Re: [Bacula-users] bacula TLS help
2013-12-06 22:40:05
Hello Ana/All, I have some progress to report. Last night I was able to follow the steps that were provided by Ana to recreate the certs. That got me as far as logging into bconsole:
[root@ops:~] #bconsole
Connecting to Director ops.jokefire.com:9101
1000 OK: ops.jokefire.com Version: 5.2.13 (19 February 2013)
Enter a period to cancel a command.
*
And I can connect to the client:
*st client
Automatically selected Client: ops.jokefire.com
Connecting to Client ops.jokefire.com at ops.jokefire.com:9102
ops.jokefire.com Version: 5.2.13 (19 February 2013) x86_64-unknown-linux-gnu redhat
Daemon started 06-Dec-13 22:12. Jobs: run=0 running=0.
Heap: heap=262,144 smbytes=26,654 max_bytes=26,801 bufs=72 max_bufs=73
Sizeof: boffset_t=8 size_t=8 debug=0 trace=0
Running Jobs:
Director connected at: 06-Dec-13 22:16
No Jobs running.
====
Terminated Jobs:
JobId Level Files Bytes Status Finished Name
======================================================================
86 Full 249,198 6.704 G OK 01-Dec-13 03:20 ops.jokefire.com
90 Full 1 377.4 M OK 01-Dec-13 09:33 Jokefire_BackupCatalog
93 Incr 0 0 Error 02-Dec-13 12:54 ops.jokefire.com
1 Full 249,265 6.711 G OK 03-Dec-13 03:22 ops.jokefire.com
5 Full 1 170.1 M OK 03-Dec-13 15:45 Jokefire_BackupCatalog
6 Incr 18,175 847.8 M OK 04-Dec-13 03:32 ops.jokefire.com
10 Full 1 197.0 M OK 04-Dec-13 05:48 Jokefire_BackupCatalog
11 Incr 1,127 728.2 M OK 05-Dec-13 03:08 ops.jokefire.com
15 Full 1 215.5 M OK 05-Dec-13 03:47 Jokefire_BackupCatalog
19 12 1.497 K OK 06-Dec-13 21:55 RestoreFiles
====
It does seem at this point, however, that my celebration was a bit premature.
What I've done is scale down my normal backups to just the localhost on which bacula is running. Once I am able to take a full backup and perform a restore I will consider it a success. I should not have run a victory lap short of achieving this.
Because the next backup I tried to run produced this result: 06-Dec 22:13 ops.jokefire.com JobId 2: Error: Bacula ops.jokefire.com 5.2.13 (19Jan13):
Build OS: x86_64-unknown-linux-gnu redhat
JobId: 2
Job: ops.jokefire.com.2013-12-06_22.13.41_04
Backup Level: Full
Client: "ops.jokefire.com" 5.2.13 (19Jan13) x86_64-unknown-linux-gnu,redhat,
FileSet: "Full Set" 2013-12-06 22:13:12
Pool: "Default" (From Job resource)
Catalog: "JokefireCatalog" (From Client resource)
Storage: "File" (From Job resource)
Scheduled time: 06-Dec-2013 22:13:33
Start time: 06-Dec-2013 22:13:43
End time: 06-Dec-2013 22:13:43
Elapsed time: 0 secs
Priority: 10
FD Files Written: 0
SD Files Written: 0
FD Bytes Written: 0 (0 B)
SD Bytes Written: 0 (0 B)
Rate: 0.0 KB/s
Software Compression: None
VSS: no
Encryption: no
Accurate: no
Volume name(s):
Volume Session Id: 0
Volume Session Time: 0
Last Volume Bytes: 0 (0 B)
Non-fatal FD errors: 1
SD Errors: 0
FD termination status:
SD termination status:
Termination: *** Backup Error ***
*
So dear friends, I was hoping to run my configs by you one more time (hopefully the last) in an attempt to troubleshoot this problem.
