问题描述:
安装Netbackup 8.1.1 client的时候,有一步会让输入Master server的authorization token。 这一步不是必须的,有时候会出现,有时候不会出现。安装日志如下:
HOST01:/usr/openv/nbu/NetBackup_8.1.1_CLIENTS2 # ./install
Veritas Installation Script
Copyright (c) 2018 Veritas Technologies LLC. All rights reserved.
Installing NetBackup Client Software
Please review the VERITAS SOFTWARE LICENSE AGREEMENT located on
the installation media before proceeding. The agreement includes
details on the NetBackup Product Improvement Program.
For NetBackup installation and upgrade information specific to your
platform and to find out if your installed EEBs or hot fixes are
contained in this release, check the Installation and Upgrade checklists
and the Hot Fix and EEB Release Auditor, both available on the Veritas
Services and Operations Readiness Tools (SORT) page:
https://sort.veritas.com/netbackup.
Do you wish to continue? [y,n] (y) y
Checking for required system conditions...
ok unsupported_platform: Passed checks for unsupported platforms.
ok be_nb_same_host: inapplicable on linux: skipping
Checking for recommended system conditions...
ok hotfix_auditor: NetBackup is not installed or there is no hotfix or EEB data present. Skipping HF/EEB Auditor check.
not ok ephemeral_port_range: The ephemeral port range include ports used by NetBackup services.
The NetBackup Master Servers may not start up correctly if the system
is configured with an ephemeral port range that conflicts with
the ports that are used by NetBackup services. This test checks whether the
current ephemeral port range includes the ports used by NetBackup services.
See https://www.veritas.com/support/en_US/article.100040677.htm for
details.
WARNING: One or more non-critical preinstall checks have failed.
Do you want to install the NetBackup client software for this client? [y,n] (y) y
This package will install Linux/SuSE3.0.76 client.
This package will install NetBackup client 8.1.1.
Enter the name of the NetBackup master server : TESTNBU
Would you like to use "HOST01" as the configured
name of the NetBackup client? [y,n] (y) y
Successfully unpacked /usr/openv/nbu/NetBackup_8.1.1_CLIENTS2/NBClients/anb/Clients/usr/openv/netbackup/client/Linux/SuSE3.0.76/certcmdTool_for_UNIX.tar.gz.
Checking connectivity to the master server.
NOTE: Depending on the network, this action may take a few minutes.
To continue without setting up secure communication, press Ctrl+C.
Connectivity established.
Checking for local CA certificate
Local CA certificate is not found on host. Proceeding with installation.
Getting CA certificate details.
NOTE: Depending on the network, this action may take a few minutes.
To continue without setting up secure communication, press Ctrl+C.
CA Certificate received successfully from server TESTNBU.
Subject Name : /CN=nbatd/OU=root@TESTNBU/O=vx
Start Date : Mar 25 02:24:48 2015 GMT
Expiry Date : Mar 20 03:39:48 2035 GMT
SHA1 Fingerprint : 81:B2:4C:57:61:1E:6C:B2:03:F7:5E:09:DC:E8:B7:EB:98:10:5D:C8
CA Certificate State : Not Trusted
Master server [TESTNBU] reports CA Certificate fingerprint
[81:B2:4C:57:61:1E:6C:B2:03:F7:5E:09:DC:E8:B7:EB:98:10:5D:C8].
Is this correct? [y,n] y
Storing CA certificate.
NOTE: Depending on the network, this action may take a few minutes.
To continue without setting up secure communication, press Ctrl+C.
The validation of root certificate fingerprint is successful.
CA certificate stored successfully from server TESTNBU.
Getting host certificate for hostname HOST01.
NOTE: Depending on the network, this action may take a few minutes.
To continue without setting up secure communication, press Ctrl+C.
An authorization token is required in order to get the host certificate for this
host. At the prompt, enter the authorization token or q to skip the question.
NOTE: The answer entered will not be displayed to the terminal.
Enter the authorization token for TESTNBU or q to skip:
问题原因:
https://www.veritas.com/content/support/en_US/article.100039650
文章中解释了在安全等级较高的配置中,第一次获取证书需要token验证。 而本人这次的问题原因应该是之前有同主机名的机器上安装了client.
另外会引发该问题的一个场景是,没有提前在master server的/etc/hosts里添加client对应的条目
解决方法:
在Security Management --> Certificate Management ->Token Management 里找到一个Valid Token,查看Token Value。 如果没有Valid Token,可以新建一个。