Storage ftp weirdness

adowns

I am attempting to create a storage node on another sub net across a wan. The servers are Debian 8. So far the installation seems to have gone well. The storage node install was configured via this article for multiple tftp servers. I also setup the locations plugin to split the sub nets so that the storage node and master have control of its own sub net. I can successfully image a client on the master network. I am having issues with the storage replication. When I check the Replication log on the master I see.

[07-04-15 12:09:27 am]  * Starting Image Replication.
[07-04-15 12:09:27 am]  * We are group ID: #1
[07-04-15 12:09:27 am]  * We have node ID: #1
[07-04-15 12:09:27 am]  * Found: 1 other member(s).
[07-04-15 12:09:27 am] 
[07-04-15 12:09:27 am]  * My root: /images
[07-04-15 12:09:27 am]  * Starting Sync.
[07-04-15 12:09:27 am]  * Syncing: TMFog
[07-04-15 12:09:58 am]  * SubProcess -> mirror: Fatal error: max-retries exceeded

[07-04-15 12:09:58 am]  * SubProcess -> 
[07-04-15 12:09:58 am]  * SubProcess -> Complete

This leads me to believe that the ftp on the storage node is broken. I try and ftp to the storage node and this is what I get:

---- Connecting to 172.16.101.30 (172.16.101.30) port 21
<--- 421 Service not available.
---> FEAT
---- Closing control socket

I can connect via ftp on the local host.

root@TMFog:/etc/init.d# lftp localhost -u fog
Password:
lftp fog@localhost:~> dir
drwxr-xr-x    2 1000     1000         4096 Jul 04 00:00 test
lftp fog@localhost:~>

Really Stumped here.

there is a firewall in the mix but I disabled all the rules and then tried to ftp to the server from the firewall and got the same result. There are not any updates to the /va/log/messages log file for these connections, is it writing them somewhere else? Any suggestions would be appreciated. Thank you.

Wayne Workman

You can FTP into the storage node from the storage node, but can’t FTP in from the main FOG server to the storage node?

And you said you turned off the firewall, and still get the same results?

Could you go to the subnet where the storage node is located, and from a computer within that subnet, try to FTP into the storage node?

If you can, this points to a network config issue… which would be really be strange.

If you can not, then I’m doubting that the firewall is really off for the storage node.

Wayne Workman

@adowns Perhaps you have an IP conflict.

adowns

You can FTP into the storage node from the storage node, but can’t FTP in from the main FOG server to the storage node?

That is correct. I can ftp to the localhost but I cannot ftp from outside.

And you said you turned off the firewall, and still get the same results?

I did turn the firewall rules off and tried. No go.

Could you go to the subnet where the storage node is located, and from a computer within that subnet, try to FTP into the storage node?

I created a local Debian Test server, installed lftp, tried to connect, and it still failed.

If you can, this points to a network config issue… which would be really be strange.

If you can not, then I’m doubting that the firewall is really off for the storage node.

I have no ip conflict. This subnet is brand new. The fog server is the first server in there.

Wayne Workman

@adowns said:

I created a local Debian Test server, installed lftp, tried to connect, and it still failed.

That’s not clear. What did you do? My suggestion was just to boot to a linux live CD and just FTP into the fog server FROM the same subnet that the fog server is in.

adowns

Sorry for not being concise. I created a Debian testing server on the same sub net. I was able to ping the storage server from the testing server. From the testing server, I attempted to ftp to the storage fog server but failed with the 421 Service not available.

Wayne Workman

@adowns On your storage node, what is the output of this:

cat /etc/vsftpd.conf;sudo iptables -L

adowns

I figured it out. I am pretty new to linux administration. On the storage server there was an entry in the etc/hosts.deny file that looked like this:

ALL:ALL EXCEPT 127.0.0.1:DENY

Annoyingly there is an entry in the hosts.allow file that allows ssh from anywhere. After commenting out this entry, the ftp connected perfectly from all locations needed. Thank you for your time on this.

Wayne Workman

@adowns added to the wiki: https://wiki.fogproject.org/wiki/index.php/Disable_%26_Verify_Firewall