Forum Discussion

luis_alonso's avatar
luis_alonso
Level 4
9 months ago

[IT Analytics] Data Collector requires bpnbat -login WEB

As mentioned in the title of the post;

I am having trouble while configuring the data collection policy credentials for IT Analytics 11.2
Whenever i try to use the appadmin credentials, it will ask for a "bpnbat -login -loginType WEB" permission, but it will only last from 24hrs to 30 days.

Do i need to create a separate user? Through the Primary Server WEBUI? What kind of permissions? 
Its the last step for my NITA installation...

analytics
APTARE
IT Analytics
ita
Linux
nebackup it analytics
NetBackup
NetBackup IT Analytics
nita
  • L_BR's avatar
    L_BR
    9 months ago

    What steps other than 138 did you follow? 138 was just to create the additional user, here's a step by step process I followed for 8 Master servers (Flex and Flex Scale appliances)

     

    Create new sudo user on the master server instance

    useradd -G wheel <user> 

    Give it a strong password

    passwd <username>

    Edit sudoers.d

    visudo -f /etc/sudoers.d/<user>

    Insert the following:

    Defaults:<user> !requiretty
    <user> ALL=(ALL) NOPASSWD: \
    /usr/openv/netbackup/bin/admincmd/* ,\
    /usr/openv/volmgr/bin/* ,\
    /usr/openv/netbackup/bin/*

    Then add the user to the master server's RBAC as an administrator

    Generate an API Key for the user and use in in NBUITA.

12 Replies

Sort By
  • L_BR's avatar
    L_BR
    Level 5
    9 months ago

    Yes you need to create a new user. Since you are using appadmin, I assume you are using an appliance. You can follow on from page 138 of the attached ITA guide. 

    • luis_alonso's avatar
      luis_alonso
      Level 4
      9 months ago

      Created an user and added to wheel (sudo) group.
      Then proceeded to do all the steps starting on page 138.

      Now i am receiving the following error on the screenshot. 

  • StefanosM's avatar
    StefanosM
    Level 6
    9 months ago

    what collector you are using ?
    the collector that comes preinstalled with netbackup primary server is not compatible with BYO it analytics. You have to install a collector on another system (not the portal)

    • luis_alonso's avatar
      luis_alonso
      Level 4
      9 months ago

      My Portal/Database is the 11.2 OVA.
      My Collector 11.2 is installed on the Portal OVA, its name is pvhitacollector.
      The primary server user for collection is itacoletor.

  • L_BR's avatar
    L_BR
    Level 5
    9 months ago

    What steps other than 138 did you follow? 138 was just to create the additional user, here's a step by step process I followed for 8 Master servers (Flex and Flex Scale appliances)

     

    Create new sudo user on the master server instance

    useradd -G wheel <user> 

    Give it a strong password

    passwd <username>

    Edit sudoers.d

    visudo -f /etc/sudoers.d/<user>

    Insert the following:

    Defaults:<user> !requiretty
    <user> ALL=(ALL) NOPASSWD: \
    /usr/openv/netbackup/bin/admincmd/* ,\
    /usr/openv/volmgr/bin/* ,\
    /usr/openv/netbackup/bin/*

    Then add the user to the master server's RBAC as an administrator

    Generate an API Key for the user and use in in NBUITA.

    • luis_alonso's avatar
      luis_alonso
      Level 4
      9 months ago

      Thank you, these steps granted me success.

      All was missing was the RBAC Admin role.

      About the API Key, can you better explain how to do this process and its importance please?

      • L_BR's avatar
        L_BR
        Level 5
        9 months ago

        It's used to successfully execute REST APIs. Its used where password-based authentication is not allowed on the master servers. You can read more here https://www.veritas.com/support/en_US/doc/140248394-150403536-0/pgfId-1092289-150403536

        But to generate one, log on to your master server's web console. Expand security, click Access Keys. Click Add and enter the name of the user you want to generate a key for. Save it somewhere, as far as I can tell/have looked, you can't reveal it again. You can then authenticate that user to execute GET/POST etc via API calls by visiting https://masterserver.fq.dn/api-docs/index.html in a web browser.

        Edit if you can do what you need without it, it isn't required. But if you didn't have the password for a user, you could create the token for the user and use the token to authenticate. 

  • StefanosM's avatar
    StefanosM
    Level 6
    9 months ago

    luis_alonso

    When you resolve your problem, I need a favor. Or from anyone that has install it analytics from the OVF

    please run the flowing commands at the portal server and post the output

    rpm -qa |grep libXtst
    rpm -qa |grep Xvfb
    ls -l /usr/bin/Xvfb