6.6.1.2 Hotfix
| Article:TECH146067 | | | Created: 2010-12-13 | | | Updated: 2011-03-25 | | | Article URL http://www.symantec.com/docs/TECH146067 |
Problem
Hotfix NB_PDE_6.6.1.2.tar provides fixes to Symantec Veritas NetBackup (tm) PureDisk
Solution
Name: NB_PDE_6.6.1.2
Date: February 25, 2011
==========================================================================
This Hotfix provides features and fixes to the Symantec NetBackup
PureDisk 6.6.1 software.
==========================================================================
* PREREQUISITES
* ENHANCEMENTS
* PRODUCT FIXES
* KNOWN ISSUES
* VULNERABILITIES - RESOLVED
* DATA LOSS ISSUES - RESOLVED
* PREINSTALLATION STEPS
* INSTALLATION INSTRUCTIONS
* UPGRADING DEDUPLICATION AGENTS ON MEDIA SERVER CLIENTS
=============
PREREQUISITES
=============
This Hotfix can be installed on PureDisk 6.6.1 or PureDisk 6.6.1.1 software.
For detailed information about the PureDisk 6.6.1.2 Hotfix, refer to the
the following site:
http://www.symantec.com/business/support/index?page=content&id=TECH153564
Note:
PureDisk automatically creates upgrade jobs for the agent software on
backup and restore clients. The upgrade does not create agent upgrade
jobs for PDDO (deduplication) agents on NetBackup media server clients.
To upgrade media server clients, follow the procedure UPGRADING
DEDUPLICATION AGENTS ON MEDIA SERVER CLIENTS in this document.
============
ENHANCEMENTS
============
The following list of enhancements provides an overview of the
improvements that are included in this release of PureDisk. See the
PRODUCT FIXES section of this README file for specific details about
these enhancements.
* Performance improvements
- Replication
With PDDO enabled, replication performance is significantly improved
for optimized duplication from NetBackup to PureDisk servers. This
enhancement removed overhead from the PureDisk storage pool authority
(SPA).
- Concurrent backup and data removal
With PureDisk 6.6.1.2, you can run backup jobs and data removal jobs
at the same time. With past releases, data removal jobs could not run
concurrently with backup jobs. In some environments data removal jobs
did not run because backup jobs ran 24 hours per day.
* Rollup of existing EEBs
PureDisk 6.6.1.2 includes all engineering binaries that have been
created for PureDisk 6.6.0.3 and PureDisk 6.6.1.
* Vulnerabilities resolved
PureDisk 6.6.1.2 resolves a number of identified vulnerabilities. See
the VULNERABILITIES - RESOLVED section of this README file for specific
details.
=============
PRODUCT FIXES
=============
This release contains the following product fixes:
* Etrack 2084551: PDDO optimized duplication forces unnecessary PDVFS
directory cache loads resulting in degraded performance
After the initial setup of the environment, some customers reported
slow replications when using storage lifecycle policies (SLPs). SLP
polices were being used for the replication of the data between
PureDisk nodes. The PDVFS directory cache was being reloaded many times
in an optimized duplication replication. To fix this issue, an
alternate approach was implemented to query the metabase directly and
bypass the directory cache load.
* Etrack 2162355: PDDO generates a large number of temporary files in
/tmp or /var/tmp
When PDDO is configured for a particular storage pool, but that storage
pool is not available due to error conditions (or it is turned off), a
PureDisk register attempt is performed. However, it is not cleaning up
the files correctly after it completes. In PureDisk 6.6.1.2, this error
handling uses different logic that resolves this issue.
* Etrack 2143000 and Etrack 2161043: PureDisk 6.6.1 and PureDisk
6.6.0.3 are not backwards compatible because of missing
getNBUPrimaryDSID logic on target SPA
PureDisk releases 6.6.0.3 and 6.6.1 were not backward-compatible in
situations where optimized duplication was used with a PureDisk 6.6.0.3
source storage pool and a PureDisk 6.6.1 target storage pool. With the
fix, PureDisk 6.6.0.3 can perform optimized duplication to PureDisk
6.6.1.2.
* Etrack 2103458: PDDO configurable Web service call retries
The following Web service call parameters are now configurable in the
pd.conf file.
- The WS_TIMEOUT parameter allows you to increase or decrease the
timeout value for Web service calls made from NetBackup media servers
to PureDisk storage units. The default value for this parameter is
120 (seconds).
- The WS_RETRYCOUNT parameter allows you to configure the amount of
retries that will be attempted in case the Web service fails or times
out. The default value for this parameter is 3 (retries).
* Etrack 2125623: PDDO replication sets encryption by default
Optimized duplication encryption is enabled by default in PDDO, but
pd.conf states it is disabled by default with OPTDUP_ENCRYPTION. To
resolve this issue, the parameter OPTDUP_ENCRYPTION is set now to off
in pd.conf.
* Etrack 2141136: Enable backup policy compression by default
When creating a new PureDisk backup policy, compression is now enabled
by default. This change applies to all backup policy types. Policies
created with earlier releases are not changed. Policies created with
PureDisk 6.6.1.2 and later releases now enable compression by default.
