Re: [Bacula-users] TLS attempts crashes FD

Kern Sibbald Wed, 06 Sep 2006 00:56:17 -0700

On Wednesday 06 September 2006 02:21, Dan Langille wrote:
> I'm trying to setup TLS with one client.  I have two other clients 
> working with TLS.  At this point, I'm just doing a 'status client' 
> and bacula-fd dies.
> 
> Two questions:
> 
> 1 - Do we agree that bacula-fd shouldn't die?


No, it has every right because it is configured incorrectly.  

The bigh problem is if it cannot open the state file, then it *is* going to 
die at some point.  You need to fix that.  Probably it is a permissions error 
on your working directory.  This is the first thing that needs fixing.  Once 
done the other error will probably go away.

Second point is that a SIG 11 Kaboom is often Bacula's way of dying when 
something is wrong -- like it cannot access the working directory.

> 2 - Why is my TLS negotiation failing?

Possibly because of working directory problems.

> 
> Both bacula-fd and bacula-dir are version 1.38.11
> 
> cheers
> 
> Here is the death:
> 
>  # /usr/local/sbin/bacula-fd -d100 -f -u root -g wheel -v -c 
> /usr/local/etc/
> bacula-fd.conf
> lists-fd: bsys.c:517 Could not open state file. sfd=-1 size=188: 
> ERR=No such file or directory
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

> lists-fd: filed.c:238 filed: listening on port 9102
> lists-fd: bnet_server.c:83 Addresses host[ipv4:0.0.0.0:9102]
> lists-fd: bnet.c:1128 who=client host=70.26.229.230 port=36387
> lists-fd: find.c:68 init_find_files ff=0x80a2c18
> lists-fd: job.c:189 <dird: Hello Director bacula-dir calling
> lists-fd: job.c:205 Executing Hello command.
> lists-fd: cram-md5.c:52 send: auth cram-md5 
> <[EMAIL PROTECTED]> ssl=1
> lists-fd: cram-md5.c:68 Authenticate OK q+M8e9kGp0MgmF+AiX+hJB
> lists-fd: cram-md5.c:97 cram-get: auth cram-md5 
> <[EMAIL PROTECTED]> ssl=2
> lists-fd: cram-md5.c:114 sending resp to challenge: 
> XkULP5/F/51V02/RwW/JVD
> Kaboom! bacula-fd, lists-fd got signal 11. Attempting traceback.
> Kaboom! exepath=/usr/local/sbin/
> Calling: /usr/local/sbin/btraceback /usr/local/sbin/bacula-fd 8199
> Killed
> 
> Here is the traceback email:
> 
> (no debugging symbols found)...
> /var/db/bacula/8199: No such file or directory.
> (no debugging symbols found)...
> (no debugging symbols found)...(no debugging symbols found)...
> (no debugging symbols found)...(no debugging symbols found)...
> (no debugging symbols found)...(no debugging symbols found)...
> (no debugging symbols found)...(no debugging symbols found)...
> (no debugging symbols found)...(no debugging symbols found)...
> 0x283b2478 in __sys_poll () from /usr/lib/libc_r.so.4
> $1 = 1953720684
> $2 = 134799576
> $3 = 134799768
> $4 = 1702129225
> $5 = 134728113
> $6 = 134728136
> $7 = 134728160
> $8 = 134728168
> #0  0x283b2478 in __sys_poll () from /usr/lib/libc_r.so.4
> #1  0x283b19c4 in _thread_kern_sched_state_unlock () from 
> /usr/lib/libc_r.so.4
> #2  0x283b1389 in _thread_kern_scheduler () from /usr/lib/libc_r.so.4
> #3  0x0 in ?? ()
> 
> Thread 1 (process 8199, thread 1):
> #0  0x283b2478 in __sys_poll () from /usr/lib/libc_r.so.4
> #1  0x283b19c4 in _thread_kern_sched_state_unlock () from 
> /usr/lib/libc_r.so.4
> #2  0x283b1389 in _thread_kern_scheduler () from /usr/lib/libc_r.so.4
> #3  0x0 in ?? ()
> #0  0x283b2478 in __sys_poll () from /usr/lib/libc_r.so.4
> No symbol table info available.
> #1  0x283b19c4 in _thread_kern_sched_state_unlock () from 
> /usr/lib/libc_r.so.4
> No symbol table info available.
> #2  0x283b1389 in _thread_kern_scheduler () from /usr/lib/libc_r.so.4
> No symbol table info available.
> #3  0x0 in ?? ()
> No symbol table info available.
> /usr/local/share/bacula/btraceback.gdb:19: Error in sourced command 
> file:
> No frame 4
> 
> Here is the bacula-fd.conf:
> 
> Director {
>   Name     = bacula-dir
>   Password = "password"
> 
>   TLS Enable  = yes
> #  TLS Require = yes
> 
> #  TLS Verify Peer = yes
> 
>   TLS CA Certificate File = /home/bacula/cacert.pem
> 
>   TLS Certificate         = /home/bacula/lists.example.org.cert
>   TLS Key                 = /home/bacula/lists.example.org-nopass.key
> }
> 
> #
> # "Global" File daemon configuration specifications
> #
> FileDaemon {                          # this is me
>   Name             = lists-fd
>   FDport           = 9102                  # where we listen for the 
> director
>   WorkingDirectory = /var/db/bacula
>   Pid Directory    = /var/run
> 
>   TLS Enable  = yes
>   TLS CA Certificate File = /home/bacula/cacert.pem
> 
>   TLS Certificate         = /home/bacula/lists.example.org.cert
>   TLS Key                 = /home/bacula/lists.example.org-nopass.key
> }
> 
> # Send all messages except skipped files back to Director
> Messages {
>   Name     = Standard
>   director = lists-dir = all, !skipped
> }
> 
> Here is part of the bacula-dir.conf:
> 
> # Client (File Services) to backup
> Client {
>   Name           = lists-fd
>   Address        = lists.example.org
>   FDPort         = 9102
>   Catalog        = MyCatalog
>   Password       = "password"
> 
>   TLS Require    = yes
>   TLS Enable     = yes
>   TLS CA Certificate File = /home/bacula/certificates/cacert.pem
> 
>   TLS Certificate = /home/bacula/certificates/bacula.example.org.cert
>   TLS Key         = 
> /home/bacula/certificates/bacula.example.org.nopassword.key
> }
> 
> 
> Here is the failed status command:
> 
> 05-Sep 20:08 bacula-dir: *Console*.2006-09-05_20.06.19 Fatal error: 
> TLS negotiation failed.
> *status client=lists-fd
> Connecting to Client lists-fd at lists.example.org:9102
> Failed to connect to Client lists-fd.
> ====
> You have messages.
> *mes
> 05-Sep 20:11 bacula-dir: *Console*.2006-09-05_20.06.19 Fatal error: 
> TLS negotiation failed.
> *
> 
> -- 
> Dan Langille : Software Developer looking for work
> my resume: http://www.freebsddiary.org/dan_langille.php
> 
> 
> 
> -------------------------------------------------------------------------
> Using Tomcat but need to do more? Need to support web services, security?
> Get stuff done quickly with pre-integrated technology to make your job 
easier
> Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
> _______________________________________________
> Bacula-users mailing list
> Bacula-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/bacula-users
> 

-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
Bacula-users mailing list
Bacula-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bacula-users

Re: [Bacula-users] TLS attempts crashes FD

Reply via email to