Skip to content

Latest commit

 

History

History
457 lines (426 loc) · 35.9 KB

README.md

File metadata and controls

457 lines (426 loc) · 35.9 KB

NetBackup Automation Platform

Description

Veritas NetBackup is the most powerful and widely adopted data protection solution in the world. NetBackup streamlines data protection management, protects your enterprise from the unforeseen, ensures business-critical resilience and delivers customer choice with a single platform supporting any workload, cloud and architecture at any scale. The project contains Ansible roles and playbooks for automating the deployment and configuration of NetBackup. The roles and the playbooks are provided in order to demonstrate the automated NetBackup tasks and leverage NetBackup APIs in an automation workflow.

NOTE:- These playbooks support below NetBackup Client/Media versions.

  • 10.5.0.0
  • 10.4.0.1
  • 10.4.0.0
  • 10.3.0.1
  • 10.3.0.0
  • 10.2.0.1
  • 10.1.1.0
  • 10.1.0.0
  • 10.0.0.1
  • 10.0.0.0

Project Contents

This project contains Ansible playbooks, roles, vars for automating various deployment tasks for NetBackup Media & Client. We support below functionalities with our ansible playbooks:

  • Fresh installation of NB Client on Windows/SuSE/RHEL.

  • Fresh installation of NetBackup Media on SuSE/RHEL.

  • Upgrade NetBackup [to and from NB version 10.x].

  • Independent certificate deployment, could be used when :-

    • Certificate deployment wasn't done at the first time with installation
    • Addition of new primary server
  • Removal of NetBackup Client & Media.

  • EEB Management with deployment of Client/Media. It does create EEB marker at the standard RPM (Linux) and MSI (Windows) database for easy detection.

    • One or more EEBs could be installed together
    • Upgrade EEBs
    • Adjust subsequent overlapping EEBs
    • Removal of EEBs
  • Staging NetBackup Packages Locally

    • If required, this playbook could be used to cache NB pkgs locally on the target host. Later it would get used for offline installation

Playbooks

All the playbooks are designed keeping the salient features of ansible into consideration.
  • Idempotent in nature
  • Logging with each tasks
  • Co-located ansible.cfg for more control
  • Easy to plug-in new custom roles

