cancel
Showing results for 
Search instead for 
Did you mean: 

NetBackup 8.3 nbdeployutil

Earl_Lindberg
Level 1

Hi Experts,

In a Linux environment, some NetBackup component programs, like nbdeployutil, in NetBackup 8.2 and previous versions, relied on /tmp to run their executables.

This created issues in our openscap secured environments where /tmp has very limited space and mounted noexec.

Were changes made in NetBackup 8.3 to completely remove reliance on /tmp for executables and run in /opt/openv/tmp or other configurable location? 

Smart Meter/TaaS reporting is affected directly by nbdeployutil's inability to run successfully.

Also, there is no customer feedback that Smart Meter reporting has not occurred in the last x days.

Thanks,

Earl

1 ACCEPTED SOLUTION

Accepted Solutions

JohnHink
Level 3
Employee

You're correct, by default nbdeployutil will use /tmp & that causes failures when /tmp is set to noexec: 

[azureadmin@nbumaster azureadmin]# mount -o remount,noexec /tmp
[azureadmin@nbumaster azureadmin]# mount | grep /tmp
/dev/mapper/rootvg-tmplv on /tmp type ext4 (rw,noexec,relatime,seclabel)
[azureadmin@nbumaster azureadmin]# /usr/openv/netbackup/bin/admincmd/nbdeployutil --gather /foo
Can't load '/tmp/p2xtmp-127681/auto/attributes/attributes.so' for module attributes: /tmp/p2xtmp-127681/auto/attributes/attributes.so: failed to map segment from shared object at PERL2EXE_STORAGE/DynaLoader.pm line 190.
at /usr/openv/netbackup/bin/private/nbdeployutil line 6
Compilation failed in require at /usr/openv/netbackup/bin/private/nbdeployutil line 6.
BEGIN failed--compilation aborted at /usr/openv/netbackup/bin/private/nbdeployutil line 6.

However, this can be worked arround by overriding the location with the TEMP variable: 

[azureadmin@nbumaster azureadmin]# export TEMP=/usr/openv/tmp/
[azureadmin@nbumaster azureadmin]# echo "$TEMP"
/usr/openv/tmp/
[azureadmin@nbumaster azureadmin]# /usr/openv/netbackup/bin/admincmd/nbdeployutil --gather /foo
no crontab for root
NetBackup Deployment Utility, version 8.3
Gathering license deployment information...
Discovered master server nbumaster

Enter credentials for Master Server(s):

Master Server:nbumaster
Domain Type (NIS, NISPLUS, WINDOWS, vx, unixpwd, ldap):unixpwd
Domain Name :nbumaster
User Name :root
Password :

Data gather is in progress. This process might take some time.
Output for nbumaster at: /usr/openv/var/global/reports/20200803_195037_nbumaster
Gather DONE
Execution time: 17 secs

To avoid having to deal with that manually, you can make a wrapper script like this: 

#!/bin/bash

export TEMP=/usr/openv/tmp

exec /usr/openv/netbackup/bin/admincmd/.bin/nbdeployutil "$@"

I'll also pass this on to our security PMs to see if we can have a more permenant solution in a later release.

 

View solution in original post

1 REPLY 1

JohnHink
Level 3
Employee

You're correct, by default nbdeployutil will use /tmp & that causes failures when /tmp is set to noexec: 

[azureadmin@nbumaster azureadmin]# mount -o remount,noexec /tmp
[azureadmin@nbumaster azureadmin]# mount | grep /tmp
/dev/mapper/rootvg-tmplv on /tmp type ext4 (rw,noexec,relatime,seclabel)
[azureadmin@nbumaster azureadmin]# /usr/openv/netbackup/bin/admincmd/nbdeployutil --gather /foo
Can't load '/tmp/p2xtmp-127681/auto/attributes/attributes.so' for module attributes: /tmp/p2xtmp-127681/auto/attributes/attributes.so: failed to map segment from shared object at PERL2EXE_STORAGE/DynaLoader.pm line 190.
at /usr/openv/netbackup/bin/private/nbdeployutil line 6
Compilation failed in require at /usr/openv/netbackup/bin/private/nbdeployutil line 6.
BEGIN failed--compilation aborted at /usr/openv/netbackup/bin/private/nbdeployutil line 6.

However, this can be worked arround by overriding the location with the TEMP variable: 

[azureadmin@nbumaster azureadmin]# export TEMP=/usr/openv/tmp/
[azureadmin@nbumaster azureadmin]# echo "$TEMP"
/usr/openv/tmp/
[azureadmin@nbumaster azureadmin]# /usr/openv/netbackup/bin/admincmd/nbdeployutil --gather /foo
no crontab for root
NetBackup Deployment Utility, version 8.3
Gathering license deployment information...
Discovered master server nbumaster

Enter credentials for Master Server(s):

Master Server:nbumaster
Domain Type (NIS, NISPLUS, WINDOWS, vx, unixpwd, ldap):unixpwd
Domain Name :nbumaster
User Name :root
Password :

Data gather is in progress. This process might take some time.
Output for nbumaster at: /usr/openv/var/global/reports/20200803_195037_nbumaster
Gather DONE
Execution time: 17 secs

To avoid having to deal with that manually, you can make a wrapper script like this: 

#!/bin/bash

export TEMP=/usr/openv/tmp

exec /usr/openv/netbackup/bin/admincmd/.bin/nbdeployutil "$@"

I'll also pass this on to our security PMs to see if we can have a more permenant solution in a later release.