Re: [Bacula-users] change of hostname leads to TLS failure

On Jan 31, 2015, at 9:27 PM, Tim Dunphy <bluethundr AT gmail DOT com> wrote:

Hey all,

I'd like to change the hostname of one of my servers that uses bacula.

So I generated some new certs after updating the hostname in /etc/hosts:

[root@web1:/etc/bacula] #ls -l /etc/pki/tls/* | grep web1
-r-------- 1 root root 1956 Jan 31 20:34 web1.mydomain.com.crt
-r-------- 1 root root 3311 Jan 31 20:34 web1.mydomain.com.key

And updated the bacula-fd.conf file on the host:

[root@web1:/etc/bacula] #cat bacula-fd.conf
#
# Default Bacula File Daemon Configuration file
#
# For Bacula release 5.2.13 (19 February 2013) -- redhat
#
# There is not much to change here except perhaps the
# File daemon Name to
#

#
# List Directors who are permitted to contact this File daemon
#
Director {
Name = ops.mydomain.com
Password = secret
TLS Certificate = /etc/pki/tls/certs/web1.mydomain.com.crt
TLS Key = /etc/pki/tls/private/web1.mydomain.com.key
TLS CA Certificate File = /etc/pki/CA/certs/ca.crt
TLS Enable = yes
TLS Require = yes
}

#
# "Global" File daemon configuration specifications
#
FileDaemon { # this is me
Name = web1.mydomain.com
FDport = 9102 # where we listen for the director
WorkingDirectory = /var/bacula
Pid Directory = /var/run
Maximum Concurrent Jobs = 20
TLS Certificate = /etc/pki/tls/certs/web1.mydomain.com.crt
TLS Key = /etc/pki/tls/private/web1.mydomain.com.key
TLS CA Certificate File = /etc/pki/CA/certs/ca.crt
TLS Enable = yes
TLS Require = yes
}

# Send all messages except skipped files back to Director
Messages {
Name = Standard
director = cloud-dir = all, !skipped, !restored
}

Made sure hostname -f gives me the right response:

[root@web1:/etc/bacula] #hostname -f
web1.mydomain.com
But when I go to restart bacula, something odd happens:

[root@web1:/etc/bacula] #service bacula-fd restart
Shutting down bacula-fd: [FAILED]
Starting bacula-fd: 31-Jan 21:26 web1.mydomain.com: Fatal Error at filed.c:381 because:
Failed to initialize TLS context for File daemon "web1.jokefire.com" in /etc/bacula/bacula-fd.conf.

I don't see web1.jokefire.com mentioned anywhere until this error. Why is that?

31-Jan 21:26 web1.mydomain.com: ERROR in filed.c:222 Please correct configuration file: /etc/bacula/bacula-fd.conf
[FAILED]

I get a TLS error. Can someone please share their ideas on how to solve this?

Thanks
Tim

--
GPG me!!

gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B

------------------------------------------------------------------------------
Dive into the World of Parallel Programming. The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net/_______________________________________________
Bacula-users mailing list
Bacula-users AT lists.sourceforge DOT net
https://lists.sourceforge.net/lists/listinfo/bacula-users

—

Dan Langille

http://langille.org/

------------------------------------------------------------------------------
Dive into the World of Parallel Programming. The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net/

_______________________________________________
Bacula-users mailing list
Bacula-users AT lists.sourceforge DOT net
https://lists.sourceforge.net/lists/listinfo/bacula-users