cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Error while using netbackup api to fetch job details

Solved Go to solution

‎12-05-2019 06:22 AM - edited ‎12-05-2019 06:25 AM

hello,

i am new into netbackup api and using the rest api to fetch details about my netbackup infra to be publishes in a kibana dashboard. Now, when I run the commands using root user on the master server, everything is ok. But for security purposes i need to use another server to fetch the details from the master server. In my case for testing, I am using the netbackup opscenter server. While running the command to get job details, I am getting the error - curl: (60) Peer's Certificate issuer is not recognized.

I used the NetBackup API endpoint POST /login to create a login reques

[jogger@nbuops01 ~]$ curl -X POST https://nbuma01:1556/netbackup/login -H 'content-type: application/vnd.netbackup+json;version=1.0' -d '{"userName":"jogger", "password":"Jogg3r" }' -k
{"token":"eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJpc3MiOiJuYnVfbWFzdGVyIiwianRpIjoiODJjOTExNDItMTA0Yi00OGY1LWJiMDAtMzIzZTE4Nzk0NzNjIiwiaWF0IjoxNTc1NTU0NDA1NjU5LCJleHAiOjE1NzU2NDA4MDU2NTgsInN1YiI6InNpbjFsdm1obmJ1bWEwMTpydW5uZXI6dW5peHB3ZCIsImF1dGhfdG9rZW4iOiI4MmM5MTE0Mi0xMDRiLTQ4ZjUtYmIwMC0zMjNlMTg3OTQ3M2MiLCJpc19hZG1pbiI6ImZhbHNlIiwiaXNfbWFjaGluZSI6ImZhbHNlIiwidG9rZW5fdHlwZSI6IlNFU1NJT04ifQ.BQFUiPdEenIVTsrxIotIoAQbl_n6OElRWisvNwFctQHsmTUahozEcvgi2Zg4e_sbMjh4SxWlj8DehBsjH9y8r7cQ43tin85-WBc1gZ2_LQ4Y8pHkFxeHtsdNJtRv_m9rjq761qynpcRLsllLopAUeQTu-D-TgMzENUOlDpGHvs","tokenType":"BEARER","validity":86400}

 

Using the same token, i run the command to fetch job details and I get the error. 

[jogger@nbuops01 ~]$ curl -X GET https://nbuma01:1556/netbackup/admin/jobs/5 -H 'Accept: application/vnd.netbackup+json;version=1.0' -H 'Authorization:eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJpc3MiOiJuYnVfbWFzdGVyIiwianRpIjoiODJjOTExNDItMTA0Yi00OGY1LWJiMDAtMzIzZTE4Nzk0NzNjIiwiaWF0IjoxNTc1NTU0NDA1NjU5LCJleHAiOjE1NzU2NDA4MDU2NTgsInN1YiI6InNpbjFsdm1obmJ1bWEwMTpydW5uZXI6dW5peHB3ZCIsImF1dGhfdG9rZW4iOiI4MmM5MTE0Mi0xMDRiLTQ4ZjUtYmIwMC0zMjNlMTg3OTQ3M2MiLCJpc19hZG1pbiI6ImZhbHNlIiwiaXNfbWFjaGluZSI6ImZhbHNlIiwidG9rZW5fdHlwZSI6IlNFU1NJT04ifQ.BQFUiPdEenIVTsrxIotIoAQbl_n6OElRWisvNwFctQHsmTUahozEcvgi2Zg4e_sbMjh4SxWlj8DehBsjH9y8r7cQ43tin85-WBc1gZ2_LQ4Y8pHkFxeHtsdNJtRv_m9rjq761qynpcRLsllLopAUeQTu-D-TgMzENUOlDpGHvs'
curl: (60) Peer's Certificate issuer is not recognized.
More details here: http://curl.haxx.se/docs/sslcerts.html
curl performs SSL certificate verification by default, using a "bundle"
 of Certificate Authority (CA) public keys (CA certs). If the default
 bundle file isn't adequate, you can specify an alternate file
 using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
 the bundle, the certificate verification probably failed due to a
 problem with the certificate (it might be expired, or the name might
 not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
 the -k (or --insecure) option.
 
