VMware Plugin TLS error
118 views
Skip to first unread message
Max
May 17, 2024, 4:10:02 AM5/17/24
to bareos-users
Hey,
[root@storage-test01 bareos]# cat bareos-dir.d/job/vmware-test.conf
Job {
Name = "vmware-test"
JobDefs = "DefaultJob"
FileSet = "vmware-test-fileset"
}
Using Catalog "MyCatalog"
Run Backup job
JobName: vmware-test
Level: Full
Client: bareos-fd
Format: Native
FileSet: vmware-test-fileset
Pool: Full (From Job FullPool override)
Storage: File (From Job resource)
When: 2024-05-17 10:00:48
Priority: 10
OK to run? (yes/mod/no): yes
Job queued. JobId=22
You have messages.
*list joblog jobid=22
Using Catalog "MyCatalog"
2024-05-17 10:00:54 storage-test01.DOMAIN.local JobId 22: Start Backup JobId 22, Job=vmware-test.2024-05-17_10.00.52_09
2024-05-17 10:00:54 storage-test01.DOMAIN.local JobId 22: Connected Storage daemon at storage-test01.DOMAIN.local:9103, encryption: TLS_CHACHA20_POLY1305_SHA256
TLSv1.3
2024-05-17 10:00:54 storage-test01.DOMAIN.local JobId 22: Encryption: TLS_CHACHA20_POLY1305_SHA256 TLSv1.3
2024-05-17 10:00:54 storage-test01.DOMAIN.local JobId 22: Probing client protocol... (result will be saved until config reload)
2024-05-17 10:00:54 storage-test01.DOMAIN.local JobId 22: Fatal error: Connect failure: ERR=error:0A000417:SSL routines::sslv3 alert illegal parameter
2024-05-17 10:00:54 storage-test01.DOMAIN.local JobId 22: TLS negotiation failed (while probing client protocol)
[root@storage-test01 bareos]# vmware_cbt_tool.py -s vc60.DOMAIN.local -u ans-v...@DOMAIN.local -p PASSWORD -d DC -f /'Test VMs' -v auth-test61 --enablecbt
INFO: VM auth-test61 CBT supported: True
INFO: VM auth-test61 CBT enabled: True
INFO: VM auth-test61 trying to enable CBT now
INFO: VM auth-test61 is already CBT enabled
I have a steady TLS error while configuring the vmware plugin.
I set up the the vmware creds withn the base directory /etc/bareos/vmware-plugin.ini as following:
[root@storage-test01 bareos]# cat vmware-plugin.ini
[vmware_plugin_options]
vcserver=vc60.DOMAIN.local
vcuser=ans-v...@DOMAIN.local
vcpass=PASSWORD
The FileSet definition looks as following:
[root@storage-test01 bareos]# cat vmware-plugin.ini
[vmware_plugin_options]
vcserver=vc60.DOMAIN.local
vcuser=ans-v...@DOMAIN.local
vcpass=PASSWORD
The FileSet definition looks as following:
[root@storage-test01 bareos]# cat bareos-dir.d/fileset/vmware-test-fileset.conf
FileSet {
Name = "vmware-test-fileset"
Include {
Options {
Signature = XXH128
Compression = LZ4
}
Plugin = "python"
":module_name=bareos-fd-vmware"
":dc=DC:folder=/'Test VMs'"
":vmname=auth-test61"
":vcserver=vc60.DOMAIN.local"
":config_file=/etc/bareos/vmware-plugin.ini"
":vcthumbprint=THUMBPRINT"
}
}
FileSet {
Name = "vmware-test-fileset"
Include {
Options {
Signature = XXH128
Compression = LZ4
}
Plugin = "python"
":module_name=bareos-fd-vmware"
":dc=DC:folder=/'Test VMs'"
":vmname=auth-test61"
":vcserver=vc60.DOMAIN.local"
":config_file=/etc/bareos/vmware-plugin.ini"
":vcthumbprint=THUMBPRINT"
}
}
and the job definition looks like this:
[root@storage-test01 bareos]# cat bareos-dir.d/job/vmware-test.conf
Job {
Name = "vmware-test"
JobDefs = "DefaultJob"
FileSet = "vmware-test-fileset"
}
I get the multiple tls errors and a failed job after running following commands in bconsole:
*run job=vmware-test level=Full
Using Catalog "MyCatalog"
Run Backup job
JobName: vmware-test
Level: Full
Client: bareos-fd
Format: Native
FileSet: vmware-test-fileset
Pool: Full (From Job FullPool override)
Storage: File (From Job resource)
When: 2024-05-17 10:00:48
Priority: 10
OK to run? (yes/mod/no): yes
Job queued. JobId=22
You have messages.
