NetWorker:升級後,叢集 Linux 伺服器上的引導備份失敗 「nsrauthcasm 死於訊號 13」
摘要: NetWorker 伺服器部署在叢集的 Linux NetWorker 伺服器上。升級 NetWorkerr 後,伺服器保護引導備份失敗。認證服務命令 (nsrlogin、authc_config、authc_mgmt) 也會失敗,傳回的錯誤為驗證服務無法使用,並出現 HTTP 錯誤 404 (找不到)。
本文章適用於
本文章不適用於
本文無關於任何特定產品。
本文未識別所有產品版本。
症狀
NetWorker 伺服器部署在 Red Hat Pacemaker 上 (pcs) 高可用性叢集。
執行 NetWorker 升級後,觀察到下列症狀。
NetWorker 服務啟動成功,所有叢集資源在其中一個叢集節點上顯示為「已啟動」:
root@NWrhelNodeG:~# pcs resource * Resource Group: NW_group: * fs (ocf::heartbeat:Filesystem): Started NWrhelNodeG.emclab.local * ip (ocf::heartbeat:IPaddr): Started NWrhelNodeG.emclab.local * nws (ocf::EMC_NetWorker:Server): Started NWrhelNodeG.emclab.local
nsrlogin 命令失敗,並顯示 HTTP 錯誤 404 (未找到):
[admin@NWrhelNodeG linux_x86_64]$ nsrlogin -u Administrator 130136:nsrlogin: Please enter password: HIDDEN_PASSWORD 117849:nsrlogin: Authentication library error: GET failed with HTTP-ERROR: 404 Server Message : Could not parse server-response from json string Server Message : Make sure that server is running
「伺服器保護」引導備份無法備份 authcdb:
圖 1:引導備份無法備份
authcdb
原因
升級期間對 AUTHC 所做的變更並未認可至叢集共用 authcdb。在升級程序期間,電腦的 NWS 資源會停用,或電腦叢集資源會完全停止。NWS 未執行時, /nsr 目錄以符號方式連結 (指向) 至 /nsr.NetWorker.local 而不是 /nsr_share。
/nsr.NetWorker.local 是物理節點 /nsr 目錄,且僅包含與用戶端相關的資料夾。A /nsr.NetWorker.local/authc 資料夾存在,但不包含任何 NetWorker 伺服器專屬的檔案 authcdb,位於 /nsr_share/nsr/authc。
NetWorker 升級後,AUTHC 預期為 AUTHC 檔案的「版本 B」,但看到升級前檔案的「版本 A」。
解析度
- 停止 NetWorker 服務:
pcs resource disable nws
- 在叢集內的每個節點上,重新命名
/opt/nsr/authc-server/conf/h2_db.properties:
mv /opt/nsr/authc-server/conf/h2_db.properties /opt/nsr/authc-server/conf/h2_db.properties.bak
- 在每個節點上,重新執行
/opt/nsr/authc-server/scripts/authc_configure.sh以重新配置 AUTHC。這不會刪除之前在 AUTHC 中完成的任何設置或配置。
在主動節點上,這看起來像:
root@NWrhelNodeH:~# /opt/nsr/authc-server/scripts/authc_configure.sh
Specify the directory where the Java Standard Edition Runtime Environment (JRE) software is installed [/opt/nre/java/latest]:
The installation process will install an Apache Tomcat instance. For optimum security, EMC NetWorker Authentication Service will use a non-root user (nsrtomcat) to start the Apache Tomcat instance. If your system has special user security requirements, ensure that proper operational permissions are granted to this non-root user (nsrtomcat).
Please refer to NetWorker Installation Guide.
WARNING: Port 9090 is already in use.
Do you wish to specify a different port number [y]? n
The Apache Tomcat will use "NWrhelNodeH.emclab.local" as the host name. The Apache Tomcat will use "9090" as the port number.
The NetWorker Authentication Service requires a keystore file to configure encryption and to provide SSL support.
EMC recommends that you specify a keystore password that has a minimum of six characters.
Do you want to use the existing keystore /nsr/authc/conf/authc.keystore [y]?
Specify password for the existing keystore:
The install will use the existing certificate "emcauthctomcat" for Apache Tomcat.
The install will use the existing certificate "emcauthcsaml" for Authentication Service.
Creating the installation log in /opt/nsr/authc-server/logs/install.log.
Performing initialization. Please wait...
The installation completed successfully.
在被動節點上,這看起來像是:
root@NWrhelNodeG:~# /opt/nsr/authc-server/scripts/authc_configure.sh
Specify the directory where the Java Standard Edition Runtime Environment (JRE) software is installed [/opt/nre/java/latest]:
The installation process will install an Apache Tomcat instance. For optimum security, EMC NetWorker Authentication Service will use a non-root user (nsrtomcat) to start the Apache Tomcat instance. If your system has special user security requirements, ensure that proper operational permissions are granted to this non-root user (nsrtomcat).
Please refer to NetWorker Installation Guide.
The Apache Tomcat will use "NWrhelNodeG.emclab.local" as the host name. The Apache Tomcat will use "9090" as the port number.
The NetWorker Authentication Service requires a keystore file to configure encryption and to provide SSL support.
EMC recommends that you specify a keystore password that has a minimum of six characters.
Do you want to use the existing keystore /nsr/authc/conf/authc.keystore [y]?
Specify password for the existing keystore:
The install will use the existing certificate "emcauthctomcat" for Apache Tomcat.
The install will use the existing certificate "emcauthcsaml" for Authentication Service.
The NetWorker Authentication Service defines automatically an administrator user account named administrator in the NetWorker Authentication Service local database. This account is specific to the administration of the NetWorker Authentication Service, and is not related to other administrator accounts on this system.
*******************************************************************************************
Password criteria: Minimum required characters - 9 and Maximum allowed characters - 126 Minimum [alphabetic - 2, Uppercase - 1, Lowercase - 1, Numeric - 1, Special character - 1]
********************************************************************************************
Specify an initial password for administrator:
Confirm the password:
Creating the installation log in /opt/nsr/authc-server/logs/install.log.
Performing initialization. Please wait...
The installation completed successfully.
注意:在被動節點上,系統會提示您為 NetWorker 系統管理員帳戶建立新密碼。這並不意味著現有密碼丟失。發生這種情況是因為
authcdb 叢集使用的 /nsr_share/nsr/authc 僅存在於主動節點上。當被動節點成為新的主動節點時,它將使用 authcdb。可使用 authc_configure.sh 指令檔會在每個節點上執行,以重新建立 /opt/nsr/authc-server/conf/h2_db.properties 這是每個節點的本地。
- 啟動 NWS 資源:
pcs resource enable nws
- 確認 NWS 資源已啟動:
pcs resource root@NWrhelNodeH:~# pcs resource * Resource Group: NW_group: * fs (ocf::heartbeat:Filesystem): Started NWrhelNodeH.emclab.local * ip (ocf::heartbeat:IPaddr): Started NWrhelNodeH.emclab.local * nws (ocf::EMC_NetWorker:Server): Started NWrhelNodeH.emclab.local
nsrlogin 嘗試和引導備份應會成功。
其他資訊
受影響的產品
NetWorker產品
NetWorker Family, NetWorker Series文章屬性
文章編號: 000212755
文章類型: Solution
上次修改時間: 12 3月 2026
版本: 7
向其他 Dell 使用者尋求您問題的答案
支援服務
檢查您的裝置是否在支援服務的涵蓋範圍內。