Veritas NetBackup™ Flex Scale Installation and Configuration Guide

Last Published:
Product(s): Appliances (3.1)
Platform: NetBackup Flex Scale OS
  1. Preparing for NetBackup Flex Scale deployment
    1.  
      Deployment overview
    2.  
      Deployment options
  2. Configuring NetBackup Flex Scale
    1.  
      Assigning a public IP address to network adapter eth1 of a node
    2.  
      NetBackup Flex Scale configuration methods
    3.  
      Configuring NetBackup Flex Scale using the setup wizard
    4. Configuring NetBackup Flex Scale using a configuration file
      1.  
        YML configuration file for NetBackup primary and media server deployment
      2.  
        YML configuration file for media server only deployment
  3. NetBackup Flex Scale upgrades and patch management
    1.  
      About NetBackup Flex Scale upgrades and EEBs
    2.  
      About rolling upgrade
    3.  
      About parallel upgrade and supported upgrade paths
    4. About the pre-upgrade check
      1.  
        Error messages displayed during the pre-upgrade check
    5. Upgrading NetBackup Flex Scale
      1. Performing pre-upgrade tasks
        1.  
          Considerations for upgrade when disaster recovery is configured
      2.  
        Performing an upgrade using GUI
      3.  
        Post upgrade tasks
      4.  
        Performing an upgrade using REST APIs
    6.  
      Installing EEBs using GUI
    7.  
      Installing EEBs using REST APIs
    8.  
      Updating the firmware in NetBackup Flex Scale clusters
  4. Removing NetBackup Flex Scale
    1. About disk erasure
      1.  
        Configuring data erasure
      2.  
        Viewing the data erasure status
      3.  
        Aborting data erasure
    2.  
      About NetBackup Flex Scale node factory reset
    3.  
      Performing a factory reset on a node
  5. Appendix A. Installing NetBackup Flex Scale using a downloaded ISO file
    1.  
      About NetBackup Flex Scale software installation
    2.  
      Enabling remote IPMI connections
    3.  
      Setting up the RAID configuration on the nodes
    4.  
      Configuring the BIOS settings on the nodes
    5.  
      Downloading the product installer ISO
    6.  
      Mounting the ISO file on the nodes
    7.  
      Installing NetBackup Flex Scale using the ISO
    8.  
      Installing hardware vendor packages
    9.  
      Installing Emergency Engineering Binaries (EEBs)

YML configuration file for media server only deployment

The YML-based configuration file contains the NetBackup Flex Scale cluster configuration settings as name-value pairs. Use the YML configuration file to import a pre-created configuration. When you import the configuration file, the configuration settings that you specify in the YML file are displayed in the corresponding parameters in the setup wizard.

The configuration file contains the following sections:

  • cluster_setting

  • common_network_setting

  • nodes_setting

  • external_primary_server_setting

The following table describes the parameters in the YML configuration file:

cluster_setting

Settings that are common to the cluster, such as the cluster name, NetBackup primary server settings, NTP settings, user details, and AutoSupport configuration details.

Under the additional_fqdn_entries section specify the following details:

Table:

Parameter

Description

ip_address

IPv4 or IPv6 addresses that must be added to the /etc/hosts file so that the IP addresses are resolved.

name

Domain name

Under the autosupport_setting section specify the following details:

Table:

Parameter

Description

call_home

enable_call_home

Specify whether you want to enable Call Home. If you enable Call Home, you can upload the appliance health information to the Veritas AutoSupport server.

Set to true to enable Call Home. Set to false to disable Call home.

enable_proxy_server

Specify if the appliance connects to the AutoSupport server through a proxy server.

Set to true to enable proxy server. Set to false if a proxy server is not used.

enable_proxy_tunel

Specify if the proxy server supports SSL tunneling.

