Is there a way to deploy new NB master Certificate from a current NB master?
Hello,
I need to migrate 1000s of clients from an 8.3 NBU domain to a new 9.1 domain (master and media servers). I will be using nbsetconfig from the current master to update the NB server list on all the clients to include the new NB master and media servers (already tested to make sure I "append" instead of "replace" SERVER =). My issue question is: can push out new certificate info for the new master from the current master? I found a similar VOX discussion on this topic, and it referenced a utility: NBCertDeploy, but it sounds like that also involves Veritas PS (?). I've been playing with the command "nbcertupdater" but thus far I can't get around having to run a command on the client.
The NB servers are all linux, and the clients are a mix blend of windows and linux, in case that matters.
Thanks
Hi zmlat
NBCertDeploy would certainly be the simplest way - but you are right it will involve Veritas consulting.
What is required is to organise to run two commands on each client you want to migrate. The first is to obtain the CA certificate from the new master, the second is to obtain a host certificate from that master. The challenge as you have identified is to make this happen without having to log into each client. This is where NBCertDeploy manages the process for you. You have also identified that you need to add the target master name to each client's SERVER list.
In a nutshell, the utility restores a script to each client (that when run gets the certis from the target master), then uses NetBackup to execute that script (using an Oracle type policy). There is a whole lot of smarts wrapped around this to make it clean.
Another way to do this without NetBackup would be by using something like Puppet or Anisible (and the Windows equivalent) to perform the necessary commands.
Cheers
David