Veritas NetBackup™ Upgrade Guide
- Introduction
- Planning for an upgrade
- General upgrade planning information
- About upgrade tools
- Upgrade operational notes and limitations
- Master server upgrade
- Media server upgrade
- MSDP upgrade for NetBackup
- Client upgrade
- NetBackup Deployment Management with VxUpdate
- Appendix A. Reference
About the NetBackup answer file
NetBackup provides a way to perform unattended, silent installation, and upgrades with a predefined set of configuration options. These options allow the user to:
Override some default values.
Avoid answering some questions during interactive installation.
On UNIX and Linux, templates for media and clients are available at the top level of the NetBackup installation image that is downloaded from Veritas. These templates should be modified as needed and placed in /tmp/NBInstallAnswer.conf
for use during installs and upgrades.
On Windows, templates for master, media, and client are in the windows_x64
directory at the top level of the NetBackup installation image that is downloaded from Veritas. These templates are called silentmaster.cmd
, silentmedia.cmd
, and silentclient.cmd
.
Templates for media and clients are available at the top level of the NetBackup installation image downloaded from Veritas.
Populate the NetBackup answer file on the target host before you run the installation script. Create the file if it does not exist. The supported entries are shown along with any relevant information.
Table: Template options and required computers
Option | NetBackup role | Platform | Required for upgrade? |
---|---|---|---|
Master, media, and client |
Windows | No | |
Client |
All | No | |
Master, media, and client |
Windows | No | |
Media and client | All | Review About security configuration considerations for details. | |
Media and client | All | Review About security configuration considerations for details. | |
Client | Windows | Yes | |
Media and client | UNIX and Linux | No | |
Media and client | All | Review About security configuration considerations for details. | |
Media and client | Windows | Review About security configuration considerations for details. | |
Media and client | All | Review About security configuration considerations for details. | |
Media and client | All | Only when ECA_CRL_CHECK_LEVEL=USE_PATH is specified. | |
Media and client | All | No | |
Media and client | All | Review About security configuration considerations for details. | |
Media and client | All | Review About security configuration considerations for details. | |
Media servers and clients | All | UNIX and Linux media servers and clients: No Windows media servers: Yes | |
Media and client | All | No | |
Master, media, and client | Windows | No | |
Media | UNIX and Linux | No | |
Master and media | Windows | No | |
Media and client | UNIX and Linux | No | |
Master, media, and client | Windows | Yes | |
Client | UNIX and Linux | No | |
Media | Windows | No | |
Client | UNIX and Linux | No | |
Master | Windows | No | |
Master | UNIX and Linux | No | |
Master | UNIX and Linux | No | |
Master | UNIX and Linux | No | |
Master | UNIX and Linux | No | |
Media and client | UNIX and Linux | No | |
Client | UNIX and Linux | No | |
Master, media, and client | Windows | No | |
Master | Windows | Possibly | |
Master, media, and client | Windows | No | |
Master, media, and client | Windows | No | |
Master | Windows | Yes | |
Master | All | Unix and Linux: No Windows: Yes | |
Master | Windows | Yes | |
Master | All | Unix and Linux: No Windows: Yes |
The version of NetBackup and the operation that is performed determines what security parameters are required in the template file.
If this operation is an initial installation or an upgrade from pre-8.1, at least one set of security configuration parameters must be provided.
To use the NetBackup master server as your Certificate Authority, the CA_CERTIFICATE_FINGERPRINT of the master server must be provided. The AUTHORIZATION_TOKEN option may be required depending on either the security level of the master server or if this computer is already configured on the master server. More information is available: https://www.veritas.com/support/en_US/article.000127129.
To use an external certificate authority on UNIX and Linux, the ECA_CERT_PATH, ECA_CRL_CHECK_LEVEL, ECA_PRIVATE_KEY_PATH, and ECA_TRUST_STORE_PATH values are required. More information is available: https://www.veritas.com/support/en_US/article.100044300
To use an external certificate authority on Windows: either provide the ECA_CERT_STORE and ECA_CRL_CHECK_LEVEL values or all values previously specified for UNIX and Linux.
