I'll attach some debug logs.
For the purposes of this test I cut the disklist file down to two entries:
One entry is a client which is configured to use simple BSD auth.
The other entry is a client which is configured to use bsdtcp auth.
Both of these have been verified by running amcheck disklist.
This file:
amcheck.20100107131821.debug
is from the client whose DLE has it using BSD auth.
This file:
amandad.20100107131826.debug
is from the client whose DLE has it using bsdtcp auth.
This file:
amcheck.20100107131821.debug
is from the server on that same run.
The amcheck -c command reported:
bac...@fileserver:~$ amcheck -c cwa-lto
Amanda Backup Client Hosts Check
--------------------------------
ERROR: NAK zimbra1.internal.cwa.co.nz: user root from
fileserver.internal.cwa.co.nz is not allowed to execute the service noop:
Please add "amdump" to the line in /var/backups/.amandahosts on the client
Client check: 2 hosts checked in 5.097 seconds, 1 problem found
(brought to you by Amanda 2.5.2p1)
Steve Wray wrote:
Jean-Louis Martineau wrote:
Run 'amadmin <CONFIG> disklist' and check the auth is set as expected
for all dles.
I've done this, with the amanda.conf having bsdudp and with it having
bsdtcp for that entry.
In both cases all auth entries for all other DLE's are 'BSD'.
In both cases only that one DLE is reported as having either bsdtcp or
bsdudp, in both cases matching what is in the amanda.conf
So I'd say that was all as expected.
Jean-Louis
Steve Wray wrote:
Jean-Louis Martineau wrote:
Steve Wray wrote:
Jean-Louis Martineau wrote:
Steve Wray wrote:
On the client, in the sendbackup.20100106012630.debug log I see:
sendbackup-gnutar: time 0.056: /usr/lib/amanda/runtar: pid 3348
sendbackup: time 0.057: started backup
sendbackup: time 90.352: index tee cannot write [Broken pipe]
sendbackup: time 90.352: pid 3346 finish time Wed Jan 6 01:28:01
2010
90 seconds, it's not a dtimeout issue.
Post all debug files for the run.
You can also try the bsdtcp auth, it is more firewall friendly.
Ah hang on, am I right in understanding that you can't have just
one dle using bsdtcp auth? That they would all have to have it? (ie
the inetd configuration)
All dles for a client must have the same auth.
different client can have different auth.
We are going around in circles a little here.
Allow me to try to make things very clear.
In my amanda.conf I have a dumptype defined as such:
(I've included the parent dumptypes. The 'global' dumptype is empty)
define dumptype root-tar {
global
program "GNUTAR"
comment "root partitions dumped with tar"
compress none
index
exclude list "/etc/amanda/exclude.gtar"
priority low
}
define dumptype nocomp-root-tar {
root-tar
comment "Root partitions without compression"
compress none
}
define dumptype problem-nocomp-root-tar {
nocomp-root-tar
comment "Root partitions without compression, problem client"
compress none
auth "bsdudp"
# auth "bsdtcp"
}
There are several DLEs for clients using the 'nocomp-root-tar'
dumptype and only *one* DLE for *one* client using the
'problem-nocomp-root-tar' dumptype.
With the bsdudp line uncommented everything is happy with an amcheck.
With the bsdtcp line uncommented (and the bsdudp line commented out)
*no* client is happy with the amcheck *other* than the client which
uses 'problem-nocomp-root-tar'. However, as noted in another email
this is intermittent, sometimes some clients using nocomp-root-tar
are happy. So far its not exhibiting much pattern that I can see.
The above *does* include the fact that I *do* change the inetd.conf
on the client which uses problem-nocomp-root-tar *and* restart inetd.
So, with a change of one line in a dumptype in a DLE used by one
client, all other clients have problems.
Perhaps I am misunderstanding something basic about dumptype
configuration?
--
Please remember that an email is just like a postcard; it is not
confidential nor private nor secure and can be read by many other people
than the intended recipient. A postcard can be read by anyone at the mail
sorting office and expecting what is written on it to be private and secret
is not realistic. Please hold no higher expectation of email.
