Re: [Bacula-users] bacula-dir service reload crashes next bconsole

Kostis Fardelas Tue, 22 Dec 2015 05:12:07 -0800

Hello Heitor,
root@bacula-dir:/etc/bacula# bacula-dir -t
root@bacula-dir:/etc/bacula# echo $?
0


There seems to be no syntax error in configuration because after
restart everything is ok again. After reloading, I get the following
messages:

22-Dec 13:02 bacula-dir.grnet.gr-dir JobId 0: Fatal error: Failed to
initialize TLS context for Director "bacula-dir.grnet.gr-dir" in
/etc/bacula/bacula-dir.conf.
22-Dec 13:02 bacula-dir.grnet.gr-dir JobId 0: Error: Please correct
configuration file: /etc/bacula/bacula-dir.conf
22-Dec 13:02 bacula-dir.grnet.gr-dir JobId 0: Error: Resetting
previous configuration.
22-Dec 13:02 bacula-dir.grnet.gr-dir: ERROR in bsys.c:562 Could not
create state file. <NULL>/bacula-dir.0.state ERR=No such file or
directory

The TLS context seems ok and it is working after restarting the daemon
(check the relevant snippets in my first email).

In bacula-dir.conf:
Director {
.
.
  # bconsole --> director channel
  TLS Enable = yes
  TLS Require = yes
  TLS CA Certificate File = "/path/to/ca.pem"
  TLS Certificate = "/path/to/cert.pem"
  TLS Key = "/path/to/key.pem"
  TLS Verify Peer = no
}

In bconsole.conf:
Director {
.
.
.
  # bconsole --> director channel
  TLS Enable = yes
  TLS Require = yes
  TLS CA Certificate File = "/path/to/ca.pem"
}


Best regards,

On 22 December 2015 at 14:37, Heitor Faria <hei...@bacula.com.br> wrote:
>
>>>> Hello,
>>>> we are on Linux Debian Wheezy and we use version bacula-director-mysql
>>>> 5.2.6+dfsg-9. We experience a faulty communication between bconsole
>>>> and director daemon after reloading bacula-dir. Specifically, when
>>>> everything is ok and without TLS configuration we get the following:
>>>> {code}
>>>> *root@bacula-dir:/etc/bacula# bconsole -d99
>>>> Connecting to Director bacula-dir.grnet.gr:9101
>>>> bconsole: cram-md5.c:150-0 sending resp to challenge:
>>>> 6U/xF//Cb5/Sb3NNt+/WlD
>>>> bconsole: cram-md5.c:79-0 send: auth cram-md5
>>>> <XXXXXXXXXX.XXXXXXXXXX@bconsole> ssl=0
>>>> bconsole: cram-md5.c:98-0 Authenticate OK Dx/1Z/smv++eoEEV3SNtPC
>>>> bconsole: authenticate.c:150-0 >dird: 1000 OK auth
>>>> bconsole: authenticate.c:157-0 <dird: 1000 OK: bacula-dir.grnet.gr-dir
>>>> Version: 5.2.6 (21 February 2012)
>>>> 1000 OK: bacula-dir.grnet.gr-dir Version: 5.2.6 (21 February 2012)
>>>> bconsole: console.c:1208-0 Opened connection with Director daemon
>>>> Enter a period to cancel a command.
>>>> {code}
>>>>
>>>> And when we configure TLS, we get:
>>>> {code}
>>>> root@bacula-dir:/etc/bacula# bconsole -d99
>>>> Connecting to Director bacula-dir.grnet.gr:9101
>>>> bconsole: cram-md5.c:150-0 sending resp to challenge:
>>>> yj+jL6+6p0ly72I4+4+aRC
>>>> bconsole: cram-md5.c:79-0 send: auth cram-md5
>>>> <XXXXXXXXXX.XXXXXXXXXX@bconsole> ssl=2
>>>> bconsole: cram-md5.c:98-0 Authenticate OK w//u1W/imgpOn9+f8++PXB
>>>> bconsole: bnet.c:347-0 TLS client negotiation established.
>>>> bconsole: authenticate.c:150-0 >dird: 1000 OK auth
>>>> bconsole: authenticate.c:157-0 <dird: 1000 OK: bacula-dir.grnet.gr-dir
>>>> Version: 5.2.6 (21 February 2012)
>>>> 1000 OK: bacula-dir.grnet.gr-dir Version: 5.2.6 (21 February 2012)
>>>> bconsole: console.c:1208-0 Opened connection with Director daemon
>>>> Enter a period to cancel a command.
>>>> {code}
>>>>
>>>> But, after reloading bacula-dir, we get the following (with or without
>>>> TLS configured):
>>>> {code}
>>>> root@bacula-dir:/etc/bacula# bconsole -d99
>>>> Connecting to Director bacula-dir.grnet.gr:9101
>>>> bconsole: cram-md5.c:150-0 sending resp to challenge:
>>>> lDtDW8Q4t8pCCz+1PkFsrC
>>>> bconsole: cram-md5.c:152-0 Receive chanllenge response failed. ERR=No
>>>> data available
>>>> Director authorization problem.
>>>> Most likely the passwords do not agree.
>>>> If you are using TLS, there may have been a certificate validation
>>>> error during the TLS handshake.
>>>> Please see
>>>> http://www.bacula.org/en/rel-manual/Bacula_Freque_Asked_Questi.html#SECTION003760000000000000000
>>>> for help.
>>>> {code}
>>>>
>>>> What we also notice after reloading bacula-dir, is that there is no
>>>> daemon listening to port 9101.
>>>> The same happens if we reload from inside a bconsole. The next
>>>> bconsole we try to connect, fails.
>>>>
>>>> If we restart bacula-dir service, everything is ok again.
>>>>
>>>> Regards,
>>>> Kostis Fardelas
>
> Hello Kostis: are you sure there isn't any syntax error at your 
> bacula-dir.conf configuration?
> You can see that doing a messages bconsole command after reload or calling 
> your bacula-dir with the -t option (test).
>
> Regards,
> ===========================================================================
> Heitor Medrado de Faria - LPIC-III | ITIL-F | Bacula Systems Certified 
> Administrator II
> Do you need Bacula training? http://bacula.us/video-classes/
> +55 61 8268-4220
> Site: http://bacula.us FB: heitor.faria
> ===========================================================================

------------------------------------------------------------------------------
_______________________________________________
Bacula-users mailing list
Bacula-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bacula-users

Re: [Bacula-users] bacula-dir service reload crashes next bconsole

Reply via email to