The ECA_CRL_PATH and ECA_KEY_PASSPHRASEFILE values are optional. More information is available: https://www.veritas.com/support/en_US/article.100044300.
When you upgrade NetBackup from a version that already has secure communications configured (NetBackup 8.1 or newer), the CA_CERTIFICATE_FINGERPRINT and AUTHORIZATION_TOKEN values are ignored.
When you upgrade NetBackup from a version that already has ECA configured (NetBackup 8.2 or newer), all the ECA* parameters are ignored.
To continue the installation or upgrade without configuring the certificate authority, specify SKIP for all the required ECA_ options. Be aware the installation or upgrade fails if you don't set all the ECA_ values to SKIP. If you continue the installation or the upgrade without the required certificate authority components, backups and restores fail.
Description: This option halts the installation or upgrade if a restart is required. Valid values are 0, don't halt and 1, halt.
Applicable platforms: Windows only.
Default value: 0
Required: No.
ABORT_REBOOT_INSTALL 0 | 1
Description: Use this option to identify how a NAT client connects with a NetBackup host. Accepted values are TRUE and FALSE. Set this option to TRUE if NetBackup needs to support NAT, otherwise set it to FALSE. Set ACCEPT_REVERSE_CONNECTION=FALSE if:
You do not want NetBackup to support NAT clients.
The NetBackup clients are not behind the firewall.
Applicable platforms: Both UNIX and Windows.
Default value: FALSE
ACCEPT_REVERSE_CONNECTION=TRUE | FALSE
Description: Use this option to Include NetBackup media servers that are used to proxy security requests to the master server. List only the servers that were added since the last installation of this host. The install process combines the existing set of servers with the new ones. The use of IP addresses is not supported. Valid input values are a comma-separated list of fully qualified computer names.
Applicable platforms: Windows only.
Default value: None.
Required: No.
ADDITIONALSERVERS server1,server2,servern
Description: This option specifies that NetBackup should automatically use an authorization or a reissue token when it retrieves the host certificate. The AUTHORIZATION_TOKEN is 16 upper case letters. Some environments require an authorization token for backups and restores to work correctly. If this information is required and is not provided in the answer file, the installation fails. If SKIP is specified, the installer attempts to retrieve a host certificate without including a token. In some environments this choice may result in additional manual steps following the installation.
Be aware that AUTHORIZATION_TOKEN is ignored under either of these conditions:
ECA is in use on the master server.
The master server's security level is set lower than High.
Applicable platforms: Both UNIX and Windows.
Default value: None.
Required: Review About security configuration considerations for details.
AUTHORIZATION_TOKEN=ABCDEFGHIJKLMNOP | SKIP
Description: This option specifies the Certificate Authority (CA) Certificate Fingerprint. The Certificate Fingerprint is retrieved from the CA during installation or upgrade. The fingerprint format is 59 characters and is a combination of the digits 0-9, the letters A-F, and colons. For example, 01:23:45:67:89:AB:CD:EF:01:23:45:67:89:AB:CD:EF:01:23:45:67. The fingerprint value must match the fingerprint for the server value that is specified in the first SERVER=server_name option. To continue the installation or upgrade without configuring security, specify CA_CERTIFICATE_FINGERPRINT=SKIP.
Be aware that CA_CERTIFICATE_FINGERPRINT is ignored under either of these conditions:
ECA is in use on the master server.
The master server's security level is set lower than High.
Applicable platforms: Both UNIX and Windows.
Default value: None.
Required: Review About security configuration considerations for details.