* Etrack 2163363: NetBackup optimized duplication job is failing with
error no-50 {Client Process Aborted}
Resolves an issue when a PDDO replication job successfully finished
very quickly after being created, but NetBackup did not validate the
job with a proper job exit code.
* Etrack 2093695: Jobs hang if the import PO-List process on the
metabase engine and data mining attempted to access the same data
selection at the same time
Fixes a problem found when a PureDisk environment locked up and jobs
were not progressing. Symantec traced the problem to a data mining
process that attempted to access a data selection at the same time it
accessed an import process. The processes stopped and did not progress
until one or the other was stopped. As a result, all backup jobs
eventually locked up as the number of hung import processes reached the
concurrency limit.
* Etrack 2101259 and 2101261: Rerouting failure - "Could not process
tlog entries: invalid argument"
Fixes a problem that occurred when rerouting failed in environments
with two or more content routers that tried to add one or more content
routers.
* Etrack 2111731: Move 'ChangeIPTables' from cron to
/etc/init.d/pdiptables
Moves 'ChangeIPTables' from cron to /etc/init.d/pdiptables.
ChangeIPTables no longer runs every five minutes from cron;
ChangeIPTables runs only when "pdiptables change" is run. The
"pdiptables start" process loads the firewall rules. The "pdiptables
stop" process removes the firewall rules.
* Etrack 2116235: Call to pdengine (PHP) in GetFilesAction.php picks up
configuration from system if another version of PHP is installed and
restore fails
Fixes a restore problem on Windows clients that also hosted PHP. When
Windows clients had PHP installed, backups completed successfully, but
restores failed with the following PHP errors:
[2010-Jul-05 15:53:39 EEST]Fatal error: require_once(): Failed opening required
'bootstrap.php' (include_path='.;./includes;./pear') in C:\\Symantec\\NetBackup
PureDisk Agent\\tmp\\pd_jobstep_5109.php on line 15 [directories stream]
[2010-Jul-05 15:53:39 EEST]PHP Warning: PHP Startup: Unable to load dynamic library 'C:\\Program
Files\\SWsoft\\Plesk\\Additional\\PleskPHP5\\ext\\php_gd2.dll' - The specified
procedure could not be found.
[2010-Jul-05 15:53:39 EEST] in Unknown on line 0 [directories stream]
[2010-Jul-05 15:53:39 EEST]PHP Warning: PHP Startup: Unable to load dynamic
library 'C:\\Program Files\\SWsoft\\Plesk\\Additional\\PleskPHP5\\ext\\php_gettext.dll' - The
specified procedure could not be found.
[2010-Jul-05 15:53:39 EEST] in Unknown on line 0 [directories stream]
[2010-Jul-05 15:53:39 EEST]PHP Warning: Module 'sockets' already loaded in
Unknown on line 0 [directories stream]
[2010-Jul-05 15:53:39 EEST] *** directories stream completed with exit value 255
*** Error Message ***
spa.getfilesaction.1676
severity: 6
server: 9
source: GetFilesAction_Component
description:
One or more child processes encountered a fatal error.
Please examine the previous error messages for more information.
*** End ***
* Etrack 2119111: Report response XML received by VBR for Replication
Workflow does not contain file size/count information
Fixes a problem caused when the report response XML received by Veritas
Backup Reporter (VBR) for the replication workflow did not contain file
size and file count information
* Etrack 2123156: validateURL function fails if FQDN contains a stanza
beginning with a number causing the import of PO-List into the metabase
engine to fail.
Fixes an import failure caused when the FQDN specified failed the
validateURL function because the FQDN contained a stanza that began
with a number. For example:
*** Error Message ***
: shared.validator.2127
: severity: 6
: server: 786000000
: source: MBImport_MBImport
: description:
: Invalid url type specified; Invalid value:
https://blah.wwl.2me.com/mbs/ws
: *** End ***
* Etrack 2123459: PureDisk administrative Web UI LDAP Server
Configuration fails with "Error: LDAP Server unreachable' if bindpasswd
contains a '$'"
Fixes an error that occurred during external directory service
configuration. When the user clicked Settings > Configuration > LDAP
Server > External LDAP, completed the information on the LDAP Server
Configuration tabs, and then clicked Save, the administrative Web UI
failed with the following message:
LDAP Server unreachable
This occurred if the Microsoft Active Directory user account had a
dollar sign ($) character in the password.
* Etrack 2123486: topology_nodes.ini file is truncated/corrupted
Fixes an issue in environments with VCS when the topology_nodes.ini
file became truncated or corrupted.
* Etrack 2123488: VCS PureDisk agent is not reporting the status of
PureDisk correctly
Resolves a problem where the VCS PureDisk agent intermittently reported
the status of PureDisk incorrectly.
* Etrack 2130698: Some PureDisk install files are owned by user
"www-data" with 775 file permission
Changes the ownership of some PureDisk install files to "root" from
"www-data" with the file permission set to 775. This resolves a
potential security issue.
