cancel
Showing results for 
Search instead for 
Did you mean: 

VMD5_DIGEST line in clients file

MilesVScott
Level 6
Certified

We are looking at scripting the creation of job policies, since there is no API :(

We are running NBU 7.6.1 on RHEL 6.

It looks like simply coping the directory under <install_path>/db/class/ for a default policy and manually editing the clients, schedule, and include files is a pretty straight forward way to accomplish this. The only thing that concerns me is the VMD5_DIGEST line that is commented out. I did some googling and found an older article that described this line's importaince:

Another issue to be aware of is that many of NetBackup's configuration files now contain an MD5 signature. If you have scripts that edit configuration files directly, make sure these files don't contain an MD5 signature. (Look for a line that says #VMD5_DIGEST.) If they do, and you edit them without using a NetBackup command or the GUI - you'll render these files useless. For example, if you use vi or notepad to change any of the values in the file /usr/openv/netbackup/db/class/ /info, the policy in question will disappear from the NetBackup GUI and will no longer run. However, if you edited this file using a NetBackup command, it would be fine.

Src: http://searchstorage.techtarget.com/magazineContent/Veritas-raises-the-bar-with-NetBackup-45

 

Now the fact that it is commented out intrigued me so I  decided to test this and It looks like coping the structure does in fact create a new policy and that policy is visable in the GUI.

 

Is there anything to be concerned with dealing with that line? I Just want to make sure it isn't being used for anything else behind the scnenes.

 

Thanks,

 

1 ACCEPTED SOLUTION

Accepted Solutions

Nicolai
Moderator
Moderator
Partner    VIP   

Hi Miles

You are trying to get around something that isn't intended for end users to change directly. I doubt you will find a way to calculate the MD5value with official support from Symantec. I bet they added the check because corrupt policies was a problem, and they needed  to ensure information in the policy was valid.

And you can actual do policy magic a supported way by using command line 

I can't endorse editing policies directly side stepping Netbackup. I personal think that bad mojo.

Hope that explain the weak answers.

I can call for some of the other trusted admin to give a second opinion on the matter, but I doubt the outcome will be different. 

Best Regards

Nicolai

View solution in original post

7 REPLIES 7

SymTerry
Level 6
Employee Accredited

NetBackup was not really made to be modified like that. You could script with the bppolicynew command (HOWTO92097)

Then follow up with bpplinfo policyName -modify to edit policy details.

Nicolai
Moderator
Moderator
Partner    VIP   

If the layout of a policy ever changes (e.g internal structure) it will be up to you to discovery this. But to discover policy structur changes you have to monitor it, a larger task in itself.

Also manual editing policies is not supported.

So I agree with SymTerry - Use the command line tools. Everyting you can do in the GUI, you can do on the command line.

 

 

MilesVScott
Level 6
Certified

While both are alternate ways to create policies, neither post actually answered anything about the digest line. 

Nicolai
Moderator
Moderator
Partner    VIP   

Hi Miles

You are trying to get around something that isn't intended for end users to change directly. I doubt you will find a way to calculate the MD5value with official support from Symantec. I bet they added the check because corrupt policies was a problem, and they needed  to ensure information in the policy was valid.

And you can actual do policy magic a supported way by using command line 

I can't endorse editing policies directly side stepping Netbackup. I personal think that bad mojo.

Hope that explain the weak answers.

I can call for some of the other trusted admin to give a second opinion on the matter, but I doubt the outcome will be different. 

Best Regards

Nicolai

sdo
Moderator
Moderator
Partner    VIP    Certified
bppolicynew is definitely the way to go. I like to use bppilicynew with a few switches to initially create a deactivated policy, and then use bpplinfo to modify it... Here's a tip, be sure to use the -modify switch on bpplinfo. If you use the -set switch it blanks out all other settings not specified (on the bpplinfo command which uses -set) - which can be bad karma if you were to use bpplinfo -set on an existing good policy. HTH.

sdo
Moderator
Moderator
Partner    VIP    Certified
And instead of manually manipulating policy class files (which will probably be migrated to the EMM soon anyway) - you could create a template policy which has almost every setting you need, and leave it deactivated - and then use bppilicynew -sameas in your scripts to copy said template to a new policy, and then only need a few bpplinfo -modify commands to finish it.

Marianne
Moderator
Moderator
Partner    VIP    Accredited Certified

NBU policy files are NOT to be modified manually.
For this reason no additional information is available about VMD5_DIGEST line.

Although this is not the answer that you were looking for, it is the right answer.