-
- Enthusiast
- Posts: 59
- Liked: 62 times
- Joined: Feb 11, 2019 6:17 pm
- Contact:
Nutanix AHV KB 4433 is nebulous and vague
I have run into a significant roadblock deploying the Veeam Nutanix AHV Proxy since
my certificates are self-signed. The procedure outlined for exporting them is quite vague.
Assuming I have exported the correct certificates, I have uploaded them to the proxy using
the installed user account per the KB. https://www.veeam.com/kb4433
The next step calmly states, in fine print:
"Only the root user has write access to this folder. You must first upload the certificates to your
user's home directly, then copy them to the folder using the command line."
That's fine except there is no mention anywhere I can find as to what the root password might be
so I cannot sudo mv the files. I did not assign a root password during the deployment and the password associated with
the newly created user account is insufficient.
Any clarification would be helpful.
Thanks.
my certificates are self-signed. The procedure outlined for exporting them is quite vague.
Assuming I have exported the correct certificates, I have uploaded them to the proxy using
the installed user account per the KB. https://www.veeam.com/kb4433
The next step calmly states, in fine print:
"Only the root user has write access to this folder. You must first upload the certificates to your
user's home directly, then copy them to the folder using the command line."
That's fine except there is no mention anywhere I can find as to what the root password might be
so I cannot sudo mv the files. I did not assign a root password during the deployment and the password associated with
the newly created user account is insufficient.
Any clarification would be helpful.
Thanks.
-
- Chief Product Officer
- Posts: 32222
- Liked: 7586 times
- Joined: Jan 01, 2006 1:01 am
- Location: Baar, Switzerland
- Contact:
Re: Nutanix AHV KB 4433 is nebulous and vague
Hello, all support KB articles are created and maintained by our Technical Support organization which is separate from R&D. Could you please share this feedback with them directly using the Send Article Feedback link at the bottom of the KB page? Or if you need help implementing this, then just open a support case normally and they will guide you through the process. Thanks
-
- Veeam Software
- Posts: 583
- Liked: 216 times
- Joined: Mar 07, 2016 3:55 pm
- Full Name: Ronn Martin
- Contact:
Re: Nutanix AHV KB 4433 is nebulous and vague
@tgx you do not need the root account password to the appliance. The account created at appliance initialization has sudo elevation enabled so you should be able to simply "sudo mv ..." just fine with your appliance login account password. If this is not working of course you'll need to contact support.
-
- Enthusiast
- Posts: 59
- Liked: 62 times
- Joined: Feb 11, 2019 6:17 pm
- Contact:
Re: Nutanix AHV KB 4433 is nebulous and vague
Yah but that's the issue. Sudo asks for a password.
-
- Enthusiast
- Posts: 59
- Liked: 62 times
- Joined: Feb 11, 2019 6:17 pm
- Contact:
Re: Nutanix AHV KB 4433 is nebulous and vague
Case Number 07173946
-
- Veeam Software
- Posts: 149
- Liked: 94 times
- Joined: Jan 16, 2013 5:27 pm
- Full Name: Tyler Payton
- Contact:
Re: Nutanix AHV KB 4433 is nebulous and vague
Based on KB feedback received, https://www.veeam.com/kb4433 was updated to state:
Also, regarding:Only the root user has write access to this folder. You must first upload the certificates to your user's home directly, then use 'sudo cp' to copy them to the folder.
sudo is prompting for the password of the user account you are logged in as, not the root user.
Tyler Payton
Customer Experience Manager / KB Manager
Customer Experience Manager / KB Manager
-
- Enthusiast
- Posts: 50
- Liked: 7 times
- Joined: Jan 24, 2023 11:14 pm
- Contact:
Re: Nutanix AHV KB 4433 is nebulous and vague
Just chiming in that I have used that KB in the past across our environment as we also have a private PKI and while I certainly have issues with setting up AHV proxies, I have not had issues following that KB.
-
- Enthusiast
- Posts: 59
- Liked: 62 times
- Joined: Feb 11, 2019 6:17 pm
- Contact:
Re: Nutanix AHV KB 4433 is nebulous and vague
Thanks Tyler but this was not the case with this installation nor subsequent attempts. There is apparently a flaw where the newly created user was not added to sudoers as
ronmartin60 had alluded to, which meant it was not possible to 'sudo cp' as it would not accept the command even with the password given which is why I thought it may need
the root password. I did follow KB4271 and assign a new root password which then allowed the 'sudo cp' to work.
