NetBackup 8.3 nbdeployutil
Hi Experts,
In a Linux environment, some NetBackup component programs, like nbdeployutil, in NetBackup 8.2 and previous versions, relied on /tmp to run their executables.
This created issues in our openscap secured environments where /tmp has very limited space and mounted noexec.
Were changes made in NetBackup 8.3 to completely remove reliance on /tmp for executables and run in /opt/openv/tmp or other configurable location?
Smart Meter/TaaS reporting is affected directly by nbdeployutil's inability to run successfully.
Also, there is no customer feedback that Smart Meter reporting has not occurred in the last x days.
Thanks,
Earl
You're correct, by default nbdeployutil will use /tmp & that causes failures when /tmp is set to noexec:
[azureadmin@nbumaster azureadmin]# mount -o remount,noexec /tmp
[azureadmin@nbumaster azureadmin]# mount | grep /tmp
/dev/mapper/rootvg-tmplv on /tmp type ext4 (rw,noexec,relatime,seclabel)
[azureadmin@nbumaster azureadmin]# /usr/openv/netbackup/bin/admincmd/nbdeployutil --gather /foo
Can't load '/tmp/p2xtmp-127681/auto/attributes/attributes.so' for module attributes: /tmp/p2xtmp-127681/auto/attributes/attributes.so: failed to map segment from shared object at PERL2EXE_STORAGE/DynaLoader.pm line 190.
at /usr/openv/netbackup/bin/private/nbdeployutil line 6
Compilation failed in require at /usr/openv/netbackup/bin/private/nbdeployutil line 6.
BEGIN failed--compilation aborted at /usr/openv/netbackup/bin/private/nbdeployutil line 6.However, this can be worked arround by overriding the location with the TEMP variable:
[azureadmin@nbumaster azureadmin]# export TEMP=/usr/openv/tmp/
[azureadmin@nbumaster azureadmin]# echo "$TEMP"
/usr/openv/tmp/
[azureadmin@nbumaster azureadmin]# /usr/openv/netbackup/bin/admincmd/nbdeployutil --gather /foo
no crontab for root
NetBackup Deployment Utility, version 8.3
Gathering license deployment information...
Discovered master server nbumasterEnter credentials for Master Server(s):
Master Server:nbumaster
Domain Type (NIS, NISPLUS, WINDOWS, vx, unixpwd, ldap):unixpwd
Domain Name :nbumaster
User Name :root
Password :Data gather is in progress. This process might take some time.
Output for nbumaster at: /usr/openv/var/global/reports/20200803_195037_nbumaster
Gather DONE
Execution time: 17 secsTo avoid having to deal with that manually, you can make a wrapper script like this:
#!/bin/bash
export TEMP=/usr/openv/tmp
exec /usr/openv/netbackup/bin/admincmd/.bin/nbdeployutil "$@"
I'll also pass this on to our security PMs to see if we can have a more permenant solution in a later release.