CA_CERTIFICATE_FINGERPRINT=fingerprint | SKIP
Description: This option specifies the name that NetBackup uses to identify this client host. The %COMPUTERNAME% value lets the local host provide the computer name. If this value is used, it may be possible to use the same answer file on all computers within a single master server domain. The use of IP addresses is not supported.
Applicable platforms: Windows only.
Default value: None.
Required: Yes.
CLIENT=client_name | %COMPUTERNAME%
Description: This option specifies the name that NetBackup uses to identify this computer. The XLOCALHOSTX value lets the local host provide the computer name. If this value is used, it may be possible to use the same answer file on all computers within a single master server domain. This value is added to the
bp.conf
file.If CLIENT_NAME is specified on upgrade, a check is made to validate that the name that is provided in the answer file matches the value that is configured in the
bp.conf
file.Applicable platforms: Unix and Linux only.
Default value: None.
Required: No
CLIENT_NAME=name | XLOCALHOSTX
Description: This option specifies the path and the file name of the external certificate file.
To skip setting up the certificate authority, set all required ECA_ values to SKIP. Be aware that if you continue with the installation without a certificate authority, the backups and restores fail.
The ECA_CERT_PATH option is ignored on upgrade if ECA is already configured on the host or if NBCA only is in use on the master server.
Applicable platforms: All.
Default value: None.
Required: Review About security configuration considerations for details.
ECA_CERT_PATH=path_and_file_name
Description: This option specifies the external certificate location in a Windows certificate store. The option is required to set up an external certificate from the Windows certificate store.
Applicable platforms: Windows only.
Default value: None.
Required: Review About security configuration considerations for details.
ECA_CERT_STORE=store_name\issuer_distinguished_name\subject
Description: This option specifies the CRL mode. Supported values are:
USE_CDP: Use the CRL defined in the certificate.
USE_PATH: Use the CRL at the path that is specified in ECA_CRL_PATH.
DISABLED: Do not use a CRL.
SKIP: Used to skip setting up the certificate authority. To skip the ECA configuration, you must set all required ECA_ values to SKIP. Be aware that if you continue with the installation without a certificate authority, the backups and restores fail.
The ECA_CERT_PATH option is ignored on upgrade if ECA is already configured on the host or if NBCA only is in use on the master server.
Applicable platforms: All.
Default value: None.
Required: Review About security configuration considerations for details.
ECA_CRL_CHECK_LEVEL=value
Description: This option specifies the path and the file name of the CRL associated with the external CA certificate.
To skip setting up the certificate authority, set all required ECA_ values to SKIP. Be aware that if you continue with the installation without a certificate authority, the backups and restores fail.
The ECA_CERT_PATH option is ignored on upgrade if ECA is already configured on the host or if NBCA only is in use on the master server.
Applicable platforms: All.
Default value: None.
Required: Only when ECA_CRL_CHECK_LEVEL=USE_PATH is specified.
ECA_CRL_PATH=path
Description: This option specifies the path and the file name of the file that contains the passphrase to access the keystore.
The ECA_CERT_PATH option is ignored on upgrade if ECA is already configured on the host or if NBCA only is in use on the master server.
Applicable platforms: All.
Default value: None.
Required: No
ECA_KEY_PASSPHRASEFILE=path/filename
Description: This option specifies the path and the file name of the file representing the private key.
To skip setting up the certificate authority, set all required ECA_ values to SKIP. Be aware that if you continue with the installation without a certificate authority, the backups and restores fail.
The ECA_CERT_PATH option is ignored on upgrade if ECA is already configured on the host or if NBCA only is in use on the master server.
Applicable platforms: All.
Default value: None.
Required: Review About security configuration considerations for details.
ECA_PRIVATE_KEY_PATH=path/filename
Description: This option specifies the path and the file name of the file representing the trust store location.
To skip setting up the certificate authority, set all required ECA_ values to SKIP. Be aware that if you continue with the installation without a certificate authority, the backups and restores fail.
The ECA_CERT_PATH option is ignored on upgrade if ECA is already configured on the host or if NBCA only is in use on the master server.
