Bacula-users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Bacula-users] backing up clients on two separate networks

2013-09-18 17:57:46
Subject: [Bacula-users] backing up clients on two separate networks
From: "Robert M. Candey" <Robert.M.Candey AT nasa DOT gov>
To: <bacula-users AT lists.sourceforge DOT net>
Date: Wed, 18 Sep 2013 17:54:11 -0400 
[RESEND: many apologies for sending as HTML]

As a follow up on Uthra Rao's question ("client connect to storage 
daemon problem"), here's a different explanation of what we are 
trying to accomplish, plus the requested config files.

We have been successfully using Bacula for many years and now need to 
add clients on a separate high speed network (due to the volume of 
data).  We added a 10 GbE switch and network interface cards to the 
large data clients (but not all) and the backup server, to form a 
private network (192.168.0.*).

Since the Storage resource is defined with one address (on the 
regular network) and not its address on the private network, we get 
errors:

Fatal error: Authorization key rejected by Storage daemon.
Fatal error: Failed to authenticate Storage daemon.
Fatal error: Bad response to Storage command: wanted 2000 OK storage 
, got 2902 Bad storage

The "Dealing with Firewalls" section of the manual talks about 
clients on two networks, although notes that it hasn't been tested.

Early versions of the manual refer to defining two Storage resources 
and two corresponding Job resources, differing in Name and Address 
<http://www.bacula.org/de/dev-manual/Data_Encryption.html>.  This 
gives the same errors.

The latest manual instead defines a generic Storage-server name and 
depends on the hosts file on each client to refer to the correct name 
for that network.  The two Job resources are there, probably left 
over from the earlier version, and I assume are not needed.  [It also 
may be difficult to maintain the appropriate changes to the hosts 
files on dozens of clients.]
<http://bacula.org/5.2.x-manuals/en/problems/problems/Dealing_with_Firewalls.html>

Below are the beginning of our config files.  The "*Address = 
0.0.0.0" was added based on an old comment on the list, to ensure the 
services listen to all network interfaces (which they seem to do by 
default anyway).

I assume the requirement to match the storage server name/address is 
for added security over the passwords, but it makes this situation 
much more difficult.

Has anyone succeeded at running one backup server with clients on two 
networks and network cards?  Any suggestions for this?  Thanx.

Robert Candey


Director {
   Name = backup-dir
   DirAddress = 0.0.0.0
   DIRport = 9101                # where we listen for UA connections
   QueryFile = "/usr/local/bacula/etc/query.sql"
   WorkingDirectory = "/var/bacula/working"
   PidDirectory = "/var/run"
   ScriptsDirectory = /usr/local/etc/bacula-clients
   Maximum Concurrent Jobs = 4
   Password = <password>         # Console password
   Messages = Daemon
   fd connect timeout = 60sec
   Heartbeat Interval = 60
}

JobDefs {
   Name = standard-job
   Type = Backup
   Level = Incremental
   FileSet = standard-set
   Schedule = standard-sched
   Storage = jukebox
   Messages = Standard
   Pool = server-partial
   Priority = 10
   Write Bootstrap = "/var/bacula/working/BootStrap/%c.bsr"
   Spool data = yes
}

JobDefs {
   Name = standard-job-p
   Type = Backup
   Level = Incremental
   FileSet = standard-set
   Schedule = standard-sched
   Storage = jukebox-p
   Messages = Standard
   Pool = server-partial
   Priority = 10
   Write Bootstrap = "/var/bacula/working/BootStrap/%c.bsr"
   Spool data = yes
}


Storage {
   Name = jukebox
   Address = backup.gsfc.nasa.gov
   SDPort = 9103
   Password = <password>
   Device = Autochanger
   Media Type = LTO-5
   autochanger = yes
   maximum concurrent jobs = 20
}

Storage {
   Name = jukebox-p
   Address = 192.168.0.5
   SDPort = 9103
   Password = <password>
   Device = Autochanger
   Media Type = LTO-5
   autochanger = yes
   maximum concurrent jobs = 20
}


bacula-sd.conf:
Storage {
   Name = backup-sd
   SDAddress = 0.0.0.0
   SDPort = 9103                  # Director's port     
   WorkingDirectory = "/var/bacula/working"
   Pid Directory = "/var/run"
   Maximum Concurrent Jobs = 20
   Heartbeat Interval = 60
}

#
# List Directors who are permitted to contact Storage daemon
#
Director {
   Name = backup-dir
   Password = <password>
}


bacula-fd.conf:
Director {
    Name = backup-dir
    Password = <password>
}

FileDaemon {
   Name = backup-fd
   FDAddress = 0.0.0.0
   FDport = 9102                  # where we listen for the director
   WorkingDirectory = /var/bacula/working
   Pid Directory = /var/run
   Maximum Concurrent Jobs = 20
   Heartbeat Interval = 60
}

------------------------------------------------------------------------------
LIMITED TIME SALE - Full Year of Microsoft Training For Just $49.99!
1,500+ hours of tutorials including VisualStudio 2012, Windows 8, SharePoint
2013, SQL 2012, MVC 4, more. BEST VALUE: New Multi-Library Power Pack includes
Mobile, Cloud, Java, and UX Design. Lowest price ever! Ends 9/20/13. 
http://pubads.g.doubleclick.net/gampad/clk?id=58041151&iu=/4140/ostg.clktrk
_______________________________________________
Bacula-users mailing list
Bacula-users AT lists.sourceforge DOT net
https://lists.sourceforge.net/lists/listinfo/bacula-users
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Bacula-users] backing up clients on two separate networks, Robert M. Candey
Next by Date:  Re: [Bacula-users] a simple question., John Drescher
Previous by Thread:  [Bacula-users] backing up clients on two separate networks, Robert M. Candey
Next by Thread:  Re: [Bacula-users] backing up clients on two separate networks, Radosław Korzeniewski
Indexes:  [Date] [Thread] [Top] [All Lists]