I got this working without TLS enabled.
Not sure why that breaks it, but perhaps something with how proxy is
handled and how the TLS settings may not be applied properly for a
remote=yes config, even though they are accepted as options.
Oddly, even if I just enabled tls from the console to the FD, which
allows for a local status of FD, this breaks proxy, even when the proxy
connection does not have TLS enabled and works if the console to FD also
has no TLS enabled. That the proxy connection might not be expecting
TLS I can understand, but seems odd that a successful TLS connection
from console to FD would break the FD's ability to proxy to the remote
Director.
Stephen
On 7/6/18 2:44 PM, Stephen Thompson wrote:
Well this led to unexpected results. Still 9.0.6, but running both FD
and DIR in foreground with d900 both show startup messages, show console
connecting to FD, show FD connecting to DIR when "proxy" is sent, but
then when any command is sent and hangs, NEITHER FD NOR DIRECTOR output
anything at all!
2000 OK Hello 214
Enter a period to cancel a command.
*proxy
2000 proxy OK.
*status
<hangs here>
FD output...
fd: hello.c:262-0 Connecting to Director DIRECTOR:9101
fd: watchdog.c:197-0 Registered watchdog 7fc73401fa68, interval 15 one shot
fd: btimers.c:145-0 Start thread timer 7fc73401d498 tid 7fc73bf4c700 for
15 secs.
fd: bsock.c:237-0 Current A.B.C.D:9101 All W.X.Y.Z:9101
fd: bsock.c:166-0 who=Director daemon host=DIRECTOR port=9101
fd: bsock.c:349-0 OK connected to server Director daemon DIRECTOR:9101.
fd: btimers.c:203-0 Stop thread timer 7fc73401d498 tid=7fc73bf4c700.
fd: watchdog.c:217-0 Unregistered watchdog 7fc73401fa68
fd: watchdog.c:197-0 Registered watchdog 7fc73401d498, interval 15 one shot
fd: btimers.c:177-0 Start bsock timer 7fc734005d18 tid=7fc73bf4c700 for
15 secs at 1530890871
fd: cram-md5.c:133-0 cram-get received: auth cram-md5
<195401314.1530890871@dir> ssl=2
fd: cram-md5.c:157-0 sending resp to challenge: jlJ1z7+S47xwcCkb2S+GGD
fd: cram-md5.c:76-0 send: auth cram-md5 challenge
<88308421.1530890871@fd> ssl=2
fd: cram-md5.c:95-0 Authenticate OK GD/TjH/8Dwc+4C0mJ8+2oD
fd: tls.c:392-0 Check subject name name
fd: bnet.c:280-0 TLS client negotiation established.
fd: hello.c:335-0 >dird: 1000 OK auth
fd: hello.c:342-0 <dird: 1000 OK: 103 DIRECTOR Version: 9.0.6 (20
November 2017)
fd: hello.c:345-0 1000 OK: 103 DIRECTOR Version: 9.0.6 (20 November 2017)
DIR output
dir: bnet.c:569-0 socket=6 who=client host=A.B.C.D port=9101
dir: jcr.c:931-0 set_jcr_job_status(0, C)
dir: jcr.c:940-0 OnEntry JobStatus=0 newJobstatus=C
dir: jcr.c:951-0 Set new stat. old: 0,0 new: C,0
dir: jcr.c:956-0 leave setJobStatus old=0 new=C
dir: job.c:1760-0 wstorage=STORAGE
dir: job.c:1769-0 wstore=STORAGE where=Job resource
dir: job.c:1429-0 JobId=0 created Job=-Console-.2018-07-06_08.27.51_05
dir: jcr.c:931-0 set_jcr_job_status(0, R)
dir: jcr.c:940-0 OnEntry JobStatus=C newJobstatus=R
dir: jcr.c:951-0 Set new stat. old: C,0 new: R,0
dir: jcr.c:956-0 leave setJobStatus old=C new=R
dir: cram-md5.c:69-0 send: auth cram-md5 challenge
<195401314.1530890871@dir> ssl=2
dir: cram-md5.c:133-0 cram-get received: auth cram-md5
<88308421.1530890871@fd> ssl=2
dir: cram-md5.c:157-0 sending resp to challenge: GD/TjH/8Dwc+4C0mJ8+2oD
lawson-dir: bnet.c:230-0 TLS server negotiation established.
I'm going to build 9.0.8 and see if I get different results.
I believe I skipped TLS with the same results.
Stephen
On 7/6/18 7:23 AM, Stephen Thompson wrote:
Yes, it does print 2000 proxy OK, but then in my case, the 'run' below
would hang. And as I said, running the bacula-fd in the foreground
shows a successful connection to Director when successful, but then
nothing more. Also an unsuccessful connection (on purpose) is output
form both the FD and the DIR, so they are definitely talking. Hmmm...
I will try your foregrounded director suggestion.
BTW, I'm also using TLS, which I'm hoping is not muddying the waters.
Oh, and technically I'm running 9.0.6, so perhaps I should upgrade as
well.
Stephen
On 7/6/18 3:50 AM, Martin Simmons wrote:
It works for me in 9.0.8:
Connecting to Director localhost:9102
2000 OK Hello 214
Enter a period to cancel a command.
*proxy
2000 proxy OK.
*run
Automatically selected Catalog: MyCatalog
Using Catalog "MyCatalog"
A job name must be specified.
The defined Job resources are:
1: Client1
...
Does it print "2000 proxy OK." and the "*" prompt after the proxy
command?
You could try running the Director in the foreground with -d900.
__Martin
On Thu, 5 Jul 2018 17:30:31 -0700, Stephen Thompson said:
Thanks Martin.
That got me a step closer, but still not working.
If I run bacula-fd in foreground, I can see that when I execute proxy
command the FD outputs a successful connected to Director message. But
running any other command under proxy in bconsole just hangs with no
output from FD or from Director.
Hmmm...
Stephen
On 7/5/18 8:21 AM, Martin Simmons wrote:
On Tue, 3 Jul 2018 16:04:56 -0700, Stephen Thompson said:
All,
I've been trying to setup client initiated backups via FD
remote=yes and
bconsole with no success. Regardless of the ACLs defined on
Director,
the only command available on client's bconsole is "status" and even
that is the status of the local FD, not the DIR status. Every other
command yields...
2999 Invalid command
You are not connected directly to the Director command loop after
connecting
bconsole to the local FD. According to the test
(regress/tests/remote-console-test), you need to use the proxy command
(without any arguments) to connect to the Director.
__Martin
--
Stephen Thompson Berkeley Seismo Lab
step...@seismo.berkeley.edu 215 McCone Hall
Office: 510.664.9177 University of California
Remote: 510.214.6506 (Tue) Berkeley, CA 94720-4760
--
Stephen Thompson Berkeley Seismo Lab
step...@seismo.berkeley.edu 215 McCone Hall
Office: 510.664.9177 University of California
Remote: 510.214.6506 (Tue) Berkeley, CA 94720-4760
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Bacula-users mailing list
Bacula-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bacula-users