*list joblog jobid=22
Using Catalog "MyCatalog"
2024-05-17 10:00:54 storage-test01.DOMAIN.local JobId 22: Start Backup JobId 22, Job=vmware-test.2024-05-17_10.00.52_09
2024-05-17 10:00:54 storage-test01.DOMAIN.local JobId 22: Connected Storage daemon at storage-test01.DOMAIN.local:9103, encryption: TLS_CHACHA20_POLY1305_SHA256
TLSv1.3
2024-05-17 10:00:54 storage-test01.DOMAIN.local JobId 22: Encryption: TLS_CHACHA20_POLY1305_SHA256 TLSv1.3
2024-05-17 10:00:54 storage-test01.DOMAIN.local JobId 22: Probing client protocol... (result will be saved until config reload)
2024-05-17 10:00:54 storage-test01.DOMAIN.local JobId 22: Fatal error: Connect failure: ERR=error:0A000417:SSL routines::sslv3 alert illegal parameter
2024-05-17 10:00:54 storage-test01.DOMAIN.local JobId 22: TLS negotiation failed (while probing client protocol)
the credentials for vmware are correct and with the vmware_cbt_tool.py I activated cbt on the client:
[root@storage-test01 bareos]# vmware_cbt_tool.py -s vc60.DOMAIN.local -u ans-v...@DOMAIN.local -p PASSWORD -d DC -f /'Test VMs' -v auth-test61 --enablecbt
INFO: VM auth-test61 CBT supported: True
INFO: VM auth-test61 CBT enabled: True
INFO: VM auth-test61 trying to enable CBT now
INFO: VM auth-test61 is already CBT enabled
best regards
Max
Andreas Rogge
May 21, 2024, 4:48:38 AM5/21/24
to bareos...@googlegroups.com
Hi Max,
from the log output I'd say "status client=bareos-fd" will also not
work. You will need to ensure your director can talk to your client first.
https://docs.bareos.org/Appendix/Troubleshooting.html#client-access-problems
Best Regards,
Andreas
--
Andreas Rogge andrea...@bareos.com
Bareos GmbH & Co. KG Phone: +49 221-630693-86
http://www.bareos.com
Sitz der Gesellschaft: Köln | Amtsgericht Köln: HRA 29646
Komplementär: Bareos Verwaltungs-GmbH
Geschäftsführer: Stephan Dühr, Jörg Steffens, Philipp Storz
from the log output I'd say "status client=bareos-fd" will also not
work. You will need to ensure your director can talk to your client first.
https://docs.bareos.org/Appendix/Troubleshooting.html#client-access-problems
Best Regards,
Andreas
--
Andreas Rogge andrea...@bareos.com
Bareos GmbH & Co. KG Phone: +49 221-630693-86
http://www.bareos.com
Sitz der Gesellschaft: Köln | Amtsgericht Köln: HRA 29646
Komplementär: Bareos Verwaltungs-GmbH
Geschäftsführer: Stephan Dühr, Jörg Steffens, Philipp Storz
Max
May 22, 2024, 10:29:54 AM5/22/24
to bareos-users
Hey Andreas,
my bad, I've tested multiple clients with the vmware-test-job, I had already a defined client for the auth-test61 machine, which throws following errors with the correct client:
The regular non-vmware backup works flawlessly on the auth-test61 machine.
Its just the vmware plugin which seems to have trouble establishing a valid
connection to create vmdk files.
I attached the Logs from a new failed jobs with the correct client selected + the part of the trace file for the director which captures the moment the Job failed.
