Bacula-users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Bacula-users] switching to data encryption

2013-01-05 15:04:50
Subject: Re: [Bacula-users] switching to data encryption
From: lst_hoe02 AT kwsoft DOT de
To: bacula-users AT lists.sourceforge DOT net
Date: Sat, 05 Jan 2013 21:01:37 +0100 
Zitat von Axel Rau <Axel.Rau AT Chaos1 DOT DE>:

> Hello,
>
> I just turned on data encryption of my existing bacula infrastructure.
> Question: Can I mix unencrypted and encrypted data in a volume, or  
> should I start encryption on new volumes?

You can mix encrypted and unencrypted data without problem. For the SD  
it doesn't matter at all. Be sure to have a disaster plan for your  
keys and well documented (FD) settings, though.


> Test backup:
> ---
> 05-Jan 13:45 chaos1-sd JobId 2280: Ready to append to end of Volume  
> "ZEUS-DAYLY-0004" size=5833955
> 05-Jan 13:45 chaos1-fd JobId 2280: Warning: xattr.c:1150 llistxattr  
> error on file "/private/var/spool/postfix/public/pickup":  
> ERR=Operation not permitted
> 05-Jan 13:45 chaos1-fd JobId 2280: Warning: xattr.c:1150 llistxattr  
> error on file "/private/var/spool/postfix/public/qmgr":  
> ERR=Operation not permitted
> 05-Jan 13:46 chaos1-fd JobId 2280: Warning: Encountered 2 xattr  
> errors while doing backup


These are (Postfix) unix sockets, no idea why xattr spits warnings,  
but has nothing todo with encryption. Maybe it's related to the OS  
used...


> 05-Jan 13:46 chaos1-sd JobId 2280: Elapsed time=00:01:36, Transfer  
> rate=346  Bytes/second
> 05-Jan 13:46 chaos1-dir JobId 2280: Bacula chaos1-dir 5.2.12 (12Sep12):
>   Build OS:               i386-apple-darwin10.8.0 osx 10.8.0
>   JobId:                  2280
>   Job:                    Zeus_Backup.2013-01-05_13.45.13_03
>   Backup Level:           Incremental, since=2013-01-05 12:50:51
>   Client:                 "zeus" 5.2.12 (12Sep12)  
> i386-apple-darwin10.8.0,osx,10.8.0
>   FileSet:                "Zeus Full Set" 2012-03-28 23:56:33
>   Pool:                   "Zeus Inc Backup Pool" (From Job IncPool override)
>   Catalog:                "MyCatalog" (From Client resource)
>   Storage:                "File" (From Job resource)
>   Scheduled time:         05-Jan-2013 13:44:57
>   Start time:             05-Jan-2013 13:45:15
>   End time:               05-Jan-2013 13:46:52
>   Elapsed time:           1 min 37 secs
>   Priority:               10
>   FD Files Written:       33
>   SD Files Written:       33
>   FD Bytes Written:       22,079 (22.07 KB)
>   SD Bytes Written:       33,231 (33.23 KB)
>   Rate:                   0.2 KB/s
>   Software Compression:   42.6 %
>   VSS:                    no
>   Encryption:             yes
>   Accurate:               no
>   Volume name(s):         ZEUS-DAYLY-0004
>   Volume Session Id:      1
>   Volume Session Time:    1357389875
>   Last Volume Bytes:      5,869,434 (5.869 MB)
>   Non-fatal FD errors:    0
>   SD Errors:              0
>   FD termination status:  OK
>   SD termination status:  OK
>   Termination:            Backup OK

This is the important part: "Backup OK"


> ---
> Restore:
> ---
> 05-Jan 13:48 chaos1-dir JobId 2281: Start Restore Job  
> Zeus_Restore_Files.2013-01-05_13.48.23_04
> 05-Jan 13:48 chaos1-dir JobId 2281: Using Device "FileStorage"
> 05-Jan 13:48 chaos1-sd JobId 2281: Ready to read from volume  
> "ZEUS-DAYLY-0004" on device "FileStorage" (/UV0/bacula).
> 05-Jan 13:48 chaos1-sd JobId 2281: Forward spacing Volume  
> "ZEUS-DAYLY-0004" to file:block 0:5833955.
> 05-Jan 13:48 chaos1-fd JobId 2281: -rw-r-----   1 root     wheel      
>      16384 2013-01-05 13:37:55   
> /usr/local/bacula/restore/private/etc/aliases.db
> 05-Jan 13:48 chaos1-sd JobId 2281: End of Volume at file 0 on device  
> "FileStorage" (/UV0/bacula), Volume "ZEUS-DAYLY-0004"
> 05-Jan 13:48 chaos1-sd JobId 2281: End of all volumes.
> 05-Jan 13:48 chaos1-fd JobId 2281: Error: openssl.c:86 OpenSSL  
> digest Verify final failed: ERR=error:04077068:rsa  
> routines:RSA_verify:bad signature
> 05-Jan 13:48 chaos1-fd JobId 2281: Error: restore.c:1246 Signature  
> validation failed for file  
> /usr/local/bacula/restore/private/etc/aliases.db: ERR=Signature is  
> invalid

Maybe mixed encrypted and unencrypted data within on Job/Pool. If you  
have switched on encryption/signatures at FD you will not be able to  
restore unsigned data, not sure about unencrypted but i guess it also  
does not work. So you should first do a full, than try to restore.

Regards

Andreas




------------------------------------------------------------------------------
Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS,
MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current
with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft
MVPs and experts. SALE $99.99 this month only -- learn more at:
http://p.sf.net/sfu/learnmore_122912
_______________________________________________
Bacula-users mailing list
Bacula-users AT lists.sourceforge DOT net
https://lists.sourceforge.net/lists/listinfo/bacula-users
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Bacula-users] switching to data encryption, Axel Rau
Next by Date:  Re: [Bacula-users] switching to data encryption, Axel Rau
Previous by Thread:  [Bacula-users] switching to data encryption, Axel Rau
Next by Thread:  Re: [Bacula-users] switching to data encryption, Axel Rau
Indexes:  [Date] [Thread] [Top] [All Lists]