Restore completado a las 3 de la mañana
06-Mar 00:47 srv-backup05-sd JobId 96529: End of Volume at file 720 on device
"Drive-1" (/dev/st1), Volume "HMN538L4"
06-Mar 00:48 srv-backup05-sd JobId 96529: 3307 Issuing autochanger "unload slot
15, drive 0" command.
06-Mar 00:49 srv-backup05-sd JobId 96529: 3307 Issuing autochanger "unload slot
38, drive 1" command.
06-Mar 00:51 srv-backup05-sd JobId 96529: 3304 Issuing autochanger "load slot
38, drive 0" command.
06-Mar 00:52 srv-backup05-sd JobId 96529: 3305 Autochanger "load slot 38, drive
0", status is OK.
06-Mar 00:52 srv-backup05-sd JobId 96529: Ready to read from volume "HMN504L4"
on device "Drive-1" (/dev/st1).
06-Mar 00:52 srv-backup05-sd JobId 96529: Forward spacing Volume "HMN504L4" to
file:block 670:7296.
06-Mar 03:59 srv-backup05-dir JobId 96529: Bacula srv-backup05-dir 5.0.3
(04Aug10): 06-Mar-2012 03:59:26
Build OS: x86_64-unknown-linux-gnu redhat
JobId: 96529
Job: RestoreFiles.2012-03-05_20.25.15_50
Restore Client: VM00294-macbavmex10be1-fd
Start time: 05-Mar-2012 20:37:25
End time: 06-Mar-2012 03:59:26
Files Expected: 47
Files Restored: 47
Bytes Restored: 442,606,025,280
Rate: 16688.9 KB/s
FD Errors: 0
FD termination status: OK
SD termination status: OK
Termination: Restore OK
----- Mensaje original -----
De: bacula-users-request AT lists.sourceforge DOT net
Para: bacula-users AT lists.sourceforge DOT net
Enviados: Martes, 6 de Marzo 2012 3:53:41
Asunto: Bacula-users Digest, Vol 71, Issue 5
Send Bacula-users mailing list submissions to
bacula-users AT lists.sourceforge DOT net
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.sourceforge.net/lists/listinfo/bacula-users
or, via email, send a message with subject or body 'help' to
bacula-users-request AT lists.sourceforge DOT net
You can reach the person managing the list at
bacula-users-owner AT lists.sourceforge DOT net
When replying, please edit your Subject line so it is more specific
than "Re: Contents of Bacula-users digest..."
Today's Topics:
1. Re: LTO media type mixup (John Drescher)
2. NDMP Plugin coming to community release? (Mingus Dew)
3. Re: LTO media type mixup (mark.bergman AT uphs.upenn DOT edu)
4. Re: Multi-cores compression (Alex Crow)
5. Deduplication / Base jobs (Julien S)
6. Re: Override Next Pool (Tim Krieger)
7. Re: LTO media type mixup (Alan Brown)
8. Tape management question (DMS)
9. Re: Multi-cores compression (Alan Brown)
10. Re: Tape management question (Kleber Leal)
11. TLS Causes SegFault on bacula-dir. (Rob Becker)
12. Mysterious Director authentication failures (Phil Stracchino)
----------------------------------------------------------------------
Message: 1
Date: Mon, 5 Mar 2012 11:05:28 -0500
From: John Drescher <drescherjm AT gmail DOT com>
Subject: Re: [Bacula-users] LTO media type mixup
To: Tilman Schmidt <t.schmidt AT phoenixsoftware DOT de>
Cc: Adrian Reyer <bacula-lists AT lihas DOT de>, Alan Brown
<ajb2 AT mssl.ucl.ac DOT uk>, bacula-users AT lists.sourceforge DOT
net
Message-ID:
<CAEhu1-7o4HQEaUPcPFwaLNmLBns9Egbaes9DbMM0YpGtN4hwbA AT mail.gmail DOT
com>
Content-Type: text/plain; charset=ISO-8859-1
On Mon, Mar 5, 2012 at 10:44 AM, Tilman Schmidt
<t.schmidt AT phoenixsoftware DOT de> wrote:
> Am 05.03.2012 15:43, schrieb Alan Brown:
>> On 05/03/12 14:17, Adrian Reyer wrote:
>
>>> Well, 'Media Type' is misleading. It is more a 'Media Group'. every
>>> medium in the same group can be requested on every SD that support that
>>> 'Media Group'. It doesn't actually have anything to do with the mediums
>>> capabilities/size.
>>
>> To add confusion, any given bacula drive can only support one media type.
>>
>> The only way around this problem is to define extra drives for each
>> media type supported (ie, LTO5, LTO4 and (read-only) LTO3).
>
> What's wrong with just defining a single media type "LTO" covering all
> generations in use?
>
The problem is that you may want to separate your volumes so bacula
does not want to try to write to an LTO2 tape on an LTO5 drive.