# NetBackup Product Operating System Playbook Name Description
01 Client 1.Linux(Rhel/SuSE)
2. Windows
playbook_install_client_linux.yml This playbook goes through sequence of tasks defined within each role to perform fresh install or upgrade to the proposed version on the target host machine. The NetBackup Client is installed based on the successful execution of each role described in Roles section.
High level workflow and capabilities -
  - Platform compatibility :-
   1. Checks ansible distribution os family and version.
   2. Checks native dependent packages and installs them if found missing.
   3. Creates required soft-link on linux of native dependent libraries if required.
  - Runs a defensive check and exits if the given target host is a NetBackup Primary/Media server.
  - Validates if the target host is at the desired state to either perform installation/upgrade.
  - If matches the desired state, performs installation/upgrade.
  - If FTO [nbu_cert_management] is set to true, deploy certificates based on primary server CA usage.
  - At different stages, we perform connectivity validation with given Primary server.
  - If any, NetBackup Client EEB list is provided, installs them and creates individual marker entry for each EEB.
02 playbook_upgrade_client_linux.yml
03 playbook_install_client_windows.yml
04 playbook_upgrade_client_windows.yml
05 playbook_remove_client_linux.yml This playbook goes through sequence of tasks defined within each role to remove specified NetBackup Client version from the target host.
High level workflow and capabilities -
  - Runs a defensive check and exits if the given target host is a NetBackup Primary/Media server.
  - Perform version check and proceed only if specified version is found installed.
  - Removes NetBackup Client footprint on the target host.
  - If any, NetBackup Client EEB Marker is found, removes it.
06 playbook_remove_client_windows.yml
07 Media Linux(Rhel/SuSE) playbook_install_media_linux.yml This playbook goes through sequence of tasks defined within each role to perform fresh install or upgrade to the proposed version on the target host machine. The NetBackup Media is installed based on the successful execution of each role described in Roles section.
High level workflow and capabilities -
  - Platform compatibility :-
   1. Checks ansible distribution os family and version.
   2. Checks native dependent packages and installs them if found missing.
   3. Creates required soft-link on linux of native dependent libraries if required.
   4. Perform space check for remote host machine. If remote machine doesn't have sufficient for install/upgrade. it exists with proper custom error message.
  - Runs a defensive check and exits if the given target host is a NetBackup Primary/Client server.
  - Runs a defensive check and exits if the proposed netbackup media version is not supported.
  - Validates if the target host is at the desired state to either perform installation/upgrade.
  - If matches the desired state, performs installation/upgrade.
  - If FTO [nbu_cert_management] is set to true, deploy certificates based on primary server CA usage.
  - At different stages, we perform connectivity validation with given Primary server.
  - If any, NetBackup Media EEB list is provided, installs them and creates individual RPM marker entry for each EEB.
08 playbook_upgrade_media_linux.yml
09 playbook_remove_media_linux.yml This playbook goes through sequence of tasks defined within each role to remove specified NetBackup Media version from the target host.
High level workflow and capabilities -
  - Runs a defensive check and exits if the given target host is a NetBackup Primary/Client server.
  - Perform version check and proceed only if specified version is found installed.
  - Removes NetBackup Media footprint on the target host.
  - If any, NetBackup Media EEB RPM Marker is found, removes it.
10 Common 1.Linux(Rhel/SuSE)
2.Windows
playbook_certificate_deployment_linux.yml This playbook handles security configuration to establish connection between NetBackup primary server and respective Clients/Media. This playbook could be used when there is a need to add new primary server onto client/media.
High level workflow and capabilities -
  - Runs a defensive check and exits if the given target host is a NetBackup Primary.
  - Perform version check and proceed only if specified version is found installed.
  - If FTO [nbu_cert_management] is set to true, use the security specifications (NBCA/ECA) provided as part of vars given below:
   [nbu_eca_certdetails]- To configure a host to use an external signed certificate.
   [nbu_primary_certdetails]- To configure a host to use NetBackup CA signed certificate.
11 playbook_certificate_deployment_windows.yml
12 playbook_stage_packages_locally_redhat.yml This playbook goes through sequence of tasks defined within each role to download NetBackup rpm or DVD packages locally.
High level workflow and capabilities -
  - Validate if the proposed netbackup version is supported.
  - For Linux, downloads the package to local YUM repo cache.
  - For Windows, downloads the package to local temp.
  
13 playbook_stage_packages_locally_windows.yml

Roles

These roles are the integral part of different playbooks and gets called based on the required workflow. Modification or sequencing is not required for the above supported use cases.

