Configuring the NBOSVM service principal
You must configure service principal for a secure communication between NBOSVM and NetBackup.
Configuring the NBOSVM service principal
- Create a non-root user in the NetBackup primary server.
adduser <username>
- Log in to the NetBackup primary server web UI.
- From the left side menu, go to Security > RBAC > Default Security Administrator.
- On the Users tab, add the non-root user that you have created.
- Go to Security > Access keys.
- Click Add and enter the non-root user to create the access token.
- Add the generated access token and NetBackupHostName in the cURL command and run it on the NetBackup primary server.
curl --insecure --location --request POST \ 'https://<NetBackupHostName>:1556/netbackup/security/service-principal-configs' \ -H 'accept: application/vnd.netbackup+json;version=11.0' \ -H 'Content-Type: application/vnd.netbackup+json;version=11.0' \ -H 'Authorization: <Access Token>' \ -d '{ "data": { "type": "servicePrincipalConfiguration", "attributes": { "servicePrincipalId": "Service_Principal_NBOSVM", "servicePrincipalType": "OPENSTACK", "servicePrincipalApiKeyExpireAfterDays": "P365D", "isSecurityAdmin": true, "accessDefinitions": [ { "namespace": "|SECURITY|USERS|API-KEYS|", "operations": [ "|OPERATIONS|VIEW|" ] }, { "namespace": "|SECURITY|SERVICE-PRINCIPAL|", "operations": [ "|OPERATIONS|VIEW|" ] }, { "namespace": "|ASSETS|OPENSTACK|", "operations": [ "|OPERATIONS|ADD|", "|OPERATIONS|VIEW|", "|OPERATIONS|UPDATE|", "|OPERATIONS|ASSETS|OPENSTACK|RESTORE_ORIGINAL|", "|OPERATIONS|ASSETS|OPENSTACK|RESTORE_ALTERNATE|", "|OPERATIONS|ASSETS|OPENSTACK|PROTECT|" ] }, { "namespace": "|PROTECTION|PROTECTION_PLAN|", "operations": [ "|OPERATIONS|VIEW|", "|OPERATIONS|PROTECTION|PROTECTION_PLAN|SUBSCRIBE|" ] }, { "namespace": "|PROTECTION|POLICIES|", "operations": [ "|OPERATIONS|PROTECTION|POLICIES|MANUAL-BACKUP|", "|OPERATIONS|VIEW|" ] }, { "namespace": "|CREDENTIALS|", "operations": [ "|OPERATIONS|ADD|", "|OPERATIONS|UPDATE|", "|OPERATIONS|DELETE|" ] }, { "namespace": "|MANAGE|NBOSVM-SERVER|", "operations": [ "|OPERATIONS|ADD|", "|OPERATIONS|UPDATE|", "|OPERATIONS|DELETE|" ] }, { "namespace": "|MANAGE|JOBS|", "operations": [ "|OPERATIONS|ADD|", "|OPERATIONS|VIEW|" ] }, { "namespace": "|STORAGE|STORAGE-SERVERS|", "operations": [ "|OPERATIONS|VIEW|" ] }, { "namespace": "|STORAGE|STORAGE-SERVERS|UNIVERSAL-SHARES|", "operations": [ "|OPERATIONS|VIEW|" ] }, { "namespace": "|MANAGE|IMAGES|", "operations": [ "|OPERATIONS|VIEW|" ] } ] } } }'Note:
Keep a note of servicePrincipalId and apiKey from the response of the cURL. They are required in the NetBackup for OpenStack configuration.
For information about service-principal-configs API, see the NetBackup API Documentation.