Remember that with LTO drives you can read 2 generations back but only
write 1 generation back.
John
------------------------------
Message: 2
Date: Mon, 5 Mar 2012 12:56:46 -0500
From: Mingus Dew <shon.stephens AT gmail DOT com>
Subject: [Bacula-users] NDMP Plugin coming to community release?
To: bacula-users <bacula-users AT lists.sourceforge DOT net>
Message-ID:
<CAN7=NcihCsUGzRwaqdrBYF0pKF+7AAtCd0rfdLrW3HY3NSHsSQ AT mail.gmail DOT
com>
Content-Type: text/plain; charset=ISO-8859-1
Just wondering if anyone knows if the NDMP plugin will be coming to
the community release of Bacula anytime soon.
Yours,
Shon
------------------------------
Message: 3
Date: Mon, 05 Mar 2012 13:11:26 -0500
From: mark.bergman AT uphs.upenn DOT edu
Subject: Re: [Bacula-users] LTO media type mixup
To: John Drescher <drescherjm AT gmail DOT com>
Cc: Adrian Reyer <bacula-lists AT lihas DOT de>, Alan Brown
<ajb2 AT mssl.ucl.ac DOT uk>, bacula-users AT lists.sourceforge DOT
net
Message-ID: <8157.1330971086@localhost>
Content-Type: text/plain; charset="us-ascii"
In the message dated: Mon, 05 Mar 2012 11:05:28 EST,
The pithy ruminations from John Drescher on
<Re: [Bacula-users] LTO media type mixup> were:
=> On Mon, Mar 5, 2012 at 10:44 AM, Tilman Schmidt
=> <t.schmidt AT phoenixsoftware DOT de> wrote:
=> > Am 05.03.2012 15:43, schrieb Alan Brown:
=> >> On 05/03/12 14:17, Adrian Reyer wrote:
=> >
=> >>> Well, 'Media Type' is misleading. It is more a 'Media Group'. every
=> >>> medium in the same group can be requested on every SD that support that
=> >>> 'Media Group'. It doesn't actually have anything to do with the mediums
=> >>> capabilities/size.
Good explanation. I'd strongly support changing the name of the directive in
the configuration file to something like "Media Group".
=> >>
=> >> To add confusion, any given bacula drive can only support one media type.
=> >>
Yeah.... I guess it would make sense if "Media Group" was a list of supported
strings, not a single value.
In this model, sites with multiple devices (tape libraries, disk storage
arrays, etc) could use multiple media types, with each physical device being
assigned a list of media types (in a "Media Group") that the device can use.
Furthermore, the device definition in bacula-sd.conf could list properties for
each media type. For example:
Device {
Name = lto5-changer
Media Group = LTO3, LTO4, LTO5
Media Options {
LTO3 = ReadOnly
LTO4 = ReadWrite
LTO5 = ReadWrite
}
}
Device {
Name = lto4-changer
Media Group = LTO2, LTO3, LTO4
Media Options {
LTO2 = ReadOnly
LTO3 = ReadWrite
LTO4 = ReadWrite
}
}
Device {
Name = File
Media Group = localNAS, remoteNAS_for_DR
Media Options {
localNAS = ReadWrite
remoteNAS_for_DR = ReadOnly
}
}
=> >> The only way around this problem is to define extra drives for each
=> >> media type supported (ie, LTO5, LTO4 and (read-only) LTO3).
=> >
=> > What's wrong with just defining a single media type "LTO" covering all
=> > generations in use?
=> >
=>
=> The problem is that you may want to separate your volumes so bacula
=> does not want to try to write to an LTO2 tape on an LTO5 drive.
=> Remember that with LTO drives you can read 2 generations back but only
=> write 1 generation back.
When we moved to an LTO4 library, our solution to that issue was to update
the volume status on all the LTO-2 media to "Read-Only" (in the bacula
database, but this could have been done with the physical read-only tab
on each tape). Obviously, this would be a problem if we wanted to use
both the LTO3 and LTO4 libraries.
Thanks,
Mark
=>
=>
=> John
=>
=>
------------------------------------------------------------------------------
=> Try before you buy = See our experts in action!
=> The most comprehensive online learning library for Microsoft developers
=> is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
=> Metro Style Apps, more. Free future releases when you subscribe now!
=> http://p.sf.net/sfu/learndevnow-dev2
=> _______________________________________________
=> Bacula-users mailing list
=> Bacula-users AT lists.sourceforge DOT net
=> https://lists.sourceforge.net/lists/listinfo/bacula-users
=>
------------------------------
Message: 4
Date: Mon, 05 Mar 2012 19:51:32 +0000
From: Alex Crow <acrow AT integrafin.co DOT uk>
Subject: Re: [Bacula-users] Multi-cores compression
To: Alan Brown <ajb2 AT mssl.ucl.ac DOT uk>
Cc: bacula-users <Bacula-users AT lists.sourceforge DOT net>
Message-ID: <4F551944.3040100 AT integrafin.co DOT uk>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
>>
>> What about when you are encrypting? You have to do the compression in
>> Bacula as once you've encrypted the data it can no longer be compressed
>> by the drive (eg for LTO < LTO4 where the drive cannot encrypt.)