Expand to find more details about roles
# Role Name (generic) Role Description(Immutable operations to perform validation or system checks)
01 generic/initiate_nbcheck Run NBCheck before install/upgrade of client/media. This role will get called only if FTO include_nbu_nbcheck is set to true
02 generic/is_nbu_version_supported Validates that the given proposed version (nbu_version) is supported or not.
03 generic/nbu_compatibility Perform preventive check to validate NetBackup installed or not. Check the installed version of NetBackup is compatible with the NetBackup Primary server version
04 generic/nbu_space_check Validate that remote machine has sufficient space for install/upgrade of Client/Media
05 generic/nbu_verification validate the certificate-specific configurations
06 generic/os_compatibility Verify the OS compatibility for all the supported NetBackup versions. It also installs system dependent packages, if missing.
# Role Name (helper) Role Description (It contains helper functions which required for generic and netbackup roles ...)
01 helper/nbu_role_status "Performs preventive check to validate whether the target host machine is not a Primary or Media server"
02 helper/nbu_version_installed Reads the installed NetBackup version
# Role Name (netbackup) Role Description (Performs system level changes which includes installation, uninstallation, removal, etc ...)
01 netbackup/common/nbu-get-certificate This role initially checks Certificate mode of Primary Server, depending on that what mode we receive from primary(NBCA/ECA) performs certificate deployment of Client/Media installation.
02 netbackup/common/stage-package-locally Staging playbook to download netbackup packages into local cache and use it during install-time.
03 netbackup/linux
netbackup/win32nt
Contains static playbook specifications required for different workflows
04 netbackup/linux/nbu-client-install
netbackup/linux/nbu-media-install
netbackup/win32nt/nbu-client-install
NetBackup Client/Media is installed/upgraded based on the below conditions :-
New Install:
- No NetBackup Client/Media is installed
- Proposed NetBackup Client/Media is installed
Upgrade:
- Older version of NetBackup Client/Media is installed
- Proposed NetBackup Client/Media is installed
05 netbackup/linux/nbu-install-eeb
netbackup/win32nt/nbu-install-eeb
Installs the list of EEBs provided as part of initial configuration and creates a marker if FTO include_eeb_rpm_marker is set to true
06 netbackup/linux/nbu-remove
netbackup/win32nt/nbu-remove
Removes NetBackup Client/Media only if proposed version is found installed
07 netbackup/linux/nbu-stop-services This role deals with nbu service moves NetBackup Client/Media only if proposed version is found installed
08 netbackup/linux/symlink-operations This role deals with validation and creation of symlink on linux.

Variables

This <playbook_dir>/vars/linux.yml and <playbook_dir>/vars/win32nt.yml is user-centric var file and has to be refurbished based on your environment. It contains all the inputs required globally. For all different types of vars, refer below.

Mandatory

# Input Variable (* - mandatory) Description Variable Type
01 *nbu_version Desired NetBackup Client/Media Version to use in the format [x.x.x.x]
RequiredYes
Formatx.x.x.x
string
02 *nbu_artifactory_repo_base_url Contains the base url to NetBackup yum repository
RequiredYes
DefaultN/A
url
03 *nbu_path_repo_base_pkg Contains path appended to base url for NetBackup yum repository
RequiredYes
DefaultN/A
url
04 nbu_path_repo_client_eeb_pkg Contains relative path of EEB installer file
RequiredOptional
DefaultN/A
url
05 *nbu_primary_server_ans You must specify the Primary Server hostname in case it's not determined, we can continue with dummy server name as given below
RequiredYes
DefaultPRIMARY01
string