* Etrack 2141146: PureDisk 6.6 administrative Web UI logon does not
accept passwords containing '$' character for external LDAP accounts
residing in Active Directory domains
Fixes the PureDisk 6.6 administrative Web UI logon page so that it
accepts passwords that contain the dollar sign ($) character for
external LDAP accounts residing in Active Directory domains.
* Etrack 2160714: Add configuration file options for non-fatal exports
An option to enable or disable non-fatal exports was added to the
agent.conf file that will allow export jobs to continue if non-fatal
errors occur. The parameter nonfatalexport has a default value of 0.
This value means that the export stops only if a fatal error occurs.
* Etrack 2166739: Backups are failing with "Error: 22: SortPOListFile:
source file
'C:\PROGRA~1\Symantec\NETBAC~1\var\srd\733\current\SnapshotPOList.po'
does not contain a valid PO list: the line @POformatVersion=1.0 is
missing"
Adds additional fixes for load balancing a system, as follows:
- Windows 32-bit client includes an improved randomized retry mechanism
after HTTP response code 503
- MBFind web service fix for "SnapshotPOList.po does not contain a
valid PO list"
* Etrack 2141137: Enable MBGC extensive cleanup by default
With PureDisk 6.6.1.2, metabase garbage collection extensive cleanup is
by default enabled to accommodate an ever-growing metabase engine
database.
* Etrack 2150461: PureDisk 6.6.1 install/upgrade wizard screen includes
two extraneous options
The PureDisk 6.6.1 installation and upgrade screen provides five boot
options. The boot screen provides these options at every boot, not only
during the 6.6.1 upgrade process. The appearance and wording of these
options confused some users. To resolve the confusion, two options were
removed from the screen, and the text of the options was altered to
clarify the options. With PureDisk 6.6.1.2, the following boot options
appear on the installation and upgrade screen:
- PDLinux 6.6.1 (default)
Use the SMP kernel (for multiple CPUs) to boot the machine.
- Failsafe -- PDLinux 6.6.1
Use SMP kernel's safe mode to boot the machine. This option is
similar to Windows' safe mode.
- Floppy
Use a floppy disk to boot the machine.
* Etrack 2169703: Container lost by running dcscan
Fixes a problem where, in some cases, a data container can be lost if
the support tool dcscan is used while compaction is running.
* Etrack 2181557: Unable to delete PureDisk client agents - "Failed
LDAP delete of user"
This error occurred when attempting to delete any PureDisk client agent
using the PureDisk 6.5.1.2 user interface. This issue is resolved in
PureDisk 6.6.1.2.
* Etrack 2185567: DerefCR.php fails to finish and causes a storage leak
While executing a data removal policy, the DerefCR.php function is
called when some invalid fingerprints are found. In this case, PureDisk
generates the message "Fatal error, undefined function tempname" and
exits. Though the operation is not be executed in the content router,
the path objects (POs) were being updated as "dereferenced" in the
metabase. This caused a storage leak. With PureDisk 6.6.1.2, this
problem has been fixed.
* Etrack 2196263: Low deduplication rates on PDDO backups after
upgrading from 6.5.1.2 to 6.6.1
After upgrading to 6.6.1 from 6.5.1.2, some systems experienced lower
deduplication rates (around 25 -30%) with PDDO backups. Subsequent
backups also show this lower deduplication rate as well. With PureDisk
6.6.1.2, this problem has been fixed through a number of code
enhancements.
* Etrack 2193759: Rerouting failed with assertion error
Resolves a problem on systems with multiple content router nodes and a
PDDO-enabled environment where rerouting processes failed on the nodes
due to an assertion error.
* Etrack 2050594: PD Server agent segmentation fault on MBE node of
primary PDDO SPA
Corrects a problem that results in a server agent crash. The server
agent crashed when the following series of events occurred:
1 - The agent issued a 'syncState' call to the workflow engine.
2 - A process was running on agent side.
3 - The process was not marked as running in workflow engine cache.
When this problem occurred, PureDisk wrote messages similar to the
following in the Agent.log file:
INFO (1075853632): JobStep '' (id: -1, jobid: 0): Has been retrieved for processor .
ERROR (1076382016): Application has crashed.. caught signal 11
ERROR (1076382016): Dumping stack trace.