>
> Encryption programs generally compress as well in order to increase
> entropy - so any external compression routines will just make things
> slower for no gain.
>
Thanks Alan,
I am specifically addressing the encryption support within Bacula:
http://www.bacula.org/en/dev-manual/main/main/Data_Encryption.html
Does this pre-compress the data, thus rendering the separate compression
redundant? If so, it would be great and probably save us loads of time
(about 1 week to back up about 18TB).
Cheers
Alex
------------------------------
Message: 5
Date: Mon, 5 Mar 2012 21:56:27 +0100
From: Julien S <jusouschi AT free DOT fr>
Subject: [Bacula-users] Deduplication / Base jobs
To: bacula-users AT lists.sourceforge DOT net
Message-ID:
<CAH2u_O-V7Gcab7woo1jA7nuufs=APM8YSv2GVgwb2_mXDvqQiA AT mail.gmail DOT
com>
Content-Type: text/plain; charset="utf-8"
Hi,
I have read and tried to understand "File Deduplication" :
http://www.bacula.org/en/dev-manual/main/main/File_Deduplication_using_Ba.html
But it is not working :
# - POOL: base -----
Pool {
Name = base_backup
Pool Type = Backup
Storage = storage
UseVolumeOnce = yes
Maximum Volume Jobs = 1
Volume Use Duration = 10 hours
Volume Retention = 1 month
Recycle Oldest Volume = yes
Label Format =
"${Job}.${Level:p/4/B/r:l}.${JobId}.${Year}-${Month:p/2/0/r}-${Day:p/2/0/r}"
}
# - POOL: full -----
Pool {
Name = full_backup
Pool Type = Backup
Storage = storage
UseVolumeOnce = yes
Maximum Volume Jobs = 1
Volume Use Duration = 10 hours
Volume Retention = 6 days
Recycle Oldest Volume = yes
Label Format =
"${Job}.${Level:p/4/F/r:l}.${JobId}.${Year}-${Month:p/2/0/r}-${Day:p/2/0/r}"
}
# - POOL: incr -----
Pool {
Name = incr_backup
Pool Type = Backup
Storage = storage
UseVolumeOnce = yes
Maximum Volume Jobs = 1
Volume Use Duration = 10 hours
Volume Retention = 6 days
Recycle Oldest Volume = yes
Label Format =
"${Job}.${Level:p/4/I/r:l}.${JobId}.${Year}-${Month:p/2/0/r}-${Day:p/2/0/r}"
}
# - JOB: base -----
Job {
Name = base_job
Type = Backup
Level = Base
Client = server_one
FileSet = fs_generic
Schedule = 00_base
Pool = base_backup
Max Run Time = 5 hours
Reschedule On Error = yes
Reschedule Interval = 1 hours
# Client Run Before Job = "bash -c '/usr/local/bin/dump_bacula.sh'"
Messages = Standard
}
# - JOB: cycle ----
Job {
Name = full_job
Type = Backup
Level = Incremental
Client = server_one
Base = full_job, base_job
Accurate = yes
FileSet = fs_generic
Schedule = 00_full_incr
Pool = incr_backup
Full Backup Pool = full_backup
Incremental Backup Pool = incr_backup
Max Run Time = 5 hours
Reschedule On Error = yes
Reschedule Interval = 1 hours
Messages = Standard
}
Schedule {
Name = "00_full_incr"
Run = Level=Full mon at 23:00
Run = Level=Incremental tue at 14:30
Run = Level=Incremental wed at 14:30
Run = Level=Full thu at 23:00
Run = Level=Incremental fri at 14:30
Run = Level=Incremental sat at 14:30
Run = Level=Full sun at 23:00
}
Schedule {
Name = "00_base"
Run = Level=Full 1st mon at 23:00
}
FileSet {
Name = "fs_generic"
Include {
Options {
signature = SHA1
basejob = pmugcs1
accurate = mcs
verify = pin1
onefs = no
checkfilechanges = yes
}
File = /etc
File = /root
File = /usr/local
File = /var/backups
File = /var/spool/cron
}
Exclude {
File = .snapshot
File = .journal
File = .fsck
}
}
Base and Full are the same size. I can not find a sample configuration and the
explanatory page is succinct.
Can you help me ?
Thanks in advance.
-------------- next part --------------
An HTML attachment was scrubbed...