Configurable Options

# Input Variable Description Variable Type
01 nbu_primary_certdetails
 This var is mutually inclusive to
FTO : nbu_cert_management
If the primary server is using only NBCA, target host is configured using NBCA. In this case hostname, nbu_server_fingerPrint and nbu_server_authorization_token values are required. You need to provide configuration options for NetBackup CA-signed certificates in below JSON format.
- hostname:'PRIMARY01'
  nbu_server_fingerPrint:'[Primary SHA-1 fingerprint]'
  nbu_server_authorization_token:'[Token Value for Primary]'
JSON
02 nbu_eca_certdetails[Linux]
 This var is mutually inclusive to
FTO : nbu_cert_management
If the primary server is configured to use external certificate authority (ECA) or mixed mode (NBCA & ECA), target host would have to be configured with ECA.
In this case, provide input to below fields.
*nbu_eca_cert_path:''
*nbu_eca_private_key_path:''
*nbu_eca_trust_store_path:''
nbu_eca_key_passphrasefile:'[ If the private key of the external certificate is encrypted,nbu_eca_key_passphrasefile is required ]'
eca_crl:
  nbu_eca_crl_check_level:'[ Valid options are 'USE_CDP', 'USE_PATH', 'DISABLED' ]'
  nbu_eca_crl_path:'[ Required only when nbu_eca_crl_check_level = USE_PATH ]'
JSON
02 nbu_eca_certdetails[Windows]
 This var is mutually inclusive to
FTO : nbu_cert_management
Similarly on Windows when the primary server is configured to use external certificate authority (ECA) or mixed mode (NBCA & ECA), target host would have to be configured with ECA. Here we support both file based certificates and Windows Certificate Store.
In both cases, provide input to relevant fields as per certificate store type.
cert_store_type:'[ Options are ['windows_cert_store', 'windows_file_based']]'
windows_cert_store:
  *nbu_eca_cert_location:''
windows_file_based:
  *nbu_eca_cert_path:''
  *nbu_eca_private_key_path:''
  *nbu_eca_trust_store_path:''
  nbu_eca_key_passphrasefile:'[ If the private key of the external certificate is encrypted,nbu_eca_key_passphrasefile is required ]'
eca_crl:
  nbu_eca_crl_check_level:'[ Valid options are 'USE_CDP', 'USE_PATH', 'DISABLED' ]'
  nbu_eca_crl_path:'[ Required only when nbu_eca_crl_check_level = USE_PATH ]'
JSON
03 nbu_eeb_ordered You can specify list of EEBs to be installed as per Client/Media and NetBackup version
client:
[NB Version]:
  - eeb-installer-name
media:
[NB Version]:
  - eeb-installer-name
Examples based on different use cases :-
1. For upgrading EEB from old version to new version. We need to first uninstall old EEB with -uninstall flag and then install new EEB.
  Eg. In order to upgrade EEB_XXXXX_1 to EEB_XXXXX_15, we would have to specify both the EEBs in the ordered list as follows:
client:
  10.1.1.0:
   - "EEB_XXXXX_1 -uninstall"
   - "EEB_XXXXX_15"
2. In case of overlapping EEBs, If we have EEB_xxxxx_x which is bundled EEB of
['EEB_X1', 'EEB_X2', 'EEB_X3']
If user wants to install EEB_XXXX2_12 which overlaps above EEB_X2. It means EEB_XXXX2_12 can't be installed unless overlapping EEB_X2 is removed. So to install EEB_XXXX2_12, first we need to uninstall overlapped EEB_X2 with -uninstall flag and then install EEB_XXXX2_12 as shown below:
client:
  10.1.1.0:
   - "EEB_XXXXX_x"
   - "EEB_X2 -uninstall"
   - "EEB_XXXX2_12"
3.In order to uninstall certain EEB's which was already installed. We can uninstall EEB's with -uninstall flag as shown below.
Eg.
client:
  10.1.1.0:
   - "eebinstaller_XXXX1_X -uninstall"
   - "eebinstaller_XXXX2_X -uninstall"
4.At times, certain EEBs need to be executed with special arguments like -create. You just need to specify the arguments along with EEB name in the ordered list.
Eg.
client:
  10.1.1.0:
   - "eebinstaller_XXXX1_X -create"
   - "eebinstaller_XXXX2_X"
JSON
04 os_path_nbu_install Typically NetBackup Client/Media installs on /usr/openv for Linux and C:\Program Files\Veritas for Windows.
Update { os_path_nbu_install } in case you want to install on a custom path. We recommend that given path ends with openv on Linux and Veritas on windows, as it gets removed at the time of uninstall. This will make sure that we remove only the NetBackup installed directories.
Linux:
Default/usr/openv
Windows:
DefaultC:\Program Files\Veritas
string
05 nbu_directory_list_to_be_removed List of directories which would get removed upon uninstalling NetBackup Client/Media list
06 os_rhel_system_packages You can add your own OS dependent packages in the list of packages given as per OS versions JSON
07 os_rhel_system_packages_symlink You can add your own OS symlinks in the list of symbolic links given as per OS versions JSON
08 nbu_license_key_ans In case of media install/upgrade. You must specify NBU license key for nbu_version == 10.0.0.1 and nbu_version == 10.0.0.0
Default""
string

Feature Toggle Options (FTO)