Set to true to enable secure communication. Set to false if the proxy server does not support secure communication.

password

Password to authenticate the user name that is used to log in to the proxy server.

port

Port number to use for communicating with the proxy server.

server

Name of the proxy server.(Required if you enable the proxy server) .

username

User account to use for authenticating communication requests to the proxy server.

smtp

account

User name to access the SMTP account.

emailServer

FQDN or the IP address of the SMTP server.

encryption_enabled

Specify whether to use a secure connection and to encrypt communication with the SMTP server.

hardware

Email address of the admin users who will be the recipients of hardware-related email alerts.

notificationInterval

Notification interval, in minutes, for email-based alerts. Enter a value in multiples of 15 minutes.

password

Password for the user name if authentication is required to access the SMTP account.

senderEmail

Source email address that is used to send email alerts.

serverPort

Port number to use for communicating with the SMTP server. The default port is 25.

software

Email address of the admin users who will be the recipients of software-related email alerts.

snmp

server

FQDN or the IP address (IPv4orIPv6) of the SNMP server in your network

Alert notifications that are generated by the appliance are sent to this server.

port

Port number of the SNMP server.

community

Community to which the alerts are sent.

enable_snmp

Specify whether you want to enable the SNMP service to remotely monitor the cluster nodes using the SNMP protocol.

Set to true to enable the SNMP service. Set to false if you do not want to configure the SNMP service.

Table:

Parameter

Description

console_ip_ipv4

Public IPv4 address for the NetBackup Flex Scale infrastructure management UI. The type of IP address, whether IPv4 or IPv6 depends on the IP addressing you specified for the management network's routing settings.

console_ip_ipv6

Public IPv6 address for the NetBackup Flex Scale infrastructure management UI. The type of IP address, whether IPv4 or IPv6 depends on the IP addressing you specified for the management network's routing settings.

storage_licenses

Storage license.

You can specify multiple storage licenses during the initial configuration.

name

Cluster name.

  • The cluster name can contain a-z, 0-9, - characters.

  • The cluster name must start with a lowercase letter.

  • The cluster name must not contain uppercase letters.

  • The cluster name must include a minimum of 3 characters and can contain a maximum of 63 characters.

Under the ntp_setting section, specify the following details:

Table:

Parameter

Description

server

NTP server that you want to use to set and synchronize the system clocks on the cluster nodes.

You can specify an IP address or an FQDN. The type of IP address depends on the data network routing settings that you specified earlier. If the data network is configured to use IPv4 addresses, the NTP server IP address must be an IPv4 address. Conversely, if the data network uses IPv6 addresses, the NTP server IP must be an IPv6 address.

timezone

Time zone of the nodes.

Under the lockdown_mode section, specify the following details:

Table:

Parameter

Description

mode

Lockdown mode that provides different levels of security and data retention capabilities to protect data. You can use lockdown mode to create WORM storage that prevents your data from being encrypted, modified, or deleted. Each mode provides different levels of protection and data retention capabilities.

NetBackup Flex Scale supports the following lockdown modes:

  • Normal: Default mode that does not support WORM storage and data retention.

  • Enterprise: In this mode, you can create WORM storage and specify the expiration time for data. In this mode, a user with an Appliance administrator role can remove the retention lock and delete data before the specified expiration duration. A user with NetBackup Administrator role can increase the retention period.

  • Compliance: In this mode you can create WORM storage and specify the expiration time for data. However, you cannot remove the retention lock and delete the data before the specified expiration duration. A user with NetBackup administrator role can increase the retention period.

retention

 

min

Minimum duration for which data cannot be modified or deleted when the cluster is in enterprise or compliance mode.

max

Maximum duration for which data cannot be modified or deleted when the cluster is in enterprise or compliance mode.

unit

Retention period in terms of hours, days, months, or years.

Minimum data retention time is one hour and maximum retention time is 60 years.

ipmiRestricted

Restrict remote management access to the node when the lockdown mode is set to enterprise or compliance. Specify yes to restrict remote access and no to disable the restriction. This option is not available for normal lockdown mode.