------------------------------
Message: 6
Date: Mon, 5 Mar 2012 13:03:31 -0800
From: Tim Krieger <tim.krieger AT neverblue DOT com>
Subject: Re: [Bacula-users] Override Next Pool
To: "'bacula-users AT lists.sourceforge DOT net'"
<bacula-users AT lists.sourceforge DOT net>
Message-ID:
<9892D094D1D1FB47A0775251764E69B5139BF6761D@exchange.NeverblueMedia.local>
Content-Type: text/plain; charset="utf-8"
Very Nice!
Thanks for the pointer, a very elegant work around.
-----Original Message-----
From: Adrian Reyer [mailto:bacula-lists AT lihas DOT de]
Sent: Friday, March 02, 2012 1:04 AM
To: Tim Krieger
Cc: 'bacula-users AT lists.sourceforge DOT net'
Subject: Re: [Bacula-users] Override Next Pool
Hie Tim,
On Thu, Mar 01, 2012 at 02:36:28PM -0800, Tim Krieger wrote:
> All our routine backups are done to disk to keep our backup window small
> Our data is rolled from disk to tape(long term archive) with a migration job
> weekly(file pool recycled after two weeks)
> I have been asked to add an additional offsite backup to this setup and was
> thinking of just running a copy job to usb disks. The snag I have run into
> is that the copy job just wants to send things to the tape archive as that is
> the "next pool" as defined in the file storage pool resources.
> Any ideas? Can I specify next pool in the run command somehow?
I have the very same setup, I solved it with a wrapper job that changed
the 'Next Pool' statement. If you want to, you can have the script.
But recently Jan Lentfer asked basically the same in 'Virtual Full - Set
NextPool for the virtual job only', Martin Simmons linked to
http://thread.gmane.org/gmane.comp.sysutils.backup.bacula.devel/14084
and I like that approach quite more as it doesn't need bacula-dir
reloading. I would do it that way if I had to do it again.
Regards,
Adrian
--
LiHAS - Adrian Reyer - Hessenwiesenstra?e 10 - D-70565 Stuttgart
Fon: +49 (7 11) 78 28 50 90 - Fax: +49 (7 11) 78 28 50 91
Mail: lihas AT lihas DOT de - Web: http://lihas.de
Linux, Netzwerke, Consulting & Support - USt-ID: DE 227 816 626 Stuttgart
This electronic mail transmission and any accompanying attachments contain
confidential information intended only for the use of the individual or entity
named above. Any dissemination, distribution, copying or action taken in
reliance on the contents of this communication by anyone other than the
intended recipient is strictly prohibited. If you have received this
communication in error please immediately delete the e-mail and either notify
the sender at the above e-mail address or by telephone at +1 250.386.5323.
------------------------------
Message: 7
Date: Mon, 05 Mar 2012 21:29:07 +0000
From: Alan Brown <ajb2 AT mssl.ucl.ac DOT uk>
Subject: Re: [Bacula-users] LTO media type mixup
To: mark.bergman AT uphs.upenn DOT edu
Cc: Adrian Reyer <bacula-lists AT lihas DOT de>, John Drescher
<drescherjm AT gmail DOT com>, bacula-users AT lists.sourceforge DOT
net
Message-ID: <4F553023.1040101 AT mssl.ucl.ac DOT uk>
Content-Type: text/plain; charset=ISO-8859-1
On 05/03/12 18:11, mark.bergman AT uphs.upenn DOT edu wrote:
> Yeah.... I guess it would make sense if "Media Group" was a list of supported
> strings, not a single value.
I asked for this a few years ago. It never happened.
------------------------------
Message: 8
Date: Mon, 05 Mar 2012 13:36:33 -0800
From: DMS <bacula-forum AT backupcentral DOT com>
Subject: [Bacula-users] Tape management question
To: bacula-users AT lists.sourceforge DOT net
Message-ID: <1330983393.m2f.370173 AT www.backupcentral DOT com>
I currently do a full backup on Fridays and then another full backup on
Saturdays to a set of disks that go offsite and are rotated every few weeks.
After I put in the new drives with the same mount point and what not, Bacula
hangs on the jobs saying that the previous volume is not available, which makes
sense because they are offsite. So every Monday I come into work and manually
set the Saturday's volumes from Append to Full which solves my issue. Is there
a way to automate the process of changing the volume status to Full?
I read that you can tell it how long to keep that volume open for, but from
what I saw, the volume needs to be available on the next use before it figures
out that it needs to create a new one.
I am using Bacula 5.0.3 on Ubuntu 10.04 LTS
+----------------------------------------------------------------------
|This was sent by rmcgee AT teamdms DOT com via Backup Central.
|Forward SPAM to abuse AT backupcentral DOT com.
