NetWorker:在升级到 19.7.0.3 或 19.8.0.2 及更之前的群集 Linux 服务器上,Bootstrap 备份和 Authc 命令失败
Summary: NetWorker 服务器部署在群集 Linux NetWorker 服务器上。将 NetWorker 版本升级到 19.7.0.3 或 19.8.0.2 及更之前版本后,Server Protection bootstrap 备份失败。身份验证服务命令(nsrlogin、authc_config、authc_mgmt)也会失败,返回的错误是身份验证服务不可用,并显示 HTTP 错误 404(未找到)。 ...
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Symptoms
NetWorker 服务器部署在 Red Hat Pacemaker (pcs) 高可用性群集上。
NetWorker 已升级到 19.7.0.4。
NetWorker 服务启动成功,所有群集资源在其中一个群集节点上显示为“started”:
图 1:Bootstrap 备份无法备份 authcdb
NetWorker 已升级到 19.7.0.4。
NetWorker 服务启动成功,所有群集资源在其中一个群集节点上显示为“started”:
root@NWrhelNodeG:~# pcs resource * Resource Group: NW_group: * fs (ocf::heartbeat:Filesystem): Started NWrhelNodeG.emclab.local * ip (ocf::heartbeat:IPaddr): Started NWrhelNodeG.emclab.local * nws (ocf::EMC_NetWorker:Server): Started NWrhelNodeG.emclab.localnsrlogin 命令失败,并显示 HTTP 错误 404(未找到):
[admin@NWrhelNodeG linux_x86_64]$ nsrlogin -u Administrator 130136:nsrlogin: Please enter password: 117849:nsrlogin: Authentication library error: GET failed with HTTP-ERROR: 404 Server Message : Could not parse server-response from json string Server Message : Make sure that server is running“Server Protection”bootstrap 备份无法备份 authcdb:
图 1:Bootstrap 备份无法备份 authcdb
Cause
升级期间对 authc 的更改未提交到群集共享 authcdb。在升级过程中,PCS NWS 资源被禁用或 PCS 群集资源完全停止。当 NWS 未运行时,/nsr 目录将以符号方式链接(指向)到 /nsr。NetWorker.local 而不是 /nsr_share。
/nsr。NetWorker.local 是物理节点 /nsr 目录,仅包含客户端相关文件夹。A /nsr。NetWorker.local/authc 文件夹存在,但它不包含特定于 NetWorker 服务器 authcdb 的任何文件,它位于 /nsr_share/nsr/authc 下。
NetWorker 升级后,authc 预期身份验证文件的“版本 B”,但在升级之前会看到文件的“版本 A”。
/nsr。NetWorker.local 是物理节点 /nsr 目录,仅包含客户端相关文件夹。A /nsr。NetWorker.local/authc 文件夹存在,但它不包含特定于 NetWorker 服务器 authcdb 的任何文件,它位于 /nsr_share/nsr/authc 下。
NetWorker 升级后,authc 预期身份验证文件的“版本 B”,但在升级之前会看到文件的“版本 A”。
Resolution
将 NetWorker 升级到以下版本之一(或更高版本):
如果您使用的是 19.8.0.4 或 19.9.0.2 及更高版本,请执行以下操作:
Nsrlogin 尝试和 bootstrap 备份应成功。
- 19.8.0.4
- 19.9.0.2
如果您使用的是 19.8.0.4 或 19.9.0.2 及更高版本,请执行以下操作:
- 在群集中的每个节点上,重命名 /opt/nsr/authc-server/conf/h2_db.properties:
mv /opt/nsr/authc-server/conf/h2_db.properties /opt/nsr/authc-server/conf/h2_db.properties.bak
- 在每个节点上,重新运行 /opt/nsr/authc-server/scripts/authc_configure.sh以重新配置 authc。这不会删除以前在 authc 中完成的任何设置或配置。
在活动节点上,这看起来如下所示:
在被动节点上,这看起来如下所示:
root@NWrhelNodeH:~# /opt/nsr/authc-server/scripts/authc_configure.sh
Specify the directory where the Java Standard Edition Runtime Environment (JRE) software is installed [/opt/nre/java/latest]:
The installation process will install an Apache Tomcat instance. For optimum security, EMC NetWorker Authentication Service will use a non-root user (nsrtomcat) to start the Apache Tomcat instance. If your system has special user security requirements, ensure that proper operational permissions are granted to this non-root user (nsrtomcat).
