I am trying to get bacula to run through an SSH tunnel, losely based on
the ssh-tunnel.sh script, but I can't completely figure it out, and
consequently bacula is not working.
My first question: I notice that the ssh-tunnel.sh script forwards ports
9101 and 9103 back to the server, but it does not forward port 9102 to
the FD. How does the director talk to the FD with this script? Note:
reading the README, it seems that this was removed because in a
particular situation, it wasn't needed, but generally I think it is
necessary.
My second question: how does the FD actually find the SD? I see the
recommendation to create a separate SD for that situation, but since
that would also mean using different pools, schedules, and a general
mess, I don't really like that. So I came up with a different approach:
I added the name of the machine that hosts the SD to /etc/hosts and have
it point to 127.0.0.1. Since that machine is behind the firewall and
normally invisible to the client anyway, it shouldn't have any side
effects. Is that going to work?
My third question: I am getting an authentication File Daemon failure
error, even though I double-checked the names and passwords.
The error message in the log file is (and before you ask - I did
double-check that the FD and director names are the same and that both
are using the same password).
JobId 1329: Fatal error: Unable to authenticate with File daemon at
"localhost:9112". Possible causes:
Passwords or names not the same or
Maximum Concurrent Jobs exceeded on the FD or
FD networking messed up (restart daemon).
Please see http://www.bacula.org/rel-manual/faq.html#AuthorizationErrors
for help.
JobId 1329: Error: Bacula XXXX-dir 2.4.2 (26Jul08): 05-Feb-2009 03:05:17
Build OS: xxxx
JobId: 1329
Job: XXXX.2009-02-05_02.36.03
Backup Level: Full
Client: "XXXX-fd"
FileSet: "Linux Full Set" 2009-01-08 19:49:46
Pool: "Full-1-Pool" (From User input)
Storage: "Disk3" (From Pool resource)
Scheduled time: 05-Feb-2009 02:36:19
Start time: 05-Feb-2009 03:05:10
End time: 05-Feb-2009 03:05:17
Elapsed time: 7 secs
Priority: 10
FD Files Written: 0
SD Files Written: 0
FD Bytes Written: 0 (0 B)
SD Bytes Written: 0 (0 B)
Rate: 0.0 KB/s
Software Compression: None
VSS: no
Storage Encryption: no
Volume name(s):
Volume Session Id: 228
Volume Session Time: 1231626007
Last Volume Bytes: 0 (0 B)
Non-fatal FD errors: 0
SD Errors: 0
FD termination status:
SD termination status: Waiting on FD
Termination: *** Backup Error ***
In more detail:
I have a machine called baculasrv.mydomain.local on my internal network
It hosts both the director and the SD, and manages backups for about 10
or so clients on the same network.
I also have currently one machine, and in the future probably two or
three, completely outside the firewall - they need the SSH tunnel. Let's
call that machine pubsrv.mydomain.com.
So I establish an ssh connection as follows:
/usr/bin/ssh -fnCN2 -R 9101:baculasrv.mydomain.local:9101 -R
9103:baculasrv.mydomain.local:9103 -L 9112:localhost:9102
pubsrv.mydomain.com
netstat shows that the correct ports are listening.
Netstat on baculasrv:
> netstat -ltunp | grep '91[01][123]'
tcp 0 0 0.0.0.0:9101 0.0.0.0:*
LISTEN 27867/bacula-dir
tcp 0 0 0.0.0.0:9102 0.0.0.0:*
LISTEN 24311/bacula-fd
tcp 0 0 0.0.0.0:9103 0.0.0.0:*
LISTEN 16758/bacula-sd
tcp 0 0 0.0.0.0:9112 0.0.0.0:*
LISTEN 17764/ssh
Note that I'm using port 9112 to connect to the pubsrv FD - on the
remote end, it connects to 9102, though.
On pubsrv:
> netstat -ltunp | grep '91[01][123]'
tcp 0 0 127.0.0.1:9101
0.0.0.0:* LISTEN 27926/sshd:
tcp 0 0 127.0.0.1:9102
0.0.0.0:* LISTEN 10431/bacula-fd
tcp 0 0 127.0.0.1:9103
0.0.0.0:* LISTEN 27926/sshd:
tcp 0 0 ::1:9101
:::* LISTEN 27926/sshd:
tcp 0 0 ::1:9103
:::* LISTEN 27926/sshd:
Now I modified /etc/hosts on pubsrv as follows to point the SD's
location back to localhost:
127.0.0.1 localhost localhost.localdomain
127.0.0.1 baculasrv.mydomain.local
I was hoping that the FD uses the FQDN to find the SD.