+----------------------------------------------------------------------
------------------------------
Message: 9
Date: Mon, 05 Mar 2012 21:37:36 +0000
From: Alan Brown <ajb2 AT mssl.ucl.ac DOT uk>
Subject: Re: [Bacula-users] Multi-cores compression
To: Alex Crow <acrow AT integrafin.co DOT uk>
Cc: bacula-users <Bacula-users AT lists.sourceforge DOT net>
Message-ID: <4F553220.5090004 AT mssl.ucl.ac DOT uk>
Content-Type: text/plain; charset=ISO-8859-1
On 05/03/12 19:51, Alex Crow wrote:
> Thanks Alan,
>
> I am specifically addressing the encryption support within Bacula:
>
> http://www.bacula.org/en/dev-manual/main/main/Data_Encryption.html
Openssl compresses _if_ compiled with zlib (it usually is)
It's not hard to test, write to a file instead of tape media and compare
size vs a tarball.
If you are using a LTO device with built-in encryption then it's much
faster as there is a dedicated engine for the task (LTO encryption is
posrtable across drives as long as the key is retained)
On that basis I'd only use bacula encryption for disk-based backups or
on tape devices without builtin encyption.
------------------------------
Message: 10
Date: Mon, 5 Mar 2012 18:44:24 -0300
From: Kleber Leal <kleber.leal AT gmail DOT com>
Subject: Re: [Bacula-users] Tape management question
To: bacula-users AT lists.sourceforge DOT net
Message-ID:
<CAOeP0a7R4QWJdr+UYkvEQa182hzc=tYmUr2R7suh1-2WE-C3PA AT mail.gmail DOT
com>
Content-Type: text/plain; charset="iso-8859-1"
You need only one Full backup.
I should create a copy job to create off site media. The off site media
(copy create by job copy) will be needed only when the primary copy is not
available.
Kleber
2012/3/5 DMS <bacula-forum AT backupcentral DOT com>
> I currently do a full backup on Fridays and then another full backup on
> Saturdays to a set of disks that go offsite and are rotated every few weeks.
>
> After I put in the new drives with the same mount point and what not,
> Bacula hangs on the jobs saying that the previous volume is not available,
> which makes sense because they are offsite. So every Monday I come into
> work and manually set the Saturday's volumes from Append to Full which
> solves my issue. Is there a way to automate the process of changing the
> volume status to Full?
>
> I read that you can tell it how long to keep that volume open for, but
> from what I saw, the volume needs to be available on the next use before it
> figures out that it needs to create a new one.
>
> I am using Bacula 5.0.3 on Ubuntu 10.04 LTS
>
> +----------------------------------------------------------------------
> |This was sent by rmcgee AT teamdms DOT com via Backup Central.
> |Forward SPAM to abuse AT backupcentral DOT com.
> +----------------------------------------------------------------------
>
>
>
>
> ------------------------------------------------------------------------------
> Try before you buy = See our experts in action!
> The most comprehensive online learning library for Microsoft developers
> is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
> Metro Style Apps, more. Free future releases when you subscribe now!
> http://p.sf.net/sfu/learndevnow-dev2
> _______________________________________________
> Bacula-users mailing list
> Bacula-users AT lists.sourceforge DOT net
> https://lists.sourceforge.net/lists/listinfo/bacula-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
------------------------------
Message: 11
Date: Mon, 5 Mar 2012 23:27:12 +0000
From: Rob Becker <rbecker AT 2co DOT com>
Subject: [Bacula-users] TLS Causes SegFault on bacula-dir.
To: "bacula-users AT lists.sourceforge DOT net"
<bacula-users AT lists.sourceforge DOT net>
Message-ID:
<[email protected]>
Content-Type: text/plain; charset="utf-8"
I've been trying to get TLS working in Bacula with out any luck. Every time I
start Bacula the Director seg faults when trying to initialize TLS
We are not using DNS. I'm not sure if that's a problem or not, but I thought
I'd put it out there. We are just using a hosts file and the bacula server has
an entry listing for it's shortname as well as FQDN.
The server is running Centos 6.2 x86_64
RPM installed OpenSSL 1.0.0-20.
Bacula Version: 5.2.3.
All instances of hostnames and domains have been replaced with
<hostname.domain.com> and <domain>.
