cancel
Showing results for 
Search instead for 
Did you mean: 

[IT Analytics] Data Collector requires bpnbat -login WEB

luis_alonso
Level 3

As mentioned in the title of the post;

I am having trouble while configuring the data collection policy credentials for IT Analytics 11.2
Whenever i try to use the appadmin credentials, it will ask for a "bpnbat -login -loginType WEB" permission, but it will only last from 24hrs to 30 days.

Do i need to create a separate user? Through the Primary Server WEBUI? What kind of permissions? 
Its the last step for my NITA installation...

1 ACCEPTED SOLUTION

Accepted Solutions

L_BR
Level 5

What steps other than 138 did you follow? 138 was just to create the additional user, here's a step by step process I followed for 8 Master servers (Flex and Flex Scale appliances)

 

Create new sudo user on the master server instance

useradd -G wheel <user> 

Give it a strong password

passwd <username>

Edit sudoers.d

visudo -f /etc/sudoers.d/<user>

Insert the following:

Defaults:<user> !requiretty
<user> ALL=(ALL) NOPASSWD: \
/usr/openv/netbackup/bin/admincmd/* ,\
/usr/openv/volmgr/bin/* ,\
/usr/openv/netbackup/bin/*

Then add the user to the master server's RBAC as an administrator

Generate an API Key for the user and use in in NBUITA.

View solution in original post

12 REPLIES 12

L_BR
Level 5

Yes you need to create a new user. Since you are using appadmin, I assume you are using an appliance. You can follow on from page 138 of the attached ITA guide. 

L_BR
Level 5

Whoops, forgot to attach the guide and I can't edit my post. Page 138, please note the steps for access. Either everything or specific directories for the user to run the required NBU commands. 

Created an user and added to wheel (sudo) group.
Then proceeded to do all the steps starting on page 138.

Now i am receiving the following error on the screenshot. 

StefanosM
Level 6
Partner    VIP    Accredited Certified

what collector you are using ?
the collector that comes preinstalled with netbackup primary server is not compatible with BYO it analytics. You have to install a collector on another system (not the portal)

My Portal/Database is the 11.2 OVA.
My Collector 11.2 is installed on the Portal OVA, its name is pvhitacollector.
The primary server user for collection is itacoletor.

L_BR
Level 5

What steps other than 138 did you follow? 138 was just to create the additional user, here's a step by step process I followed for 8 Master servers (Flex and Flex Scale appliances)

 

Create new sudo user on the master server instance

useradd -G wheel <user> 

Give it a strong password

passwd <username>

Edit sudoers.d

visudo -f /etc/sudoers.d/<user>

Insert the following:

Defaults:<user> !requiretty
<user> ALL=(ALL) NOPASSWD: \
/usr/openv/netbackup/bin/admincmd/* ,\
/usr/openv/volmgr/bin/* ,\
/usr/openv/netbackup/bin/*

Then add the user to the master server's RBAC as an administrator

Generate an API Key for the user and use in in NBUITA.

StefanosM
Level 6
Partner    VIP    Accredited Certified

@luis_alonso

When you resolve your problem, I need a favor. Or from anyone that has install it analytics from the OVF

please run the flowing commands at the portal server and post the output

rpm -qa |grep libXtst
rpm -qa |grep Xvfb
ls -l /usr/bin/Xvfb

Hello StefanosM, I've got the portal intsalled via OVA.

There doesn't seem to be an /Xvfb dir. Only an Xvnc dir.

[root@<portal> admin]# rpm -qa | grep libXtst
libXtst-1.2.3-7.el8.x86_64
[root@<portal> admin]# rpm -qa | grep Xvfb
[root@<portal> admin]# 

StefanosM
Level 6
Partner    VIP    Accredited Certified

thanks.
I think that Xvfb  is a binary that is missing from OVF. (https://www.veritas.com/content/support/en_US/doc/140810972-155218751-0/v148808470-155218751)
I have an open case with veritas regarding wrong PDF output. I do not want to hijack your threat.

Isn't my thread, I was just assisting. 

Thank you, these steps granted me success.

All was missing was the RBAC Admin role.

About the API Key, can you better explain how to do this process and its importance please?

It's used to successfully execute REST APIs. Its used where password-based authentication is not allowed on the master servers. You can read more here https://www.veritas.com/support/en_US/doc/140248394-150403536-0/pgfId-1092289-150403536

But to generate one, log on to your master server's web console. Expand security, click Access Keys. Click Add and enter the name of the user you want to generate a key for. Save it somewhere, as far as I can tell/have looked, you can't reveal it again. You can then authenticate that user to execute GET/POST etc via API calls by visiting https://masterserver.fq.dn/api-docs/index.html in a web browser.

Edit if you can do what you need without it, it isn't required. But if you didn't have the password for a user, you could create the token for the user and use the token to authenticate.