Re: [Bacula-users] backing up clients on two separate networks

Hello,

2013/9/18 Robert M. Candey <Robert.M.Candey AT nasa DOT gov>

As a follow up on Uthra Rao's question ("client connect to storage daemon problem"), here's a different explanation of what we are trying to accomplish, plus the requested config files.

We have been successfully using Bacula for many years and now need to add clients on a separate high speed network (due to the volume of data). We added a 10 GbE switch and network interface cards to the large data clients (but not all) and the backup server, to form a private network (192.168.0.*).

Great. I've configured this kind of setup many times.

Since the Storage resource is defined with one address (on the regular network) and not its address on the private network, we get errors:

Fatal error: Authorization key rejected by Storage daemon.

Fatal error: Failed to authenticate Storage daemon.
Fatal error: Bad response to Storage command: wanted 2000 OK storage , got 2902 Bad storage

You need to define a second Storage resource pointed to the same bacula-sd instance. I did it by simple copy-paste of current Storage resource configuration and change a its name and address parameters. I leave password, device and media type unchanged.

This operation does not interference with current setup, so all your current jobs should run unaffected. If not, you make a mistake somewhere. Take an original config and start again.

Below are the beginning of our config files. The "*Address = 0.0.0.0" was added based on an old comment on the list, to ensure the services listen to all network interfaces (which they seem to do by default anyway).

Absolutely. It listen by default. And it is not the problem. :)

I assume the requirement to match the storage server name/address is for added security over the passwords, but it makes this situation much more difficult.

No. To handle backups Bacula Director connects Bacula SD and authorize, so the name of the Director and Storage Password should match.

See: http://bacula.org/5.2.x-manuals/en/main/main/Customizing_Configuration_F.html#SECTION001340000000000000000

The name of the Storage at bacula-sd.conf doesn't matter.

Has anyone succeeded at running one backup server with clients on two networks and network cards? Any suggestions for this? Thanx.

I configured it many times. :)

Robert Candey

Director {

Name = backup-dir

It is important.

DirAddress = 0.0.0.0

DIRport = 9101 # where we listen for UA connections

QueryFile = "/usr/local/bacula/etc/query.sql"
WorkingDirectory = "/var/bacula/working"
PidDirectory = "/var/run"

ScriptsDirectory = /usr/local/etc/bacula-clients

Maximum Concurrent Jobs = 4

Password = <password> # Console password

Messages = Daemon

fd connect timeout = 60sec

Heartbeat Interval = 60

}

JobDefs {
Name = standard-job
Type = Backup

Level = Incremental

FileSet = standard-set
Schedule = standard-sched
Storage = jukebox
Messages = Standard
Pool = server-partial
Priority = 10
Write Bootstrap = "/var/bacula/working/BootStrap/%c.bsr"

Spool data = ""> }

JobDefs {
Name = standard-job-p
Type = Backup

Level = Incremental

FileSet = standard-set
Schedule = standard-sched
Storage = jukebox-p
Messages = Standard
Pool = server-partial
Priority = 10
Write Bootstrap = "/var/bacula/working/BootStrap/%c.bsr"
Spool data = ""> }

Storage {

Name = jukebox

Address = backup.gsfc.nasa.gov

SDPort = 9103

Password = <password>

Above password has to match the password at bacula-sd.conf.

Device = Autochanger
Media Type = LTO-5
autochanger = yes

maximum concurrent jobs = 20
}

Storage {

Name = jukebox-p

Address = 192.168.0.5

SDPort = 9103

Password = <password>

It has to be the same password as above Storage resource.

Device = Autochanger
Media Type = LTO-5
autochanger = yes
maximum concurrent jobs = 20
}

bacula-sd.conf:

Storage {

Name = backup-sd

This name doesn't matter :)

SDAddress = 0.0.0.0
SDPort = 9103 # Director's port
WorkingDirectory = "/var/bacula/working"
Pid Directory = "/var/run"
Maximum Concurrent Jobs = 20

Heartbeat Interval = 60

}

#
# List Directors who are permitted to contact Storage daemon

#

Director {

Name = backup-dir

Good.

Password = <password>

It need to be the same password as defined in bacula-dir.conf Storage resources.

}

The most important in this case is the bacula-dir.conf Storage resource Address parameter. This parameter is forwarded to the client (FD) as text. So client is responsible for address resolving.

So, at your previous thread, you've got a message:

When I try to schedule a full backup I see the following message in the bsonsole:

“7827 Full ****.2013-09-13_16.30.23_03 is waiting for Client ***-fd to connect to Storage jukebox”

If that was a job which should be performed on 10G private network, then your job resource storage parameter is invalid (jukebox) and should be corrected into jukebox-p.

I hope it helps.

best regards

--
Radosław Korzeniewski
radoslaw AT korzeniewski DOT net

------------------------------------------------------------------------------
LIMITED TIME SALE - Full Year of Microsoft Training For Just $49.99!
1,500+ hours of tutorials including VisualStudio 2012, Windows 8, SharePoint
2013, SQL 2012, MVC 4, more. BEST VALUE: New Multi-Library Power Pack includes
Mobile, Cloud, Java, and UX Design. Lowest price ever! Ends 9/20/13. 
http://pubads.g.doubleclick.net/gampad/clk?id=58041151&iu=/4140/ostg.clktrk

_______________________________________________
Bacula-users mailing list
Bacula-users AT lists.sourceforge DOT net
https://lists.sourceforge.net/lists/listinfo/bacula-users