These are my cert files:
-r-------- 1 bacula bacula 2.2K Dec 5 21:20 /etc/pki/CA/certs/ca.crt
-r-------- 1 bacula bacula 1.9K Dec 5 21:20 /etc/pki/tls/certs/ops.jokefire.com.crt
-r-------- 1 bacula bacula 3.2K Dec 5 21:20 /etc/pki/tls/private/ops.jokefire.com.key
This is the state my configs were in during my last attempt. I have not yet reverted to the working configs.
bacula-dir.conf
Director { # define myself
Name = ops.jokefire.com
DIRport = 9101 # where we listen for UA connections
QueryFile = "/etc/bacula/query.sql"
WorkingDirectory = "/var/spool/bacula"
PidDirectory = "/var/run"
Maximum Concurrent Jobs = 1
Password = "secret" # Console password
Messages = Daemon
TLS Certificate = /etc/pki/tls/certs/ops.jokefire.com.crt
TLS Key = /etc/pki/tls/private/ops.jokefire.com.key
TLS CA Certificate File = /etc/pki/CA/certs/ca.crt
TLS Enable = yes
TLS Require = yes
}
# Client (File Services) to backup
Client {
Name = ops.jokefire.com
Address = ops.jokefire.com
FDPort = 9102
Catalog = JokefireCatalog
Password = "secret" # password for FileDaemon
File Retention = 14 days # 14 days
Job Retention = 14d # 14 days
AutoPrune = yes # Prune expired Jobs/Files
TLS Certificate = /etc/pki/tls/certs/ops.jokefire.com.crt
TLS Key = /etc/pki/tls/private/ops.jokefire.com.key
TLS CA Certificate File = /etc/pki/CA/certs/ca.crt
TLS Enable = yes
TLS Require = yes
}
Storage {
Name = File
# Do not use "localhost" here
Address = ops.jokefire.com # N.B. Use a fully qualified name here
SDPort = 9103
Password = "secret"
Device = FileStorage
Media Type = File
}
Console {
Name = ops.jokefire.com
Password = "secret"
CommandACL = status, .status
}
bacula-fd
Director {
Name = ops.jokefire.com
Password = "secret"
TLS Certificate = /etc/pki/tls/certs/ops.jokefire.com.crt
TLS Key = /etc/pki/tls/private/ops.jokefire.com.key
TLS CA Certificate File = /etc/pki/CA/certs/ca.crt
TLS Enable = yes
TLS Require = yes
}
FileDaemon { # this is me
Name = ops.jokefire.com
FDport = 9102 # where we listen for the director
WorkingDirectory = /var/bacula
Pid Directory = /var/run
Maximum Concurrent Jobs = 20
TLS Certificate = /etc/pki/tls/certs/ops.jokefire.com.crt
TLS Key = /etc/pki/tls/private/ops.jokefire.com.key
TLS CA Certificate File = /etc/pki/CA/certs/ca.crt
TLS Enable = yes
TLS Require = yes
} bacula-sd.conf
Storage { # definition of myself
Name = ops.jokefire.com
SDPort = 9103 # Director's port
WorkingDirectory = "/var/spool/bacula"
Pid Directory = "/var/run"
Maximum Concurrent Jobs = 20
TLS Certificate = /etc/pki/tls/certs/ops.jokefire.com.crt
TLS Key = /etc/pki/tls/private/ops.jokefire.com.key
TLS CA Certificate File = /etc/pki/CA/certs/ca.crt
TLS Enable = yes
TLS Require = yes
}
Director {
Name = ops.jokefire.com
Password = "secret"
TLS Certificate = /etc/pki/tls/certs/ops.jokefire.com.crt
TLS Key = /etc/pki/tls/private/ops.jokefire.com.key
TLS CA Certificate File = /etc/pki/CA/certs/ca.crt
TLS Enable = yes
TLS Require = yes
#Monitor = yes
}
bconsole.conf
Director {
Name = ops.jokefire.com
DIRport = 9101
address = ops.jokefire.com
Password = "secret"
TLS Certificate = /etc/pki/tls/certs/ops.jokefire.com.crt
TLS Key = /etc/pki/tls/private/ops.jokefire.com.key
TLS CA Certificate File = /etc/pki/CA/certs/ca.crt
TLS Enable = yes
TLS Require = yes
} I would once again appreciate any help or advice anyone has to offer on how best to proceed from here.
Best,
Tim
------------------------------------------------------------------------------
Sponsored by Intel(R) XDK
Develop, test and display web and hybrid apps with a single code base.
Download it for free now!
http://pubads.g.doubleclick.net/gampad/clk?id=111408631&iu=/4140/ostg.clktrk _______________________________________________
Bacula-users mailing list
Bacula-users AT lists.sourceforge DOT net
https://lists.sourceforge.net/lists/listinfo/bacula-users
|
|
|