Veritas-bu

[Veritas-bu] Setting list/restore security for virtual client s

2004-05-05 17:04:36
Subject: [Veritas-bu] Setting list/restore security for virtual client s
From: irodriguez AT arsenaldigital DOT com (Isidro Rodriguez)
Date: Wed, 5 May 2004 17:04:36 -0400
This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.

------_=_NextPart_001_01C432E4.92907710
Content-Type: text/plain

Hi,

For your Oracle agent you can setup another bp.conf in the $HOME of the
oracle user since the agent will su to that. 
Then in that bp.conf you can select the desired CLIENT_NAME. This way you
can configure your cluster ok for oracle.


Isidro

-----Original Message-----
From: Larry Fahnoe [mailto:fahnoe AT fahnoetech DOT com]
Sent: Wednesday, May 05, 2004 3:27 PM
To: veritas-bu AT mailman.eng.auburn DOT edu
Subject: [Veritas-bu] Setting list/restore security for virtual clients


Hello,

In a NBU 5.0 environment, we have several Solaris and Windows clusters
and have been backing up both the individual host filesystems and the
virtual server filesystems that are being offered.  Example:

  C1-hostA     10.0.0.1   / /usr ...
  C1-hostB     10.0.0.2   / /usr ...
  C1-virtual1  10.0.0.10  /u100 /u101 ...
  C1-virtual2  10.0.0.11  /u200 /u201 ...
  C1-virtual3  10.0.0.12  /u300 /u301 ...

The virtual addresses and filesystems float between nodes via either
MS or Vx cluster services.  We have a policy that backs up the host-
specific filesystems (/ /usr ...) on the two C1-hosts and then three
other policies that back up the virtual filesystems on the appropriate
virtual host.  The NetBackup client has not been told about the
virtual services (I don't know how do to that).

This works just fine with a couple of limitations: 1) failover during
backups is not pretty, and 2) I cannot list or restore a virtual
service from either of the clients.  I can do the list and restore
from the master and media servers.

The bp.conf on the two hosts have a CLIENT_NAME entry which matches
the hostname.  When I attempt a bplist -l -b -C C1-virtual2 from
either of the two C1-host[AB] I get a STATUS 135, client is not
validated to perform the requested operation.

We are currently not using either Access Management or Enhanced
Authentication and Authorization.  I can solve the problem with a
db/altnames entry for every actual host name listing each virtual
name, but this seems cumbersome.

What is the proper way to solve this problem, is there one?  

I'm starting to work with the Oracle agent to back up clustered
databases and I want to use the virtual server names, but the bplist
failure is precluding the client from doing the backup as it checks to
make sure the file it is about to back up has a unique name.

Thanks for any ideas!

--Larry

-- 
Larry Fahnoe, Fahnoe Technology Consulting, fahnoe AT FahnoeTech DOT com
952/925-0744      Minneapolis, Minnesota       www.FahnoeTech.com 
_______________________________________________
Veritas-bu maillist  -  Veritas-bu AT mailman.eng.auburn DOT edu
http://mailman.eng.auburn.edu/mailman/listinfo/veritas-bu

------_=_NextPart_001_01C432E4.92907710
Content-Type: text/html
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3DUS-ASCII">
<META NAME=3D"Generator" CONTENT=3D"MS Exchange Server version =
5.5.2654.45">
<TITLE>RE: [Veritas-bu] Setting list/restore security for virtual =
clients</TITLE>
</HEAD>
<BODY>

<P><FONT SIZE=3D2>Hi,</FONT>
</P>

<P><FONT SIZE=3D2>For your Oracle agent you can setup another bp.conf =
in the $HOME of the oracle user since the agent will su to that. =
</FONT>
<BR><FONT SIZE=3D2>Then in that bp.conf you can select the desired =
CLIENT_NAME. This way you can configure your cluster ok for =
oracle.</FONT>
</P>
<BR>

<P><FONT SIZE=3D2>Isidro</FONT>
</P>

<P><FONT SIZE=3D2>-----Original Message-----</FONT>
<BR><FONT SIZE=3D2>From: Larry Fahnoe [<A =
HREF=3D"mailto:fahnoe AT fahnoetech DOT com">mailto:fahnoe AT fahnoetech DOT 
com</A>]<=
/FONT>
<BR><FONT SIZE=3D2>Sent: Wednesday, May 05, 2004 3:27 PM</FONT>
<BR><FONT SIZE=3D2>To: veritas-bu AT mailman.eng.auburn DOT edu</FONT>
<BR><FONT SIZE=3D2>Subject: [Veritas-bu] Setting list/restore security =
for virtual clients</FONT>
</P>
<BR>

<P><FONT SIZE=3D2>Hello,</FONT>
</P>

<P><FONT SIZE=3D2>In a NBU 5.0 environment, we have several Solaris and =
Windows clusters</FONT>
<BR><FONT SIZE=3D2>and have been backing up both the individual host =
filesystems and the</FONT>
<BR><FONT SIZE=3D2>virtual server filesystems that are being =
offered.&nbsp; Example:</FONT>
</P>