Applicable platforms: All.
Default value: None.
Required: Review About security configuration considerations for details.
ECA_TRUST_STORE_PATH=path/filename
Description: Used to determine how to handle the optional Java and JRE components during install or upgrade. Supported values are:
INCLUDE: Include the Java GUI and JRE as part of the installation or upgrade.
EXCLUDE: Exclude the Java GUI and JRE. This option also removes all previous versions of the Java GUI and the JRE if they are present on the host.
MATCH: Match the existing configuration on the host. If you specify this option on an initial installation, the components are not installed.
Applicable platforms: All.
Default value: None
Required: UNIX and Linux, no. Windows media servers, yes.
Description: This option specifies the location to install the NetBackup binaries. Only the absolute path to a base directory is required for this option. The installer automatically appends
/openv
. This option cannot be used to change the location of NetBackup during an upgrade.Be aware that the INSTALL_PATH option is ignored on upgrade.
Applicable platforms: Unix and Linux only.
Default value:
/usr
Required: No
INSTALL_PATH = path
Description: This option specifies the location to install NetBackup. The fully qualified path to the base directory is required.
Applicable platforms: Windows only.
Default value: None.
Required: Yes
INSTALLDIR=C:\Program Files\Veritas
Description: This option specifies the license key string to apply to the server. Additional LICENSE = key_string lines may be added if more licenses are to be applied. This option only adds additional keys - no existing keys are removed.
Applicable platforms: Unix and Linux only.
Default value: None.
Required: No.
LICENSE = key_string
Description: This option specifies the NetBackup license key for the installation.
Applicable platforms: Windows only.
Default value: None.
Required: Yes for master and media servers. Not required for clients.
LICENSEKEY=NetBackup_license_key
Description: This option specifies the NetBackup role to install and configure on this computer. For upgrades, this value must match the configured role on the computer.
Default value: None. Supported values are MASTER, MEDIA, and CLIENT.
Applicable platforms: Unix and Linux only.
Required: No.
MACHINE_ROLE = MASTER | MEDIA | CLIENT
Description: This option specifies the server name this computer recognizes as the current NetBackup master server. If this host is the master server, %COMPUTERNAME% can be used for the value. The use of IP addresses is not supported. Additional master servers can be specified with the ADDITIONALSERVERS option.
Applicable platforms: Windows only.
Default value: None.
Required: Yes.
MASTERSERVER=master_server_name
Description: This option specifies that NetBackup may use the named host to tunnel secure web requests for this client. A tunnel is required when communication between the client and the NetBackup Web Service on the master server is blocked. This communication is required to obtain a host certificate during the NetBackup installation or upgrade. Multiple MEDIA_SERVER entries may exist in the answer file. Each one is used as a candidate to tunnel https requests. These entries are added to the
bp.conf
file.Applicable platforms: Unix and Linux only.
Default value: None.
Required: No.
MEDIA_SERVER=media_server_name
Description: This option specifies the name of the host this computer recognizes as its media server. The use of IP addresses is not supported.
Applicable platforms: Windows only.
Default value: None.
Required: No.
MEDIASERVER=media_server_name
Description: Merge the servers present in
bp.conf
on the master with the server list contained in this client'sbp.conf
.Applicable platforms: Unix and Linux only.
Default value: NO
Required: No.
MERGE_SERVERS_LIST = yes | no
Description: This option specifies the name of the server that runs the OpsCenter. Leave this option empty if you don't use OpsCenter. You can also configure OpsCenter after install.
Applicable platforms: Windows only.
Default value: None.
Required: No.
OPSCENTER_SERVER_NAME=OpsCenter_server_name
Description: This option specifies the domain name of the principal that is configured to have the role-based access control (RBAC) permissions for the security administrator and backup administrator roles.
Default value: None.
Applicable platforms: Unix and Linux only.