DUMP: /opt/pdag/../pdshared/lib/libpuredisk++-6.6.0.41475.so(_ZN8PureDisk11Application13handle_signalEiP7siginfoP8ucontext+0x15d) [0x2b546e21304d]
DUMP: /opt/pdag/../pdopensource/lib/libACE.so.5.4.4(_ZN15ACE_Sig_Handler8dispatchEiP7siginfoP8ucontext+0x7f) [0x2b546e7d032f]
DUMP: /lib64/libpthread.so.0 [0x2b546f74ac00]
DUMP: /opt/pdag/bin/pdagent [0x41ad32]
DUMP: /opt/pdag/bin/pdagent [0x43dbb3]
DUMP: /opt/pdag/bin/pdagent [0x43e28c]
DUMP: /opt/pdag/bin/pdagent [0x43eb41]
DUMP: /opt/pdag/bin/pdagent [0x43980f]
DUMP: /opt/pdag/../pdopensource/lib/libACE.so.5.4.4(_ZN13ACE_Task_Base7svc_runEPv+0x3b) [0x2b546e7de95b]
DUMP: /opt/pdag/../pdopensource/lib/libACE.so.5.4.4(_ZN18ACE_Thread_Adapter6invokeEv+0x57) [0x2b546e7df687]
DUMP: /lib64/libpthread.so.0 [0x2b546f743143]
DUMP: /lib64/libc.so.6(__clone+0x6d) [0x2b54702fe8cd]
* Etrack 1966553 & Etrack 1977075: Replication jobs that wait for
import replication data selection step to complete cause performance
issues
- Increases the po_count_threshold parameter and the
po_size_threshold parameter. This improvement decreased the number of
remote metabase import jobs that resided on the destination storage
pool. As a result, replication jobs launch only one import
replication job on remote agents and complete faster with less load
on the storage pool. For po_count_threshold, the default value is
200000. For po_size_threshold, the default value is 200000000000 (200
GB). To access the Server Agent configuration file fields, click as
follows in the administrative Web UI and then click the configuration
value you want to change:
Settings > Configuration > Configuration File Templates > PureDisk
Server Agent > Default Value Set for PureDisk Server Agent >
replication
- Changes the DropIndexThreshold parameter. PureDisk keeps the
metabase's database index on tables when the path object (PO) list is
smaller than the threshold specified in this parameter. By default,
this value is 10000. To access this threshold in the PureDisk Web UI,
click as follows:
Settings > Configuration > Configuration File Templates > PureDisk
Metabase Engine > Default Value Set for PureDisk Metabase Engine >
main > DropIndexThreshold
* Etrack 2073054: Make naptime parameter configurable for replication
Changes the naptime parameter, which determines the amount of time
allowed to elapse between checks for the completion of the remote
metabase import job. The default value is 15 seconds. To access the
server agent configuration file fields, click as follows in the
administrative Web UI and then click the configuration value you want
to change:
Settings > Configuration > Configuration File Templates > PureDisk
Server Agent > Default Value Set for PureDisk Server Agent > replication
* Etrack 2023023: PDDO optimized duplications slow compared to normal
duplications
The PDDO plug-in on the media server checks the storage pool authority
for job completion statuses. A new pd.conf parameter,
OPT_DUP_WAIT_INTERVAL, lets users specify the length of time the media
server needs to wait between status checks. The default value is 10
seconds.
Also with this fix, 20 PDDO replication jobs can run simultaneously.
* Etrack 2084537: PDDO replication gets queued up because of long
import times on target storage pool
PureDisk 6.6.1.2 uses a metabase web service to import image POs in
remote replicated PDDO data selections. Previous releases used metabase
import jobs. Import replication data selection jobs are no longer
created on the destination storage pool when PDDO replication is
initiated from the NetBackup PDDO plug-in.
* Etrack 2069901: Create_dslastpddo rewrite dslast_pddo views as well
as data selection views
Changes the order of PDDO dslast_pddo view on all PDDO data selections.
This fix prevents PDDO optimized duplication failures that generated a
"no more entries" error message.
* Etrack 2179286: Requesting actual bandwidth usage be added to
replication job detail
The transfer rate for some replication job details reports might be
inconsistent with expectations because the short duration of a backup
could cause a spike in the data transfer rate before the throughput is
stabilized. With PureDisk 6.6.1.2, the actual data transfer rate has
been added to the job details to help account for such reporting
inconsistencies. The following is an example of the line added to the
log:
[stream0] .. Info: Network transfer rate : 3.20 MB/sec
* Etrack 2186502: Restore bandwidth not being throttled
Adds a new parameter to the restore wizard: Maximum allowed bandwidth
(KB/s) This value is set per stream, and it appears in the restore job
log as follows:
"*** Bandwidth limit set to XX KB/s via policy"
============
KNOWN ISSUES
============
The following are the known issues associated with this patch:
* Etrack 2294093: Rollback UI hangs while rolling back from PureDisk
6.6.1.2 to PureDisk 6.6.1
When rolling back a PureDisk version from release 6.6.1.2 to release
6.6.1 using the storage pool configuration wizard (also known as the
installer UI), the UI hangs after approximately 83% of the operation
completes even though the rollback operation actually completes
successfully. The following rollback progress messages appear before
the UI hangs:
+ Stopping services on all nodes
+ Validating restore conditions
+ Restoring checkpoints
+ Restoring /opt on all nodes
Workaround: If the installer UI hangs for several minutes and the
rollback progress is 83% or more complete, close the installer UI
because patch has been rolled back at this point. Make sure that the UI
hangs for several minutes before you close the window to allow any
background operations to complete.
* Etrack 2194531: Unable to upload large patch tar file (more than
250M) to server by using the storage pool configuration wizard
When the size of the patch tar file is greater than 250M, the storage
pool configuration wizard user interface (UI) is not able to upload the
file to the storage pool authority (SPA) node for installation purposes.
Workaround: Symantec provides a script to allow a large file to be
uploaded for installation. To run this script and install the PureDisk
6.6.1.2 tar patch using the storage pool configuration wizard (also
known as the installer UI), perform the procedure "Applying
preinstallation updates to the storage pool configuration wizard" in
the PREINSTALLATION STEPS section of this README file.
