-
- Service Provider
- Posts: 43
- Liked: 3 times
- Joined: Jul 21, 2022 10:40 pm
- Full Name: Matthew Boswell
- Contact:
Veeam ONE ansible installation inconsistencies
Hi all.
Hope this is the right place for this question. I'm using the veeamhub.veeam ansible collection: https://galaxy.ansible.com/veeamhub/veeam.
There is an inconsistency between the VBR role and the ONE role in the SQL authentication strategy -- VBR uses SQL auth and ONE uses Windows auth, and this makes the roles incompatible with each other on the same machine without modifying the tasks and variables. I can, of course, modify the code and make it work for myself in a lab environment, but when working with AWX and ephemeral execution environments I'd have to submit a PR to get any changes into the galaxy collection for use in production.
So my question is this: Is there some technical reason for the inconsistency? Is it best practice to use Windows authentication with ONE? Our typical use case is VBR and ONE on the same VM in an isolated environment (no AD DS). Thanks for any insight; this will help inform my automation strategy going forward.
Thanks,
Matt
Hope this is the right place for this question. I'm using the veeamhub.veeam ansible collection: https://galaxy.ansible.com/veeamhub/veeam.
There is an inconsistency between the VBR role and the ONE role in the SQL authentication strategy -- VBR uses SQL auth and ONE uses Windows auth, and this makes the roles incompatible with each other on the same machine without modifying the tasks and variables. I can, of course, modify the code and make it work for myself in a lab environment, but when working with AWX and ephemeral execution environments I'd have to submit a PR to get any changes into the galaxy collection for use in production.
So my question is this: Is there some technical reason for the inconsistency? Is it best practice to use Windows authentication with ONE? Our typical use case is VBR and ONE on the same VM in an isolated environment (no AD DS). Thanks for any insight; this will help inform my automation strategy going forward.
Thanks,
Matt
-
- Product Manager
- Posts: 14839
- Liked: 3086 times
- Joined: Sep 01, 2014 11:46 am
- Full Name: Hannes Kasparick
- Location: Austria
- Contact:
Re: Veeam ONE ansible installation inconsistencies
Hello,
SQL authentication for Backup & Replication is usually to avoid chicken-egg issues (domain down, SQL auth fails, no restore possible).
In general, it's recommended to use Windows Authentication for security reasons. That explains the inconsistency to me.
@chris.arceneaux, anything to add from your side?
Best regards,
Hannes
SQL authentication for Backup & Replication is usually to avoid chicken-egg issues (domain down, SQL auth fails, no restore possible).
In general, it's recommended to use Windows Authentication for security reasons. That explains the inconsistency to me.
@chris.arceneaux, anything to add from your side?
in general, I would avoid that. But probably, as you are a service provider, it's about many very small (just a few dozen VMs) environments?Our typical use case is VBR and ONE on the same VM
Best regards,
Hannes
-
- VeeaMVP
- Posts: 695
- Liked: 374 times
- Joined: Jun 24, 2019 1:39 pm
- Full Name: Chris Arceneaux
- Location: Georgia, USA
- Contact:
Re: Veeam ONE ansible installation inconsistencies
In agreement with Hannes.
I'll add that pull requests are welcomed as this is an open source project.
I'll add that pull requests are welcomed as this is an open source project.
-
- Service Provider
- Posts: 43
- Liked: 3 times
- Joined: Jul 21, 2022 10:40 pm
- Full Name: Matthew Boswell
- Contact:
Re: Veeam ONE ansible installation inconsistencies
Thanks. This is exactly the input I needed. Another approach (and probably the best practice) other than to put ONE on a separate VM would be just to automate the steps to add the Windows ONE user to the SQL instance that already exists if VBR installs first. I'll try a few things and see what works best.
-
- Veeam Software
- Posts: 745
- Liked: 191 times
- Joined: Nov 01, 2016 11:26 am
- Contact:
Re: Veeam ONE ansible installation inconsistencies
Hello Matthew,
It is possible to install VBR and ONE on the same machine for labs and small environments. There are a lot of scalability considerations though.
Did I understand correctly, that you suggest an option for Veeam ONE installer to search for the SQL instance with VBR and add a user automatically or this is related to the ansible only?
By the way, I've downloaded VAS 11a and tried to install it on a new machine in my lab. That is what I got as defaults
Thanks
It is possible to install VBR and ONE on the same machine for labs and small environments. There are a lot of scalability considerations though.
Did I understand correctly, that you suggest an option for Veeam ONE installer to search for the SQL instance with VBR and add a user automatically or this is related to the ansible only?
By the way, I've downloaded VAS 11a and tried to install it on a new machine in my lab. That is what I got as defaults
Thanks
-
- Service Provider
- Posts: 43
- Liked: 3 times
- Joined: Jul 21, 2022 10:40 pm
- Full Name: Matthew Boswell
- Contact:
Re: Veeam ONE ansible installation inconsistencies
My concern is with ansible only. Specifically it's that the SQL auth is hard coded to Windows auth in the installer options: "VM_MN_SQL_AUTHENTICATION=0" which makes the ONE server install tasks incompatible with the VBR install tasks without modification. My initial thought was to make that a variable but if Windows auth is the best practice I'll look at other methods for making the installer coexist with VBR.
And yes, we have a lot of small environments. I'll bring up the possibility of separating VBR and ONE onto individual VMs but scalability hasn't been a problem so far; we're talking about customer environments with no more than a few dozen VMs usually.
And yes, we have a lot of small environments. I'll bring up the possibility of separating VBR and ONE onto individual VMs but scalability hasn't been a problem so far; we're talking about customer environments with no more than a few dozen VMs usually.
-
- VeeaMVP
- Posts: 695
- Liked: 374 times
- Joined: Jun 24, 2019 1:39 pm
- Full Name: Chris Arceneaux
- Location: Georgia, USA
- Contact:
Re: Veeam ONE ansible installation inconsistencies
An update for those who might find this thread:
Starting with version 12.1, it's now possible to choose a different SQL authentication method for Veeam Backup & Replication and Veeam Backup Enterprise Manager using this Ansible collection.
Starting with version 12.1, it's now possible to choose a different SQL authentication method for Veeam Backup & Replication and Veeam Backup Enterprise Manager using this Ansible collection.
Who is online
Users browsing this forum: No registered users and 17 guests