Re: [Bacula-users] TLS attempts crashes FD

Dan Langille Wed, 06 Sep 2006 06:25:33 -0700

On 6 Sep 2006 at 9:55, Kern Sibbald wrote:

> On Wednesday 06 September 2006 02:21, Dan Langille wrote:
> > I'm trying to setup TLS with one client.  I have two other clients
> > working with TLS.  At this point, I'm just doing a 'status client'
> > and bacula-fd dies.
> > 
> > Two questions:
> > 
> > 1 - Do we agree that bacula-fd shouldn't die?
> 
> No, it has every right because it is configured incorrectly.  
> 
> The bigh problem is if it cannot open the state file, then it *is*
> going to die at some point.  You need to fix that.  Probably it is a
> permissions error on your working directory.  This is the first thing
> that needs fixing.  Once done the other error will probably go away.


If this is a state file problem, then it goes away when TLS is not 
enabled:

*status client=lists-fd
Using default Catalog name=MyCatalog DB=bacula
Connecting to Client lists-fd at lists.example.org:9102

lists-fd Version: 1.38.11 (28 June 2006)  i386-portbld-freebsd4.8 
freebsd 4.8-RC
Daemon started 07-Sep-06 01:18, 0 Jobs run since started.
No Terminated Jobs.
Running Jobs:
Director connected at: 07-Sep-06 01:18
No Jobs running.
====
*

To further test this, I did a chmod 777 to /var/db/bacula, then 
started bacula-fd again:

 # /usr/local/sbin/bacula-fd -d100 -f -u root -g wheel -v -c 
/usr/local/etc/bacula-fd.conf
lists-fd: jcr.c:116 read_last_jobs seek to 188
lists-fd: jcr.c:123 Read num_items=0
lists-fd: filed.c:238 filed: listening on port 9102
lists-fd: bnet_server.c:83 Addresses host[ipv4:0.0.0.0:9102]
lists-fd: bnet.c:1128 who=client host=70.26.229.230 port=36387
lists-fd: find.c:68 init_find_files ff=0x80a2c18
lists-fd: job.c:189 <dird: Hello Director bacula-dir calling
lists-fd: job.c:205 Executing Hello command.
lists-fd: cram-md5.c:52 send: auth cram-md5 
<[EMAIL PROTECTED]> ssl=1
lists-fd: cram-md5.c:68 Authenticate OK 08p1h7BkK5+eUUtDKWIm4A
lists-fd: cram-md5.c:97 cram-get: auth cram-md5 
<[EMAIL PROTECTED]> ssl=0
lists-fd: cram-md5.c:114 sending resp to challenge: 
yHJVc8/z63/bX4/SN//mUC
lists-fd: job.c:189 <dird: JobId=0 Job=*Console*.2006-09-06_09.16.11 
SDid=0 SDtime=0 Authorization=dummy
lists-fd: job.c:205 Executing JobId= command.
lists-fd: job.c:189 <dird: statuslists-fd: job.c:205 Executing status 
command.
lists-fd: job.c:289 Calling term_find_files
lists-fd: job.c:292 Done with term_find_files
lists-fd: job.c:294 Done with free_jcr


All is well.  Then I enabled TLS in the client resource in bacula-
dir.conf, did a reload, and tried again:

*reload
*status client=lists-fd
Using default Catalog name=MyCatalog DB=bacula
Connecting to Client lists-fd at lists.unixathome.org:9102
Failed to connect to Client lists-fd.
====
You have messages.
*mes
06-Sep 09:20 bacula-dir: *Console*.2006-09-06_09.20.02 Fatal error: 
TLS negotiation failed.
*

What does bacula-fd have to say?

lists-fd: bnet.c:1128 who=client host=70.26.229.230 port=36387
lists-fd: find.c:68 init_find_files ff=0x80a2c18
lists-fd: job.c:189 <dird: Hello Director bacula-dir calling
lists-fd: job.c:205 Executing Hello command.
lists-fd: cram-md5.c:52 send: auth cram-md5 
<[EMAIL PROTECTED]> ssl=1
lists-fd: cram-md5.c:68 Authenticate OK DiQuYj/Qpj+q26o0JU/JbC
lists-fd: cram-md5.c:97 cram-get: auth cram-md5 
<[EMAIL PROTECTED]> ssl=1
lists-fd: cram-md5.c:114 sending resp to challenge: 
a++dywJRL8+pNA/rt1N0ZB
Kaboom! bacula-fd, lists-fd got signal 11. Attempting traceback.
Kaboom! exepath=/usr/local/sbin/
Calling: /usr/local/sbin/btraceback /usr/local/sbin/bacula-fd 11945
Killed

The traceback is:

(no debugging symbols found)...
/var/db/bacula/11874: No such file or directory.
(no debugging symbols found)...
(no debugging symbols found)...(no debugging symbols found)...
(no debugging symbols found)...(no debugging symbols found)...
(no debugging symbols found)...(no debugging symbols found)...
(no debugging symbols found)...(no debugging symbols found)...
(no debugging symbols found)...(no debugging symbols found)...
0x283b2478 in __sys_poll () from /usr/lib/libc_r.so.4
$1 = 1953720684
$2 = 134799576
$3 = 134799768
$4 = 1702129225
$5 = 134728113
$6 = 134728136
$7 = 134728160
$8 = 134728168
#0  0x283b2478 in __sys_poll () from /usr/lib/libc_r.so.4
#1  0x283b19c4 in _thread_kern_sched_state_unlock () from
/usr/lib/libc_r.so.4
#2  0x283b1389 in _thread_kern_scheduler () from /usr/lib/libc_r.so.4
#3  0x0 in ?? ()

Thread 1 (process 11874, thread 1):
#0  0x283b2478 in __sys_poll () from /usr/lib/libc_r.so.4
#1  0x283b19c4 in _thread_kern_sched_state_unlock () from
/usr/lib/libc_r.so.4
#2  0x283b1389 in _thread_kern_scheduler () from /usr/lib/libc_r.so.4
#3  0x0 in ?? ()
#0  0x283b2478 in __sys_poll () from /usr/lib/libc_r.so.4
No symbol table info available.
#1  0x283b19c4 in _thread_kern_sched_state_unlock () from
/usr/lib/libc_r.so.4
No symbol table info available.
#2  0x283b1389 in _thread_kern_scheduler () from /usr/lib/libc_r.so.4
No symbol table info available.
#3  0x0 in ?? ()
No symbol table info available.
/usr/local/share/bacula/btraceback.gdb:19: Error in sourced command
file:
No frame 4

> Second point is that a SIG 11 Kaboom is often Bacula's way of dying
> when something is wrong -- like it cannot access the working
> directory.

Given the chmod 777, and the state file exists, I think we have 
eliminated file permissions as a problem:

[EMAIL PROTECTED]:/var/db/bacula] # ls -ld
drwxrwxrwx  2 root  wheel  512 Sep  7 01:20 .
[EMAIL PROTECTED]:/var/db/bacula] # ls -lt
total 1
-rw-r-----  1 root  wheel  192 Sep  7 01:20 bacula-fd.9102.state
[EMAIL PROTECTED]:/var/db/bacula] #