Restricting remote access to nodes provides an additional level of data security and limits the privileges and operations that you can perform. You can view and perform limited operations in the IPMI web GUI but cannot  open the remote console. Physical access to the system is required to log on to the console. After you enable this restriction, a sysadmin user with IPMI role on an HPE platform has only Login and Virtual Power and Reset privileges. With these privileges, the user can only view settings in iLO and perform power-related operations. Ensure that the sysadmin user account with default password P@ssw0rd is present on all the nodes and that the sysadmin user account has full administrative privileges before you enable this restriction.

Note:

After you enable restricted remote access, you can disable this option if the appliance is in enterprise lockdown mode. If the lockdown mode is set to compliance, you cannot disable the remote access restriction. You can also choose to enable or disable remote access after the initial configuration is complete.

Under the private_network section, specify the following details. Specify both the IPv4 and IPv6 addresses irrespective of the data network settings.

Table:

Parameter

Description

ipv4

ip

Specify a private subnet IP to be used for internal communication between the cluster nodes.

subnet

Subnet mask for the specified IP address.

ipv6

ip

Specify a private subnet IP to be used for internal communication between the cluster nodes.

prefix_length

If using IPv6 addresses, specify the IPv6 prefix length. The prefix length must be greater than or equal to 115.

Under user_management, specify the following details:

Table:

Parameter

Description

storage_server

password

Password for the user account that can access the storage server containers.

user_name

Name for the user account that can be used to access the storage server containers. This account has the permissions to manage all the storage on the NetBackup Flex Scale cluster nodes.

The following are the rules for the credentials:

  • The user name and the password can be up to 62 characters in length. The user name and the password cannot be empty and cannot contain spaces and tabs.

  • You can use characters in the printable ASCII range (0x20-0x7E) except for the following characters:

    • Asterisk (*)

    • Forward slash (/)

    • Ampersand (&)

    • Dollar sign ($)

    • Percent sign (%)

    • Caret sign (^)

    • Angular brackets (<>)

    • Quotation mark (")

    • Comma (,)

    • Parentheses ()

    • Square brackets ([])

    • Single quotation mark (')

users

password

Password for the administrator account.

roles

Role to assign to the administrator account. The Appliance administrator role has permissions to manage all the infrastructure components in the cluster such as the cluster nodes, cluster settings, and the cluster operations.

user_name

Name for the administrator account.

additional_users

user_name

Maintenance or sysadmin user account for which you want to change the known default password. Specify maintenance or sysadmin.

Ensure that the sysadmin user is configured on all or none of the nodes that you want to include in the cluster. If the sysadmin user account does not exist on the nodes, do not specify this user.

password

The new password that you want to set for the maintenance or the sysadmin user account. The known default password of the user account, which is specified in the user_name parameter is set to this new password.

The password for the maintenance user must be at least eight characters in length and must include at least one uppercase, lowercase, numeric, and special character. The permitted special characters are !@#$%^&~ Dictionary words are not allowed.

The password for the sysadmin user can be a maximum of 16 characters and cannot include white spaces and \! special characters.

common_network_settings

Network settings for the cluster, such as network boding, DNS, and gateway details.

dns

Table:

Parameter

Description

dns_domain

Domain that the nodes will be a part of. The name must be a fully qualified name.

data

Table:

Parameter

Description

bond

enable

Specify if you want to use NIC bonding for eth5 and eth7 for high availability of the network interfaces.

mode

Specify the bonding mode:

  • balance-rr

  • active-backup

  • balance-xor

  • broadcast

  • 802.3ad

  • balance-tlb

  • balance-alb

option

Sub-type layer2, layer2+3 , and layer3+4 for bonding mode 802.3ad and balance-xorbond types.

ipv4

gateway_ip

If using IPv4 public addresses, specify the IP address of the gateway server in your network.

subnet_mask

If using IPv4 public addresses, specify the subnet mask of the data network.

ipv6

prefix_length

If using IPv6 public addresses, specify the IPv6 prefix length.

router_ip

If using IPv6 public addresses, specify the router address.

Table:

Parameter

Description

vlan_id

VLAN ID of a pre-configured virtual LAN. The ID can be any value between 1 and 4095.

dns

Configuring a DNS server for the cluster is optional. If you set up a cluster without configuring a DNS server, you must provide both the IP addresses and the FQDNs or the short host names for all the cluster nodes and NetBackup services. If you configure a DNS server for the cluster, you need to specify only the IP addresses during the configuration.