 
When using the -k option, i get the error: {"errorCode":8000,"errorMessage":"User does not have permission(s) to perform the requested operation.","details":{}}
 
I have followed the process shared on the below link for permissions.
 
Are the any other permission required?
 
Could someone please help. 
Tags (2)
0 Kudos
Reply
2 Solutions

Accepted Solutions
Accepted Solution!

Re: Error while using netbackup api to fetch job details

‎12-10-2019 04:47 AM

auth.conf is for JAVA console. My question was whether you can login to the WEB UI?

View solution in original post

0 Kudos
Reply
Accepted Solution!

Re: Error while using netbackup api to fetch job details

‎07-30-2020 11:19 AM

Hello All,

The issue has now been resolved. I had to create an OS user on the netbackup server and add it on WebUI using RBAC with role as Backup Admin. For security admin, I can issue tokens but not query the catalog.

When trying to run API from outside the netbackup infra like a jumpbox, I need an AD account which needs to be added to netbackup using vssat first. Once the AD is added, add the AD user on netbackup using WebUI. Then using the AD account, I can query the master server using Swagger or Postman or curl from the jumpbox.

Thank you all for your inputs.

View solution in original post

0 Kudos
Reply
7 Replies

Re: Error while using netbackup api to fetch job details

‎12-05-2019 06:28 AM

Does jogger have the required permission to logon to NetBackup? Can you login to the web console with it?

0 Kudos
Reply

Re: Error while using netbackup api to fetch job details

‎12-05-2019 06:37 AM

jogger is an user on the opscenter server. still i did create a user jogger on the master server and gave it login priviledges with same rights as root on auth.conf

0 Kudos
Reply

Re: Error while using netbackup api to fetch job details

‎12-05-2019 07:22 AM

Did you add the user jogger using bpnbat and bpnbaz?

0 Kudos
Reply

Re: Error while using netbackup api to fetch job details

‎12-06-2019 01:18 AM

Yes, I added the steps as mentioned in the article https://stackoverflow.com/questions/50575577/how-to-grant-permission-in-restful-api-to-user-in-netba...

  1. /usr/openv/netbackup/bin/admincmd/bpnbaz -setupExAudit
  2. /usr/openv/netbackup/bin/admincmd/bpnbaz -AddUser domainType:master_server:User
  3. /usr/openv/netbackup/bin/bpnbat -addUser User User_pwd master_server

  4. /usr/openv/netbackup/bin/admincmd/bpnbaz -listusers Number of users with NetBackup Administrator Privileges: 1

    Domain Type : domainType Domain : master_server Username : User

    Operation completed successfully.

  5. /usr/openv/netbackup/bin/admincmd/bpnbaz -DisableExAudit

  6. Restart Netbackup services

I still have a confusion. Jogger is an user on the opscenter server, will adding jogger using the steps above give permission to the user jogger on the opscenter server or the local user jogger on the master server.

0 Kudos
Reply
Accepted Solution!

Re: Error while using netbackup api to fetch job details

‎12-10-2019 04:47 AM

auth.conf is for JAVA console. My question was whether you can login to the WEB UI?

View solution in original post

0 Kudos
Reply

Re: Error while using netbackup api to fetch job details

‎12-16-2019 07:33 AM - edited ‎12-17-2019 06:06 AM

Hello, sorry for the late reply.

I checked and i am unable to access the web interface with the user "jogger", i get error - you are unauthorized to access this application. contact your nbu security admin to request RBAC permissions for the netbackup web user interface.  

I have provided the user "backup admin" permission on the web interface using RBAC. I can now login to the WebUI but still I have the same issue.

0 Kudos
Reply
Accepted Solution!

Re: Error while using netbackup api to fetch job details

‎07-30-2020 11:19 AM

Hello All,

The issue has now been resolved. I had to create an OS user on the netbackup server and add it on WebUI using RBAC with role as Backup Admin. For security admin, I can issue tokens but not query the catalog.

When trying to run API from outside the netbackup infra like a jumpbox, I need an AD account which needs to be added to netbackup using vssat first. Once the AD is added, add the AD user on netbackup using WebUI. Then using the AD account, I can query the master server using Swagger or Postman or curl from the jumpbox.

Thank you all for your inputs.

View solution in original post

0 Kudos
Reply