Veritas NetBackup™ Upgrade Guide
- Introduction
- Planning for an upgrade
- General upgrade planning information
- About upgrade tools
- Upgrade operational notes and limitations
- Master server upgrade
- Media server upgrade
- MSDP upgrade for NetBackup
- Client upgrade
- NetBackup Deployment Management with VxUpdate
- Appendix A. Reference
About the NetBackup answer file
The NetBackup answer file (/tmp/NBInstallAnswer.conf
) is used during UNIX and Linux installs and upgrades to:
Override some default values.
Avoid answering some questions during interactive installation.
Perform unattended or silent UNIX and Linux client installs and upgrades on most supported operating systems.
Templates for media and clients are available at the top level of the NetBackup installation image downloaded from Veritas.
Populate the NetBackup answer file on the target host before you run the installation script. Create the file if it does not exist. The supported entries are shown along with any relevant information.
Table: Template options and required computers
Option | NetBackup role | Required for upgrade? |
---|---|---|
Client | Only if you want to configure NetBackup to support NAT clients. | |
Media and client | Review About security configuration considerations for details. | |
Media and client | Review About security configuration considerations for details. | |
Media and client | No | |
Media and client | Review About security configuration considerations for details. | |
Media and client | Review About security configuration considerations for details. | |
Media and client | Only when ECA_CRL_CHECK_LEVEL=USE_PATH is specified. | |
Media and client | No | |
Media and client | Review About security configuration considerations for details. | |
Media and client | Review About security configuration considerations for details. | |
Media and client | No | |
Media | No | |
Media and client | No | |
Client | No | |
Client | No | |
Master | No | |
Master | No | |
Master | No | |
Master | No | |
Media and client | No | |
Client | No | |
Master | No | |
Master | No |
If this operation is an initial installation or an upgrade from pre-8.0, at least one set of security configuration parameters must be provided.
To use the NetBackup master server as your Certificate Authority, the CA_CERTIFICATE_FINGERPRINT of the master server must be provided. The AUTHORIZATION_TOKEN option may be required depending on either the security level of the master server or if this computer is already configured on the master server. More information is available: https://www.veritas.com/support/en_US/article.000127129.
To use an external certificate authority, the ECA_CERT_PATH, ECA_CRL_CHECK_LEVEL, ECA_PRIVATE_KEY_PATH, and ECA_TRUST_STORE_PATH values are required. The ECA_CRL_PATH and ECA_KEY_PASSPHRASEFILE values are optional. More information is available: https://www.veritas.com/support/en_US/article.100044300.
To continue the installation or upgrade without configuring the certificate authority, specify SKIP for all the required ECA_ options. Be aware the installation or upgrade fails if you don't set all the ECA_ values to SKIP. If you continue the installation or the upgrade without the required certificate authority components, backups and restores fail.
Description: Use this option to identify how a NAT client connects with a NetBackup host. Accepted values are TRUE and FALSE. Set this option to TRUE if NetBackup needs to support NAT, otherwise set it to FALSE. Set ACCEPT_REVERSE_CONNECTION = FALSE if:
You do not want NetBackup to support NAT clients.
The NetBackup clients are not behind the firewall.
Default value: FALSE
ACCEPT_REVERSE_CONNECTION=TRUE | FALSE
Description: This option specifies that NetBackup should automatically use an authorization or a reissue token when it retrieves the host certificate. The AUTHORIZATION_TOKEN is 16 upper case letters. Some environments require an authorization token for backups and restores to work correctly. If this information is required and is not provided in the answer file, the installation fails. If SKIP is specified, the installer attempts to retrieve a host certificate without including a token. In some environments this choice may result in additional manual steps following the installation.
Be aware that AUTHORIZATION_TOKEN is ignored on upgrade under either of these conditions:
NBCA is already configured on the host.
ECA is in use on the master server.
Default value: None.
Required: Review About security configuration considerations for details.
AUTHORIZATION_TOKEN=ABCDEFGHIJKLMNOP | SKIP
Description: This option specifies the Certificate Authority (CA) Certificate Fingerprint. The Certificate Fingerprint is retrieved from the CA during installation or upgrade. The fingerprint format is 59 characters and is a combination of the digits 0-9, the letters A-F, and colons. For example, 01:23:45:67:89:AB:CD:EF:01:23:45:67:89:AB:CD:EF:01:23:45:67. The fingerprint value must match the fingerprint for the server value that is specified in the first SERVER=server_name option. To continue the installation or upgrade without configuring security, specify CA_CERTIFICATE_FINGERPRINT=SKIP.
Be aware that CA_CERTIFICATE_FINGERPRINT is ignored on upgrade under either of these conditions:
NBCA is already configured on the host.
ECA is in use on the master server.
Default value: None.
Required: Review About security configuration considerations for details.
CA_CERTIFICATE_FINGERPRINT=fingerprint | SKIP
Description: This option specifies the name that NetBackup uses to identify this computer. The XLOCALHOSTX value lets the local host provide the computer name. If this value is used, it may be possible to use the same answer file on all computers within a single master server domain. This value is added to the
bp.conf
file.If CLIENT_NAME is specified on upgrade, a check is made to validate that the name that is provided in the answer file matches the value that is configured in the
bp.conf
file.Default value: None.
Required: No
CLIENT_NAME=name | XLOCALHOSTX
Description: This option specifies the path and the file name of the external certificate file.
To skip setting up the certificate authority, set all required ECA_ values to SKIP. Be aware that if you continue with the installation without a certificate authority, the backups and restores fail.
The ECA_CERT_PATH option is ignored on upgrade if ECA is already configured on the host or if NBCA only is in use on the master server.
Default value: None.
Required: Review About security configuration considerations for details.