You can configure a DNS server for only the management network, the data network, or for both. You can configure the same DNS server or a different DNS server for the data and management network. If your management and data networks are different, you can configure a separate DNS server for the management and the data network.

Table:

Parameter

Description

dns_server

IP address of the DNS server in your network. Specify an IPv4 or an IPv6 address based on the data network settings.

search_domain

Search domains for resolving host names and IP addresses.

ipmi

Table:

Parameter

Description

ipv4

gateway_ip

If using IPv4 public addresses, specify the IP address of the gateway server in your network.

subnet_mask

If using IPv4 public addresses, specify the subnet mask of the IPMI network.

ipv6

prefix_length

If using IPv6 public addresses, specify the IPv6 prefix length.

router_ip

If using IPv6 public addresses, specify the router address.

management

Table:

Parameter

Description

ipv4

gateway_ip

If using IPv4 public addresses, specify the IP address of the gateway server in your network.

subnet_mask

If using IPv4 public addresses, specify the subnet mask of the management network.

ipv6

prefix_length

If using IPv6 public addresses, specify the IPv6 prefix length.

router_ip

If using IPv6 public addresses, specify the router address.

dns

Configuring a DNS server for the cluster is optional. If you set up a cluster without configuring a DNS server, you must provide both the IP addresses and the FQDNs or the short host names for all the cluster nodes and NetBackup services. If you configure a DNS server for the cluster, you need to specify only the IP addresses during the configuration.

You can configure a DNS server for only the management network, the data network, or for both. You can configure the same DNS server or a different DNS server for the data and management network. If your management and data networks are different, you can configure a separate DNS server for the management and the data network.

Table:

Parameter

Description

dns_server

IP address of the DNS server in your network. Specify an IPv4 or an IPv6 address based on the management network settings.

search_domain

Search domains for resolving host names and IP addresses.

nodes_setting

Node name and details of media server, storage server, and management server for each node

Table:

Parameter

Description

hostnames

Name of the nodes, can contain a maximum of 63 characters.

serial_number

Serial number of the node. You can specify the serial number to assign the media, storage, and management interface IP to the specific node for which the serial number is specified. If you do not specify the serial number, these are assigned randomly. Specifying a serial number is optional. If you specify the serial number, ensure that you specify it for all the nodes.

You can find the serial number on the pull tab present on the server. The pull tab is double-sided, one side shows the server serial number and the other side shows the default iLO account information.

media_server_ip

Public IP address range for the media server service on each node.

  • You can specify the IP address range separated by a dash. For example,10.xx.xxx.192-10.xx.xxx.208

  • You can specify the IP address range in the CIDR format. For example,10.xx.xxx.192/30

The FQDN is automatically resolved with DNS lookup.

storage_server_ip

Public IP address range for the storage server service on each node.

  • You can specify the IP address range separated by a dash. For example,10.xx.xxx.192-10.xx.xxx.208

  • You can specify the IP address range in the CIDR format. For example,10.xx.xxx.192/30

The FQDN is automatically resolved with DNS lookup.

management_interface_ip

Public IP address to be assigned to the designated management network interface (eth1) on each node.

You can specify:

  • A single IP range

  • Multiple IP ranges separated by a comma

  • Comma-separated individual IP addresses

  • A combination of individual IP addresses and IP ranges separated by a comma

  • IP addresses in CIDR format

ipmi_interface

Public IP address to be assigned to the designated IPMI interface on each node.

  • You can specify the IP address range separated by a dash. For example,10.xx.xxx.192-10.xx.xxx.208

  • You can specify the IP address range in the CIDR format. For example,10.xx.xxx.192/30

The FQDN is automatically resolved with DNS lookup.

external_primary_server_setting

Details of the external NetBackup primary server that the cluster connects to.