If you need to send confidential information in an email you need to use
encryption. PGP is Pretty good for this.
amandad: debug 1 pid 5084 ruid 34 euid 34: start at Thu Jan 7 13:18:21 2010
Could not open conf file "/etc/amanda/amanda-client.conf": No such file or
directory
amandad: time 0.000: security_getdriver(name=bsd) returns 0xb7f834c0
amandad: version 2.5.2p1
amandad: time 0.000: build: VERSION="Amanda-2.5.2p1"
amandad: time 0.000: BUILT_DATE="Sat Aug 16 16:06:29 ART 2008"
amandad: time 0.000: BUILT_MACH="Linux rover 2.6.25.15 #4 SMP Thu Aug 7
11:07:30 MDT 2008 i686 GNU/Linux"
amandad: time 0.000: CC="gcc"
amandad: time 0.000: CONFIGURE_COMMAND="'./configure' '--prefix=/usr'
'--bindir=/usr/sbin' '--mandir=/usr/share/man' '--libexecdir=/usr/lib/amanda'
'--enable-shared' '--sysconfdir=/etc' '--localstatedir=/var/lib'
'--with-gnutar-listdir=/var/lib/amanda/gnutar-lists'
'--with-index-server=localhost' '--with-user=backup' '--with-group=backup'
'--with-bsd-security' '--with-amandahosts'
'--with-smbclient=/usr/bin/smbclient' '--with-debugging=/var/log/amanda'
'--with-dumperdir=/usr/lib/amanda/dumper.d' '--with-tcpportrange=50000,50100'
'--with-udpportrange=840,860' '--with-maxtapeblocksize=256'
'--with-ssh-security' '--with-bsdtcp-security' '--with-bsdudp-security'"
amandad: time 0.000: paths: bindir="/usr/sbin" sbindir="/usr/sbin"
amandad: time 0.000: libexecdir="/usr/lib/amanda" mandir="/usr/share/man"
amandad: time 0.000: AMANDA_TMPDIR="/tmp/amanda"
amandad: time 0.000: AMANDA_DBGDIR="/var/log/amanda"
CONFIG_DIR="/etc/amanda"
amandad: time 0.000: DEV_PREFIX="/dev/" RDEV_PREFIX="/dev/"
DUMP="/sbin/dump"
amandad: time 0.000: RESTORE="/sbin/restore" VDUMP=UNDEF VRESTORE=UNDEF
amandad: time 0.000: XFSDUMP="/sbin/xfsdump"
XFSRESTORE="/sbin/xfsrestore"
amandad: time 0.000: VXDUMP=UNDEF VXRESTORE=UNDEF
amandad: time 0.000: SAMBA_CLIENT="/usr/bin/smbclient" GNUTAR="/bin/tar"
amandad: time 0.000: COMPRESS_PATH="/bin/gzip"
UNCOMPRESS_PATH="/bin/gzip"
amandad: time 0.000: LPRCMD="/usr/bin/lpr" MAILER="/usr/bin/mail"
amandad: time 0.000: listed_incr_dir="/var/lib/amanda/gnutar-lists"
amandad: time 0.000: defs: DEFAULT_SERVER="localhost"
DEFAULT_CONFIG="DailySet1"
amandad: time 0.000: DEFAULT_TAPE_SERVER="localhost" HAVE_MMAP
NEED_STRSTR
amandad: time 0.000: HAVE_SYSVSHM LOCKING=POSIX_FCNTL SETPGRP_VOID
DEBUG_CODE
amandad: time 0.000: AMANDA_DEBUG_DAYS=4 BSD_SECURITY RSH_SECURITY
USE_AMANDAHOSTS
amandad: time 0.000: CLIENT_LOGIN="backup" FORCE_USERID HAVE_GZIP
amandad: time 0.000: COMPRESS_SUFFIX=".gz" COMPRESS_FAST_OPT="--fast"
amandad: time 0.000: COMPRESS_BEST_OPT="--best" UNCOMPRESS_OPT="-dc"
amandad: time 0.000: dgram_recv(dgram=0xb7f85464, timeout=0,
fromaddr=0xb7f95450)
amandad: time 0.000: (sockaddr_in *)0xb7f95450 = { 2, 841, 10.10.10.129 }
amandad: time 0.000: security_handleinit(handle=0x932c800, driver=0xb7f834c0
(BSD))
amandad: time 0.002: security_seterror(handle=0x932c800, driver=0xb7f834c0
(BSD) error=user root from fileserver.internal.cwa.co.nz is not allowed to
execute the service noop: Please add "amdump" to the line in
/var/backups/.amandahosts on the client)