I hope you can give me a hint in the right direction.
best regards
Max
Max
Andreas Rogge
May 23, 2024, 5:59:09 AM5/23/24
to bareos...@googlegroups.com
In the Joblog it clearly states the following:
Fatal error: Plugin Directory not defined. Cannot use plugin:
Basically:
- There is a fatal error
- You did not set "Plugin Directory"
- Therefore I cannot use the plugin
I guess you did not properly setup the python plugin in the FD.
Did you set Plugin Directory in the file daemon configuration?
Best Regards,
Andreas
Am 22.05.24 um 16:29 schrieb Max:
> http://www.bareos.com <http://www.bareos.com>
> You received this message because you are subscribed to the Google
> Groups "bareos-users" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to bareos-users...@googlegroups.com
> <mailto:bareos-users...@googlegroups.com>.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/bareos-users/495470fc-23a2-4a02-bca0-e7c3c7f326d7n%40googlegroups.com <https://groups.google.com/d/msgid/bareos-users/495470fc-23a2-4a02-bca0-e7c3c7f326d7n%40googlegroups.com?utm_medium=email&utm_source=footer>.
Fatal error: Plugin Directory not defined. Cannot use plugin:
"python:module_name=bareos-fd-vmware:dc=DC:folder=/'Test
VMs':vmname=auth-test61:vcserver=vc60.DOMAIN.local:vcuser=ans-v...@DOMAIN.local:vcpass=PASSWORD:vcthumbprint=THUMBPRINT"
Basically:
- There is a fatal error
- You did not set "Plugin Directory"
- Therefore I cannot use the plugin
I guess you did not properly setup the python plugin in the FD.
Did you set Plugin Directory in the file daemon configuration?
Best Regards,
Andreas
Am 22.05.24 um 16:29 schrieb Max:
> Hey Andreas,
>
> my bad, I've tested multiple clients with the vmware-test-job, I had
> already a defined client for the auth-test61 machine, which throws
> following errors with the correct client:
>
>
> The regular non-vmware backup works flawlessly on the auth-test61 machine.
> Its just the vmware plugin which seems to have trouble establishing a valid
> connection to create vmdk files.
>
> I attached the Logs from a new failed jobs with the correct client
> selected + the part of the trace file for the director which captures
> the moment the Job failed.
> I hope you can give me a hint in the right direction.
>
> best regards
> Max
>
>
>
> Andreas Rogge schrieb am Dienstag, 21. Mai 2024 um 10:48:38 UTC+2:
>
> Hi Max,
>
> from the log output I'd say "status client=bareos-fd" will also not
> work. You will need to ensure your director can talk to your client
> first.
>
> https://docs.bareos.org/Appendix/Troubleshooting.html#client-access-problems <https://docs.bareos.org/Appendix/Troubleshooting.html#client-access-problems>
>
> my bad, I've tested multiple clients with the vmware-test-job, I had
> already a defined client for the auth-test61 machine, which throws
> following errors with the correct client:
>
>
> The regular non-vmware backup works flawlessly on the auth-test61 machine.
> Its just the vmware plugin which seems to have trouble establishing a valid
> connection to create vmdk files.
>
> I attached the Logs from a new failed jobs with the correct client
> selected + the part of the trace file for the director which captures
> the moment the Job failed.
> I hope you can give me a hint in the right direction.
>
> best regards
> Max
>
>
>
> Andreas Rogge schrieb am Dienstag, 21. Mai 2024 um 10:48:38 UTC+2:
>
> Hi Max,
>
> from the log output I'd say "status client=bareos-fd" will also not
> work. You will need to ensure your director can talk to your client
> first.