> 
> > 2 - Why is my TLS negotiation failing?
> 
> Possibly because of working directory problems.
> 
> > 
> > Both bacula-fd and bacula-dir are version 1.38.11
> > 
> > cheers
> > 
> > Here is the death:
> > 
> >  # /usr/local/sbin/bacula-fd -d100 -f -u root -g wheel -v -c 
> > /usr/local/etc/
> > bacula-fd.conf
> > lists-fd: bsys.c:517 Could not open state file. sfd=-1 size=188:
> > ERR=No such file or directory
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> 
> > lists-fd: filed.c:238 filed: listening on port 9102
> > lists-fd: bnet_server.c:83 Addresses host[ipv4:0.0.0.0:9102]
> > lists-fd: bnet.c:1128 who=client host=70.26.229.230 port=36387
> > lists-fd: find.c:68 init_find_files ff=0x80a2c18
> > lists-fd: job.c:189 <dird: Hello Director bacula-dir calling
> > lists-fd: job.c:205 Executing Hello command.
> > lists-fd: cram-md5.c:52 send: auth cram-md5 
> > <[EMAIL PROTECTED]> ssl=1
> > lists-fd: cram-md5.c:68 Authenticate OK q+M8e9kGp0MgmF+AiX+hJB
> > lists-fd: cram-md5.c:97 cram-get: auth cram-md5 
> > <[EMAIL PROTECTED]> ssl=2
> > lists-fd: cram-md5.c:114 sending resp to challenge: 
> > XkULP5/F/51V02/RwW/JVD
> > Kaboom! bacula-fd, lists-fd got signal 11. Attempting traceback.
> > Kaboom! exepath=/usr/local/sbin/ Calling: /usr/local/sbin/btraceback
> > /usr/local/sbin/bacula-fd 8199 Killed
> > 
> > Here is the traceback email:
> > 
> > (no debugging symbols found)...
> > /var/db/bacula/8199: No such file or directory.
> > (no debugging symbols found)...
> > (no debugging symbols found)...(no debugging symbols found)...
> > (no debugging symbols found)...(no debugging symbols found)...
> > (no debugging symbols found)...(no debugging symbols found)...
> > (no debugging symbols found)...(no debugging symbols found)...
> > (no debugging symbols found)...(no debugging symbols found)...
> > 0x283b2478 in __sys_poll () from /usr/lib/libc_r.so.4
> > $1 = 1953720684
> > $2 = 134799576
> > $3 = 134799768
> > $4 = 1702129225
> > $5 = 134728113
> > $6 = 134728136
> > $7 = 134728160
> > $8 = 134728168
> > #0  0x283b2478 in __sys_poll () from /usr/lib/libc_r.so.4
> > #1  0x283b19c4 in _thread_kern_sched_state_unlock () from 
> > /usr/lib/libc_r.so.4
> > #2  0x283b1389 in _thread_kern_scheduler () from
> > #/usr/lib/libc_r.so.4 3  0x0 in ?? ()
> > 
> > Thread 1 (process 8199, thread 1):
> > #0  0x283b2478 in __sys_poll () from /usr/lib/libc_r.so.4
> > #1  0x283b19c4 in _thread_kern_sched_state_unlock () from 
> > /usr/lib/libc_r.so.4
> > #2  0x283b1389 in _thread_kern_scheduler () from
> > #/usr/lib/libc_r.so.4 3  0x0 in ?? () 0  0x283b2478 in __sys_poll ()
> > #from /usr/lib/libc_r.so.4
> > No symbol table info available.
> > #1  0x283b19c4 in _thread_kern_sched_state_unlock () from 
> > /usr/lib/libc_r.so.4
> > No symbol table info available.
> > #2  0x283b1389 in _thread_kern_scheduler () from
> > #/usr/lib/libc_r.so.4
> > No symbol table info available.
> > #3  0x0 in ?? ()
> > No symbol table info available.
> > /usr/local/share/bacula/btraceback.gdb:19: Error in sourced command
> > file: No frame 4
> > 
> > Here is the bacula-fd.conf:
> > 
> > Director {
> >   Name     = bacula-dir
> >   Password = "password"
> > 
> >   TLS Enable  = yes
> > #  TLS Require = yes
> > 
> > #  TLS Verify Peer = yes
> > 
> >   TLS CA Certificate File = /home/bacula/cacert.pem
> > 
> >   TLS Certificate         = /home/bacula/lists.example.org.cert TLS
> >   Key                 = /home/bacula/lists.example.org-nopass.key
> > }
> > 
> > #
> > # "Global" File daemon configuration specifications
> > #
> > FileDaemon {                          # this is me
> >   Name             = lists-fd
> >   FDport           = 9102                  # where we listen for the
> >   
> > director
> >   WorkingDirectory = /var/db/bacula
> >   Pid Directory    = /var/run
> > 
> >   TLS Enable  = yes
> >   TLS CA Certificate File = /home/bacula/cacert.pem
> > 
> >   TLS Certificate         = /home/bacula/lists.example.org.cert TLS
> >   Key                 = /home/bacula/lists.example.org-nopass.key
> > }
> > 
> > # Send all messages except skipped files back to Director
> > Messages {
> >   Name     = Standard
> >   director = lists-dir = all, !skipped
> > }
> > 
> > Here is part of the bacula-dir.conf:
> > 
> > # Client (File Services) to backup
> > Client {
> >   Name           = lists-fd
> >   Address        = lists.example.org
> >   FDPort         = 9102
> >   Catalog        = MyCatalog
> >   Password       = "password"
> > 
> >   TLS Require    = yes
> >   TLS Enable     = yes
> >   TLS CA Certificate File = /home/bacula/certificates/cacert.pem
> > 
> >   TLS Certificate =
> >   /home/bacula/certificates/bacula.example.org.cert TLS Key        
> >   = 
> > /home/bacula/certificates/bacula.example.org.nopassword.key
> > }
> > 
> > 
> > Here is the failed status command:
> > 
> > 05-Sep 20:08 bacula-dir: *Console*.2006-09-05_20.06.19 Fatal error:
> > TLS negotiation failed. *status client=lists-fd Connecting to Client
> > lists-fd at lists.example.org:9102 Failed to connect to Client
> > lists-fd. ==== You have messages. *mes 05-Sep 20:11 bacula-dir:
> > *Console*.2006-09-05_20.06.19 Fatal error: TLS negotiation failed. *
> > 
> > -- 
> > Dan Langille : Software Developer looking for work
> > my resume: http://www.freebsddiary.org/dan_langille.php
> > 
> > 
> > 
> > --------------------------------------------------------------------
> > ----- Using Tomcat but need to do more? Need to support web
> > services, security? Get stuff done quickly with pre-integrated
> > technology to make your job 
> easier
> > Download IBM WebSphere Application Server v.1.0.1 based on Apache
> > Geronimo
> > http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=12
> > 1642 _______________________________________________ Bacula-users
> > mailing list Bacula-users@lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/bacula-users
> > 
> 
> ----------------------------------------------------------------------
> --- Using Tomcat but need to do more? Need to support web services,
> security? Get stuff done quickly with pre-integrated technology to
> make your job easier Download IBM WebSphere Application Server v.1.0.1
> based on Apache Geronimo
> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=1216
> 42 _______________________________________________ Bacula-users
> mailing list Bacula-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/bacula-users
> 



-- 
Dan Langille : Software Developer looking for work
my resume: http://www.freebsddiary.org/dan_langille.php



-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
Bacula-users mailing list
Bacula-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bacula-users

Re: [Bacula-users] TLS attempts crashes FD

Reply via email to