And here are the relevant parts of the configuration files:
pubsrv's bacula-fd.conf:
Director {
Name = XXX-dir
Password = "XXXX"
}
FileDaemon { # this is me
Name = YYY-fd
FDAddress = 127.0.0.1
FDport = 9102 # where we listen for the director
WorkingDirectory = /var/lib/bacula
Pid Directory = /var/run
Maximum Concurrent Jobs = 20
}
Messages {
Name = Standard
director = XXXX-dir = all, !skipped, !restored
}
The relevant parts of bacula-dir.conf on baculasrv:
Client {
Name = YYY-fd
Address = localhost
FDPort = 9112
Catalog = MyCatalog
Password = "XXX"
File Retention = 30 days
Job Retention = 6 months
Maximum Concurrent Jobs = 10
AutoPrune = yes
}
Job {
Name = "YYY"
Client = YYY-fd
Schedule = "WeeklyCycle1"
JobDefs = "Linux Default Job"
Run Before Job = "/usr/local/sbin/nagiosscheduledowntime YYY"
Run Before Job = "/usr/local/sbin/sshBacula start YYY"
Run After Job = "/usr/local/sbin/sshBacula stop YYY"
Run After Failed Job = "/usr/local/sbin/sshBacula stop YYY"
}
Schedule {
Name = "WeeklyCycle1"
Run = Level=Full FullPool=Full-1-Pool DifferentialPool=Diff-1-Pool
IncrementalPool=Inc-1-Pool on 1 at 19:05
Run = Level=Full FullPool=Full-2-Pool DifferentialPool=Diff-2-Pool
IncrementalPool=Inc-2-Pool on 16 at 19:05
Run = Level=Differential FullPool=Full-1-Pool
DifferentialPool=Diff-1-Pool IncrementalPool=Inc-1-Pool on 7 at 19:05
Run = Level=Differential FullPool=Full-2-Pool
DifferentialPool=Diff-2-Pool IncrementalPool=Inc-2-Pool on 22 at 19:05
Run = Level=Incremental FullPool=Full-1-Pool
DifferentialPool=Diff-1-Pool IncrementalPool=Inc-1-Pool on 3-6,8-14 at 19:05
Run = Level=Incremental FullPool=Full-2-Pool
DifferentialPool=Diff-2-Pool IncrementalPool=Inc-2-Pool on 18-21,23-31
at 19:05
}
Pool {
Name = Full-1-Pool
Pool Type = Backup
Storage = Disk3
Maximum Volume Jobs = 1
Recycle = yes
AutoPrune = yes
Volume Retention = 35 days
Label Format = "${Pool}_${NumVols}.bacula"
}
Storage {
Name = Disk3
Address = baculasrv.mydomain.local
SDPort = 9103
Password = "XXXX"
Device = ZZZZZ
Media Type = File
Maximum Concurrent Jobs = 1
}
And the Storage definition:
Storage { # definition of myself
Name = XXXX-sd
SDPort = 9103 # Director's port
WorkingDirectory = "/var/lib/bacula/working"
Pid Directory = "/var/run"
Maximum Concurrent Jobs = 20
}
#
# List Directors who are permitted to contact Storage daemon
#
Director {
Name = XXXX-dir
Password = "XXXX"
}
--
Kevin Keane
Owner
The NetTech
Find the Uncommon: Expert Solutions for a Network You Never Have to Think About
Office: 866-642-7116
http://www.4nettech.com
This e-mail and attachments, if any, may contain confidential and/or
proprietary information. Please be advised that the unauthorized use or
disclosure of the information is strictly prohibited. The information herein is
intended only for use by the intended recipient(s) named above. If you have
received this transmission in error, please notify the sender immediately and
permanently delete the e-mail and any copies, printouts or attachments thereof.
------------------------------------------------------------------------------
Create and Deploy Rich Internet Apps outside the browser with Adobe(R)AIR(TM)
software. With Adobe AIR, Ajax developers can use existing skills and code to
build responsive, highly engaging applications that combine the power of local
resources and data with the reach of the web. Download the Adobe AIR SDK and
Ajax docs to start building applications today-http://p.sf.net/sfu/adobe-com
_______________________________________________
Bacula-users mailing list
Bacula-users AT lists.sourceforge DOT net
https://lists.sourceforge.net/lists/listinfo/bacula-users
|