* Etrack 2220813: Statistics tab of PDDO job details is blank on
PureDisk 6.6.1.2 SPA
The Statistics tab of the Job Details window does not contain data for
PDDO jobs that run on a PureDisk 6.6.1.2 storage pool authority (SPA).
Workaround: Complete the following steps to allow viewing of data in
the Statistics tab:
- Stop the PureDisk administrative Web UI:
/etc/init.d/puredisk stop pdgui
- Run the following command to delete the
/opt/pdgui/tomcat/webapps/PureDisk folder:
/bin/rm -fr /opt/pdgui/tomcat/webapps/PureDisk
- Start the PureDisk administrative Web UI:
/etc/init.d/puredisk start pdgui
* Etrack 2221889: Percentage of deduplication is not shown properly for
a PureDisk 6.6.1.2 storage pool authority (SPA) if the plug-in is at
PureDisk 6.6.1 level
If you upgrade the storage pool authority (SPA) to PureDisk 6.6.1.2 and
then leave the deduplication agent at an earlier software release,
deduplication rates are not displayed correctly in the PureDisk
administrative Web UI. This issue is applicable only if the
deduplication agent runs on a NetBackup 6.5.x media server.
Workaround: Upgrade the deduplication agent to the latest release,
PureDisk 6.6.1.2. See "UPGRADING DEDUPLICATION AGENTS ON MEDIA SERVER
CLIENTS" in this README file for instructions.
* Etrack 2225843: PDDO configuration and PDDO backups still succeed
when PD is in checkpoint mode
PureDisk 6.6.1.2 does not suppress PDDO operations in checkpoint mode.
Checkpoint mode is the state that a storage pool is in if you installed
a patch, created a checkpoint, but did not commit the patch. Typically,
PureDisk should prevent PDDO operations from occurring while a storage
pool is in checkpoint mode. For more information about checkpoint mode,
see the Symantec NetBackup PureDisk Administrator's Guide, Release
6.6.1.
Workaround: If you roll back PureDisk 6.6.1.2, all changes and all
backups written to the storage pool while in checkpoint mode are lost.
Symantec strongly recommends that you do not perform any production
backups while the storage pool is in checkpoint mode. When in
checkpoint mode, Symantec recommends that you restrict backup activity
to only test backups and that you notify appropriate NetBackup
administrators in your organization of this situation. This
recommendation applies to all storage pools, both PDDO storage pools
and remote office storage pools. Perform the procedure "Applying
preinstallation updates to the storage pool configuration wizard" in
the PREINSTALLATION STEPS section of this README file so that messages
that can caution you about using the checkpoint mode properly can be
displayed.
* Etrack 2233267: Optimized duplication fails between PDDO to PDDO with
media write error (84) on AIX and Solaris 10 x86_64
This issue applies only to environments that run NetBackup 7.1 with a
PureDisk 6.6.1 or PureDisk 6.6.1.2 deduplication agent on AIX and
Solaris 10 x86_64 platforms. In these environments, optimized
duplication fails with a media write error of 84.
Workaround: Contact Technical Support to request a fix.
==========================
VULNERABILITIES - RESOLVED
==========================
The following are resolved vulnerabilities in PureDisk 6.6.1.2:
* ET 2151815 - Invalid Transfer-Encoding header
Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0
beta does not properly handle an invalid Transfer-Encoding header,
which allows remote attackers to cause a denial of service (application
outage) or obtain sensitive information via a crafted header that
interferes with "recycling of a buffer." (CVE-2010-2227: CVSS v2 Base
Score: 6.4 (MEDIUM).)
* ET 2159667 - Improper userspace memory allocation for the 32-bit
compatibility layer
The compat_alloc_user_space functions in include/asm/compat.h files in
the Linux kernel before 2.6.36-rc4-git2 on 64-bit platforms do not
properly allocate the userspace memory required for the 32-bit
compatibility layer, which allows local users to gain privileges by
leveraging the ability of the compat_mc_getsockopt function (aka the
MCAST_MSFILTER getsockopt support) to control a certain length value,
related to a "stack pointer underflow" issue, as exploited in the wild
in September 2010. (CVE-2010-3081: CVSS v2 Base Score: 7.2 (HIGH).)
The following vulnerabilities were resolved in PureDisk 6.6.1:
* ET 2160855 - Denial of service (CPU and bandwidth consumption)
ntp_request.c in ntpd in NTP before 4.2.4p8, and 4.2.5, allows remote
attackers to cause a denial of service (CPU and bandwidth consumption)
by using MODE_PRIVATE to send a spoofed (1) request or (2) response
packet that triggers a continuous exchange of MODE_PRIVATE error
responses between two NTP daemons. (CVE-2009-3563: CVSS v2 Base Score:
6.4 (MEDIUM).)
