PowerProtect Data Manager 19.14 File System User Guide

Install the File System agent on RHEL distributions

For RHEL distributions (for Red Hat 8.0, 8.1, and 8.2), Security-Enhanced Linux (SELinux) is enabled by default. To support block-based backups, run this special installation procedure.

1. If you have not yet run the installation script, install.sh, run it now.
   Installation of the block-based backup driver fails.
2. Check that an error message similar to the following appears in /var/log/messages
   insmod: ERROR: could not insert module /lib/modules/4.18.0-80.el8.x86_64/extra/nsrbbb.ko: Permission denied.
3. To check the audit log, run: ausearch -c 'insmod'
   It returns a string similar to: type=AVC msg=audit(1624349147.478:628): avc: denied { module_load } for pid=80964 comm='insmod' path="/opt/dpsapps/fsagent/bin/nsrbbb-redhatenterprise-8.2-4.18.0-193.ko" dev="dm-0" ino=12098527 scontext=system_u:system_r:unconfined_service_t:s0 tcontext=unconfined_u:object_r:bin_t:s0 tclass=system permissive=0
   type=AVC indicates that the installation of the block-based backup driver is failing due to the SELinux policy.
4. To change the SELinux policy so that it will be able to allow access to the block-based backup driver, run: ausearch -c 'insmod' -–raw | audit2allow -M ppdm-fsagent
   It generates two files in the current directory: ppdm-fsagent.pp and ppdm-fsagent.te
5. To apply the SELinux policy changes, to enable access to the block-based backup driver, run: semodule -i ppdm-fsagent.pp
6. Run the installation script once again: install.sh
   Installation of the block-based backup driver should succeed, and the following .rpm or .deb files are installed as part of the script:

   • powerprotect-agentsvc.rpm or powerprotect-agentsvc.deb—Installs or updates the agent service component for the File System agent.
   • ppdm_bbbwt.rpm or ppdm-bbbwt.deb—Installs the block-based backups driver.
   • ppdm_fsagent.rpm or ppdm-fsagent.deb—Installs the File System agent related files and folders.
7. Type the PowerProtect Data Manager server FQDN or IP address. It is recommended to use the FQDN.
   NOTE:If another application agent is already installed on the client and registered to PowerProtect, ensure that you register the agent with the existing PowerProtect Data Manager server FQDN. When you register the agent with a PowerProtect Data Manager server that is different from the currently registered server, no warning message appears, and requests are routed to the newer server instance.
8. Type the preferred FQDN or IP address of the application host.
9. Type the port number from the supported port ranges 7000 to 7009 and 7012 to 7020. The specified port is used for communication between the File System agent and PowerProtect Data Manager.
   NOTE:If you do not specify a port number, the default port 7000 is used as the communication port. The ports 7010 and 7011 are used by the agent service message bus.
10. Type the answer to the prompt about whether to add the firewall rule for the specified port. If you answer yes, the /opt/dpsapps/agentsvc/configfw.sh script runs to set the firewall rule and enable the PowerProtect Data Manager communication port.