Bacula-users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Bacula-users] change of hostname leads to TLS failure

2015-02-01 11:09:38
Subject: Re: [Bacula-users] change of hostname leads to TLS failure
From: Dan Langille <dan AT langille DOT org>
To: Tim Dunphy <bluethundr AT gmail DOT com>
Date: Sun, 1 Feb 2015 11:04:34 -0500 
> 
> On Feb 1, 2015, at 11:00 AM, Tim Dunphy <bluethundr AT gmail DOT com> wrote:
> 
> I don't see web1.jokefire.com mentioned anywhere until this error.  Why is 
> that?
> 
> Ok you caught me. Whoops! I was trying to obscure the real name of the 
> domain. That is why.  

Make sure the Address field in the Client resource in bacula-dir.conf is 
web1.jokefire.com

Make sure the cert is for web1.jokefire.com

If not, that may be the problem.

> 
> On Sun, Feb 1, 2015 at 10:41 AM, Dan Langille <dan AT langille DOT org> wrote:
> 
>> On Jan 31, 2015, at 9:27 PM, Tim Dunphy <bluethundr AT gmail DOT com> wrote:
>> 
>> Hey all, 
>> 
>>  I'd like to change the hostname of one of my servers that uses bacula.
>> 
>>   So I generated some new certs after updating the hostname in /etc/hosts:
>> 
>> [root@web1:/etc/bacula] #ls -l /etc/pki/tls/* | grep web1
>> -r-------- 1 root   root      1956 Jan 31 20:34 web1.mydomain.com.crt
>> -r-------- 1 root   root   3311 Jan 31 20:34 web1.mydomain.com.key
>> 
>> 
>> And updated the bacula-fd.conf file on the host:
>> 
>> [root@web1:/etc/bacula] #cat bacula-fd.conf
>> 
>> #
>> 
>> # Default  Bacula File Daemon Configuration file
>> 
>> #
>> 
>> #  For Bacula release 5.2.13 (19 February 2013) -- redhat
>> 
>> #
>> 
>> # There is not much to change here except perhaps the
>> 
>> # File daemon Name to
>> 
>> #
>> 
>> 
>> 
>> #
>> 
>> # List Directors who are permitted to contact this File daemon
>> 
>> #
>> 
>> Director {
>> 
>>   Name = ops.mydomain.com
>> 
>>   Password = secret
>> 
>>   TLS Certificate = /etc/pki/tls/certs/web1.mydomain.com.crt
>> 
>>   TLS Key = /etc/pki/tls/private/web1.mydomain.com.key
>> 
>>   TLS CA Certificate File = /etc/pki/CA/certs/ca.crt
>> 
>>   TLS Enable = yes
>> 
>>   TLS Require = yes
>> 
>> }
>> 
>> 
>> 
>> #
>> 
>> # "Global" File daemon configuration specifications
>> 
>> #
>> 
>> FileDaemon {                          # this is me
>> 
>>   Name = web1.mydomain.com
>> 
>>   FDport = 9102                  # where we listen for the director
>> 
>>   WorkingDirectory = /var/bacula
>> 
>>   Pid Directory = /var/run
>> 
>>   Maximum Concurrent Jobs = 20
>> 
>>   TLS Certificate = /etc/pki/tls/certs/web1.mydomain.com.crt
>> 
>>   TLS Key = /etc/pki/tls/private/web1.mydomain.com.key
>> 
>>   TLS CA Certificate File = /etc/pki/CA/certs/ca.crt
>> 
>>   TLS Enable = yes
>> 
>>   TLS Require = yes
>> 
>> }
>> 
>> 
>> 
>> # Send all messages except skipped files back to Director
>> 
>> Messages {
>> 
>>   Name = Standard
>> 
>>   director = cloud-dir = all, !skipped, !restored
>> 
>> }
>> 
>> 
>> 
>> Made sure hostname -f gives me the right response:
>> 
>> 
>> 
>> [root@web1:/etc/bacula] #hostname -f
>> 
>> web1.mydomain.com
>> 
>> But when I go to restart bacula, something odd happens:
>> 
>> 
>> 
>> [root@web1:/etc/bacula] #service bacula-fd restart
>> 
>> Shutting down bacula-fd:                                   [FAILED]
>> 
>> Starting bacula-fd: 31-Jan 21:26 web1.mydomain.com: Fatal Error at 
>> filed.c:381 because:
>> 
>> Failed to initialize TLS context for File daemon "web1.jokefire.com" in 
>> /etc/bacula/bacula-fd.conf.
>> 
>> 
> 
> I don't see web1.jokefire.com mentioned anywhere until this error.  Why is 
> that?
>> 31-Jan 21:26 web1.mydomain.com: ERROR in filed.c:222 Please correct 
>> configuration file: /etc/bacula/bacula-fd.conf
>> 
>>                                                            [FAILED]
>> 
>> 
>> 
>> I get a TLS error. Can someone please share their ideas on how to solve this?
>> 
>> 
>> 
>> Thanks
>> 
>> Tim
>> 
>> 
>> 
>> 
>> 
>> -- 
>> GPG me!!
>> 
>> gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B
>> 
>> ------------------------------------------------------------------------------
>> Dive into the World of Parallel Programming. The Go Parallel Website,
>> sponsored by Intel and developed in partnership with Slashdot Media, is your
>> hub for all things parallel software development, from weekly thought
>> leadership blogs to news, videos, case studies, tutorials and more. Take a
>> look and join the conversation now. 
>> http://goparallel.sourceforge.net/_______________________________________________
>> Bacula-users mailing list
>> Bacula-users AT lists.sourceforge DOT net
>> https://lists.sourceforge.net/lists/listinfo/bacula-users
> 
>
> Dan Langille
> http://langille.org/
> 
> 
> 
> 
> 
> 
> 
> 
> -- 
> GPG me!!
> 
> gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B
> 

— 
Dan Langille
http://langille.org/






------------------------------------------------------------------------------
Dive into the World of Parallel Programming. The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net/
_______________________________________________
Bacula-users mailing list
Bacula-users AT lists.sourceforge DOT net
https://lists.sourceforge.net/lists/listinfo/bacula-users
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Bacula-users] [Bacula-devel] Request for help, Kern Sibbald
Next by Date:  Re: [Bacula-users] [Bacula-devel] Request for help, Dan Langille
Previous by Thread:  Re: [Bacula-users] change of hostname leads to TLS failure, Tim Dunphy
Next by Thread:  Re: [Bacula-users] change of hostname leads to TLS failure, Josh Fisher
Indexes:  [Date] [Thread] [Top] [All Lists]