Re: [Bacula-users] change of hostname leads to TLS failure

Hey Tim!

Have you changed the certificates for this client (web1.mydomain.com) in the client's section in bacula-dir.conf? Is the web1.mydomain.com the director and a client too? If not, you don't need to change the first part of the bacula-fd.conf because there are the director's certificate and key and I suppose you did not change them.

Best regards,

Ana

On Sat, Jan 31, 2015 at 11:27 PM, Tim Dunphy <bluethundr AT gmail DOT com> wrote:

Hey all,

I'd like to change the hostname of one of my servers that uses bacula.

So I generated some new certs after updating the hostname in /etc/hosts:

[root@web1:/etc/bacula] #ls -l /etc/pki/tls/* | grep web1
-r-------- 1 root root 1956 Jan 31 20:34 web1.mydomain.com.crt
-r-------- 1 root root 3311 Jan 31 20:34 web1.mydomain.com.key

And updated the bacula-fd.conf file on the host:

[root@web1:/etc/bacula] #cat bacula-fd.conf

#

# Default Bacula File Daemon Configuration file

#

# For Bacula release 5.2.13 (19 February 2013) -- redhat

#

# There is not much to change here except perhaps the

# File daemon Name to

#

#

# List Directors who are permitted to contact this File daemon

#

Director {

Name = ops.mydomain.com

Password = secret

TLS Certificate = /etc/pki/tls/certs/web1.mydomain.com.crt

TLS Key = /etc/pki/tls/private/web1.mydomain.com.key

TLS CA Certificate File = /etc/pki/CA/certs/ca.crt

TLS Enable = yes

TLS Require = yes

}

#

# "Global" File daemon configuration specifications

#

FileDaemon { # this is me

Name = web1.mydomain.com

FDport = 9102 # where we listen for the director

WorkingDirectory = /var/bacula

Pid Directory = /var/run

Maximum Concurrent Jobs = 20

TLS Certificate = /etc/pki/tls/certs/web1.mydomain.com.crt

TLS Key = /etc/pki/tls/private/web1.mydomain.com.key

TLS CA Certificate File = /etc/pki/CA/certs/ca.crt

TLS Enable = yes

TLS Require = yes

}

# Send all messages except skipped files back to Director

Messages {

Name = Standard

director = cloud-dir = all, !skipped, !restored

}

Made sure hostname -f gives me the right response:

[root@web1:/etc/bacula] #hostname -f
web1.mydomain.com
But when I go to restart bacula, something odd happens:

[root@web1:/etc/bacula] #service bacula-fd restart
Shutting down bacula-fd: [FAILED]
Starting bacula-fd: 31-Jan 21:26 web1.mydomain.com: Fatal Error at filed.c:381 because:
Failed to initialize TLS context for File daemon "web1.jokefire.com" in /etc/bacula/bacula-fd.conf.
31-Jan 21:26 web1.mydomain.com: ERROR in filed.c:222 Please correct configuration file: /etc/bacula/bacula-fd.conf
[FAILED]

I get a TLS error. Can someone please share their ideas on how to solve this?

Thanks
Tim

--
GPG me!!

gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B

------------------------------------------------------------------------------
Dive into the World of Parallel Programming. The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net/
_______________________________________________
Bacula-users mailing list
Bacula-users AT lists.sourceforge DOT net
https://lists.sourceforge.net/lists/listinfo/bacula-users

------------------------------------------------------------------------------
Dive into the World of Parallel Programming. The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net/

_______________________________________________
Bacula-users mailing list
Bacula-users AT lists.sourceforge DOT net
https://lists.sourceforge.net/lists/listinfo/bacula-users