Re: [Bacula-users] bacula TLS help
2013-12-17 10:21:31
Hello Ana,
Yes! This worked! I am now finally backing up the localhost and remote client with TLS. Using the method you describe here. I wanted to follow up with the list so that everyone can benefit from this knowledge.
Just to be clear I was able to connect to the remote client (verified with 'st client'), backup the remote client and then do a restore.
Thanks again! Tim
I think the correct way is: 1) generate the key pairs on remote client (rsa keys)
2) generate CSR on remote client 3) copy/move remote client CSR to director (your CA) 4) from CSR, generate signed .crt (this is your remote client certificate signed by CA) 5) copy/move the .crt file from director to your remote client
Hope this solves your problem :) # Client (File Services) to backup
Client Client { Name = beta.jokefire.com
Address Address = beta.jokefire.com
FDPort FDPort = 9102
Catalog = JokefireCatalog
Password Password = "secret" # password for
File Retention File Retention = 14 days # 14 days
Job Retention Job Retention = 14d # 14 days
AutoPrune AutoPrune = yes # Prune expired Jobs/Files
TLS Certificate TLS Certificate = /etc/pki/tls/certs/ops.jokefire.com.pem
TLS Key TLS Key = /etc/pki/tls/private/ops.jokefire.com.key
TLS CA Certificate File TLS CA Certificate File = /etc/pki/CA/certs/ca.crt
TLS Enable TLS Enable = yes
TLS Require TLS Require = yes
} And, in your bacula-fd.conf, the definitions you have to put them only in the "Director" section. And you have to put the beta.jokefire.com certificate and key. That means that your client beta.jokefire.com will use these certificate and key to communicate with your ops.jokefire.com director:
Director { Name = ops.jokefire.com
Password = "secret"
TLS Require = yes TLS Verify Peer = yes TLS Allowed CN = "" TLS Key = /etc/pki/tls/private/beta.jokefire.com.key
TLS CA Certificate File = /etc/pki/CA/certs/ca.crt
}
# # Restricted Director, used by tray-monitor to get the
# status of the file daemon # Director { Name = cloud-mon
Password = "secret"
Monitor = yes }
# # "Global" File daemon configuration specifications
# FileDaemon { # this is me Name = beta.jokefire.com
FDport = 9102 # where we listen for the director WorkingDirectory = /var/bacula
Pid Directory = /var/run Maximum Concurrent Jobs = 20
} Hope this works now :)
------------------------------------------------------------------------------
Rapidly troubleshoot problems before they affect your business. Most IT
organizations don't have a clear picture of how application performance
affects their revenue. With AppDynamics, you get 100% visibility into your
Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics Pro!
http://pubads.g.doubleclick.net/gampad/clk?id=84349831&iu=/4140/ostg.clktrk _______________________________________________
Bacula-users mailing list
Bacula-users AT lists.sourceforge DOT net
https://lists.sourceforge.net/lists/listinfo/bacula-users
|
|
|