Required: No
RBAC_DOMAIN_NAME = domain_name
Description: This option specifies the domain type of the principal that is configured to have the role-based access control (RBAC) permissions for the security administrator and backup administrator roles.
Applicable platforms: Unix and Linux only.
Default value: None.
Required: No
RBAC_DOMAIN_TYPE = domain_type
Description: This option specifies the name of the principal that is configured to have the role-based access control (RBAC) permissions for the security administrator and backup administrator roles. This user or the user group must already exist on the system.
Applicable platforms: Unix and Linux only.
Default value: None.
Required: No
RBAC_PRINCIPAL_NAME = principal_name
Description: This option specifies the type of the principal that is configured to have the role-based access control (RBAC) permissions for the security administrator and backup administrator roles.
Applicable platforms: Unix and Linux only.
Default value: None.
Required: No
RBAC_PRINCIPAL_TYPE = USER | USERGROUP
Description: This option specifies the server name this computer recognizes as the current NetBackup master server. Additional SERVER= lines may be added if there are other servers that should be recognized. In the case where multiple SERVER= lines are present, the first occurrence is the master server. These entries are added to the
bp.conf
file.Applicable platforms: Unix and Linux only.
Default value: None.
Required: No.
SERVER=master_server_name
Description: This option specifies whether NetBackup services should be started upon completion of the client installation or upgrade. If no is specified, the NetBackup services are not started. Additional manual configuration steps may be performed after the install or upgrade but before the NetBackup services are started.
Applicable platforms: Unix and Linux only.
Default value: YES
Required: No.
SERVICES=no
Description: This option specifies if the NetBackup services are restarted after the host server reboots.
Applicable platforms: Windows only.
Default value: Automatic
Required: No.
SERVICESTARTTYPE=Automatic | Manual
Description: This option specifies the path and the file name of the Smart Meter customer registration key file.
Applicable platforms: Windows only.
Default value: None.
Required: Upgrades from pre-NetBackup 8.1.2 require this option. Upgrades from 8.1.2 and later do not require this option.
SMART_METER_FILE_PATH = path_and_file_name
Description: This option specifies if the install process should stop any active NetBackup processes automatically if detected. Be sure to confirm there are no active NetBackup jobs and that all NetBackup databases are shut down before installation or upgrade. Valid input values are 0 for don't stop, and 1 for stop.
Applicable platforms: Windows only.
Default value: 0
Required: No.
STOP_NBU_PROCESSES = 0 | 1
Description: This option specifies the port NetBackup's vnetd process uses.
Applicable platforms: Windows only.
Default value: 13724
Required: No.
VNETD_PORT=port_number
Description: Use this option to associate the web server with Domain (Active Directory) accounts. Provide the domain name in this field. If you plan to associate the web server with local accounts, leave this field blank.
Applicable platforms: Windows only.
Default value: None.
Required: No.
WEBSVC_DOMAIN=domain_name
Description: This option specifies the group name of the account that the NetBackup web server uses. This group must already exist on the system.
Applicable platforms: All.
Default value: nbwebgrp
Required: UNIX and Linux master servers, no. Windows master servers, yes.
WEBSVC_GROUP=custom_group_account_name
Description: This option specifies the password for the Windows WEBSVC_USER account. If your websvc password contains any special characters (% ^ & < > | ' ` , ; = ( ) ! " \ [ ] . * ?), add the appropriate escape characters to the password. For example if the websvc password is abc% you must enter abc%%.
Caution:
This option places the password for this account in clear text and could potentially be a security concern.
Applicable platforms: Windows only.
Default value: None.
WEBSVC_PASSWORD_PLAIN=password
Description: This option specifies the user name of the account that the NetBackup web server uses. This user must already exist on the system.
Applicable platforms: All.
Default value: nbwebsvc
Required: UNIX and Linux master servers, no. Windows master servers, yes.
WEBSVC_USER=custom_user_account_name