* ET 2145106 - Denial of service (daemon crash)
The apr_strmatch_precompile function in strmatch/apr_strmatch.c in
Apache APR-util before 1.3.5 allows remote attackers to cause a denial
of service (daemon crash) via crafted input involving (1) a .htaccess
file used with the Apache HTTP Server, (2) the SVNMasterURI directive
in the mod_dav_svn module in the Apache HTTP Server, (3) the mod_apreq2
module for the Apache HTTP Server, or (4) an application that uses the
libapreq2 library, which triggers a heap-based buffer underflow.
(CVE-2009-0023: CVSS v2 Base Score: 4.3 (MEDIUM).)
* ET 2165451 - TLS protocol does not properly associate renegotiation
handshakes with an existing connection
The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as
used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in
the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l,
GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS)
3.12.4 and earlier, multiple Cisco products, and other products, does
not properly associate renegotiation handshakes with an existing
connection, which allows man-in-the-middle attackers to insert data
into HTTPS sessions, and possibly other types of sessions protected by
TLS or SSL, by sending an unauthenticated request that is processed
retroactively by a server in a post-renegotiation context, related to a
"plaintext injection" attack, aka the "Project Mogul" issue.
(CVE-2009-3555: CVSS v2 Base Score: 5.8 (MEDIUM).)
* ET 2165453 - Multiple buffer overflows in the CMU Cyrus SASL library
Multiple buffer overflows in the CMU Cyrus SASL library before 2.1.23
might allow remote attackers to execute arbitrary code or cause a
denial of service (application crash) via strings that are used as
input to the sasl_encode64 function in lib/saslutil.c. (CVE-2009-0688:
CVSS v2 Base Score: 7.5 (HIGH).)
===========================
DATA LOSS ISSUES - RESOLVED
===========================
The following data loss issue is resolved in this Hotfix:
* Etrack 2273601: Duplications complete successfully but the
destination copy is incomplete with 6.6.0.3 EEB20 installed.
Unable to verify or restore from duplicate copy
Images with a large number of fragments (greater than 20) are duplicated
successfully, but not all files are imported on the target PureDisk
metabase engine (MBE) database. This situation results in verification
and restore issues on the second copy.
This issue affects only users with NetBackup 6.5.X using the PDDO
plug-in from PureDisk 6.6.0.3 + EEB20 or the plug-in from PureDisk
6.6.1.1. This issue does not affect users with NetBackup 7.0.X (which
uses an integrated plug-in (Media Server Deduplication Pool or MSDP)
for deduplication) or users of the NetBackup 5000 Appliance.
This Hotfix resolves the verification and restore issues for the
affected environments.
=====================
PREINSTALLATION STEPS
=====================
This section describes the preinstallation steps for applying this Hotfix.
You can choose between two methods to install this Hotfix: using commands
as described in this README file or using the storage pool configuration
wizard.
* Use the commands as described in this README file.
* Use the storage pool configuration wizard. For information about
installing this patch using the storage pool configuration wizard,
refer to the following resources:
- See KNOWN ISSUES - Etrack 2194531 in this README file for
information about the patch tar file.
- See KNOWN ISSUES - Etrack 2225843 in this README file for
information about using the checkpoint mode.
- Perform "Applying preinstallation updates to the storage pool
configuration wizard " which appears later in this section.
Perform this procedure only if you plan to use the storage pool
configuration wizard to apply this Hotfix. After completing these
steps, you can upload a large patch tar file for installation and
observe new messages about checkpoint mode. See KNOWN ISSUES - Etrack
2194531 in this README file for information about the patch tar file.
See KNOWN ISSUES - Etrack 2225843 in this README file for information
about the checkpoint mode.
- See "Chapter 3 - Applying patches" of the Symantec NetBackup
PureDisk Administrator's Guide, Release 6.6.1, starting with
"Uploading a patch."
Note:
Make sure that you read the final installation messages in the
storage pool configuration wizard. The messages tell you to next
install the PureDisk 6.6.1.2 kernel upgrade. To install the kernel
upgrade, complete step 8 through 13 in the INSTALLATION INSTRUCTIONS
section of this README file.
Downloading and extracting the patch
1. Use scp to copy the tar file, NB_PDE_6.6.1.2_NNNNNN.tar to the
/root directory of the PureDisk node that hosts the storage pool
authority (SPA).
2. Log on as root to the node that hosts the storage pool authority.
3. Type the following command to verify the integrity of the Hotfix:
md5sum /root/NB_PDE_6.6.1.2_NNNNNN.tar
This command computes the md5 checksum of the Hotfix. The md5 checksum
of the Hotfix must match 'f8b9950c9530f676baea73efb7954824'.
http://www.symantec.com/business/support/index?page=content&id=TECH153564
If you obtain a different checksum, the Hotfix was corrupted during
download. Try to download the Hotfix again.
4. Type the following command to extract the README file:
tar -C / -xf /root/NB_PDE_6.6.1.2_NNNNNN.tar ./NB_PDE_6.6.1.2.README
Applying preinstallation updates to the storage pool configuration wizard
1. Extract the change_upload_size.sh file and the Installer.tgz file
from NB_PDE_6.6.1.2.tar. For example, from a UNIX system:
tar -xvf NB_PDE_6.6.1.2.tar ./opt/pdinstall/change_upload_size.sh
tar -xvf NB_PDE_6.6.1.2.tar ./opt/pdinstall/Installer.tgz
2. Use a secure copy, such as scp, to copy the change_upload_size.sh
file and the Installer.tgz file to the same folder on the SPA node,
for example the /tmp folder.
