[Bacula-users] Bacula TLS issue
2009-07-27 06:24:16
Hi
I have issue with TLS on bacula-fd 3.0.2/3.0.1.
I downloaded sources from sources and compiled them with ssl enabled:
root@5-MeO-DMT:/home/yuri/bacula/bacula-3.0.1# ./configure
--enable-client-only --with-openssl
root@5-MeO-DMT:/home/yuri/bacula/bacula-3.0.1# make
root@5-MeO-DMT:/home/yuri/bacula/bacula-3.0.1# make install
to prevent issues with certificates/ typos in config files i used config
files from already running node:
bacula-fd.conf bconsole.conf ca.crt pki_keypair.pem pki_master.cert
pki_master.key proxy.crt proxy.key proxy.req
root@5-MeO-DMT:/home/yuri/bconf# cat bacula-fd.conf
#
# Default Bacula File Daemon Configuration file
#
# For Bacula release 1.36.3 (22 April 2005) -- gentoo 1.12.6
#
# There is not much to change here except perhaps the
# File daemon Name to
#
#
# List Directors who are permitted to contact this File daemon
#
# Restricted Director, used by tray-monitor to get the
# status of the file daemon
#
Director {
Name = hirudegarn-mon
Password = "XXXXX"
Monitor = yes
}
Director {
Name = hirudegarn-dir
Password = "XXXXXX"
TLS Enable = yes
TLS Require = yes
TLS Verify Peer = yes
TLS Allowed CN = "hirudegarn.local"
TLS CA Certificate File = /etc/bacula/ca.crt
TLS Key = /etc/bacula/proxy.key
TLS Certificate = /etc/bacula/proxy.crt
}
#
#
# "Global" File daemon configuration specifications
#
FileDaemon { # this is me
Name = kerberos-fd
FDport = 9102 # where we listen for the director
WorkingDirectory = /var/bacula
Pid Directory = /var/run
Maximum Concurrent Jobs = 20
TLS Enable = yes
TLS Require = yes
TLS CA Certificate File = /etc/bacula/ca.crt
TLS Key = /etc/bacula/proxy.key
TLS Certificate = /etc/bacula/proxy.crt
PKI Signatures = Yes # Enable Data Signing
PKI Encryption = Yes # Enable Data Encryption
PKI Keypair = "/etc/bacula/pki_keypair.pem" # Public and Private Keys
PKI Master Key = "/etc/bacula/pki_master.cert" # ONLY the Public Key
}
# Send all messages except skipped files back to Director
Messages {
Name = Daemon
director = kerberos-dir = all, !skipped
}
root@5-MeO-DMT:/home/yuri/bconf# ls -la /etc/bacula/ca.crt
/etc/bacula/proxy.key /etc/bacula/proxy.crt
-rw------- 1 root root 25 2008-03-19 00:00 /etc/bacula/ca.crt
-rw------- 1 root root 3885 2008-06-21 00:00 /etc/bacula/proxy.crt
-rw------- 1 root root 891 2007-06-21 00:00 /etc/bacula/proxy.key
root@5-MeO-DMT:/home/yuri/bconf#
root@5-MeO-DMT:/home/yuri/bconf# bacula-fd /home/yuri/bconf/bacula-fd.conf
27-Jul 11:55 kerberos-fd: Fatal Error at filed.c:365 because:
Failed to initialize TLS context for File daemon "kerberos-fd" in
/home/yuri/bconf/bacula-fd.conf.
27-Jul 11:55 kerberos-fd: ERROR in filed.c:209 Please correct
configuration file: /home/yuri/bconf/bacula-fd.conf
root@5-MeO-DMT:/home/yuri/bconf#
root@5-MeO-DMT:/home/yuri/bconf# ldd /sbin/bacula-fd
linux-gate.so.1 => (0xffffe000)
libz.so.1 => /usr/lib/libz.so.1 (0xb7fac000)
libbacfind.so.1 => /usr/lib/libbacfind.so.1 (0xb7fa0000)
libbacpy.so.1 => /usr/lib/libbacpy.so.1 (0xb7f9d000)
libbaccfg.so.1 => /usr/lib/libbaccfg.so.1 (0xb7f96000)
libbac.so.1 => /usr/lib/libbac.so.1 (0xb7f4e000)
libpthread.so.0 => /lib/tls/i686/cmov/libpthread.so.0 (0xb7f3c000)
libdl.so.2 => /lib/tls/i686/cmov/libdl.so.2 (0xb7f39000)
libssl.so.0.9.8 => /usr/lib/i686/cmov/libssl.so.0.9.8 (0xb7efb000)
libcrypto.so.0.9.8 => /usr/lib/i686/cmov/libcrypto.so.0.9.8
(0xb7dcb000)
libstdc++.so.6 => /usr/lib/libstdc++.so.6 (0xb7cf6000)
libm.so.6 => /lib/tls/i686/cmov/libm.so.6 (0xb7cd4000)
libgcc_s.so.1 => /lib/libgcc_s.so.1 (0xb7cca000)
libc.so.6 => /lib/tls/i686/cmov/libc.so.6 (0xb7b9b000)
/lib/ld-linux.so.2 (0xb7fc9000)
root@5-MeO-DMT:/home/yuri/bconf#
It is on ubuntu server
root@5-MeO-DMT:/home/yuri/bconf# uname -a
Linux 5-MeO-DMT 2.6.15-52-server #1 SMP Wed Oct 22 19:58:08 UTC 2008
i686 GNU/Linux
root@5-MeO-DMT:/home/yuri/bconf#
Can you please advice me how to identify where exactly is problem ? i
tried to increase debug level to higher values (even to 99), without
success.
Can this be solved by downgrading to 2.2.X ?
I run 3.0.0 on director and storage .
Regards
Juraj
------------------------------------------------------------------------------
_______________________________________________
Bacula-users mailing list
Bacula-users AT lists.sourceforge DOT net
https://lists.sourceforge.net/lists/listinfo/bacula-users
|
<Prev in Thread] |
Current Thread |
[Next in Thread> |
- [Bacula-users] Bacula TLS issue,
Juraj Pisar <=
|
|
|