Solved: [IT Analytics] Data Collector requires bpnbat -log...

luis_alonso · ‎10-23-2023

As mentioned in the title of the post;

I am having trouble while configuring the data collection policy credentials for IT Analytics 11.2
Whenever i try to use the appadmin credentials, it will ask for a "bpnbat -login -loginType WEB" permission, but it will only last from 24hrs to 30 days.

Do i need to create a separate user? Through the Primary Server WEBUI? What kind of permissions?
Its the last step for my NITA installation...

L_BR · ‎10-24-2023

What steps other than 138 did you follow? 138 was just to create the additional user, here's a step by step process I followed for 8 Master servers (Flex and Flex Scale appliances)

Create new sudo user on the master server instance

useradd -G wheel <user>

Give it a strong password

passwd <username>

Edit sudoers.d

visudo -f /etc/sudoers.d/<user>

Insert the following:

Defaults:<user> !requiretty
<user> ALL=(ALL) NOPASSWD: \
/usr/openv/netbackup/bin/admincmd/* ,\
/usr/openv/volmgr/bin/* ,\
/usr/openv/netbackup/bin/*

Then add the user to the master server's RBAC as an administrator

Generate an API Key for the user and use in in NBUITA.

View solution in original post

L_BR · ‎10-23-2023

Yes you need to create a new user. Since you are using appadmin, I assume you are using an appliance. You can follow on from page 138 of the attached ITA guide.

L_BR · ‎10-23-2023

Whoops, forgot to attach the guide and I can't edit my post. Page 138, please note the steps for access. Either everything or specific directories for the user to run the required NBU commands.

luis_alonso · ‎10-24-2023

Created an user and added to wheel (sudo) group.
Then proceeded to do all the steps starting on page 138.

Now i am receiving the following error on the screenshot.

StefanosM · ‎10-24-2023

what collector you are using ?
the collector that comes preinstalled with netbackup primary server is not compatible with BYO it analytics. You have to install a collector on another system (not the portal)

luis_alonso · ‎10-24-2023

My Portal/Database is the 11.2 OVA.
My Collector 11.2 is installed on the Portal OVA, its name is pvhitacollector.
The primary server user for collection is itacoletor.

L_BR · ‎10-24-2023

What steps other than 138 did you follow? 138 was just to create the additional user, here's a step by step process I followed for 8 Master servers (Flex and Flex Scale appliances)

Create new sudo user on the master server instance

useradd -G wheel <user>

Give it a strong password

passwd <username>

Edit sudoers.d

visudo -f /etc/sudoers.d/<user>

Insert the following:

Defaults:<user> !requiretty
<user> ALL=(ALL) NOPASSWD: \
/usr/openv/netbackup/bin/admincmd/* ,\
/usr/openv/volmgr/bin/* ,\
/usr/openv/netbackup/bin/*

Then add the user to the master server's RBAC as an administrator

Generate an API Key for the user and use in in NBUITA.

StefanosM · ‎10-25-2023

@luis_alonso

When you resolve your problem, I need a favor. Or from anyone that has install it analytics from the OVF

please run the flowing commands at the portal server and post the output

rpm -qa |grep libXtst
rpm -qa |grep Xvfb
ls -l /usr/bin/Xvfb

L_BR · ‎10-25-2023

Hello StefanosM, I've got the portal intsalled via OVA.

There doesn't seem to be an /Xvfb dir. Only an Xvnc dir.

[root@<portal> admin]# rpm -qa | grep libXtst
libXtst-1.2.3-7.el8.x86_64
[root@<portal> admin]# rpm -qa | grep Xvfb
[root@<portal> admin]#

StefanosM · ‎10-25-2023

thanks.
I think that Xvfb is a binary that is missing from OVF. (https://www.veritas.com/content/support/en_US/doc/140810972-155218751-0/v148808470-155218751)
I have an open case with veritas regarding wrong PDF output. I do not want to hijack your threat.

L_BR · ‎10-25-2023

Isn't my thread, I was just assisting.

luis_alonso · ‎10-26-2023

Thank you, these steps granted me success.

All was missing was the RBAC Admin role.

About the API Key, can you better explain how to do this process and its importance please?

L_BR · ‎10-26-2023

It's used to successfully execute REST APIs. Its used where password-based authentication is not allowed on the master servers. You can read more here https://www.veritas.com/support/en_US/doc/140248394-150403536-0/pgfId-1092289-150403536

But to generate one, log on to your master server's web console. Expand security, click Access Keys. Click Add and enter the name of the user you want to generate a key for. Save it somewhere, as far as I can tell/have looked, you can't reveal it again. You can then authenticate that user to execute GET/POST etc via API calls by visiting https://masterserver.fq.dn/api-docs/index.html in a web browser.

Edit if you can do what you need without it, it isn't required. But if you didn't have the password for a user, you could create the token for the user and use the token to authenticate.

VOX

[IT Analytics] Data Collector requires bpnbat -login WEB