Table:

Parameter

Description

name

Resolvable host name or FQDN of the NetBackup primary server that is external to the cluster. The primary server must be already configured in an existing NetBackup domain. The media servers configured in the cluster communicate with this external primary server for NetBackup primary server services.

The FQDN can contain a maximum of 253 characters.

ipv4_address

IPv4 address of the external primary server. The type of IP address, whether IPv4 or IPv6 depends on your network settings.

ipv6_address

IPv6 address of the external primary server. The type of IP address, whether IPv4 or IPv6 depends on your network settings.

api_key

NetBackup API key, which is a pre-authenticated token that identifies a NetBackup user to NetBackup RESTful APIs. The user can use the API key in an API request header when a NetBackup API requires authentication. API keys can be created for authenticated NetBackup users. A specific API key is only created one time and cannot be recreated. Each API key has a unique key value and API key tag.

Ensure that the provided API key corresponds to a NetBackup user who has the administrator role.

To create an API key:

  1. Log in to the NetBackup Web UI using the administrator credentials.

  2. In the left pane, click Security, and then click API keys.

  3. In the upper-right corner, click Add.

  4. Enter a username for which you want to create the API key.

  5. Indicate how long you want the API key to be valid, from today's date. NetBackup calculates the expiration date and displays it.

  6. Click Add.

    The key is displayed in a popup window.

  7. To copy the API key, click Copy and close.

    Store this key in a safe place. After you click Copy and close, the key cannot be retrieved again.

media_server_gateway

Name that the primary server can use to identify all the media servers in the cluster. The primary server uses this name as an alias to map and access all the media servers in the cluster.

This alias is not automatically updated in the bp.conf file. For backups jobs to be successful, on the NetBackup client, edit the /usr/openv/netbackup/bp.conf file and add a SERVER entry that corresponds to the name specified by the media_server_gateway parameter.

For example, for the following settings:

external_primary_server_setting:
  name: "sclhypscontainer3vm06p3.xxx.yyy.
com"
  ipv4_address: '192.168.2.241'
  ipv6_address: ''
  api_key: "A0sBjVxO5S8hwfa5cp_
QvSqs0AmYlFsy6qzGLK8z2S5ayBfPnOKV6jXOI-cLtXrd"
  media_server_gateway: "nbfsclus001"

Add the SERVER entry as follows in the bp.conf file:

SERVER=nbfsclus001

The following example shows a sample YML configuration file with different DNS servers for the data and the management network and lockdown mode set to enterprise with restricted remote management access:

#                    
#
# deployment_yaml_version: V3.1
#
  
common_network_setting:
  dns:
    dns_domain: 'xxx.yyy.com'
    
  data:
    bond:
      enable: false
      mode: ''
      option: ''
    vlan_id: ''
    ipv4:
      gateway_ip: '10.84.144.1'
      subnet_mask: '255.255.248.0'
    ipv6:
      prefix_length: ''
      router_ip: ''
    dns:
      dns_server: '172.16.8.12'
      search_domain: ['xxx.yyy.com']
  management:
    vlan_id: ''
    ipv4:
      gateway_ip: '10.84.144.1'
      subnet_mask: '255.255.248.0'
    ipv6:
      prefix_length: ''
      router_ip: ''
    dns:
      dns_server: '172.16.8.13'
      search_domain: ['xxx.yyy.com']
  ipmi:
    ipv4:
      gateway_ip: ''
      subnet_mask: ''
    ipv6:
      prefix_length: ''
      router_ip: ''
cluster_setting:
  name: pbclust
  console_ip_ipv4: '10.84.146.205'
  console_ip_ipv6: ''
  lockdown_mode:
    mode : 'Enterprise'
    ipmiRestricted: 'yes'
    retention:
      min: 10
      max: 25    
      unit : days  
  private_network:
    ipv4:
      ip: 172.16.0.1
      subnet: 255.252.0.0
    ipv6:
      ip: 'fd00::2'
      prefix_length: '115'
  ntp_setting:
    timezone: 'Pacific'
    server: ['10.0.0.34']
  autosupport_setting:
    smtp:
      notificationInterval: ''
      hardware: ''
      software: ''
      senderEmail: ''
      emailServer: ''
      account: ''
      password: ''
      serverPort: ''
      encryption_enabled: false
    snmp:
      enable_snmp: false
      server: ''
      port: ''
      community: ''
    call_home:
      enable_call_home: false
      enable_proxy_server: false
      proxy:
        enable_proxy_tunel: false
        server: ''
        port: ''
        username: ''
        password: ''
  user_management:
    users:
      - user_name: 'admin_user'
        password: 'We!!c0me'
        roles: ['appliance_admin']
      - user_name: app_admin_user
        password: P@ssw0rd@1234
        roles:
         - appliance_admin
    additional_users:
       - user_name: maintenance
         password: P@ssw0rd@1234
       - user_name: sysadmin
         password: P@ssw0rd@1234
    storage_server:
      - user_name: 'root'
        password: 'We!!c0me'
  storage_licenses: []
  additional_fqdn_entries:
    - ip_address: ''
      name: []
  