<P><FONT SIZE=3D2>&nbsp; C1-hostA&nbsp;&nbsp;&nbsp;&nbsp; =
10.0.0.1&nbsp;&nbsp; / /usr ...</FONT>
<BR><FONT SIZE=3D2>&nbsp; C1-hostB&nbsp;&nbsp;&nbsp;&nbsp; =
10.0.0.2&nbsp;&nbsp; / /usr ...</FONT>
<BR><FONT SIZE=3D2>&nbsp; C1-virtual1&nbsp; 10.0.0.10&nbsp; /u100 /u101 =
...</FONT>
<BR><FONT SIZE=3D2>&nbsp; C1-virtual2&nbsp; 10.0.0.11&nbsp; /u200 /u201 =
...</FONT>
<BR><FONT SIZE=3D2>&nbsp; C1-virtual3&nbsp; 10.0.0.12&nbsp; /u300 /u301 =
...</FONT>
</P>

<P><FONT SIZE=3D2>The virtual addresses and filesystems float between =
nodes via either</FONT>
<BR><FONT SIZE=3D2>MS or Vx cluster services.&nbsp; We have a policy =
that backs up the host-</FONT>
<BR><FONT SIZE=3D2>specific filesystems (/ /usr ...) on the two =
C1-hosts and then three</FONT>
<BR><FONT SIZE=3D2>other policies that back up the virtual filesystems =
on the appropriate</FONT>
<BR><FONT SIZE=3D2>virtual host.&nbsp; The NetBackup client has not =
been told about the</FONT>
<BR><FONT SIZE=3D2>virtual services (I don't know how do to =
that).</FONT>
</P>

<P><FONT SIZE=3D2>This works just fine with a couple of limitations: 1) =
failover during</FONT>
<BR><FONT SIZE=3D2>backups is not pretty, and 2) I cannot list or =
restore a virtual</FONT>
<BR><FONT SIZE=3D2>service from either of the clients.&nbsp; I can do =
the list and restore</FONT>
<BR><FONT SIZE=3D2>from the master and media servers.</FONT>
</P>

<P><FONT SIZE=3D2>The bp.conf on the two hosts have a CLIENT_NAME entry =
which matches</FONT>
<BR><FONT SIZE=3D2>the hostname.&nbsp; When I attempt a bplist -l -b -C =
C1-virtual2 from</FONT>
<BR><FONT SIZE=3D2>either of the two C1-host[AB] I get a STATUS 135, =
client is not</FONT>
<BR><FONT SIZE=3D2>validated to perform the requested operation.</FONT>
</P>

<P><FONT SIZE=3D2>We are currently not using either Access Management =
or Enhanced</FONT>
<BR><FONT SIZE=3D2>Authentication and Authorization.&nbsp; I can solve =
the problem with a</FONT>
<BR><FONT SIZE=3D2>db/altnames entry for every actual host name listing =
each virtual</FONT>
<BR><FONT SIZE=3D2>name, but this seems cumbersome.</FONT>
</P>

<P><FONT SIZE=3D2>What is the proper way to solve this problem, is =
there one?&nbsp; </FONT>
</P>

<P><FONT SIZE=3D2>I'm starting to work with the Oracle agent to back up =
clustered</FONT>
<BR><FONT SIZE=3D2>databases and I want to use the virtual server =
names, but the bplist</FONT>
<BR><FONT SIZE=3D2>failure is precluding the client from doing the =
backup as it checks to</FONT>
<BR><FONT SIZE=3D2>make sure the file it is about to back up has a =
unique name.</FONT>
</P>

<P><FONT SIZE=3D2>Thanks for any ideas!</FONT>
</P>

<P><FONT SIZE=3D2>--Larry</FONT>
</P>

<P><FONT SIZE=3D2>-- </FONT>
<BR><FONT SIZE=3D2>Larry Fahnoe, Fahnoe Technology Consulting, =
fahnoe AT FahnoeTech DOT com</FONT>
<BR><FONT SIZE=3D2>952/925-0744&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; =
Minneapolis, Minnesota&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; =
www.FahnoeTech.com </FONT>
<BR><FONT =
SIZE=3D2>_______________________________________________</FONT>
<BR><FONT SIZE=3D2>Veritas-bu maillist&nbsp; -&nbsp; =
Veritas-bu AT mailman.eng.auburn DOT edu</FONT>
<BR><FONT SIZE=3D2><A =
HREF=3D"http://mailman.eng.auburn.edu/mailman/listinfo/veritas-bu"; =
TARGET=3D"_blank">http://mailman.eng.auburn.edu/mailman/listinfo/veritas=
-bu</A></FONT>
</P>

</BODY>
</HTML>
------_=_NextPart_001_01C432E4.92907710--

<Prev in Thread] Current Thread [Next in Thread>
  • [Veritas-bu] Setting list/restore security for virtual client s, Isidro Rodriguez <=