The correct resolution is to maintenance boot the proxy, then issue sudo usermod -aG sudo <username> which gives the user
sudo ability.
In the end it all turned out to be unnecessary as the problem I was trying to solve was caused by another undocumented issue and not the certificates.
ronmartin60 had alluded to, which meant it was not possible to 'sudo cp' as it would not accept the command even with the password given which is why I thought it may need
the root password. I did follow KB4271 and assign a new root password which then allowed the 'sudo cp' to work.
The correct resolution is to maintenance boot the proxy, then issue sudo usermod -aG sudo <username> which gives the user
sudo ability.
In the end it all turned out to be unnecessary as the problem I was trying to solve was caused by another undocumented issue and not the certificates.
-
- Veeam Software
- Posts: 8
- Liked: 3 times
- Joined: Dec 04, 2017 3:23 pm
- Full Name: Aaron Grenier
- Contact:
Re: Nutanix AHV KB 4433 is nebulous and vague
Hello,
Wanted to chime in here about the sudo privs...The account you use (whatever it is named) is in the veeam-admins group. The veeam-admins group is in the sudoers.
Example:
admin@proxy-v5:~$ id
uid=1000(admin) gid=1000(admin) groups=1000(admin),1001(veeam-admins),1002(veeam-users)
%veeam-admins ALL=(ALL:ALL) ALL
You shouldn't have to add the account explicitly to the sudo group unless something went wrong with the account somewhere, which would require investigation.
Wanted to chime in here about the sudo privs...The account you use (whatever it is named) is in the veeam-admins group. The veeam-admins group is in the sudoers.
Example:
admin@proxy-v5:~$ id
uid=1000(admin) gid=1000(admin) groups=1000(admin),1001(veeam-admins),1002(veeam-users)
%veeam-admins ALL=(ALL:ALL) ALL
You shouldn't have to add the account explicitly to the sudo group unless something went wrong with the account somewhere, which would require investigation.
-
- Enthusiast
- Posts: 59
- Liked: 62 times
- Joined: Feb 11, 2019 6:17 pm
- Contact:
Re: Nutanix AHV KB 4433 is nebulous and vague
The proxy was clean installed 5 different times and each time the end result was a user that was not
a part of sudoers. Thanks.
a part of sudoers. Thanks.
-
- Enthusiast
- Posts: 59
- Liked: 62 times
- Joined: Feb 11, 2019 6:17 pm
- Contact:
Re: Nutanix AHV KB 4433 is nebulous and vague
nutproxy@nutproxyproxy-v5:~$ id
uid=1000(admin) gid=1000(admin) groups=1000(admin),1001(veeam-admins),1002(veeam-users)
veeam-admins
1001:nutproxy
%veeam-admins ALL=(ALL:ALL) ALL
Looks the same but failed to work until I followed KB4271.
uid=1000(admin) gid=1000(admin) groups=1000(admin),1001(veeam-admins),1002(veeam-users)
veeam-admins
%veeam-admins ALL=(ALL:ALL) ALL
Looks the same but failed to work until I followed KB4271.
-
- Veeam Software
- Posts: 8
- Liked: 3 times
- Joined: Dec 04, 2017 3:23 pm
- Full Name: Aaron Grenier
- Contact:
Re: Nutanix AHV KB 4433 is nebulous and vague
If there are issues with sudo not working immediately after deployment, I'd recommend a support case to determine the issue. You should not have to reset the password for root as your account clearly shows sudo permissions. As well, if sudo isn't working, your backup jobs will fail too as sudo is used for snapshot operations so definitely should get that checked out.
-
- Enthusiast
- Posts: 59
- Liked: 62 times
- Joined: Feb 11, 2019 6:17 pm
- Contact:
Re: Nutanix AHV KB 4433 is nebulous and vague
That is is exactly what has happened. Case has been closed.
The resolution was manually executing the command to add
the user to the sudoers group. It is unknown why this occurs.
The resolution was manually executing the command to add
the user to the sudoers group. It is unknown why this occurs.
-
- Veeam Software
- Posts: 8
- Liked: 3 times
- Joined: Dec 04, 2017 3:23 pm
- Full Name: Aaron Grenier
- Contact:
Re: Nutanix AHV KB 4433 is nebulous and vague
Odd...I tested in the lab 3 more times (along with the many other times I've worked on this proxy) and can't reproduce the issue. Maybe submit another case and request further investigation (reference your prior case as well as this forum link). Perhaps a network issue is causing issue with cloud-init at deployment.
Who is online
Users browsing this forum: No registered users and 9 guests