nodes_setting:
  - host_name: pbnso01.xxx.yyy.com
    serial_number: FSVSMH3
    media_server:
      name: 'sclacslnxd17pbvm27.xxx.yyy.com'
      ipv4_address: '10.84.146.197'
      ipv6_address: ''
    management_interface:
      name: 'sclacslnxd17pbvm23.xxx.yyy.com'
      ipv4_address: 10.84.146.193
      ipv6_address: ''
    ipmi_interface:
      ipv4_address: ''
      ipv6_address: ''
    storage_server:
      name: 'sclacslnxd17pbvm28.xxx.yyy.com'
      ipv4_address: '10.84.146.198'
      ipv6_address: ''
  - host_name: pbnso02.xxx.yyy.com
    serial_number: FSVQMH3
    media_server:
      name: 'sclacslnxd17pbvm19.xxx.yyy.com'
      ipv4_address: '10.84.146.189'
      ipv6_address: ''
    management_interface:
      name: 'sclacslnxd17pbvm24.xxx.yyy.com'
      ipv4_address: 10.84.146.194
      ipv6_address: ''
    ipmi_interface:
      ipv4_address: ''
      ipv6_address: ''
    storage_server:
      name: 'sclacslnxd17pbvm29.xxx.yyy.com'
      ipv4_address: '10.84.146.199'
      ipv6_address: ''
  - host_name: pbnso03.xxx.yyy.com
    serial_number: FSVVMH3
    media_server:
      name: 'sclacslnxd17pbvm18.xxx.yyy.com'
      ipv4_address: '10.84.146.188'
      ipv6_address: ''
    management_interface:
      name: 'sclacslnxd17pbvm25.xxx.yyy.com'
      ipv4_address: 10.84.146.195
      ipv6_address: ''
    ipmi_interface:
      ipv4_address: ''
      ipv6_address: ''
    storage_server:
      name: 'sclacslnxd17pbvm30.xxx.yyy.com'
      ipv4_address: '10.84.146.200'
      ipv6_address: ''
  - host_name: pbnso04.xxx.yyy.com
    serial_number: FSVTMH3
    media_server:
      name: 'sclacslnxd17pbvm31.xxx.yyy.com'
      ipv4_address: '10.84.146.201'
      ipv6_address: ''
    management_interface:
      name: 'sclacslnxd17pbvm26.xxx.yyy.com'
      ipv4_address: 10.84.146.196
      ipv6_address: ''
    ipmi_interface:
      ipv4_address: ''
      ipv6_address: ''
    storage_server:
      name: 'sclacslnxd17pbvm32.xxx.yyy.com'
      ipv4_address: '10.84.146.202'
      ipv6_address: ''
external_primary_server_setting:
  name: "sclhypscontainer3vm06p3.xxx.yyy.com"
  ipv4_address: '10.84.146.241'
  ipv6_address: ''
  api_key: "A0sBjVxO5S8hwfa5cp_QvSqs0AmYlFsy6qzGLK8z2S5ayBfPnOKV6jXOI-cLtXrd"
  media_server_gateway: "nbfsclus001"