Please refer to NetWorker Installation Guide.
WARNING: Port 9090 is already in use.
Do you wish to specify a different port number [y]? n
The Apache Tomcat will use "NWrhelNodeH.emclab.local" as the host name. The Apache Tomcat will use "9090" as the port number.
The NetWorker Authentication Service requires a keystore file to configure encryption and to provide SSL support.
EMC recommends that you specify a keystore password that has a minimum of six characters.
Do you want to use the existing keystore /nsr/authc/conf/authc.keystore [y]?
Specify password for the existing keystore:
The install will use the existing certificate "emcauthctomcat" for Apache Tomcat.
The install will use the existing certificate "emcauthcsaml" for Authentication Service.
Creating the installation log in /opt/nsr/authc-server/logs/install.log.
Performing initialization. Please wait...
The installation completed successfully.
在被动节点上,这看起来如下所示:
root@NWrhelNodeG:~# /opt/nsr/authc-server/scripts/authc_configure.sh
Specify the directory where the Java Standard Edition Runtime Environment (JRE) software is installed [/opt/nre/java/latest]:
The installation process will install an Apache Tomcat instance. For optimum security, EMC NetWorker Authentication Service will use a non-root user (nsrtomcat) to start the Apache Tomcat instance. If your system has special user security requirements, ensure that proper operational permissions are granted to this non-root user (nsrtomcat).
Please refer to NetWorker Installation Guide.
The Apache Tomcat will use "NWrhelNodeG.emclab.local" as the host name. The Apache Tomcat will use "9090" as the port number.
The NetWorker Authentication Service requires a keystore file to configure encryption and to provide SSL support.
EMC recommends that you specify a keystore password that has a minimum of six characters.
Do you want to use the existing keystore /nsr/authc/conf/authc.keystore [y]?
Specify password for the existing keystore:
The install will use the existing certificate "emcauthctomcat" for Apache Tomcat.
The install will use the existing certificate "emcauthcsaml" for Authentication Service.
The NetWorker Authentication Service defines automatically an administrator user account named administrator in the NetWorker Authentication Service local database. This account is specific to the administration of the NetWorker Authentication Service, and is not related to other administrator accounts on this system.
*******************************************************************************************
Password criteria: Minimum required characters - 9 and Maximum allowed characters - 126 Minimum [alphabetic - 2, Uppercase - 1, Lowercase - 1, Numeric - 1, Special character - 1]
********************************************************************************************
Specify an initial password for administrator:
Confirm the password:
Creating the installation log in /opt/nsr/authc-server/logs/install.log.
Performing initialization. Please wait...
The installation completed successfully.
提醒:在被动节点上,系统会提示您为 NetWorker 管理员帐户创建新密码。这并不意味着现有密码丢失。发生这种情况是因为群集使用的 authcdb 位于仅存在于活动节点上的 /nsr_share/nsr/authc 下。当被动节点成为新的活动节点时,它将使用共享 authcdb。authc_configure.sh脚本在每个节点上运行,以重新创建每个节点本地的 /opt/nsr/authc-server/conf/h2_db.properties 。
- 重新启动 NWS 资源:
pcs resource restart nws
- 确认 NWS 资源已启动:
pcs resource
root@NWrhelNodeH:~# pcs resource
* Resource Group: NW_group:
* fs (ocf::heartbeat:Filesystem): Started
NWrhelNodeH.emclab.local
* ip (ocf::heartbeat:IPaddr): Started
NWrhelNodeH.emclab.local
* nws (ocf::EMC_NetWorker:Server): Started
NWrhelNodeH.emclab.local
Nsrlogin 尝试和 bootstrap 备份应成功。
Affected Products
NetWorkerProducts
NetWorker Family, NetWorker SeriesArticle Properties
Article Number: 000212755
Article Type: Solution
Last Modified: 12 Apr 2024
Version: 6
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.