07-26-2021 04:59 AM
Hi there,
my question is if it is feasible to remotely monitor Netbackup appliance.
The thing is that we need to remotely execute e.g. command ''bpdbjobs -summary'' on the Netbackup appliance from the remote computer. However, firstly there is need to jump to elevated mode of the Netbackup appliance shell. Do you think that is it possible to manage such a solution and if so, how?
Many thanks for possible suggestions!
Solved! Go to Solution.
09-29-2021 04:39 PM
Hi @JimmyB2
Here's an example of what someone else wrote to extract audit logs from NetBackup (obviously change the master server name, user etc as required) - this was run from a Linux host (jq is a json processor/formatter)
First get and store the auth token:
token=`curl -k -X POST https://nbmaster:1556/netbackup/login -H 'Content-Type: application/json' -d '{"domainType":"", "domainName":"", "userName":"root", "password":"XXXXXXXX"}' | jq --raw-output '.token'`
Then use the token to get the audit logs:
curl -k -X GET https://nbmaster:1556/netbackup/security/auditlogs -H 'Content-Type: application/json' -H "authorization:$token" | jq .
David
07-26-2021 04:01 PM
Hi @JimmyB2
If all you need to run are NetBackup commands then it is feasible. You should be able to do this after you create NetBackupCLI user (Main -> Manage -> NetBackupCLI
This will allow you to run NetBackup commands. To run remotely you will need to use the sudo command and the full path to the binary (eg. ssh cli_user@appliance sudo /usr/openv/netbackup/bin/bpdbjobs -summary).
To provide passwordless access to this user will require you to create an authorized_keys file in a folder /var/sshkeys/cli_user the folder will need to match the username. The authorized_keys files will need to be owned by the cli_user (with only rw permission for the user).
Otherwise - have a look at the AMS capability to remotely monitor a number of appliances from a central location. This can be setup on a virtual appliance and a free license key is provided for this purpose.
Cheers
David
07-26-2021 11:40 PM
Hello
Were you ever thinking to use OpsCenter ?? It does what you are looking for and can do it from several NBU domains.
09-20-2021 09:53 AM
In case you're still looking at this issue, if you setup another Master as trusted by your appliance you can always run the command from there too.
trustedmaster# bpdbjobs -M appliancename
09-23-2021 07:19 AM
Thank you @davidmoline , @quebek , @jnardello very much for your help.
Unfortunately, there is no possibility to set up Ops center or bind the Netbackup appliance with Master server.
However, I would ask if it is feasible to use REST API for Netbackup Appliance Version 3.2 (
NetBackup Version 8.2) ?
I am asking because I am not sure if the API calls are usable only for standard Netbackup Master server.
09-28-2021 10:03 PM
Hi @JimmyB2
You are correct - the API calls are only applicable to the master server - though it doesn't matter if the master is BYO or appliance (there are also some APIs related specifically to appliances, but I don't imagine you mean those).
What commands/monitoring from the appliance do you want that you can't also run from the master server itself? Or is the appliance the master?
Another way to go if the appliance is the master (other than the API route), would be to install the NetBackup server components on a spare system use that - effectively add a media server that doesn't do anything except run commands. SImplest way would be to install it as a media server with the appliance as the master (that way the certificates get deployed etc.) and add this new "media" server to the SERVER list. You can then run those commands from there.
David
09-29-2021 02:25 AM
Hi @davidmoline
It really seems that our Netbackup appliance is the Master server as well.
Then, maybe I have a very trivial question and I apologise for that in advance. However, where should I type the very first POST command to get authorization token? In Windows in the cmd.exe command line program - it doesnt work for me? Or from another Linux server?
curl -X POST https://masterservername:1556/netbackup/login \ -H 'content-type: application/vnd.netbackup+json;version=1.0' \ -d '{ \ "domainType":"vx", \ "domainName":"mydomain", \ "userName":"myusername", \ "password":"mypassword" \ }'
Take care!
09-29-2021 04:01 PM
Hi @JimmyB2
Where you run the command to get the token isn't that important as long as you can connect to the master.
What is the error you are recieving? It would go a long way to help.
I think you request format is not quite right (I'm not sure it likes all that blank space a pretty formatting and you will most likely need to '-k' flag to curl to ignore certificate chain errors.
I'd try from Linux to start with and try leaving the domainType blank - so something like:
curl -k -X POST https://masterservername:1556/netbackup/login -H 'content-type: application/vnd.netbackup+json;version=1.0' -d '{"domainType":"", "domainName":"domainname", "userName":"myusername", "password":"mypassword" }'
The username - how or where is this defined on the appliance? Is it a NetBackupCLI user, the admin, a Windows AD user - the answer may determine the requirement for the domainType value - vx implies Veritas Private Domain.
David
09-29-2021 04:39 PM
Hi @JimmyB2
Here's an example of what someone else wrote to extract audit logs from NetBackup (obviously change the master server name, user etc as required) - this was run from a Linux host (jq is a json processor/formatter)
First get and store the auth token:
token=`curl -k -X POST https://nbmaster:1556/netbackup/login -H 'Content-Type: application/json' -d '{"domainType":"", "domainName":"", "userName":"root", "password":"XXXXXXXX"}' | jq --raw-output '.token'`
Then use the token to get the audit logs:
curl -k -X GET https://nbmaster:1556/netbackup/security/auditlogs -H 'Content-Type: application/json' -H "authorization:$token" | jq .
David
10-15-2021 12:20 AM
Hi @davidmoline !
Thanks for the contribution. It works for me. Running API calls from linux cmd is fine. I will create a new thread about running API calls from Windows OS.