Amanda-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: could not connect DATA stream

2007-11-08 05:47:37
Subject: Re: could not connect DATA stream
From: Paul Bijnens <Paul.Bijnens AT xplanation DOT com>
To: fedora <zuki AT abamon DOT com>
Date: Thu, 08 Nov 2007 11:41:21 +0100 

So, you have some firewall in between.  And you do have trouble with it.
And you're not very comfortable with tuning it.
So, did you read, understand and implement the easiest solution that
Jean-Louis suggested on nov 5?

  <quote>
  You should try the 'bsdtcp' auth, it is more firewall friendly, it
  only use: server tcp port 512-1024 to client tcp port 10080
  </quote>

That one, together with tuning the firewall(s) to open at least:
   server tcp port 512-1024   to   client tcp port 10080
(and let the replies in too, of course, any statefull firewall
does this already).

On 2007-11-08 10:53, fedora wrote:

This kind of situation is dragging me too long. In the middle of
troubleshooting this problem I got another problem. amanda taper is not
going to write to tape. It holds the backups on the holding disk. Is this
because of too many dumps file on the holding disk of one of my problem
client which I still cannot solve it?  I keep on trying to dump the client
after changing/troubleshooting. If I relabel the tape again would it erase
all backup files? or any safe solutions?


Relabeling erases the tape, indeed.  But why relabel it? Do you mean
that you keep inserting the same tape over and over again until that one
client succeeds?

Why not first trouble that one client?
Make a diskist file with one small DLE from that client.
And while testing the firewall-issues with that client, you do not have
to insert a tape; just dump to holdingdisk.
And then get that client connection problem resolved first.
Change one configurable item at a time, and test.  Do not change 10
things at once, generating lots of irrelevant issues.

When that client is solved, then go on the next problem. E.g. find out
why Amanda believes the tape is not a writable valid tape.




Email reports this to me:
*** A TAPE ERROR OCCURRED: [No writable valid tape found].


The reason why the images are not on the tape is worded in plain english
above.
Was there a tape in?
Was it a tape that could be reused (older than tapecycle?)
Was it write protected?
What did amcheck say about that tape before?



Some dumps may have been left in the holding disk.

My problem is become more difficult. Please help. :(


fedora wrote:

this is the logs on dumper on server:

dumper: connect_portrange: connect from 0.0.0.0.50000 failed: Connection
timed out
dumper: connect_portrange: connect to 202.53.250.159.37782 failed:
Connection timed out
dumper: stream_client: Could not bind to port in range 50000 - 50100.
dumper: connect_port: Try port 50000: Available - dumper: connect_portrange: connect from 0.0.0.0.50000 failed: Connection 
timed out
dumper: connect_portrange: connect to 202.53.250.159.37782 failed:
Connection timed out
dumper: stream_client: Could not bind to any port: Connection timed out
security_seterror(handle=0x99b2ff0, driver=0x7dd0e0 (BSD) error=can't
connect stream to abc.com port 37782: Connection timed out)

I already allowed port range 50000-50100 (tcp) and 10080 (udp) in my
firewall.


How did you allow those? Did it suceeed? Let's see the commands, so that
we can verify them.   Does your firewall do port-NAT interfering with
the port ranges you specified?
Maybe you allowed only one way traffic, or allowed it from server to
client instead of client to server.
Note that there could be more than one firewall: do not forget the
firewall rules on the server and client itself (beside the firewall
in between them).

