10-23-2023 08:14 AM - edited 10-23-2023 08:57 PM
As mentioned in the title of the post;
I am having trouble while configuring the data collection policy credentials for IT Analytics 11.2
Whenever i try to use the appadmin credentials, it will ask for a "bpnbat -login -loginType WEB" permission, but it will only last from 24hrs to 30 days.
Do i need to create a separate user? Through the Primary Server WEBUI? What kind of permissions?
Its the last step for my NITA installation...
Solved! Go to Solution.
10-24-2023 11:21 PM - edited 10-24-2023 11:24 PM
What steps other than 138 did you follow? 138 was just to create the additional user, here's a step by step process I followed for 8 Master servers (Flex and Flex Scale appliances)
Create new sudo user on the master server instance
useradd -G wheel <user>
Give it a strong password
passwd <username>
Edit sudoers.d
visudo -f /etc/sudoers.d/<user>
Insert the following:
Defaults:<user> !requiretty
<user> ALL=(ALL) NOPASSWD: \
/usr/openv/netbackup/bin/admincmd/* ,\
/usr/openv/volmgr/bin/* ,\
/usr/openv/netbackup/bin/*
Then add the user to the master server's RBAC as an administrator
Generate an API Key for the user and use in in NBUITA.
10-23-2023 09:30 PM
Yes you need to create a new user. Since you are using appadmin, I assume you are using an appliance. You can follow on from page 138 of the attached ITA guide.
10-23-2023 09:31 PM
Whoops, forgot to attach the guide and I can't edit my post. Page 138, please note the steps for access. Either everything or specific directories for the user to run the required NBU commands.
10-24-2023 11:22 AM
Created an user and added to wheel (sudo) group.
Then proceeded to do all the steps starting on page 138.
Now i am receiving the following error on the screenshot.
10-24-2023 11:37 AM
what collector you are using ?
the collector that comes preinstalled with netbackup primary server is not compatible with BYO it analytics. You have to install a collector on another system (not the portal)
10-24-2023 11:58 AM
My Portal/Database is the 11.2 OVA.
My Collector 11.2 is installed on the Portal OVA, its name is pvhitacollector.
The primary server user for collection is itacoletor.
10-24-2023 11:21 PM - edited 10-24-2023 11:24 PM
What steps other than 138 did you follow? 138 was just to create the additional user, here's a step by step process I followed for 8 Master servers (Flex and Flex Scale appliances)
Create new sudo user on the master server instance
useradd -G wheel <user>
Give it a strong password
passwd <username>
Edit sudoers.d
visudo -f /etc/sudoers.d/<user>
Insert the following:
Defaults:<user> !requiretty
<user> ALL=(ALL) NOPASSWD: \
/usr/openv/netbackup/bin/admincmd/* ,\
/usr/openv/volmgr/bin/* ,\
/usr/openv/netbackup/bin/*
Then add the user to the master server's RBAC as an administrator
Generate an API Key for the user and use in in NBUITA.
10-25-2023 02:03 AM - edited 10-25-2023 02:24 AM
When you resolve your problem, I need a favor. Or from anyone that has install it analytics from the OVF
please run the flowing commands at the portal server and post the output
rpm -qa |grep libXtst
rpm -qa |grep Xvfb
ls -l /usr/bin/Xvfb
10-25-2023 03:18 AM
Hello StefanosM, I've got the portal intsalled via OVA.
There doesn't seem to be an /Xvfb dir. Only an Xvnc dir.
[root@<portal> admin]# rpm -qa | grep libXtst
libXtst-1.2.3-7.el8.x86_64
[root@<portal> admin]# rpm -qa | grep Xvfb
[root@<portal> admin]#
10-25-2023 05:44 AM
thanks.
I think that Xvfb is a binary that is missing from OVF. (https://www.veritas.com/content/support/en_US/doc/140810972-155218751-0/v148808470-155218751)
I have an open case with veritas regarding wrong PDF output. I do not want to hijack your threat.
10-25-2023 05:46 AM
Isn't my thread, I was just assisting.
10-26-2023 07:18 AM
Thank you, these steps granted me success.
All was missing was the RBAC Admin role.
About the API Key, can you better explain how to do this process and its importance please?
10-26-2023 07:37 AM - edited 10-26-2023 07:39 AM
It's used to successfully execute REST APIs. Its used where password-based authentication is not allowed on the master servers. You can read more here https://www.veritas.com/support/en_US/doc/140248394-150403536-0/pgfId-1092289-150403536
But to generate one, log on to your master server's web console. Expand security, click Access Keys. Click Add and enter the name of the user you want to generate a key for. Save it somewhere, as far as I can tell/have looked, you can't reveal it again. You can then authenticate that user to execute GET/POST etc via API calls by visiting https://masterserver.fq.dn/api-docs/index.html in a web browser.
Edit if you can do what you need without it, it isn't required. But if you didn't have the password for a user, you could create the token for the user and use the token to authenticate.