Wanted to share a workaround for an EMC Avamar bug I recently came across. I was doing a new install of a couple of Avamar servers and ran across an issue were I could not perform a backup or replicate between sites without encryption turned on. Turns out this is a known bug with Avamar OS 7.1.0. Even after turning off the “avfirewall” at the target and source sites I was still unable to connect on the unencrypted port (port 27000).
The issue is with new installs of 7.1. The “gsan-port” file is missing from the “/usr/local/avamar/lib/admin/security” directory. Here are the steps to recreate this file.
su to the dpn user.
su – dpn
ssh-agent bash
ssh-add ~/.ssh/dpnid
create the “gsan-port” config file.
vi /usr/local/avamar/lib/admin/security/gsan-port
Insert this on the first line.
GSAN_PLAIN_TEXT=’27000,’
Save and close the config file. If using a multi-node grid; this must be created on the utility node and all the storage nodes.
You can quickly copy the configuration file to all the nodes with scp on the internal network or use the “mapall” command.
cd /usr/local/avamar/lib/admin/security
scp gsan-port 192.168.255.2:/usr/local/avamar/lib/admin/security
scp gsan-port 192.168.255.3:/usr/local/avamar/lib/admin/security
scp gsan-port 192.168.255.4:/usr/local/avamar/lib/admin/security
Restart the firewall services.
service avfirewall restart
Make sure to restart the services on the storage nodes as well if using a multi-node grid. Here is how to do all the nodes at once.
mapall –noerror –all+ –user=root ‘service avfirewall restart’
To quickly test that it worked, open a telnet session on port 27000 from a utility node to a local storage node or from the utility node to the target node. Once a connection is confirmed, retry an unencrypted backup. Hopefully this will save you a few hours of head banging wondering why your backup is busted.
No comments:
Post a Comment