Bacula-users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Bacula-users] bacula-fd: Unable to open certificate file

2013-01-29 11:16:16
Subject: [Bacula-users] bacula-fd: Unable to open certificate file
From: martingerdes <bacula-forum AT backupcentral DOT com>
To: bacula-users AT lists.sourceforge DOT net
Date: Tue, 29 Jan 2013 07:01:58 -0800 
Hi List!
I am trying to restore an encrypted backup using a grml live cd.
The backuped up system as well as the system the director is running on are 
running debian squeeze, meaning bacula version 5.0.2
grml contains bacula-fd 5.0.3, so after I started having problems I replaced it 
with the version from debian squeeze (It does not appear to make any difference 
whether I use bacula-fd 5.0.2 or 5.0.3 - I get precisely the same error 
messages either way).

I have configured bacula-fd on the live system exactly the same way bacula-fd 
is configured on the backed up system. Here is /etc/bacula/bacula-fd.conf:
# Bacula File Daemon Configuration file

Director {
        Name = backupServer-dir
        Password = "<password>"
}

FileDaemon {
        Name = bacula-fd
        #connections from
        FDAddress = 0.0.0.0
        FDPort = 9102                  # where we listen for the director
        #scratch space
        WorkingDirectory = /var/lib/bacula
        Pid Directory = /var/run/bacula
        Maximum Concurrent Jobs = 20
        #Encryption
        PKI Signatures = Yes
        PKI Encryption = Yes
        PKI Keypair = "/etc/bacula/server.pem"
        PKI Master Key = "/etc/bacula/master.cert"
}

# Send all messages except skipped files back to Director
Messages {
        Name = Standard
        director = backupServer-dir = all, !skipped, !restored
        append = '/var/log/bacula/bacula-fd.log' = all, !skipped
}

This configuration works flawlessly on the source server - The director is able 
to back the system up, and to restore files.
However, starting bacula-fd with this configuration on the grml live cd gives 
the following error:

Starting Bacula File daemon...:29-Jan 15:32 bacula-fd: Fatal Error at 
filed.c:490 because:
Failed to load master key certificate from file '/etc/bacula/master.cert' for 
File daemon "bacula-fd" in /etc/bacula/bacula-fd.conf.
29-Jan 15:32 bacula-fd: ERROR in filed.c:222 Please correct configuration file: 
/etc/bacula/bacula-fd.conf
Orphaned buffer:  bacula-fd     24 bytes buf=fca3f8 allocated at crypto.c:377
 failed!

which doesn't tell us much. /var/log/syslog contains something more interesting 
though:
2013-01-29T15:32:41.776885+01:00 grml bacula-fd: openssl.c:86 Unable to open 
certificate file: ERR=error:02001002:system library:fopen:No such file or 
directory
2013-01-29T15:32:41.776926+01:00 grml bacula-fd: openssl.c:86 Unable to open 
certificate file: ERR=error:2006D080:BIO routines:BIO_new_file:no such file

The big question is though: WHICH file is it trying to open??
I have also tried downgrading openssl from 1.0.1c-1 (grml live cd) to 
0.9.8o-4squeeze13 (version contained in squeeze). Did not make a difference.

Experimentally I have tried commenting the line 'PKI Master Key = 
"/etc/bacula/master.cert"' out, which lets bacula-fd start. However, the 
director then complains "Passwords or names not the same or Maximum Concurrent 
Jobs exceeded on the FD or FD networking messed up (restart daemon)." when I 
try to restore something, so that does not really help either.
Interestingly, I don't see what the client tries to tell me at that point 
(running bacula-fd without master.cert). When I try to restore something, the 
following entry appears in /var/log/syslog: "Message delivery ERROR: fopen 
'/var/log/bacula/bacula-fd.log' failed: ERR=No such file or directory". In 
light of the fact that bacula-fd is running as root and 
/var/log/bacula/bacula-fd.log is world-writable (and world rx permissions are 
set for /var/log/bacula) I have no freaking idea where that message is coming 
from. Not that I really need to resolve that mystery, but it sure would help 
debugging...

Does anyone have an idea what might be going on here? I have tried googling the 
various error messages without any success what so ever.

+----------------------------------------------------------------------
|This was sent by martin.gerdes AT dser DOT de via Backup Central.
|Forward SPAM to abuse AT backupcentral DOT com.
+----------------------------------------------------------------------



------------------------------------------------------------------------------
Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS,
MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current
with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft
MVPs and experts. ON SALE this month only -- learn more at:
http://p.sf.net/sfu/learnnow-d2d
_______________________________________________
Bacula-users mailing list
Bacula-users AT lists.sourceforge DOT net
https://lists.sourceforge.net/lists/listinfo/bacula-users
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Bacula-users] Dealing with cleaning tapes, Alan McKay
Next by Date:  [Bacula-users] Tutorial idea: supply everyone with a bacula-dir & bacula-sd, Dan Langille
Previous by Thread:  [Bacula-users] Fatal error: Bad response from stored to open command, Antony Mayi
Next by Thread:  Re: [Bacula-users] bacula-fd: Unable to open certificate file, Josh Fisher
Indexes:  [Date] [Thread] [Top] [All Lists]