cancel
Showing results for 
Search instead for 
Did you mean: 

Netbackup appliance remote scripts execution for monitoring

JimmyB2
Level 4

Hi there,

my question is if it is feasible to remotely monitor Netbackup appliance.

The thing is that we need to remotely execute e.g. command ''bpdbjobs -summary'' on the Netbackup appliance from the remote computer. However, firstly there is need to jump to elevated mode of the Netbackup appliance shell. Do you think that is it possible to manage such a solution and if so, how?

Many thanks for possible suggestions!

1 ACCEPTED SOLUTION

Accepted Solutions

Hi @JimmyB2 

Here's an example of what someone else wrote to extract audit logs from NetBackup (obviously change the master server name, user etc as required) - this was run from a Linux host (jq is a json processor/formatter)

First get and store the auth token:

token=`curl -k -X POST https://nbmaster:1556/netbackup/login -H 'Content-Type: application/json' -d '{"domainType":"", "domainName":"", "userName":"root", "password":"XXXXXXXX"}' | jq --raw-output '.token'`

Then use the token to get the audit logs:

curl -k -X GET https://nbmaster:1556/netbackup/security/auditlogs -H 'Content-Type: application/json' -H "authorization:$token" | jq .

David

View solution in original post

9 REPLIES 9

davidmoline
Level 6
Employee

Hi @JimmyB2 

If all you need to run are NetBackup commands then it is feasible. You should be able to do this after you create NetBackupCLI user (Main -> Manage -> NetBackupCLI

This will allow you to run NetBackup commands. To run remotely you will need to use the sudo command and the full path to the binary (eg. ssh cli_user@appliance sudo /usr/openv/netbackup/bin/bpdbjobs -summary).

To provide passwordless access to this user will require you to create an authorized_keys file in a folder /var/sshkeys/cli_user the folder will need to match the username. The authorized_keys files will need to be owned by the cli_user (with only rw permission for the user). 

Otherwise - have a look at the AMS capability to remotely monitor a number of appliances from a central location. This can be setup on a virtual appliance and a free license key is provided for this purpose. 

Cheers
David

quebek
Moderator
Moderator
   VIP    Certified

Hello

Were you ever thinking to use OpsCenter ?? It does what you are looking for and can do it from several NBU domains.

https://www.veritas.com/support/en_US/doc/27537447-127427700-0/index?profileURL=https%3A%2F%2Fvam-pr...

 

jnardello
Moderator
Moderator
   VIP    Certified

In case you're still looking at this issue, if you setup another Master as trusted by your appliance you can always run the command from there too.

trustedmaster# bpdbjobs -M appliancename

 

Thank you @davidmoline , @quebek , @jnardello very much for your help.

Unfortunately, there is no possibility to set up Ops center or bind the Netbackup appliance with Master server.

However, I would ask if it is feasible to use REST API for Netbackup Appliance Version 3.2 (
NetBackup Version 8.2) ?

I am asking because I am not sure if the API calls are usable only for standard Netbackup Master server.

Hi @JimmyB2 

You are correct - the API calls are only applicable to the master server - though it doesn't matter if the master is BYO or appliance (there are also some APIs related specifically to appliances, but I don't imagine you mean those). 

What commands/monitoring from the appliance do you want that you can't also run from the master server itself? Or is the appliance the master?

Another way to go if the appliance is the master (other than the API route), would be to install the NetBackup server components on a spare system use that - effectively add a media server that doesn't do anything except run commands. SImplest way would be to install it as a media server with the appliance as the master (that way the certificates get deployed etc.) and add this new "media" server to the SERVER list. You can then run those commands from there.

David

Hi @davidmoline 

It really seems that our Netbackup appliance is the Master server as well.

Then, maybe I have a very trivial question and I apologise for that in advance. However, where should I type the very first POST command to get authorization token? In Windows in the cmd.exe command line program - it doesnt work for me? Or from another Linux server?

curl -X POST https://masterservername:1556/netbackup/login         \
     -H 'content-type: application/vnd.netbackup+json;version=1.0' \
     -d '{                                                         \
            "domainType":"vx",                                     \
            "domainName":"mydomain",                               \
            "userName":"myusername",                               \
            "password":"mypassword"                                \
        }'

 

Take care!

 

 

Hi @JimmyB2 

Where you run the command to get the token isn't that important as long as you can connect to the master.

What is the error you are recieving? It would go a long way to help. 

I think you request format is not quite right (I'm not sure it likes all that blank space a pretty formatting and you will most likely need to '-k' flag to curl to ignore certificate chain errors.

I'd try from Linux to start with and try leaving the domainType blank - so something like:

curl -k -X POST https://masterservername:1556/netbackup/login -H 'content-type: application/vnd.netbackup+json;version=1.0' -d '{"domainType":"", "domainName":"domainname", "userName":"myusername", "password":"mypassword" }'

The username - how or where is this defined on the appliance? Is it a NetBackupCLI user, the admin, a Windows AD user - the answer may determine the requirement for the domainType value - vx implies Veritas Private Domain. 

David

Hi @JimmyB2 

Here's an example of what someone else wrote to extract audit logs from NetBackup (obviously change the master server name, user etc as required) - this was run from a Linux host (jq is a json processor/formatter)

First get and store the auth token:

token=`curl -k -X POST https://nbmaster:1556/netbackup/login -H 'Content-Type: application/json' -d '{"domainType":"", "domainName":"", "userName":"root", "password":"XXXXXXXX"}' | jq --raw-output '.token'`

Then use the token to get the audit logs:

curl -k -X GET https://nbmaster:1556/netbackup/security/auditlogs -H 'Content-Type: application/json' -H "authorization:$token" | jq .

David

Hi @davidmoline !

Thanks for the contribution. It works for me. Running API calls from linux cmd is fine. I will create a new thread about running API calls from Windows OS.