Discovery is not working even after assigning system managed identity to the control node pool
If is not enabled on NetBackup Snapshot Manager (deployed on Kubernetes cluster) and user adds Azure cloud provider (with already added) using , then is automatically selected for the addition of Azure cloud provider and plugin addition is successful.
But it could not discover the assets if there are insufficient permissions added in . Discovery and NetBackup Snapshot Manager related operations would not work even if is enabled and required permission/role is added to later on. Because it will always use at the backend of NetBackup Snapshot Manager.
To resolve this issue, perform the following steps
- Update the required permission/role and then add the permissions to User managed identity and run the required operations again.
- Edit the corresponding Azure provider configuration in NetBackup Web UI and run the required operations again.
The following table lists the scenarios and expected outcomes of different Azure plug-in configurations:
Table: Scenarios and expected outcomes of different Azure plug-in configurations
NetBackup Snapshot Manager configuration | VM configuration in Azure | Snapshot | |
|---|---|---|---|
System managed identity (MI) | User managed identity (MI) | ||
System MI | CP-Permissions | N/A | Yes |
N/A | CP-Permissions | Yes | |
N/A |
| N/A | |
Reader | CP-Permissions | No | |
CP-Permissions | Reader | Yes | |
Reader | Reader | No | |
CP-Permissions | CP-Permissions | Yes | |
User MI | CP-Permissions | N/A | N/A |
N/A | CP-Permissions | Yes | |
Reader | CP-Permissions | Yes | |
CP-Permissions | Reader | No | |
Reader | Reader | No | |
CP-Permissions | CP-Permissions | Yes | |
User MI (Reader) | N/A |
| No |
Note:
In the above table, is a role that has permission to take snapshot and is a role that does not have permission to take the snapshot.