/viewtopic.php?id=270005

 

[Brian Read]

Thanks for this.

How did you image the system disk? Did you manage to do that while connected remotely? I'd normally use clonezilla for that, but it requires local access.

A Colleague has told me he has done an upgrade sucessfully with one VM still running, although his was not the router VM. I am wondering if that would work. A bit risky to try though.

 

[keeka]

I used Clonezilla. I haven't ever tried upgrading with guests running. Though I imagine a VM might survive the process better than a container.

From my recent experience, apt dist-upgrade needs no external connectivity, once all the upgrade packages are in apt cache. That's as long as you don't run another apt update in the meantime.

I was most concerned about ageing hardware. As the upgrade docs note, older hardware sees less testing. But thankfully all is running well from what I can tell so far. All my PVE upgrades have been without issue. The quality of the documentation and this forum have helped no end in that respect.

 

[sbellon]

In my setup, it's the same, my OPNsense is a guest running on the Proxmox VE instance.

Is the "upgrade without guests running" a new prerequisite with the PVE 8.0? In the past I did all the upgrades (7.0 to 7.1, 7.1 to 7.2, 7.2 to 7.3, 7.3 to 7.4) with the OPNsense VM running and I haven't experienced any issues.

Now you made me nervous a bit ...

 

[keeka]

In my setup, it's the same, my OPNsense is a guest running on the Proxmox VE instance.

Is the "upgrade without guests running" a new prerequisite with the PVE 8.0? In the past I did all the upgrades (7.0 to 7.1, 7.1 to 7.2, 7.2 to 7.3, 7.3 to 7.4) with the OPNsense VM running and I haven't experienced any issues.

Now you made me nervous a bit ...

I don't think it's a new prerequisite. More a precaution as it is a major version upgrade.
I did so this time, but TBH I don't think I shutdown all VMs when I upgraded from 6.x to 7.0.
Any how, offline upgrade worked for me, once I'd editied repositories and run apt dist-upgrade --download-only.

 

[sbellon]

I don't think it's a new prerequisite. More a precaution as it is a major version upgrade.
I did so this time, but TBH I don't think I shutdown all VMs when I upgraded from 6.x to 7.0.
Any how, offline upgrade worked for me, once I'd editied repositories and run apt dist-upgrade --download-only.

I'm just wondering what is the lesser risk:
1. being online while doing the upgrade and keeping the OPNsense VM running (against the advise)
2. doing the offline variant and getting into some kind of trouble where I would need internet but cannot start the VM

 

[keeka]

There is always the chance of something going wrong and I wouldn't know which approach has the lowest risk.
I don't think there is any requirement to access a WAN resource during the upgrade, other than to download packages. So the upgrade should run to completion offline without any internet access provided all the packages are cached.
That, to me, would fit better with the upgrade advice than performing the upgrade with a guest still running. I must be more risk averse nowadays, I'd never have procrastinated about such things in the past!

 

[sbellon]

apt update
apt dist-upgrade --download-only
qm shutdown 100
apt dist-upgrade

Is there a possibilty to also "download but defer installation" of package systemd-boot, because that's required after the upgrade for ZFS/UEFI systems, I have read. I.e. is there a apt install --download-only systemd-boot (or equivalent)?

 

[keeka]

Yes, I believe that command would download the pacakge systemd-boot plus any updated dependencies not in your apt cache.

I do not use systemd-boot. But I'd have thought, if you're already using it under PVE7, a dist-upgrade would pull in the new version and its deps, just like all the other packages required by dist-upgrade.

Of course both scenarios are dependent on having edited apt sources and run apt update.
You could also simulate the upgrade with apt dist-upgrade -s and safely revert your sources afterwards (I think!).

When you think about it, the normal behaviour of apt upgrade is to download all required packages before commencing system changes. If any downloads fail, it will not continue.

 

[sbellon]

systemd-boot is not pulled in via dependency, see https://pve.proxmox.com/wiki/Upgrad...t_.28for_ZFS_on_root_and_UEFI_systems_only.29

The point is, with PVE 7 (bullseye) I cannot install systemd-boot as it does not exist yet. When upgrading to PVE 8 (bookworm) I shall not have running VMs, so I'll have to update the sources.list, upgrade the package list, download the new packages - including systemd-boot - then shut down the OPNsense VM and do the update ... and hope for the best. ;-)

 

[keeka]

In that case I guess you will need to explicitly download it, as you suggested. Good luck.

 

[sbellon]

Today I did the upgrade from PVE 7.4 to PVE 8.0 and it worked flawlessly. I did:

sed -i 's/bullseye/bookworm/g' /etc/apt/sources.list
apt update
apt dist-upgrade --download-only
apt install systemd-boot --download-only
qm shutdown 100
apt dist-upgrade
apt install systemd-boot
reboot now

It worked without a hitch.

 

[neilsonwheels]

AIUI it is recommended to perform the upgrade with all guests shutdown. My home router is a proxmox guest, so I wondered if I will encounter problems if I download packages, stop that guest, and continue with the upgrade offline:

apt update
apt dist-upgrade --download-only
qm shutdown 100
apt dist-upgrade

I have the same situation with an OPNsense VM running.
I followed the OP process and it worked for me too.
Thank you to all for the confidence to do the upgrade.