This is just an informative message for customers using FREL appliances. In case you upgrade an existing FREL appliances that is based on FR30 or earlier and in case the FREL is unable to connect to the public Internet than the upgrade to FR32 will cause the FREL to go offline. During the upgrade to FR32 it tries to pull some packages from a public repo which is not possible. I have an outstanding ticket for it and the only solution now is to refresh the appliances with the FR32 FREL.
I in all honesty also hope development reconsiders the current approach and implement an automatic FREL refresh function that can automatically re-deploy FREL appliances preserving the current configuration using a one-button refresh option. This is a much better approach than offering a solution that can push out FREL OS updates.
Upgrading existing FREL appliances to FR32 might fail in case FREL appliance cannot access public Internet
+19
- Commvault Certified Expert
- 1049 replies
+1
the problem might be that not all customers allow access from frel to external sites. not only during upgrading from FR30 to FR32 (which would be a quite small timeframe) , but also during “normal” lifecycle of a linux-system. we had some severe CVEs in the last week (eg. libc https://www.cvedetails.com/cve/CVE-2023-4911/ ) and would appreciate quick fixes for such packages without drilling additional holes in our firewalls from such helper-systems. its all about data-extraction.
Commvault itself is strictly monitored and would be the perfect place to hold that updates. i agree, that these OS-updates might grow over time, but this should be possible for a stripped down OS-installation.
+19
- Commvault Certified Expert
- 1049 replies
-
17 October 2023
We have the same requirement e.g. FREL appliances are not allowed to go directly to the public Internet. I however would prefer Commvault to deliver a highly secured OVA template and make sure it is kept up-to-date by releasing a one-button redeploy method of the entire appliances instead of OS update alone. This was added now in FR32, but this leaves the FREL on the same distro version and doesn't make sure other improvements are slipped into FREL appliances who are deployed already. So, at a certain point in time it is advised to re-deploy the FREL entirely.
For example I now ran into an issue in where existing FRELs are all broken after the upgrade attempt. Only fix now is to re-deploy all of them and that is a labor intensive job in case you haven't automated yourself. Our production environment uses more than 30 FREL appliances.
Reply
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.