Configure Params for Bacula:
$ ./configure --sbindir=/usr/local/bacula/sbin
--sysconfdir=/usr/local/bacula/etc --with-pid-dir=/usr/local/bacula/working
--with-subsys-dir=/usr/local/bacula/working
--with-working-dir=/usr/local/bacula/working
--with-dump-email=postmaster@<domain> --with-job-email=postmaster@<domain>
--with-mysql=/data/mysql/ --with-python --with-open-ssl
Generate key using openssl:
openssl genrsa -des3 -out <hostname.domain.com>.key 1024
Created CSR:
openssl req -new -key <hostname.domain.com>.key -out
<hostname.domain.com>.key.csr
Signed CSR with internal CA:
openssl ca -batch -extensions bacula-client -days 1825 -out
<hostname.domain.com>.pem -in <hostname.domain.com>.key.csr -config ca.cnf
[bacula-client] is setup as the following in the ca.cnf:
[ bacula_client ]
basicConstraints = CA:false
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid,issuer
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment,
keyAgreement, keyCertSign, cRLSign, encipherOnly, decipherOnly
extendedKeyUsage = critical, serverAuth, clientAuth
Verified Cert with OpenSSL:
openssl verify -CAfile CA.crt <hostname.domain.com>.pem
<hostname.domain.com>.pem: OK
I have tried a few other methods of generating keys - no luck with any method.
bacula-dir.conf :
Director { # define myself
Name = hqpbkup-core01.2checkout.com-dir
DIRport = 9101 # where we listen for UA connections
QueryFile = "/usr/local/bacula/etc/query.sql"
WorkingDirectory = "/usr/local/bacula/working"
PidDirectory = "/usr/local/bacula/working"
Maximum Concurrent Jobs = 1
Password = "passwd" # Console password
Messages = Daemon
TLS Enable = yes
TLS Require = yes
TLS Key = "/usr/local/bacula/etc/bkup.key"
TLS Certificate = "/usr/local/bacula/etc/bkup.pem"
TLS CA Certificate File = "/usr/local/bacula/etc/<domain>-CA.crt"
TLS Verify Peer = yes
TLS Allowed CN = "bacula@<hostname>"
}
Output of the btrack:
[Thread debugging using libthread_db enabled]
0x000000354300effe in waitpid () from /lib64/libpthread.so.0
$1 = '\000' <repeats 29 times>
$2 = 0x1b4c078 "bacula-dir"
$3 = 0x1b4c0b8 "/usr/local/bacula/sbin/bacula-dir"
$4 = 0x0
$5 = 0x7f709ef8eb5b "5.2.3 (16 December 2011)"
$6 = 0x7f709ef8eb7c "x86_64-unknown-linux-gnu"
$7 = 0x7f709ef8eb95 "redhat"
$8 = 0x7f709ef8e83c ""
$9 = "hqpbkup-core01", '\000' <repeats 35 times>
$10 = 0x7f709ef8eb74 "redhat "
$11 = 0
Environment variable "TestName" not defined.
#0 0x000000354300effe in waitpid () from /lib64/libpthread.so.0
#1 0x00007f709ef7a40d in signal_handler (sig=11) at signal.c:229
#2 <signal handler called>
#3 0x0000003542c7a31c in free () from /lib64/libc.so.6
#4 0x00007f709e9f7a8d in CRYPTO_free () from /usr/lib64/libcrypto.so.10
#5 0x00007f709ea7a2ad in ASN1_STRING_free () from /usr/lib64/libcrypto.so.10
#6 0x00007f709ea6eefd in ASN1_primitive_free () from /usr/lib64/libcrypto.so.10
#7 0x00007f709ea6f2df in ASN1_template_free () from /usr/lib64/libcrypto.so.10
#8 0x00007f709ea6f1c6 in ?? () from /usr/lib64/libcrypto.so.10
#9 0x00007f709ea6f2df in ASN1_template_free () from /usr/lib64/libcrypto.so.10
#10 0x00007f709ea6f1c6 in ?? () from /usr/lib64/libcrypto.so.10
#11 0x00007f709ea6f315 in ASN1_item_free () from /usr/lib64/libcrypto.so.10
#12 0x0000003549c3f0aa in ?? () from /usr/lib64/libssl.so.10
#13 0x0000003549c3f2e6 in SSL_CTX_use_PrivateKey_file () from
/usr/lib64/libssl.so.10
#14 0x00007f709ef7ca69 in new_tls_context (ca_certfile=0x1b4e678
"/usr/local/bacula/ssl/<domain>-CA.pem", ca_certdir=0x0, certfile=0x1b4e6d8
"/usr/local/bacula/ssl/bkup.pem", keyfile=0x1b4e728
"/usr/local/bacula/ssl/bkup.key", pem_callback=0, pem_userdata=<value optimized
out>, dhfile=0x0, verify_peer=true) at tls.c:171
#15 0x000000000040d9ad in check_resources () at dird.c:662
#16 0x000000000040e3e8 in main (argc=<value optimized out>, argv=<value
optimized out>) at dird.c:260
Thread 1 (Thread 0x7f709e9917e0 (LWP 20911)):
#0 0x000000354300effe in waitpid () from /lib64/libpthread.so.0