>
>
> Best Regards,
> Andreas
>
> --
> Andreas Rogge andrea...@bareos.com
> Bareos GmbH & Co. KG Phone: +49 221-630693-86
> <tel:+49%20221%2063069386>
> Best Regards,
> Andreas
>
> --
> Andreas Rogge andrea...@bareos.com
> Bareos GmbH & Co. KG Phone: +49 221-630693-86
> http://www.bareos.com <http://www.bareos.com>
>
> Sitz der Gesellschaft: Köln | Amtsgericht Köln: HRA 29646
> Komplementär: Bareos Verwaltungs-GmbH
> Geschäftsführer: Stephan Dühr, Jörg Steffens, Philipp Storz
>
> --
> Sitz der Gesellschaft: Köln | Amtsgericht Köln: HRA 29646
> Komplementär: Bareos Verwaltungs-GmbH
> Geschäftsführer: Stephan Dühr, Jörg Steffens, Philipp Storz
>
> You received this message because you are subscribed to the Google
> Groups "bareos-users" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to bareos-users...@googlegroups.com
> <mailto:bareos-users...@googlegroups.com>.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/bareos-users/495470fc-23a2-4a02-bca0-e7c3c7f326d7n%40googlegroups.com <https://groups.google.com/d/msgid/bareos-users/495470fc-23a2-4a02-bca0-e7c3c7f326d7n%40googlegroups.com?utm_medium=email&utm_source=footer>.
Max
May 23, 2024, 8:01:37 AM5/23/24
to bareos-users
Hey Andreas,
Client {
Name = "storage-test01.DOMAIN.local"
Messages = "Standard"
Plugin Directory = /usr/lib64/bareos/plugins
Plugin Names = python3
}
FileSet {
Name = "vmware-test-fileset"
Description = "Backup auth61 via Bareos VMWare plugin"
the Plugin Directory is set under /etc/bareos/bareos-fd.d/client/myself.conf as following:
Name = "storage-test01.DOMAIN.local"
Messages = "Standard"
Plugin Directory = /usr/lib64/bareos/plugins
Plugin Names = python3
}
the corresponding fileset looks as following:
FileSet {
Name = "vmware-test-fileset"
Description = "Backup auth61 via Bareos VMWare plugin"
Include {
Options {
Signature = XXH128
Compression = LZ4
}
Plugin = "python"
":module_name=bareos-fd-vmware"
Options {
Signature = XXH128
Compression = LZ4
}
Plugin = "python"
":module_name=bareos-fd-vmware"
":dc=DCSITE:folder=/'Test VMs'"
":vmname=auth-test61"
":vcserver=vc60.DOMAIN.local"
":vcuser=ans-v...@DOMAIN.local"
":vcpass=PASSWORD"
":vcthumbprint=THUMBPRINT"
}
}
":vcserver=vc60.DOMAIN.local"
":vcuser=ans-v...@DOMAIN.local"
":vcpass=PASSWORD"
":vcthumbprint=THUMBPRINT"
}
}
and i still got the fatal error of the Plugin Dir not found. What itches me is that the myself.conf names calls specifically python3 while the Plugin Definition in the FileSet says "python" as the docs say, is that correct?
Best regards
Max
Spadajspadaj
May 23, 2024, 8:06:43 AM5/23/24
to bareos...@googlegroups.com
And does this directory exist? Does your bareos-fd process has permissions to open this directory and its contents? (SELinux anyone?)
MK
To unsubscribe from this group and stop receiving emails from it, send an email to bareos-users...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/bareos-users/fe2326cc-7bf0-4095-9bca-b16290cad670n%40googlegroups.com.
Andreas Rogge
May 23, 2024, 8:07:59 AM5/23/24
to bareos...@googlegroups.com
Am 23.05.24 um 14:01 schrieb Max:
> Hey Andreas,
[...]
> Hey Andreas,
[...]
> and i still got the fatal error of the Plugin Dir not found. What itches
> me is that the myself.conf names calls specifically python3 while the
> Plugin Definition in the FileSet says "python" as the docs say, is that
> correct?
Does a status client for that client list the python3 plugin as loaded?
> me is that the myself.conf names calls specifically python3 while the
> Plugin Definition in the FileSet says "python" as the docs say, is that
> correct?