3. Log in to the SPA node as root.
4. Run the script on the SPA node. For example, if you copied the
files to the /tmp folder:
cd /tmp/
sh ./change_upload_size.sh
5. Complete the installation process with the storage pool
configuration wizard. For more information about this process, see
"Chapter 3 - Applying patches" of the Symantec NetBackup PureDisk
Administrator's Guide, Release 6.6.1, starting with "Uploading a
patch."
=========================
INSTALLATION INSTRUCTIONS
=========================
This section describes how to install the software.
Installing the patch
1. Log in to the PureDisk administrative Web UI and make sure that no
PureDisk jobs are currently running or are scheduled to be run.
* Select "Monitor > Jobs".
* In the right pane, select the jobs you want to terminate.
* Select "Stop job gracefully" or "Stop job immediately".
You might lose data if you select "Stop job immediately".
* Confirm the termination in the pop-up window that appears.
Refer to the topic "Terminating a job that is running" in the PureDisk
Backup Operator Guide, Release 6.6.1, or in the online Help for more
information about stopping PureDisk jobs.
2. (Conditional) If you have /Storage partitions that are mounted on
an NFS share, add an entry for each partition to the /etc/fstab file.
Note:
NFS is supported in a PureDisk environment only with specific
limitations and requirements. See the topic "Limitations for PureDisk
6.6 with NFS" in the PureDisk Getting Started Guide, Release 6.6.1, or
contact technical support for more information about NFS support in
PureDisk.
3. Log out from the PureDisk administrative Web UI.
4. (Conditional) Freeze the PureDisk service groups for the clustered
PureDisk server.
Perform this step if the storage pool is installed with Veritas
Cluster Server (VCS) software.
For each active node, you have groups such as pd_group1, pd_group2,
and so on. Log on to the Storage Pool Authority (SPA) node and run the
following command for each of these groups:
/opt/VRTS/bin/hagrp -freeze pd_group1
Where pd_group1 indicates the group you are freezing.
For information about how to freeze and unfreeze clustered storage
pools, see the Symantec NetBackup PureDisk Storage Pool Installation
Guide.
5. Type the following command to unpack the Hotfix software:
tar -C / -xf /root/NB_PDE_6.6.1.2_NNNNNN.tar./opt
6. Type the following command to run and install the Hotfix:
/opt/pdinstall/apply-NB_PDE_6.6.1.2.sh
If the topology.ini file is encrypted, the software prompts you for
the password to decrypt this file.
The Hotfix automatically pushes the software to all nodes in the
storage pool and to all clients.
Note:
The Veritas Cluster Server (VCS) software might detect some faults
during the upgrade process. If any upgrade actions generate a VCS
fault, use the Cluster Manager Java Console to clear the fault and
probe that resource group before you unfreeze the cluster.
At the end of a successful installation, the software prompts you to
encrypt the topology.ini file.
When the upgrade script completes successfully, the script also
unfreezes the PureDisk service groups for the clustered PureDisk
server.
7. (Conditional) Again, freeze the PureDisk service groups for the
clustered PureDisk server.
See Step 4 for instructions about freezing PureDisk service groups.
8. (Conditional) If you are upgrading from PureDisk 6.6.1 to PureDisk
6.6.1.2, log on to each node (active and passive) and run the following
script to install the kernel upgrade:
/opt/pdinstall/apply-6612kernel-patch.sh --upgrade
Note:
Do not perform this step if you are upgrading from PureDisk 6.6.1.1 to
PureDisk 6.6.1.2.
If the kernel upgrade fails because some services do not stop, wait
until the services stop and rerun the kernel upgrade script.
9. (Conditional) After the kernel upgrade finishes, reboot all of the
nodes.
Note:
Do not perform this step if you are upgrading from PureDisk 6.6.1.1 to
PureDisk 6.6.1.2.
Note:
Allow the upgrade jobs that were started in step 6 to finish,
successfully or not, before you reboot the nodes. Symantec suggests
that you reboot all of the nodes (active and passive) at the same time.
Note:
After the reboot, the clustered service groups that were frozen in
Step 7 are unfrozen.
10. (Conditional) If you are performing this upgrade as part of
adding a new node to a cluster, restart VCS by performing the
following steps:
1. Kill had and hashadow:
# pkill had; pkill hashadow
2. Wait for 10 seconds and then run the following command:
# hastart
For information about adding a new node to a cluster, see the
PureDisk Administrator's Guide.
11. (Conditional) To reconnect with the Veritas Enterprise
Administrator (VEA) in a clustered environment, run the following
commands:
/etc/init.d/vxpal.StorageAgent start
/etc/init.d/isisd start
12. Monitor the client agent update jobs.
Take the following actions to monitor the client agent upgrade jobs:
* Clear the browser's cache and temporary Internet files.
* Start the administrative Web UI.
* Click Monitor > Jobs.
* Set the "View jobs by" dropdown to "Policy types".