#1 0x00007f709ef7a40d in signal_handler (sig=11) at signal.c:229
#2 <signal handler called>
#3 0x0000003542c7a31c in free () from /lib64/libc.so.6
#4 0x00007f709e9f7a8d in CRYPTO_free () from /usr/lib64/libcrypto.so.10
#5 0x00007f709ea7a2ad in ASN1_STRING_free () from /usr/lib64/libcrypto.so.10
#6 0x00007f709ea6eefd in ASN1_primitive_free () from /usr/lib64/libcrypto.so.10
#7 0x00007f709ea6f2df in ASN1_template_free () from /usr/lib64/libcrypto.so.10
#8 0x00007f709ea6f1c6 in ?? () from /usr/lib64/libcrypto.so.10
#9 0x00007f709ea6f2df in ASN1_template_free () from /usr/lib64/libcrypto.so.10
#10 0x00007f709ea6f1c6 in ?? () from /usr/lib64/libcrypto.so.10
#11 0x00007f709ea6f315 in ASN1_item_free () from /usr/lib64/libcrypto.so.10
#12 0x0000003549c3f0aa in ?? () from /usr/lib64/libssl.so.10
#13 0x0000003549c3f2e6 in SSL_CTX_use_PrivateKey_file () from
/usr/lib64/libssl.so.10
#14 0x00007f709ef7ca69 in new_tls_context (ca_certfile=0x1b4e678
"/usr/local/bacula/ssl/<domain>-CA.pem", ca_certdir=0x0, certfile=0x1b4e6d8
"/usr/local/bacula/ssl/bkup.pem", keyfile=0x1b4e728
"/usr/local/bacula/ssl/bkup.key", pem_callback=0, pem_userdata=<value optimized
out>, dhfile=0x0, verify_peer=true) at tls.c:171
#15 0x000000000040d9ad in check_resources () at dird.c:662
#16 0x000000000040e3e8 in main (argc=<value optimized out>, argv=<value
optimized out>) at dird.c:260
#0 0x000000354300effe in waitpid () from /lib64/libpthread.so.0
No symbol table info available.
#1 0x00007f709ef7a40d in signal_handler (sig=11) at signal.c:229
229 waitpid(pid, NULL, 0); /* wait for child to produce dump */
sigdefault = {__sigaction_handler = {sa_handler = 0, sa_sigaction = 0}, sa_mask
= {__val = {18446744067267100671, 18446744073709551615 <repeats 15 times>}},
sa_flags = 0, sa_restorer = 0x1b6ed48}
argv = {0x0, 0x0, 0x0, 0x0, 0x0}
pid_buf = "20911", '\000' <repeats 14 times>
buf = "\203\000\000\000\000\000\000\000\002", '\000' <repeats 19 times>,
"5\000\000\000`R;\003\377\177\000\000\300P;\003\377\177\000\000H\355\266\001\000\000\000\000(\302\300B5\000\000\000\060\006\000\000\000\000\000\000HO;\003\377\177\000\000\002\000\000\000\000\000\000\000\200\005",
'\000' <repeats 22 times>"\230,
\071?p\177\000\000\247\372\266\001\000\000\000\000\200\000\000\000\000\000\000\000\002\000\000\000p\000\000\000\206|\233\236p\177\000\000@\203?p\177\000\000H\355\266\001\000\000\000\000\200\215?p\177\000\000\377\377\377\377\000\000\000\000\260P;\003\377\177\000\000\060\240\246\236p\177\000\000\342\025\247\236p\177\000\000\000\000\000\000\377\177\000\000`R;\003\377\177\000\000\230\071?p\177\000\000HC\231\236p\177\000\000\250\275\360\273\000\000\000\000\032\236@B5",
'\000' <repeats 11 times>, "HC\231\236p\177\000\000\001"...
pid = 20912
btpath = "/usr/local/bacula/sbin/btraceback", '\000' <repeats 366 times>
exelen = <value optimized out>
already_dead = 1
#2 <signal handler called>
No symbol table info available.
#3 0x0000003542c7a31c in free () from /lib64/libc.so.6
No symbol table info available.
#4 0x00007f709e9f7a8d in CRYPTO_free () from /usr/lib64/libcrypto.so.10
No symbol table info available.
#5 0x00007f709ea7a2ad in ASN1_STRING_free () from /usr/lib64/libcrypto.so.10
No symbol table info available.
#6 0x00007f709ea6eefd in ASN1_primitive_free () from /usr/lib64/libcrypto.so.10
No symbol table info available.
#7 0x00007f709ea6f2df in ASN1_template_free () from /usr/lib64/libcrypto.so.10
No symbol table info available.
I'm at a complete loss here. I've tried using certs signed by a CA, not signed
by a CA, with FQDN, without FQDN, pretty much everything I can think of.
I have also tried different versions of Bacula and OpenSSL.
We have a copy of OpenSSL 0.97 in /usr/local/ssl. Bacula was built with
--open-ssl=/usr/local/bacula to try to use 0.97 with no luck. I also tried to
use Bacula 5.2.1 with no luck. Pretty much the same error messages with all
versions of software. Any assistance here would greatly be appreciated!