amandad: time 0.002: accept error: user root from fileserver.internal.cwa.co.nz
is not allowed to execute the service noop: Please add "amdump" to the line in
/var/backups/.amandahosts on the client
amandad: time 0.002: sending NAK pkt:
<<<<<
ERROR user root from fileserver.internal.cwa.co.nz is not allowed to execute
the service noop: Please add "amdump" to the line in /var/backups/.amandahosts
on the client
>>>>>
amandad: time 0.002: dgram_send_addr(addr=0x932c820, dgram=0xb7f85464)
amandad: time 0.002: (sockaddr_in *)0x932c820 = { 2, 841, 10.10.10.129 }
amandad: time 0.002: dgram_send_addr: 0xb7f85464->socket = 0
amandad: time 0.002: security_close(handle=0x932c800, driver=0xb7f834c0 (BSD))
amcheck: debug 1 pid 1566 ruid 34 euid 0: start at Thu Jan 7 13:18:21 2010
amcheck: debug 1 pid 1566 ruid 34 euid 34: rename at Thu Jan 7 13:18:21 2010
amcheck-clients: time 0.004: security_getdriver(name=bsdtcp) returns 0xb7f63bc0
amcheck-clients: time 0.004: security_handleinit(handle=0x8063318,
driver=0xb7f63bc0 (BSDTCP))
amcheck-clients: time 0.006: security_streaminit(stream=0x80637b0,
driver=0xb7f63bc0 (BSDTCP))
amcheck-clients: time 0.008: connect_port: Skip port 512: Owned by exec.
amcheck-clients: time 0.009: connect_port: Skip port 513: Owned by login.
amcheck-clients: time 0.009: connect_port: Skip port 514: Owned by shell.
amcheck-clients: time 0.009: connect_port: Skip port 515: Owned by printer.
amcheck-clients: time 0.009: connect_port: Try port 516: Available -
amcheck-clients: time 0.011: connect_portrange: connect from 0.0.0.0.516
failed: Connection refused
amcheck-clients: time 0.011: connect_portrange: connect to 203.96.63.240.10080
failed: Connection refused
amcheck-clients: time 0.011: stream_client: Could not bind to port in range
512-1023.
amcheck-clients: time 0.011: security_seterror(handle=0x8063318,
driver=0xb7f63bc0 (BSDTCP) error=Connection refused)
amcheck-clients: time 0.011: security_close(handle=0x8063318, driver=0xb7f63bc0
(BSDTCP))
amcheck-clients: time 0.011: security_stream_close(0x80637b0)
amcheck-clients: time 0.011: security_getdriver(name=BSD) returns 0xb7f63b60
amcheck-clients: time 0.011: security_handleinit(handle=0x8063318,
driver=0xb7f63b60 (BSD))
amcheck-clients: time 0.012: bind_portrange2: Try port 841: Available -
Success
amcheck-clients: time 0.012: dgram_bind: socket 3 bound to 0.0.0.0.841
amcheck-clients: time 0.012: dgram_send_addr(addr=0x8063338, dgram=0xb7f65b04)
amcheck-clients: time 0.012: (sockaddr_in *)0x8063338 = { 2, 10080, 10.10.0.7 }
amcheck-clients: time 0.012: dgram_send_addr: 0xb7f65b04->socket = 3
amcheck-clients: time 0.021: dgram_recv(dgram=0xb7f65b04, timeout=0,
fromaddr=0xb7f75af0)
amcheck-clients: time 0.021: (sockaddr_in *)0xb7f75af0 = { 2, 10080, 10.10.0.7 }
amcheck-clients: time 0.021: security_close(handle=0x8063318, driver=0xb7f63b60
(BSD))
amcheck-clients: time 5.019: security_handleinit(handle=0x8063318,
driver=0xb7f63bc0 (BSDTCP))
amcheck-clients: time 5.034: security_streaminit(stream=0x806ce60,
driver=0xb7f63bc0 (BSDTCP))
amcheck-clients: time 5.036: connect_port: Skip port 512: Owned by exec.
