Bacula-users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Bacula-users] Encryption keys location

2012-02-02 14:42:32
Subject: [Bacula-users] Encryption keys location
From: DMS <bacula-forum AT backupcentral DOT com>
To: bacula-users AT lists.sourceforge DOT net
Date: Thu, 02 Feb 2012 11:40:44 -0800 
Got it figured out. I'll post what I did just in case anyone goes looking for 
it.



On my windows client I added the bold part to c:\Program 
Files\Bacula\bacula-fd.conf

#
# Default  Bacula File Daemon Configuration file
#
#  For Bacula release 5.2.3 (12/16/11) -- Windows MinGW32
#
# There is not much to change here except perhaps the
# File daemon Name
#

#
# "Global" File daemon configuration specifications
#
FileDaemon {                            # this is me
  Name = wolffish-fd
  FDport = 9102                # where we listen for the director
  WorkingDirectory = "C:\\Program Files\\Bacula\\working"
  Pid Directory = "C:\\Program Files\\Bacula\\working"
# Plugin Directory = "C:\\Program Files\\Bacula\\plugins"
  Maximum Concurrent Jobs = 10

   PKI Signatures = Yes            # Enable Data Signing
   PKI Encryption = Yes            # Enable Data Encryption
   PKI Keypair = "c:\\Program Files\\Bacula\\wolffish keys\\fd-wolffish.pem"    
# Public and Private Keys
   PKI Master Key = "c:\\Program Files\\Bacula\\wolffish keys\\master.cert"    
# ONLY the Public Key
}


On my Ubuntu server, I added the bold part to /etc/bacula/bacula-fd.conf


#
# "Global" File daemon configuration specifications
#
FileDaemon {                          # this is me
  Name = ubunback-fd
  FDport = 9102                  # where we listen for the director
  WorkingDirectory = /var/lib/bacula
  Pid Directory = /var/run/bacula
  Maximum Concurrent Jobs = 20
  FDAddress = 0.0.0.0

   PKI Signatures = Yes            # Enable Data Signing
   PKI Encryption = Yes            # Enable Data Encryption
   PKI Keypair = "/etc/bacula/fd-wolffish.pem"    # Public and Private Keys
   PKI Master Key = "/etc/bacula/master.cert"    # ONLY the Public Key
}


And just to verify, I ran an incremental on the client and got:

ubunback-dir Start Backup JobId 593, Job=Wolffish.2012-02-02_10.42.14_12
 Using Device "WolfFish"
ubunback-sd Volume "WolfFish0046" previously written, moving to end of data.
 Ready to append to end of Volume "WolfFish0046" size=60850511670
ubunback-sd Job write elapsed time = 00:06:22, Transfer rate = 223.0 K 
Bytes/second
ubunback-dir Bacula ubunback-dir 5.0.1 (24Feb10): 02-Feb-2012 10:48:40
  Build OS:               i486-pc-linux-gnu ubuntu 10.04
  JobId:                  593
  Job:                    Wolffish.2012-02-02_10.42.14_12
  Backup Level:           Incremental, since=2012-01-28 07:31:08
  Client:                 "wolffish-fd" 5.2.3 (16Dec11) Microsoft Windows XP 
Professional Service Pack 3 (build 2600),Cross-compile,Win32
  FileSet:                "DATAWolffish" 2011-12-30 23:05:00
  Pool:                   "WolfFish" (From Job resource)
  Catalog:                "MyCatalog" (From Client resource)
  Storage:                "WolfFish" (From Job resource)
  Scheduled time:         02-Feb-2012 10:42:14
  Start time:             02-Feb-2012 10:42:17
  End time:               02-Feb-2012 10:48:40
  Elapsed time:           6 mins 23 secs
  Priority:               10
  FD Files Written:       923
  SD Files Written:       923
  FD Bytes Written:       84,850,935 (84.85 MB)
  SD Bytes Written:       85,211,115 (85.21 MB)
  Rate:                   221.5 KB/s
  Software Compression:   86.5 %
  VSS:                    yes
  Encryption:             yes
  Accurate:               no
  Volume name(s):         WolfFish0046
  Volume Session Id:      1
  Volume Session Time:    1328203629
  Last Volume Bytes:      60,935,930,677 (60.93 GB)
  Non-fatal FD errors:    0
  SD Errors:              0
  FD termination status:  OK
  SD termination status:  OK
  Termination:            Backup OK
 Begin pruning Jobs older than 20 days .
 No Jobs found to prune.
 Begin pruning Jobs.
 No Files found to prune.
 End auto prune.

I was also able to restore and open a file with no issues afterwards as well.

Also, a heads up, when you create a cert with openssl, the default time that it 
is good for is only 30 days unless you specify otherwise. If you are following 
the instructions at 
http://www.bacula.org/en/dev-manual/main/main/Data_Encryption.html, then you 
can change the line:

openssl req -new -key master.key -x509 -out master.cert  

to

openssl req -new -key master.key -x509 -days 730 -out master.cert

That will make your cert good for 2 years as an example. You can do the same 
with:

openssl req -new -key fd-example.key -x509 -out fd-example.cert

as well

Hopefully this will help someone else.

+----------------------------------------------------------------------
|This was sent by rmcgee AT teamdms DOT com via Backup Central.
|Forward SPAM to abuse AT backupcentral DOT com.
+----------------------------------------------------------------------



------------------------------------------------------------------------------
Keep Your Developer Skills Current with LearnDevNow!
The most comprehensive online learning library for Microsoft developers
is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
Metro Style Apps, more. Free future releases when you subscribe now!
http://p.sf.net/sfu/learndevnow-d2d
_______________________________________________
Bacula-users mailing list
Bacula-users AT lists.sourceforge DOT net
https://lists.sourceforge.net/lists/listinfo/bacula-users
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Bacula-users] Date / Time Specification issue, Mike Roberts
Next by Date:  Re: [Bacula-users] Bacula 5.2.5 and Mac, Mike Hobbs
Previous by Thread:  [Bacula-users] Encryption keys location, DMS
Next by Thread:  Re: [Bacula-users] backupé sur des cartouche spécifique, Philippe Chauvat
Indexes:  [Date] [Thread] [Top] [All Lists]