I am able to get both the Storage Daemon and the file File Daemon started with
TLS using the same certificates and settings.
Any help would be greatly appreciated.
-Rob Becker
________________________________
CONFIDENTIALITY STATEMENT: All information included in this communication,
including attachment(s), is intended solely for delivery to and authorized use
by the addressee(s) identified above, and may contain privileged, confidential,
proprietary and/or trade secret information entitled to protection and/or
exempt from disclosure under applicable law. If you are not the intended
recipient, please note that any use, distribution or copying of this
communication is unauthorized and may be unlawful. If you have received this
communication in error, please notify sender immediately and delete this
communication from your computer.
-------------- next part --------------
An HTML attachment was scrubbed...
------------------------------
Message: 12
Date: Mon, 05 Mar 2012 21:53:37 -0500
From: Phil Stracchino <alaric AT metrocast DOT net>
Subject: [Bacula-users] Mysterious Director authentication failures
To: bacula-users <bacula-users AT lists.sourceforge DOT net>
Message-ID: <4F557C31.9030005 AT metrocast DOT net>
Content-Type: text/plain; charset=ISO-8859-1
I'm running Bacula 5.2.5, with Director, catalog and a disk SD on a
Solaris 10u9 machine, and a second SD (LTO4 tape) on a Gentoo Linux box.
Bacula was compiled using gcc (x86_64-pc-linux-gnu-4.5.3) on the Linux
box and with Sun Studio 12.2 opn the Solaris box.
Recently I've started experiencing errors in which, after a number of
successful connections, Director connection authentication begins
repeatedly failing.
Example:
babylon4:root:/opt/bacula/etc:31 # bconsole
Connecting to Director babylon4:9101
Director authorization problem.
Most likely the passwords do not agree.
If you are using TLS, there may have been a certificate validation error
during the TLS handshake.
Please see
http://www.bacula.org/en/rel-manual/Bacula_Freque_Asked_Questi.html#SECTION003760000000000000000
for help.
>From working/babylon4-dir.conmsg:
05-Mar 21:45 babylon4-dir: ERROR in authenticate.c:415 Unable to
authenticate console "*UserAgent*" at client:10.24.32.10:36131.
05-Mar 21:45 babylon4-dir: ERROR in authenticate.c:415 Unable to
authenticate console "*UserAgent*" at client:10.24.32.14:36131.
05-Mar 21:45 babylon4-dir: ERROR in authenticate.c:415 Unable to
authenticate console "*UserAgent*" at client:10.24.32.14:36131.
After starting the Director, all connections will succeed initially.
All passwords are known good. As a general rule, once one connection
attempt fails, all subsequent connection attempts will also fail.
Connections are more likely to fail if one or more jobs is running at
the time.
Has anyone else encountered this or similar behavior?
--
Phil Stracchino, CDK#2 DoD#299792458 ICBM: 43.5607, -71.355
alaric AT caerllewys DOT net alaric AT metrocast DOT net phil AT
co.ordinate DOT org
Renaissance Man, Unix ronin, Perl hacker, SQL wrangler, Free Stater
It's not the years, it's the mileage.
------------------------------
------------------------------------------------------------------------------
Keep Your Developer Skills Current with LearnDevNow!
The most comprehensive online learning library for Microsoft developers
is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
Metro Style Apps, more. Free future releases when you subscribe now!
http://p.sf.net/sfu/learndevnow-d2d
------------------------------
_______________________________________________
Bacula-users mailing list
Bacula-users AT lists.sourceforge DOT net
https://lists.sourceforge.net/lists/listinfo/bacula-users
End of Bacula-users Digest, Vol 71, Issue 5
*******************************************
--
Albert Molina
アルバートモリーナ
Shared Services Manager
Application Management | NTT Europe
Tel: +44 (0)845 603 2765
http://www.eu.ntt.com/en/products.html | http://www.eu.ntt.com/ |
http://www.eu.ntt.com/en/about-us/newsroom/news.html
Proprietary, privileged and/or confidential information may be contained within
this communication. If you are not the intended recipient of this
communication, please destroy it without copying, disclosing or otherwise using
its contents and advise legal AT ntt DOT eu. Any views or opinions expressed
are solely those of the author and do not necessarily represent those of NTT
Europe, NTT Europe Online or of NTT Communications. Thank you.
------------------------------------------------------------------------------
Keep Your Developer Skills Current with LearnDevNow!
The most comprehensive online learning library for Microsoft developers
is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
Metro Style Apps, more. Free future releases when you subscribe now!
http://p.sf.net/sfu/learndevnow-d2d
_______________________________________________
Bacula-users mailing list
Bacula-users AT lists.sourceforge DOT net
https://lists.sourceforge.net/lists/listinfo/bacula-users
|