amcheck-clients: time 5.036: connect_port: Skip port 513: Owned by login.
amcheck-clients: time 5.036: connect_port: Skip port 514: Owned by shell.
amcheck-clients: time 5.036: connect_port: Skip port 515: Owned by printer.
amcheck-clients: time 5.037: connect_port: Try port 516: Available -
amcheck-clients: time 5.038: connected to 203.96.63.246.10080
amcheck-clients: time 5.038: our side is 0.0.0.0.516
amcheck-clients: time 5.038: try_socksize: send buffer size is 65536
amcheck-clients: time 5.038: try_socksize: receive buffer size is 65536
amcheck-clients: time 5.054: security_getdriver(name=bsdtcp) returns 0xb7f63bc0
amcheck-clients: time 5.054: security_handleinit(handle=0x806c3d8,
driver=0xb7f63bc0 (BSDTCP))
amcheck-clients: time 5.055: security_streaminit(stream=0x8074e98,
driver=0xb7f63bc0 (BSDTCP))
amcheck-clients: time 5.055: security_close(handle=0x8063318, driver=0xb7f63bc0
(BSDTCP))
amcheck-clients: time 5.055: security_stream_close(0x806ce60)
amcheck-clients: time 5.101: security_close(handle=0x806c3d8, driver=0xb7f63bc0
(BSDTCP))
amcheck-clients: time 5.101: security_stream_close(0x8074e98)
amcheck: time 5.102: pid 1566 finish time Thu Jan 7 13:18:26 2010
amandad: debug 1 pid 23825 ruid 34 euid 34: start at Thu Jan 7 13:18:26 2010
Could not open conf file "/etc/amanda/amanda-client.conf": No such file or
directory
amandad: time 0.000: security_getdriver(name=bsdtcp) returns 0xb7eed520
amandad: version 2.5.2p1
amandad: time 0.000: build: VERSION="Amanda-2.5.2p1"
amandad: time 0.000: BUILT_DATE="Sat Aug 16 16:06:29 ART 2008"
amandad: time 0.000: BUILT_MACH="Linux rover 2.6.25.15 #4 SMP Thu Aug 7
11:07:30 MDT 2008 i686 GNU/Linux"
amandad: time 0.000: CC="gcc"
amandad: time 0.000: CONFIGURE_COMMAND="'./configure' '--prefix=/usr'
'--bindir=/usr/sbin' '--mandir=/usr/share/man' '--libexecdir=/usr/lib/amanda'
'--enable-shared' '--sysconfdir=/etc' '--localstatedir=/var/lib'
'--with-gnutar-listdir=/var/lib/amanda/gnutar-lists'
'--with-index-server=localhost' '--with-user=backup' '--with-group=backup'
'--with-bsd-security' '--with-amandahosts'
'--with-smbclient=/usr/bin/smbclient' '--with-debugging=/var/log/amanda'
'--with-dumperdir=/usr/lib/amanda/dumper.d' '--with-tcpportrange=50000,50100'
'--with-udpportrange=840,860' '--with-maxtapeblocksize=256'
'--with-ssh-security' '--with-bsdtcp-security' '--with-bsdudp-security'"
amandad: time 0.000: paths: bindir="/usr/sbin" sbindir="/usr/sbin"
amandad: time 0.000: libexecdir="/usr/lib/amanda" mandir="/usr/share/man"
amandad: time 0.000: AMANDA_TMPDIR="/tmp/amanda"
amandad: time 0.000: AMANDA_DBGDIR="/var/log/amanda"
CONFIG_DIR="/etc/amanda"
amandad: time 0.000: DEV_PREFIX="/dev/" RDEV_PREFIX="/dev/"
DUMP="/sbin/dump"
amandad: time 0.000: RESTORE="/sbin/restore" VDUMP=UNDEF VRESTORE=UNDEF
amandad: time 0.000: XFSDUMP="/sbin/xfsdump"
XFSRESTORE="/sbin/xfsrestore"
amandad: time 0.000: VXDUMP=UNDEF VXRESTORE=UNDEF