# Input Variable Description Variable Type
01 include_eeb_rpm_marker FTO to decide whether you want the feature of EEB marker creation. If set to true, EEB marker is created along with EEB installation
RequiredOptional
Defaultfalse
bool
02 nb_include_java_jre_install FTO to decide whether to install JAVA/JRE RPM packages
RequiredOptional
Defaultfalse
bool
03 nbu_cert_management[NBCA/ECA] FTO to get the certificate of the Certificate Authority (CA) and fetches the host ID-based security certificate from the specified Primary Server. If set to true and primary server is configured to use only NBCA make sure to provide authorization details variable [nbu_primary_certdetails]
RequiredOptional
Defaultfalse
FTO to get the certificate issued by a CA other than the NetBackup CA and referred to as external CA-signed certificates. Starting 8.2, NetBackup CA-signed host ID-based certificates can be replaced by external CA-signed certificates. If set to true, make sure to provide authorization details variable [nbu_eca_certdetails]
RequiredOptional
Defaultfalse
bool
04 do_perform_nbcheck_preinstall FTO to decide whether to run NBCheck before starting install/upgrade
RequiredOptional
Defaultfalse
bool
05 install_pkgs_from_local_cache FTO to decide whether to download rpm packages or not. If set to true, packages are cached locally independently or by using staging playbook to avoid downloading the packages at install-time.
RequiredOptional
Defaultfalse
bool
06 ignore_primary_connectivity_failures FTO to decide whether to ignore connectivity validation and continue execution. If set to true, It ignores connectivity validation with primary and continue execution.
RequiredOptional
Defaultfalse
bool
07 skip_primary_version_compatibility_check FTO to Skip Primary server version compatibility check. If set to true, It skip Primary server version compatibility check.
RequiredOptional
Defaultfalse
bool
08 should_force_process_termination FTO to terminate the processes forcefully. If set to true, After 3 attempts of graceful shutdown, forcefully terminate the running processes.
RequiredOptional
Defaultfalse
bool

Getting started with NetBackup Ansible playbooks

Requirements/Pre-requisites

  1. We support ansible-core 2.11 onwards.
  2. Ansible Automaton Platform is configured and ready to use.
  3. Establish a non-interactive connection to all managed nodes/target hosts.
  4. Configure an artifact repository manager and upload all the NetBackup RPMs with respective repodata along with it. The repository type could be selected as yum repository.
    All respective NetBackup Client RPMs can be found in <NB_Package_DIR>/NetBackup_<NB_VERSION>_CLIENTS2/NBClients/anb/Clients/usr/openv/netbackup/client/Linux/RedHat3.10.0
    and All respective NetBackup Media RPMs can be found in <NB_Package_DIR>/NetBackup_<NB_VERSION>_LinuxR_x86_64\linuxR_x86\anb
    All respective NetBackup client windows DVD packages can be found in <NB_Package_DIR>/NetBackup_<NB_VERSION>_Win\
  5. These playbooks assumes that the ansible inventory is pre-populated.

Usage

Once all the pre-requisites are met, below steps could be used to run playbooks.

Using ansible CLI

  • There are few dependent ansible collections requried, which could be installed running below command from playbook directory.
    [user@host ~]$ ansible-galaxy install -r <playbook_dir>/roles/requirements.yml
  • The playbook execution would not succeed out-of-the-box as it depends upon certain mandatory variables.
  • We have put-up a template containing these mandatory variables (<playbook_dir>/vars/linux.yml or <playbook_dir>/vars/win32nt.yml). Do make sure that you go through the variables section and update vars according to your environment's guidelines.
    • Update <playbook_dir>/vars/linux.yml for linux and <playbook_dir>/vars/win32nt.yml for windows directly and save it. This vars file is already included in all the playbooks. So, once it is modified, values will get picked up automatically.
    • Optionally, as supported by ansible CLI option, you could specify specific variables using --extra-vars argument as well.
  • Finally, execute ansible-playbook CLI from the playbook's directory. For e.g.
    • If vars/linux.yml file has been modified locally
      [user@host ~]$ ansible-playbook playbook_install_client_redhat.yml -l linux -vv
    • If vars/win32nt.yml file has been modified locally
      [user@host ~]$ ansible-playbook playbook_install_client_windows.yml -l win -vv
    • If you would like to use --extra-vars CLI option
      For Linux:
      [user@host ~]$ ansible-playbook playbook_install_client_redhat.yml -l linux -vv --extra-vars="nbu_version=10.3.0.0 os_path_nbu_install=/usr/openv"
      For Windows:
      [user@host ~]$ ansible-playbook playbook_install_client_windows.yml -l win -vv --extra-vars="nbu_version=10.3.0.0 os_path_nbu_install=C:\Program Files\Veritas"

