Unsolved
This post is more than 5 years old
2 Posts
0
10749
Configuring ESRS and Isilon
We are running ESRS 2.28 and Isilon 7.2
Firewall Ports 443 and 8118 are opened outbound from the cluster subnet to the GW and ports 22 and 8080 opened for inbound traffic from the GW to the Isilon subnet.
We try to run the command isi_gather_info --esrs for sending logs to EMC but the command fails connecting to the ESRS gateway.
Our Firewall support engineers see a connection to the ESRS but the server is not responding.
Is there anything that needs to be done on the ESRS to accept the connection?
Kathy
Manabu_Ito
94 Posts
0
November 9th, 2014 08:00
Hello
Could you kindly tell me your ESRS GW server goes trough customer proxy server to connect to the Internet?
KHerrick
2 Posts
0
November 10th, 2014 06:00
No it does not.
Manabu_Ito
94 Posts
0
November 10th, 2014 07:00
Hi
Isi gather info shows also log file size.
please find "Content-Length"
Content-Length: xxxxxxxxxx
NP to share your log, please attach it here (please delete S/Ns)
Manabu_Ito
94 Posts
0
November 10th, 2014 07:00
Thanks.
When you run isi_gather_info --esrs command, isilon directly sends log file to EMC and GW server pretends as proxy server.
Could you please also check below?
(1) log file size (Isi_gather_info log size would grow too large to send to EMC direclty.)
(2) Gateway proxy service is running or not. (Gateway proxy service is for proxy server)
If gateway proxy service in your Gateway server would ruuninng, the issue would be caused by log file size
nakasy1
4 Posts
0
March 2nd, 2016 02:00
Hi
I faced same issue.
< HTTP/1.1 503 Connect failed
< Content-Length: 7667
This size is too large?
ESRS 2.8 + Isilon 7.1.1.7 environment.
TyfoidKid
55 Posts
0
April 7th, 2016 14:00
Looking like there's a file size limit. I've been passed from the ESRS Support team back to Isilon but not sure what good that will do. A full gather on our clusters is over 5Gb
Content-Length: 6400367646
so . . . . who didn't see this coming?
nakasy1
4 Posts
1
April 7th, 2016 20:00
I fixed this issue refer to following KB.
https://support.emc.com/kb/463288
Regards,
TyfoidKid
55 Posts
0
April 8th, 2016 04:00
That would be great. But I'm getting the 'you're not allowed to view this content' message when I click that link. Hopefully this isn't just extending the timeout value of an http upload on the ESRS GW because I've extended it to 3600 seconds and it still doesn't go.
TyfoidKid
55 Posts
0
April 8th, 2016 08:00
So I had my CE get me the KB article. Are there any examples for the line we're supposed to add to this proxy server that ESRS 3.x has added to the flow?
forward / :
FrankMS
26 Posts
0
April 8th, 2016 09:00
Hi,
If I read your previous posts correct you do not use a proxy for ESRS to connect to the Internet. In this case the forward directive will not help. It instructs the ESRS proxy to use another proxy for connection to EMC. Your firewall team found that the ESRS VM is not responding to a connection request from the isi_gather_info script. Please login to the VM as root and issue
netstat -anp | grep :8118
The result should be similar to
tcp 0 0.0.0.0:8118 0.0.0.0:* LISTEN 3423/privoxy
If the process is not there you need to try to start the service esrsclientproxy. If this does not help please open a service request with EMC, then we will need to look deeper into this
Regards
TyfoidKid
55 Posts
0
April 8th, 2016 11:00
Correct. We do not pipe ESRS through a proxy host. The host is hardened to allow only EMC ip address' to talk to it. I do have a ticket open and the person from the ESRS team has punted it to Isilon support with the only solution being offered it so increase a timeout value in the Connectemc_config.xml file in /opt/connectecmVE/ directory. That has had no effect.
esrs:~ # netstat -anp | grep 8118
tcp 0 0 0.0.0.0:8118 0.0.0.0:* LISTEN 14961/privoxy
tcp 0 0 127.0.0.1:41952 127.0.0.1:8118 TIME_WAIT -
tcp 0 0 127.0.0.1:41942 127.0.0.1:8118 TIME_WAIT -
tcp 0 0 127.0.0.1:41934 127.0.0.1:8118 TIME_WAIT -
tcp 0 0 127.0.0.1:41959 127.0.0.1:8118 TIME_WAIT -