amandad: time 0.000: SAMBA_CLIENT="/usr/bin/smbclient" GNUTAR="/bin/tar"
amandad: time 0.000: COMPRESS_PATH="/bin/gzip"
UNCOMPRESS_PATH="/bin/gzip"
amandad: time 0.000: LPRCMD="/usr/bin/lpr" MAILER="/usr/bin/mail"
amandad: time 0.000: listed_incr_dir="/var/lib/amanda/gnutar-lists"
amandad: time 0.000: defs: DEFAULT_SERVER="localhost"
DEFAULT_CONFIG="DailySet1"
amandad: time 0.000: DEFAULT_TAPE_SERVER="localhost" HAVE_MMAP
NEED_STRSTR
amandad: time 0.000: HAVE_SYSVSHM LOCKING=POSIX_FCNTL SETPGRP_VOID
DEBUG_CODE
amandad: time 0.000: AMANDA_DEBUG_DAYS=4 BSD_SECURITY RSH_SECURITY
USE_AMANDAHOSTS
amandad: time 0.000: CLIENT_LOGIN="backup" FORCE_USERID HAVE_GZIP
amandad: time 0.000: COMPRESS_SUFFIX=".gz" COMPRESS_FAST_OPT="--fast"
amandad: time 0.000: COMPRESS_BEST_OPT="--best" UNCOMPRESS_OPT="-dc"
amandad: time 0.005: security_handleinit(handle=0x8052cf0, driver=0xb7eed520
(BSDTCP))
amandad: time 0.005: security_streaminit(stream=0x8052e20, driver=0xb7eed520
(BSDTCP))
amandad: time 0.005: accept recv REQ pkt:
<<<<<
SERVICE noop
OPTIONS features=ffffffff9ffeffffffff00;
>>>>>
amandad: time 0.005: creating new service: noop
OPTIONS features=ffffffff9ffeffffffff00;
amandad: time 0.008: sending ACK pkt:
<<<<<
>>>>>
amandad: time 0.009: sending REP pkt:
<<<<<
OPTIONS features=ffffffff9ffeffffffff00;
>>>>>
amandad: time 0.010: received ACK pkt:
<<<<<
>>>>>
amandad: time 0.010: security_close(handle=0x8052cf0, driver=0xb7eed520
(BSDTCP))
amandad: time 0.010: security_stream_close(0x8052e20)
amandad: time 0.012: security_handleinit(handle=0x8052cf0, driver=0xb7eed520
(BSDTCP))
amandad: time 0.012: security_streaminit(stream=0x805af50, driver=0xb7eed520
(BSDTCP))
amandad: time 0.012: accept recv REQ pkt:
<<<<<
SERVICE selfcheck
OPTIONS
features=ffffffff9ffeffffffff00;maxdumps=1;hostname=ezchannel.tki.org.nz;config=cwa-lto;
GNUTAR / 0 OPTIONS |;auth=bsdtcp;index;exclude-list=/etc/amanda/exclude.gtar;
>>>>>
amandad: time 0.012: creating new service: selfcheck
OPTIONS
features=ffffffff9ffeffffffff00;maxdumps=1;hostname=ezchannel.tki.org.nz;config=cwa-lto;
GNUTAR / 0 OPTIONS |;auth=bsdtcp;index;exclude-list=/etc/amanda/exclude.gtar;
amandad: time 0.015: sending ACK pkt:
<<<<<
>>>>>
amandad: time 0.018: sending REP pkt:
<<<<<
OPTIONS features=ffffffff9ffeffffffff00;
OK /
OK /
OK /
OK /usr/lib/amanda/runtar executable
OK /bin/tar executable
OK /var/lib/amanda/gnutar-lists/. read/writable
OK /var/lib/amanda/amandates read/writable
OK /dev/null read/writable
OK /tmp/amanda has more than 64 KB available.
OK /var/log/amanda has more than 64 KB available.
OK /var/lib has more than 64 KB available.
>>>>>
amandad: time 0.057: received ACK pkt:
<<<<<
>>>>>
amandad: time 0.057: security_close(handle=0x8052cf0, driver=0xb7eed520
(BSDTCP))
amandad: time 0.057: security_stream_close(0x805af50)
amandad: time 0.058: pid 23825 finish time Thu Jan 7 13:18:26 2010
