Bacula-users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Bacula-users] backing up clients on two separate networks

2013-09-18 17:20:47
Subject: [Bacula-users] backing up clients on two separate networks
From: "Robert M. Candey" <Robert.M.Candey AT nasa DOT gov>
To: bacula-users AT lists.sourceforge DOT net
Date: Wed, 18 Sep 2013 17:17:32 -0400
As a follow up on Uthra Rao's question ("client connect to storage daemon problem"), here's a different explanation of what we are trying to accomplish, plus the requested config files.

We have been successfully using Bacula for many years and now need to add clients on a separate high speed network (due to the volume of data).  We added a 10 GbE switch and network interface cards to the large data clients (but not all) and the backup server, to form a private network (192.168.0.*).

Since the Storage resource is defined with one address (on the regular network) and not its address on the private network, we get errors:

Fatal error: Authorization key rejected by Storage daemon.
Fatal error: Failed to authenticate Storage daemon.
Fatal error: Bad response to Storage command: wanted 2000 OK storage , got 2902 Bad storage

The "Dealing with Firewalls" section of the manual talks about clients on two networks, although notes that it hasn't been tested.

Early versions of the manual refer to defining two Storage resources and two corresponding Job resources, differing in Name and Address <http://www.bacula.org/de/dev-manual/Data_Encryption.html>.  This gives the same errors.

The latest manual instead defines a generic Storage-server name and depends on the hosts file on each client to refer to the correct name for that network.  The two Job resources are there, probably left over from the earlier version, and I assume are not needed.  [It also may be difficult to maintain the appropriate changes to the hosts files on dozens of clients.]
<http://bacula.org/5.2.x-manuals/en/problems/problems/Dealing_with_Firewalls.html>

Below are the beginning of our config files.  The "*Address = 0.0.0.0" was added based on an old comment on the list, to ensure the services listen to all network interfaces (which they seem to do by default anyway).

I assume the requirement to match the storage server name/address is for added security over the passwords, but it makes this situation much more difficult.

Has anyone succeeded at running one backup server with clients on two networks and network cards?  Any suggestions for this?  Thanx.

Robert Candey


Director {
  Name = backup-dir
  DirAddress = 0.0.0.0
  DIRport = 9101                # where we listen for UA connections
  QueryFile = "/usr/local/bacula/etc/query.sql"
  WorkingDirectory = "/var/bacula/working"
  PidDirectory = "/var/run"
  ScriptsDirectory = /usr/local/etc/bacula-clients
  Maximum Concurrent Jobs = 4
  Password = <password>         # Console password
  Messages = Daemon
  fd connect timeout = 60sec
  Heartbeat Interval = 60
}
JobDefs {
  Name = standard-job
  Type = Backup
  Level = Incremental
  FileSet = standard-set
  Schedule = standard-sched
  Storage = jukebox
  Messages = Standard
  Pool = server-partial
  Priority = 10
  Write Bootstrap = "/var/bacula/working/BootStrap/%c.bsr"
  Spool data = ""> }
JobDefs {
  Name = standard-job-p
  Type = Backup
  Level = Incremental
  FileSet = standard-set
  Schedule = standard-sched
  Storage = jukebox-p
  Messages = Standard
  Pool = server-partial
  Priority = 10
  Write Bootstrap = "/var/bacula/working/BootStrap/%c.bsr"
  Spool data = ""> }

Storage {
  Name = jukebox
  Address = backup.gsfc.nasa.gov
  SDPort = 9103
  Password = <password>
  Device = Autochanger
  Media Type = LTO-5
  autochanger = yes
  maximum concurrent jobs = 20
}

Storage {
  Name = jukebox-p
  Address = 192.168.0.5
  SDPort = 9103
  Password = <password>
  Device = Autochanger
  Media Type = LTO-5
  autochanger = yes
  maximum concurrent jobs = 20
}

bacula-sd.conf:
Storage { 
  Name = backup-sd
  SDAddress = 0.0.0.0
  SDPort = 9103                  # Director's port     
  WorkingDirectory = "/var/bacula/working"
  Pid Directory = "/var/run"
  Maximum Concurrent Jobs = 20
  Heartbeat Interval = 60
}

#
# List Directors who are permitted to contact Storage daemon
#
Director {
  Name = backup-dir
  Password = <password>
}

bacula-fd.conf:
Director {
   Name = backup-dir
   Password = <password>
}
FileDaemon {
  Name = backup-fd
  FDAddress = 0.0.0.0
  FDport = 9102                  # where we listen for the director
  WorkingDirectory = /var/bacula/working
  Pid Directory = /var/run
  Maximum Concurrent Jobs = 20
  Heartbeat Interval = 60
}
------------------------------------------------------------------------------
LIMITED TIME SALE - Full Year of Microsoft Training For Just $49.99!
1,500+ hours of tutorials including VisualStudio 2012, Windows 8, SharePoint
2013, SQL 2012, MVC 4, more. BEST VALUE: New Multi-Library Power Pack includes
Mobile, Cloud, Java, and UX Design. Lowest price ever! Ends 9/20/13. 
http://pubads.g.doubleclick.net/gampad/clk?id=58041151&iu=/4140/ostg.clktrk
_______________________________________________
Bacula-users mailing list
Bacula-users AT lists.sourceforge DOT net
https://lists.sourceforge.net/lists/listinfo/bacula-users
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Bacula-users] a simple question., Mauro Sanna
Next by Date:  [Bacula-users] backing up clients on two separate networks, Robert M. Candey
Previous by Thread:  [Bacula-users] How to get all copies of a file in a pool, deepak.pal
Next by Thread:  [Bacula-users] backing up clients on two separate networks, Robert M. Candey
Indexes:  [Date] [Thread] [Top] [All Lists]