cancel
Showing results for 
Search instead for 
Did you mean: 

Generate token for reinstall of client remotely?

ally_wilson
Level 2

We use Chocolatey to install Netbackup client on our servers. We've recently moved to NB 8.1. from 7.7.3.

Whilst testing with the chocolatey client to install and uninstall the client, I've noticed that to then re-install the client I need to get a new token generated on the master server.


Does anyone know of a way to generate the token remotely (we have Windows and Appliance master servers)? I was hoping the talk of an API would allow me to do this, but I didn't get very far with that. 


Either that, or completely remove the client from the master, so that a reinstall would see it as 'new'?

6 REPLIES 6

Marianne
Moderator
Moderator
Partner    VIP    Accredited Certified

Lowell_Palecek
Level 6
Employee

It may be too late for you, but a word to others. Don't uninstall and reinstall the clients if you don't have to. Upgrade them instead. From the master server's point of view, there had been a client named X. Now there seems to be a new host trying to register as client X. You need to assure the master that it's ok.

This needs a reissue token rather than a regular installation token. The bad news is that the reissue token is specific to one client, which will make it more work to automate. A regular installation token can be used to install N clients. Here's the syntax from the NetBackup Command Reference Manual:

nbcertcmd -createToken -name token_name [-reissue -host host_name | -hostId host_id] [-maxUses number] [-validFor numDnumHnumM] [-reason description_for_auditing] [-server master_server_name]

Nicolai
Moderator
Moderator
Partner    VIP   

A token cannot be generated remote - it must either be re-issues or generated on the master server.

A token is a security measurement - the master servers ensure clients are what they claim to be.

Then imaging if  token could be generated on the client - then every client could claim being whatever a evil admin would have them to be.

Hope this explain

Best Regards

Nicolai

Hi @ally_wilson

I am trying to install client on server 2016 through chocolatey package. But its failing.

Can you share how you have created package for NB Client?

Thanks

Manan

Sure, make sure your "silentclient.cmd" is working then zip it all up.

chocolateyinstall.ps1 looks like this:

$ErrorActionPreference = 'Stop';
$packageName= 'netbackupclient'
$toolsDir   = "$(Split-Path -parent $MyInvocation.MyCommand.Definition)"
$validExitCodes = @(0)
If ((Test-Path $env:Temp\netbackupclient-8.1.zip) -ne $true){
    Invoke-Webrequest -Uri "https://choco.domain.name.net:8443/netbackupclient/netbackupclient-8.1.zip" -OutFile "$env:TEMP\netbackupclient-8.1.zip"
    }

If ((Test-Path $env:Temp\netbackupclient) -ne $true){
    New-Item -ItemType Directory $env:TEMP\netbackupclient
    Expand-Archive $env:TEMP\netbackupclient-8.1.zip -DestinationPath $env:TEMP\netbackupclient\
    }

$whereIam = Get-Location

Set-Location $env:TEMP\netbackupclient\
$cmdBatch = "/c `"$env:TEMP\netbackupclient\silentclient.cmd`""
Start-ChocolateyProcessAsAdmin -Statements $cmdBatch -ExeToRun "cmd.exe" -validExitCodes $validExitCodes
set-location $whereIam
Remove-item -recurse $env:TEMP\netbackupclient -Force
Remove-item $env:TEMP\netbackupclient-8.1.zip -Force

 

Not particularly elegant.

 

Due to the inability to reinstall without generating a reissued token though means we've abandoned this until Veritas gets their **bleep** in order. 

For anyone who might be looking, this is now possible in 8.1.2+, using a script (e.g. PowerShell) and a couple of calls to the NBU REST API.

I've attached an example here and on github:

https://github.com/VeritasOS/netbackup-api-code-samples/pull/62/commits/8947097d978dd7449b424dfa90ce...