Scan host configuration using Ansible
Using Ansible, single/multiple scan hosts can be configured at once by providing the host details in inventory/hosts.yml file. NetBackup footprint is not required on the scan host. This utility installs and configures the prerequisites required to run a malware scan on the scan host (RHEL 8.x/9.x/ Windows Server 2016 and above). Additionally, this utility can be used to install NetBackup Malware Scanner on the scan host.
For more information, refer to the ReadMe.md file located at Ansible ReadMe.md.
Prerequisites
The minimum required configuration for the scan host is 8 CPU and 32-GB RAM.
For the supported operating systems of the scan host, refer to the Software Compatibility List.
NetBackup footprint is not required on the scan host. The existing systems with the NetBackup client or media server can be used as scan host, too.
(Linux) The scan host must be reachable from the media server over SSH.
Note:
SSH connection to scan host from the media server must be successful.
Following are the platform specific requirements:
(For Windows) openssh, nfs-client, vc runtime, non-administrator user and Avira configured using previously created non-administrator user.
(For Linux) libnsl, cifs-utils, non-root user and Avira configured using previously created non-administrator user.
Steps to configure scan host using Ansible
Note:
Ensure that you perform all the steps in this procedure on Ansible control host.
- Clone the repository from GitHub and move it to your Ansible control host as follows:
git clone https://github.com/VeritasOS/netbackup-scanhost-config.git
- Navigate to
netbackup-scanhost-config\ansiblefolder as follows:cd netbackup-scanhost-config\ansible
- By default, the host key checking would happen before configuring the scan host. To add the fingerprint of the scan host for Linux hosts, manually perform SSH to the scan host as follows:
ssh-keyscan -H {{HOST}} >> ~/.ssh/known_hosts
- Provide the scan host details in the
inventory/hosts.ymlfile. Refer to the Terminologies section in ReadMe.md file for the complete list of options.install_avira: Installs NetBackup Malware Scanner if set to true, defaults to false.
avira_package_path: (Required only if install_avira is set to true). Local absolute path to the NetBackup Malware Scanner zip package (NBAntimalwareClient) which is available on the Veritas download center.
ansible_user: Scan host username who must be a user with Administrator or root/sudo privileges. When using the sudo privileges, provide the sudo password as follows:
ansible_sudo_pass=<password>
ansible_ssh_pass: Scan host password.
- Run the following to run the playbook:
ansible-playbook playbook.yml
- Use the credentials displayed at the end of script to register the scan host to NetBackup primary server.