cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted

Generate token for reinstall of client remotely?

We use Chocolatey to install Netbackup client on our servers. We've recently moved to NB 8.1. from 7.7.3.

Whilst testing with the chocolatey client to install and uninstall the client, I've noticed that to then re-install the client I need to get a new token generated on the master server.


Does anyone know of a way to generate the token remotely (we have Windows and Appliance master servers)? I was hoping the talk of an API would allow me to do this, but I didn't get very far with that. 


Either that, or completely remove the client from the master, so that a reinstall would see it as 'new'?

6 Replies
Highlighted

Re: Generate token for reinstall of client remotely?

Highlighted

Re: Generate token for reinstall of client remotely?

It may be too late for you, but a word to others. Don't uninstall and reinstall the clients if you don't have to. Upgrade them instead. From the master server's point of view, there had been a client named X. Now there seems to be a new host trying to register as client X. You need to assure the master that it's ok.

This needs a reissue token rather than a regular installation token. The bad news is that the reissue token is specific to one client, which will make it more work to automate. A regular installation token can be used to install N clients. Here's the syntax from the NetBackup Command Reference Manual:

nbcertcmd -createToken -name token_name [-reissue -host host_name | -hostId host_id] [-maxUses number] [-validFor numDnumHnumM] [-reason description_for_auditing] [-server master_server_name]

Highlighted

Re: Generate token for reinstall of client remotely?

A token cannot be generated remote - it must either be re-issues or generated on the master server.

A token is a security measurement - the master servers ensure clients are what they claim to be.

Then imaging if  token could be generated on the client - then every client could claim being whatever a evil admin would have them to be.

Hope this explain

Best Regards

Nicolai

Highlighted

Re: Generate token for reinstall of client remotely?

Hi @ally_wilson

I am trying to install client on server 2016 through chocolatey package. But its failing.

Can you share how you have created package for NB Client?

Thanks

Manan

Tags (2)
Highlighted

Re: Generate token for reinstall of client remotely?

Sure, make sure your "silentclient.cmd" is working then zip it all up.

chocolateyinstall.ps1 looks like this:

$ErrorActionPreference = 'Stop';
$packageName= 'netbackupclient'
$toolsDir   = "$(Split-Path -parent $MyInvocation.MyCommand.Definition)"
$validExitCodes = @(0)
If ((Test-Path $env:Temp\netbackupclient-8.1.zip) -ne $true){
    Invoke-Webrequest -Uri "https://choco.domain.name.net:8443/netbackupclient/netbackupclient-8.1.zip" -OutFile "$env:TEMP\netbackupclient-8.1.zip"
    }

If ((Test-Path $env:Temp\netbackupclient) -ne $true){
    New-Item -ItemType Directory $env:TEMP\netbackupclient
    Expand-Archive $env:TEMP\netbackupclient-8.1.zip -DestinationPath $env:TEMP\netbackupclient\
    }

$whereIam = Get-Location

Set-Location $env:TEMP\netbackupclient\
$cmdBatch = "/c `"$env:TEMP\netbackupclient\silentclient.cmd`""
Start-ChocolateyProcessAsAdmin -Statements $cmdBatch -ExeToRun "cmd.exe" -validExitCodes $validExitCodes
set-location $whereIam
Remove-item -recurse $env:TEMP\netbackupclient -Force
Remove-item $env:TEMP\netbackupclient-8.1.zip -Force

 

Not particularly elegant.

 

Due to the inability to reinstall without generating a reissued token though means we've abandoned this until Veritas gets their **bleep** in order. 

Tags (2)
Highlighted

Re: Generate token for reinstall of client remotely?

For anyone who might be looking, this is now possible in 8.1.2+, using a script (e.g. PowerShell) and a couple of calls to the NBU REST API.

I've attached an example here and on github:

https://github.com/VeritasOS/netbackup-api-code-samples/pull/62/commits/8947097d978dd7449b424dfa90ce...