From within the Ansible Automation Platform

- At the time of this documentation, AWX is considered as the web-interface to manage the ansible automation platform.

  • Considering that the AWX is installed and initial configuration is done as follows.
    • Inventories have been configured and all the target hosts have been added with required credentials
    • Project is created and sync using one of the supported Source Control Type
  • Templates: -
    • AWX templates, also referred to as Ansible Tower Job Templates, are reusable blueprints for automating tasks within the AWX/Ansible Tower platform.
    • Create the template and specify the project, inventory to use and playbook to run.
    • If the <playbook_dir>/vars/linux.yml or <playbook_dir>/vars/win32nt.yml is modified locally to suit your environment, Variables filed can be left empty.
    • If not, you could copy the entire content from <playbook_dir>/vars/linux.yml or <playbook_dir>/vars/win32nt.yml and paste in the Variables section in YAML format. Update the values to suit your environment.
  • Go ahead and launch the required template to start the playbook execution associated with it.

License

Disclaimer

The information contained in this publication is subject to change without notice. Veritas Corporation makes no warranty of any kind with regard to this manual, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose. Veritas Corporation shall not be liable for errors contained herein or for incidental or consequential damages in connection with the furnishing, performance, or use of this manual. The software described in this book is furnished under a license agreement and may be used only in accordance with the terms of the agreement.

Legal Notice

Last updated: 2024-03-27 Copyright © 2024 Veritas Technologies LLC. All rights reserved. Veritas, the Veritas Logo, Veritas Alta, and NetBackup are trademarks or registered trademarks of Veritas Technologies LLC or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. This product may contain third-party software for which Veritas is required to provide attribution to the third party (“Third-party Programs”). Some of the Third-party Programs are available under open source or free software licenses. The License Agreement accompanying the Software does not alter any rights or obligations you may have under those open source or free software licenses. Refer to the Third-party Legal Notices document accompanying this Veritas product or available at: https://www.veritas.com/about/legal/license-agreements The product described in this document is distributed under licenses restricting its use, copying, distribution, and decompilation/reverse engineering. No part of this document may be reproduced in any form by any means without prior written authorization of Veritas Technologies LLC and its licensors, if any. THE DOCUMENTATION IS PROVIDED "AS IS" AND ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BE LEGALLY INVALID. Veritas Technologies LLC SHALL NOT BE LIABLE FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES IN CONNECTION WITH THE FURNISHING, PERFORMANCE, OR USE OF THIS DOCUMENTATION. THE INFORMATION CONTAINED IN THIS DOCUMENTATION IS SUBJECT TO CHANGE WITHOUT NOTICE. The Licensed Software and Documentation are deemed to be commercial computer software as defined in FAR 12.212 and subject to restricted rights as defined in FAR Section 52.227-19 "Commercial Computer Software - Restricted Rights" and DFARS 227.7202, et seq. "Commercial Computer Software and Commercial Computer Software Documentation," as applicable, and any successor regulations, whether delivered by Veritas as on premises or hosted services. Any use, modification, reproduction release, performance, display or disclosure of the Licensed Software and Documentation by the U.S. Government shall be solely in accordance with the terms of this Agreement.

Veritas Technologies LLC 2625 Augustine Drive Santa Clara, CA 95054

Third-Party Legal Notices

Veritas offerings may include third-party materials that are subject to a separate license. Those materials are specified in a Third-party Notices document which may either be posted below on this site and/or included in the ReadMe file or Documentation for the applicable offering.