Max
May 23, 2024, 9:12:19 AM5/23/24
to bareos-users
Hey,
*status client=auth-test61-fd
Connecting to Client auth-test61-fd at auth-test61.DOMAIN.local:9102
Handshake: Immediate TLS, Encryption: TLS_CHACHA20_POLY1305_SHA256 TLSv1.3
auth-test61.DOMAIN.local Version: 23.0.3~pre112.7df7ba8e1 (14 May 2024) Red Hat Enterprise Linux release 9.1 (Plow)
Daemon started 23-Mai-24 14:44. Jobs: run=0 running=0, Bareos community binary
Sizeof: boffset_t=8 size_t=8 debug=0 trace=0 bwlimit=0kB/s
Running Jobs:
storage-test01.Domain.local (director) connected at: 23-Mai-24 15:09
No Jobs running.
====
Best regards
Max
I added the Plugin Dir & Name Parameter to the bareos-sd.conf and bareos-dir.conf and the Plugin seems to be referenced correctly on a local level. (the fatal error went away)
However, if I start the Backup it gets stuck in a endless loop and the trace says:
23-Mai-2024 15:07:27.228320 storage-test01.DOMAIN.local (100): lib/bsock_tcp.cc:217-13 Current host[ipv6;::1;9103] All host[ipv6;::1;9103] host[ipv4;192.168.
6.34;65535]
23-Mai-2024 15:07:27.228400 storage-test01.DOMAIN.local (100): lib/bsock_tcp.cc:217-13 Current host[ipv4;192.168.6.34;9103] All host[ipv6;::1;9103] host[ipv4
;192.168.6.34;9103]
23-Mai-2024 15:07:27.228432 storage-test01.DOMAIN.local (100): lib/bsock_tcp.cc:116-13 Unable to connect to Storage daemon on storage-test01.DOMAIN.local:9103
. ERR=Verbindungsaufbau abgelehnt
it seems that the python3 is not loaded as it should be:
23-Mai-2024 15:07:27.228320 storage-test01.DOMAIN.local (100): lib/bsock_tcp.cc:217-13 Current host[ipv6;::1;9103] All host[ipv6;::1;9103] host[ipv4;192.168.
6.34;65535]
23-Mai-2024 15:07:27.228400 storage-test01.DOMAIN.local (100): lib/bsock_tcp.cc:217-13 Current host[ipv4;192.168.6.34;9103] All host[ipv6;::1;9103] host[ipv4
;192.168.6.34;9103]
23-Mai-2024 15:07:27.228432 storage-test01.DOMAIN.local (100): lib/bsock_tcp.cc:116-13 Unable to connect to Storage daemon on storage-test01.DOMAIN.local:9103
. ERR=Verbindungsaufbau abgelehnt
it seems that the python3 is not loaded as it should be:
*status client=auth-test61-fd
Connecting to Client auth-test61-fd at auth-test61.DOMAIN.local:9102
Handshake: Immediate TLS, Encryption: TLS_CHACHA20_POLY1305_SHA256 TLSv1.3
auth-test61.DOMAIN.local Version: 23.0.3~pre112.7df7ba8e1 (14 May 2024) Red Hat Enterprise Linux release 9.1 (Plow)
Daemon started 23-Mai-24 14:44. Jobs: run=0 running=0, Bareos community binary
Sizeof: boffset_t=8 size_t=8 debug=0 trace=0 bwlimit=0kB/s
Running Jobs:
storage-test01.Domain.local (director) connected at: 23-Mai-24 15:09
No Jobs running.
====
Best regards
Max
Max
May 24, 2024, 6:14:51 AM5/24/24
to bareos-users
Hey together,
FYI: I solved the issue by adding following dependencies to the client (auth61 machine)
- python3-requests
- python3-urllib3
- python3-pyvmomi
+ adding Plugin Directory/Name to /etc/bareos/bareos-fd.d/client/myself.conf:
#
# Ansible managed
#
Client {
Name = "auth-test61.DOMAIN.local"
# Ansible managed
#
Client {
Name = "auth-test61.DOMAIN.local"
Messages = "Standard"
Plugin Directory = /usr/lib64/bareos/plugins
Plugin Names = python3
}
Plugin Directory = /usr/lib64/bareos/plugins
Plugin Names = python3
}
I thought until this hour that the vmware plugin worked "agentless" in a matter of not needing to define anything but the filedaemon on the client machine,.
I appreciate all your help.
Best Regards
Max
Max
Reply all
Reply to author
Forward
0 new messages