Hardened repo access after upgrading to v12

Hey @regnor 

You are most likely correct, but I do love the keywords “should” and “maybe” :-)

There are three options I can think of.

1. Delete the Linux Repo, then recreate it using the correct ssh single use authentication for the storage directories. Just not sure what this would do to the backup chains.
2. Change permissions on the storage directories to match the single use ssh credentials I used to upgrade the host.
3. Somehow edit the SQL database where the credentials are stored to match the current storage directory permissions.

Support suggested going into Credentials & Passwords and creating the correct account. Great idea but there is no way to add those account credentials for repository access. Access Permissions in the repository only allows for AD accounts. 

Unless I’m missing something here.

• Doug

Oh I totally understand that one can add different account types there @coolsport00, and I did add the correct linux account and tested the ssh single use authentication and it worked fine.

Guess what I’m trying to say is how does one use this account to authenticate to the repository via either the backup job or the repository settings as the backups keep failing due to authentication.

6/23/2023 8:33:08 AM :: Error: Permission denied
Failed to get file system object info: '/media/local48/VeeamRepository/VeeamBackups/Exchange Linux Immutable/Exchange Linux Immutable.vbm'
Agent failed to process method {FileSystem.Exists}.
  
 

Ok, this issue has been resolved.

Here is what I did. Run all commands as the root user.

1. Enable and start ssh on the linux box 

sudo systemctl enable ssh
sudo systemctl start ssh

2. Open firewall ports for ssh

sudo ufw allow ssh

3. Add the user with repository access to the Sudoers group.

sudo usermod -aG sudo "username" or you could use sudo adduser "username" sudo

4. In the B&R Console go to Backup Infrastructure and find the linux box under Managed Servers
Right click the server and go to Properties > SSH Connection > add the linux user with repository permissions to the Credentials drop down list as a Single Use Credentials. 

5. Once the ssh connection has passed testing and the linux server updated, remove the linux user from the Sudoers group - sudo deluser "username" sudo, stop the ssh service - sudo systemctl stop ssh, disable the ssh service - sudo systemctl disable ssh, and finally block ssh in the firewall - sudo ufw deny ssh.

That should do the trick. Happy Backups!

- Doug
 

Hey guys,

Just wanted to say thank you as I just upgraded to V12 and had the same issues.

this thread saved me a lot of time and heartache.

Cheers

Glad I could help!  I imagine I may even have to come back and reference it for other clients, but perhaps not since this should be easier once on v12 to newer versions!

so found this thread when searching after upgrading to 12.1…  my Ubuntu Immutable repo is not upgrading, I added my user like above but where do I enter the single use credentials, in Ubuntu or the Veeam server?

NVM, found it by looking at my Linux server in VBR and processed the single use creds… still getting an error but I’ve created a case…

error

Enabling restricted mode for Installer Error: VAL components are installed on the target machine
Failed to save Linux server: VAL components are installed on the target machine
Infrastructure item save failed Error: VAL components are installed on the target machine
 

but aren’t we all running an agent on our Linux (Ubuntu) repositories to access them and push backup copies?

ahh gotcha…  admittedly I’m just a trained monkey when it comes to this Immutable setup, I followed this HOW-TO long ago and things have just been running :)

So I looked further into my HOW-TO that I followed and it had me install the Linux agent in order to backup the Linux server.  So with this information does any other thoughts come to mind?  As the hardened repo setups have progressed are we now not able to backup the linux server itself?

So support says the following;

The error you are seeing is due to Veeam agent for Linux is not supported on Linux servers that hold the hardened repository role. Veeam hardened repositories do not use root, while some VAL (Veeam Agent for Linux) components do. Having the agent and utilizing the same machine as the hardened repository, may result in a repository that is not sufficiently hardened, and there is a possibility that it may not function at all. This is why is not supported and received the error response.

Please consider uninstalling the VAL from this hardened repository. If you want to have another backup of this repository data, please consider a backup copy job instead.

·  To uninstall Veeam Agent please use the instruction from this article: 
https://helpcenter.veeam.com/docs/backup/agents/protected_computers_uninstall.html?ver=120

·  For manual uninstallation: https://helpcenter.veeam.com/docs/agentforlinux/userguide/uninstallation_process.html?ver=60

so if I understand (and I’ve asked for clarification) this reply is saying I should not have the VAL and be backing up the hardened repo, is that what you see too?  Do you backup for Linux server that acts as a repo?

ok so the uninstall -  apt-get remove veeam veeam-libs veeamsnap did the trick, the Upgrade now processed.  Thanks for your very quick replies...