But, as said above, much easier is to use bsdtcp which is much more
firewall friendly.





fedora wrote:

Hi all,

I couldn't find any solutions on this kind of error:

- amstatus report on server -

abc.com:/var/lib/mysql 1 driver: (aborted:"[could not connect DATA
stream: can't connect stream to abc.com.com port 45633: Connection timed
out]")(too many d
umper retry)

-- in client debug file - amandad --

amandad: time 30.001: stream_accept: timeout after 30 seconds
amandad: time 30.001: security_stream_seterr(0x95d25e0, can't accept new
stream connection: No such file or directory)
amandad: time 30.001: stream 0 accept failed: unknown protocol error
amandad: time 30.001: security_stream_close(0x95d25e0)
amandad: time 59.997: stream_accept: timeout after 30 seconds
amandad: time 59.997: security_stream_seterr(0x95da618, can't accept new
stream connection: No such file or directory)
amandad: time 59.997: stream 1 accept failed: unknown protocol error
amandad: time 59.997: security_stream_close(0x95da618)
amandad: time 89.992: stream_accept: timeout after 30 seconds
amandad: time 89.993: security_stream_seterr(0x95e2650, can't accept new
stream connection: No such file or directory)
amandad: time 89.993: stream 2 accept failed: unknown protocol error
amandad: time 89.993: security_stream_close(0x95e2650)
amandad: time 89.993: security_close(handle=0x95c1958, driver=0x468a20
(BSD))
amandad: time 89.993: pid 8559 finish time Mon Oct 29 17:46:40 2007

-- in server amdump.1 log ---

driver: result time 756.150 from dumper0: TRY-AGAIN 00-00002 "[could not
connect DATA stream: can't connect stream to abc.com port 45633:
Connection timed out]"
driver: dump failed 00-00002 abc.com /var/lib/mysql, too many dumper
retry: "[could not connect DATA stream: can't connect stream to abc.com
port 45633: Connection timed out]" 
driver: send-cmd time 756.150 to chunker0: FAILED 00-00002
driver: state time 756.150 free kps: 1705 space: 101293664 taper: idle
idle-dumpers: 3 qlen tapeq: 0 runq: 0 roomq: 0 wakeup: 0 driver-idle:
no-dumpers
driver: interface-state time 756.150 if default: free 305 if local: free
1000 if le0: free 400
driver: hdisk-state time 756.150 hdisk 0: free 101293664 dumpers 1
driver: result time 756.150 from chunker0: FAILED 00-00002 "[cannot read
header: got 0 instead of 32768]"

amcheck is running fine with no problems and only this DLE got problem
from 11 DLEs. I do not understand what does it mean by "could not connect
DATA stream". FYI, I ran client using xinetd. Firewall has been opened. 
service amanda
{
       only_from       = server.com
       socket_type     = dgram
       protocol        = udp
       wait            = yes
       user            = amanda
       group           = disk
       groups          = yes
       server          = /usr/local/libexec/amandad
       server_args     = -auth=bsd amdump
       disable         = no
}

Can anyone help me?









--
Paul Bijnens, xplanation Technology Services        Tel  +32 16 397.511
Technologielaan 21 bus 2, B-3001 Leuven, BELGIUM    Fax  +32 16 397.512
http://www.xplanation.com/          email:  Paul.Bijnens AT xplanation DOT com
***********************************************************************
* I think I've got the hang of it now:  exit, ^D, ^C, ^\, ^Z, ^Q, ^^, *
* F6, quit, ZZ, :q, :q!, M-Z, ^X^C, logoff, logout, close, bye, /bye, *
* stop, end, F3, ~., ^]c, +++ ATH, disconnect, halt,  abort,  hangup, *
* PF4, F20, ^X^X, :D::D, KJOB, F14-f-e, F8-e,  kill -1 $$,  shutdown, *
* init 0, kill -9 1, Alt-F4, Ctrl-Alt-Del, AltGr-NumLock, Stop-A, ... *
* ...  "Are you sure?"  ...   YES   ...   Phew ...   I'm out          *
***********************************************************************
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: could not connect DATA stream, fedora
Next by Date:  Re: Archiving with amanda, Paul Bijnens
Previous by Thread:  Re: could not connect DATA stream, fedora
Next by Thread:  Re: could not connect DATA stream, fedora
Indexes:  [Date] [Thread] [Top] [All Lists]