* Select the "Agent Update" workflow under "Miscellaneous
Workflows".
If one of the upgrade jobs fails, PureDisk deactivates those client
agents. Follow the steps below to activate and upgrade these agents:
* Start the administrative Web UI.
* Click "Manage > Agents".
* In the left pane, select the deactivated agent you want to
reactivate. To activate all agents in the storage pool, select the
storage pool.
* In the right pane, select "Activate Agent(s)".
* A new agent update job is scheduled for those agents not
upgraded yet.
* Monitor these upgrade jobs again. Start them over if they
fail or timeout.
13. (Conditional) Upgrade the deduplication agent software on media
server clients.
Perform the procedure "UPGRADING DEDUPLICATION AGENTS ON MEDIA SERVER
CLIENTS", which follows.
======================================================
UPGRADING DEDUPLICATION AGENTS ON MEDIA SERVER CLIENTS
======================================================
This section describes how to upgrade deduplication agents on media
server clients.
Note:
Symantec encourages you to upgrade your deduplication agents at this
time. The PureDisk 6.6.1.2 release includes enhancements for improved
replication and for concurrent backup and data removal jobs. See the
ENHANCEMENTS section of this README file for an overview of these
improvements.
The specific upgrade procedure that you should perform depends on the
release of software and the platform of your media server. Select the
procedure that is appropriate for your environment:
* Upgrading NetBackup 6.5.x media servers (all platforms) and NetBackup
7.0 or 7.0.1 media servers (AIX platforms and HP-UX platforms only)
Media servers on these platforms use the PDDO agent for deduplication.
To obtain the PureDisk 6.6.1.2 enhancements, perform the procedure
"Upgrading NetBackup 6.5.x media servers (all platforms) or NetBackup
7.0 or 7.0.1 media servers (AIX platforms and HP-UX platforms only)."
Note:
The upgrade removes the old PDDO agent software automatically. For more
information about how to install the PDDO agent, see the Symantec
NetBackup PureDisk Deduplication Option Guide.
* Upgrading NetBackup 7.0 or 7.0.1 media servers (Solaris, Linux, and
Windows platforms)
Media servers on these platforms use an integrated plug-in (Media
Server Deduplication Pool or MSDP) for deduplication. Upgrades are not
yet available for the integrated plug-in on these platforms. You can
install the PureDisk 6.6.1.2 upgrade at this time using the procedure
"Upgrading NetBackup 6.5.x media servers (all platforms) or NetBackup
7.0 or 7.0.1 media servers (AIX platforms and HP-UX platforms only),"
however, you will not obtain the PureDisk 6.6.1.2 enhancements with
this upgrade. To obtain the PureDisk 6.6.1.2 enhancements on these
platforms, revisit this article later. Updates will be made to this
article when the plug-in is available for download. Please subscribe to
this article by clicking on the "Subscribe via email" link on this page
to receive notification when this article is updated with plug-in
upgrade information.
Upgrading NetBackup 6.5.x media servers (all platforms) or NetBackup 7.0
or 7.0.1 media servers (AIX platforms and HP-UX platforms only)
1. Make sure that the storage pool software for the PDDO clients has
been upgraded.
2. Refresh the PureDisk landing page.
The landing page can be found on:
https://<your-puredisk-spa>/
For <your-puredisk-spa>, type the hostname or the IP address of your
PureDisk storage pool authority.
Be aware that this Hotfix includes both the PureDisk 6.6 base release
agents and revised agents for Linux, Solaris, and Windows clients. The
revised agents include updates for PDDO agent installation only. A
later step in this procedure instructs you to download the revised
agents if you want to upgrade the PDDO agent on a client.
3. Log on to each PDDO media server client.
4. From the PDDO media server client, download the new PDDO agent
software.
The landing page includes more than one software version of the PDDO
agent, so take care to download the most recent agent.
5. (Conditional) Freeze the PureDisk service groups for the clustered
PDDO server.
6. Stop all NetBackup services on the NetBackup media server.
* On Windows systems, run the following command to stop NetBackup
services:
c:\program files\veritas\netbackup\bin\bpdown.exe
* On Linux or Solaris systems, run the following command to stop
NetBackup services:
/usr/openv/netbackup/bin/bp.killall
7. Install the agent software that is included with this Hotfix.
* On Windows systems, double-click the PureDisk agent icon to
start the Windows Installation Wizard.
* On Linux or Solaris systems, you can use either the attended or
the unattended installation method. The installer prompts you to
confirm the upgrade. For example, type the following command to
upgrade the Solaris 10 agent:
# sh pdagent-Solaris_10_sparc-6.6.1.46349.run
8. (Conditional) Unfreeze the PureDisk service groups for the
clustered PDDO server.
9. Start all the NetBackup services on the NetBackup media server.
* On Windows systems, run the following command to stop NetBackup
services:
c:\program files\veritas\netbackup\bin\bpstart.exe
* On Linux or Solaris systems, run the following command to stop
NetBackup services:
/usr/openv/netbackup/bin/bp.startall
Attachments
|
|
Article URL http://www.symantec.com/docs/TECH146067
Terms of use for this information are found in Legal Notices
Thank you.