NetWorker:升级后群集 Linux 服务器上的引导程序备份失败 “nsrauthcasm 死亡,并显示信号 13”
摘要: NetWorker 服务器部署在群集 Linux NetWorker 服务器上。升级 NetWorker 后,Server Protection 引导程序备份失败。身份验证服务命令(nsrlogin、authc_config、authc_mgmt)也失败,返回的错误是身份验证服务不可用,HTTP 错误 404(未找到)。
本文适用于
本文不适用于
本文并非针对某种特定的产品。
本文并非包含所有产品版本。
症状
NetWorker 服务器部署在 Red Hat Pacemaker (pcs) 高可用性群集。
执行 NetWorker 升级后,观察到以下症状。
NetWorker 服务启动成功,所有群集资源在其中一个群集节点上显示为“已启动”:
root@NWrhelNodeG:~# pcs resource * Resource Group: NW_group: * fs (ocf::heartbeat:Filesystem): Started NWrhelNodeG.emclab.local * ip (ocf::heartbeat:IPaddr): Started NWrhelNodeG.emclab.local * nws (ocf::EMC_NetWorker:Server): Started NWrhelNodeG.emclab.local
nsrlogin 命令失败,并显示 HTTP 错误 404(未找到):
[admin@NWrhelNodeG linux_x86_64]$ nsrlogin -u Administrator 130136:nsrlogin: Please enter password: HIDDEN_PASSWORD 117849:nsrlogin: Authentication library error: GET failed with HTTP-ERROR: 404 Server Message : Could not parse server-response from json string Server Message : Make sure that server is running
“服务器保护”引导数据库备份无法备份 authcdb管理此进程:
图 1:引导数据库备份无法备份
authcdb
原因
升级期间对 AUTHC 的更改未提交到群集共享 authcdb。在升级过程中,将禁用 pcs NWS 资源或完全停止 PCS 群集资源。当 NWS 未运行时,会 /nsr 目录以符号方式链接(指向) /nsr.NetWorker.local 而不是 /nsr_share。
/nsr.NetWorker.local 是物理节点 /nsr 目录中,并且仅包含与客户端相关的文件夹。A /nsr.NetWorker.local/authc 文件夹存在,但它不包含特定于 NetWorker 服务器的任何文件 authcdb,它位于 /nsr_share/nsr/authc。
NetWorker 升级后,AUTHC 预期 AUTHC 文件的“版本 B”,但看到的是升级之前的“版本 A”文件。
解决方案
- 停止 Networker 服务:
pcs resource disable nws
- 在群集中的每个节点上,重命名
/opt/nsr/authc-server/conf/h2_db.properties管理此进程:
mv /opt/nsr/authc-server/conf/h2_db.properties /opt/nsr/authc-server/conf/h2_db.properties.bak
- 在每个节点上,重新运行
/opt/nsr/authc-server/scripts/authc_configure.sh以重新配置 AUTHC。这不会删除以前在 AUTHC 中完成的任何设置或配置。
在活动节点上,如下所示:
root@NWrhelNodeH:~# /opt/nsr/authc-server/scripts/authc_configure.sh
Specify the directory where the Java Standard Edition Runtime Environment (JRE) software is installed [/opt/nre/java/latest]:
The installation process will install an Apache Tomcat instance. For optimum security, EMC NetWorker Authentication Service will use a non-root user (nsrtomcat) to start the Apache Tomcat instance. If your system has special user security requirements, ensure that proper operational permissions are granted to this non-root user (nsrtomcat).
Please refer to NetWorker Installation Guide.
WARNING: Port 9090 is already in use.
Do you wish to specify a different port number [y]? n
The Apache Tomcat will use "NWrhelNodeH.emclab.local" as the host name. The Apache Tomcat will use "9090" as the port number.
The NetWorker Authentication Service requires a keystore file to configure encryption and to provide SSL support.
EMC recommends that you specify a keystore password that has a minimum of six characters.
Do you want to use the existing keystore /nsr/authc/conf/authc.keystore [y]?
Specify password for the existing keystore:
The install will use the existing certificate "emcauthctomcat" for Apache Tomcat.
The install will use the existing certificate "emcauthcsaml" for Authentication Service.
Creating the installation log in /opt/nsr/authc-server/logs/install.log.
Performing initialization. Please wait...
The installation completed successfully.
在被动节点上,如下所示:
root@NWrhelNodeG:~# /opt/nsr/authc-server/scripts/authc_configure.sh
Specify the directory where the Java Standard Edition Runtime Environment (JRE) software is installed [/opt/nre/java/latest]:
The installation process will install an Apache Tomcat instance. For optimum security, EMC NetWorker Authentication Service will use a non-root user (nsrtomcat) to start the Apache Tomcat instance. If your system has special user security requirements, ensure that proper operational permissions are granted to this non-root user (nsrtomcat).
Please refer to NetWorker Installation Guide.
The Apache Tomcat will use "NWrhelNodeG.emclab.local" as the host name. The Apache Tomcat will use "9090" as the port number.
The NetWorker Authentication Service requires a keystore file to configure encryption and to provide SSL support.
EMC recommends that you specify a keystore password that has a minimum of six characters.
Do you want to use the existing keystore /nsr/authc/conf/authc.keystore [y]?
Specify password for the existing keystore:
The install will use the existing certificate "emcauthctomcat" for Apache Tomcat.
The install will use the existing certificate "emcauthcsaml" for Authentication Service.
The NetWorker Authentication Service defines automatically an administrator user account named administrator in the NetWorker Authentication Service local database. This account is specific to the administration of the NetWorker Authentication Service, and is not related to other administrator accounts on this system.
*******************************************************************************************
Password criteria: Minimum required characters - 9 and Maximum allowed characters - 126 Minimum [alphabetic - 2, Uppercase - 1, Lowercase - 1, Numeric - 1, Special character - 1]
********************************************************************************************
Specify an initial password for administrator:
Confirm the password:
Creating the installation log in /opt/nsr/authc-server/logs/install.log.
Performing initialization. Please wait...
The installation completed successfully.
提醒:在被动节点上,系统将提示您为 NetWorker 管理员帐户创建新密码。这并不意味着现有密码会丢失。发生这种情况是因为
authcdb 群集使用的 /nsr_share/nsr/authc 它仅存在于活动节点上。当被动节点成为新的主动节点时,它使用共享的 authcdb。而 authc_configure.sh 在每个节点上运行脚本以重新创建 /opt/nsr/authc-server/conf/h2_db.properties 它对于每个节点都是本地的。
- 启动 NWS 资源:
pcs resource enable nws
- 确认 NWS 资源已启动:
pcs resource root@NWrhelNodeH:~# pcs resource * Resource Group: NW_group: * fs (ocf::heartbeat:Filesystem): Started NWrhelNodeH.emclab.local * ip (ocf::heartbeat:IPaddr): Started NWrhelNodeH.emclab.local * nws (ocf::EMC_NetWorker:Server): Started NWrhelNodeH.emclab.local
nsrlogin 尝试和引导备份应成功。
其他信息
受影响的产品
NetWorker产品
NetWorker Family, NetWorker Series文章属性
文章编号: 000212755
文章类型: Solution
上次修改时间: 12 3月 2026
版本: 7
从其他戴尔用户那里查找问题的答案
支持服务
检查您的设备是否在支持服务涵盖的范围内。