ECA_CERT_PATH=path_and_file_name
Description: This option specifies the CRL mode. Supported values are:
USE_CDP: Use the CRL defined in the certificate.
USE_PATH: Use the CRL at the path that is specified in ECA_CRL_PATH.
DISABLED: Do not use a CRL.
SKIP: Used to skip setting up the certificate authority. To skip the ECA configuration, you must set all required ECA_ values to SKIP. Be aware that if you continue with the installation without a certificate authority, the backups and restores fail.
The ECA_CERT_PATH option is ignored on upgrade if ECA is already configured on the host or if NBCA only is in use on the master server.
Default value: None.
Required: Review About security configuration considerations for details.
ECA_CRL_CHECK_LEVEL=value
Description: This option specifies the path and the file name of the CRL associated with the external CA certificate.
To skip setting up the certificate authority, set all required ECA_ values to SKIP. Be aware that if you continue with the installation without a certificate authority, the backups and restores fail.
The ECA_CERT_PATH option is ignored on upgrade if ECA is already configured on the host or if NBCA only is in use on the master server.
Default value: None.
Required: Only when ECA_CRL_CHECK_LEVEL=USE_PATH is specified.
ECA_CRL_PATH=path
Description: This option specifies the path and the file name of the file that contains the passphrase to access the keystore.
The ECA_CERT_PATH option is ignored on upgrade if ECA is already configured on the host or if NBCA only is in use on the master server.
Default value: None.
Required: No
ECA_KEY_PASSPHRASEFILE=path/filename
Description: This option specifies the path and the file name of the file representing the private key.
To skip setting up the certificate authority, set all required ECA_ values to SKIP. Be aware that if you continue with the installation without a certificate authority, the backups and restores fail.
The ECA_CERT_PATH option is ignored on upgrade if ECA is already configured on the host or if NBCA only is in use on the master server.
Default value: None.
Required: Review About security configuration considerations for details.
ECA_PRIVATE_KEY_PATH=path/filename
Description: This option specifies the path and the file name of the file representing the trust store location.
To skip setting up the certificate authority, set all required ECA_ values to SKIP. Be aware that if you continue with the installation without a certificate authority, the backups and restores fail.
The ECA_CERT_PATH option is ignored on upgrade if ECA is already configured on the host or if NBCA only is in use on the master server.
Default value: None.
Required: Review About security configuration considerations for details.
ECA_TRUST_STORE_PATH=path/filename
Description: This option specifies the location to install the NetBackup binaries. Only the absolute path to a base directory is required for this option. The installer automatically appends
/openv
. This option cannot be used to change the location of NetBackup during an upgrade.Be aware that the INSTALL_PATH option is ignored on upgrade.
Default value:
/usr
Required: No
INSTALL_PATH = path
Description: This option specifies the license key string to apply to the server. Additional LICENSE = key_string lines may be added if more licenses are to be applied. This option only adds additional keys - no existing keys are removed.
Default value: None.
Required: No.
LICENSE = key_string
Description: This option specifies the NetBackup role to install and configure on this computer. For upgrades, this value must match the configured role on the computer.
Default value: None. Supported values are MASTER, MEDIA, and CLIENT.
Required: No.
MACHINE_ROLE = MASTER | MEDIA | CLIENT
Description: This option specifies that NetBackup may use the named host to tunnel secure web requests for this client. A tunnel is required when communication between the client and the NetBackup Web Service on the master server is blocked. This communication is required to obtain a host certificate during the NetBackup installation or upgrade. Multiple MEDIA_SERVER entries may exist in the answer file. Each one is used as a candidate to tunnel https requests. These entries are added to the
bp.conf
file.Default value: None.
Required: No.
MEDIA_SERVER=media_server_name
Description: Merge the servers present in
bp.conf
on the master with the server list contained in this client'sbp.conf
.Default value: NO
Required: No.
MERGE_SERVERS_LIST = yes | no
Description: This option specifies the domain name of the principal that is configured to have the role-based access control (RBAC) permissions for the security administrator and backup administrator roles.
Default value: None.
Required: No
RBAC_DOMAIN_NAME = domain_name
Description: This option specifies the domain type of the principal that is configured to have the role-based access control (RBAC) permissions for the security administrator and backup administrator roles.
Default value: None.
Required: No
RBAC_DOMAIN_TYPE = domain_type
Description: This option specifies the name of the principal that is configured to have the role-based access control (RBAC) permissions for the security administrator and backup administrator roles. This user or the user group must already exist on the system.
Default value: None.
Required: No
RBAC_PRINCIPAL_NAME = principal_name
Description: This option specifies the type of the principal that is configured to have the role-based access control (RBAC) permissions for the security administrator and backup administrator roles.
Default value: None.
Required: No
RBAC_PRINCIPAL_TYPE = USER | USERGROUP
Description: This option specifies the server name this computer recognizes as the current NetBackup master server. Additional SERVER= lines may be added if there are other servers that should be recognized. In the case where multiple SERVER= lines are present, the first occurrence is the master server. These entries are added to the
bp.conf
file.Default value: None.
Required: No.
SERVER=master_server_name
Description: This option specifies whether NetBackup services should be started upon completion of the client installation or upgrade. If no is specified, the NetBackup services are not started. Additional manual configuration steps may be performed after the install or upgrade but before the NetBackup services are started.
Default value: YES
Required: No.
SERVICES=no
Description: This option specifies the group name of the account that the NetBackup web server uses. This group must already exist on the system.
Default value: nbwebgrp
Required: No.
WEBSVC_GROUP=custom_group_account_name
Description: This option specifies the user name of the account that the NetBackup web server uses. This user must already exist on the system.
Default value: nbwebsvc
Required: No.
WEBSVC_USER=custom_user_account_name