Hey guys,
I finally have some progress to report! Not all the way there yet, but some good progress has been made. As of now I am able to use the external (load balanced) database from within bacula. However I still can't use the SSL enabled database user.
Here's my catalog config:
# Generic catalog service
Catalog {
Name = JokefireCatalog
# Uncomment the following line if you want the dbi driver
# dbdriver = "dbi:mysql"; dbaddress = localhost; dbport = 3306
#dbname = "bacula"; dbuser = "admin"; dbpassword = "secret"
dbname = "bacula"; dbuser = "admin"; dbpassword = "secret"; dbaddress = "
db.example.com"; dbport = 3306
}
With the non ssl enabled database user in the config I can verify that the director is listening:
[root@ops:/etc/bacula] #lsof -i :9101
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
bacula-di 15357 bacula 5u IPv4 4789422 0t0 TCP *:bacula-dir (LISTEN)
And I can get into the console.
[root@ops:/etc/bacula] #bconsole
Enter a period to cancel a command.
*
But with the ssl database user in the config, none of that can happen.
I've verified once again that I can connect with the ssl database user:
#mysql -uadmin_ssl -p -h
db.example.com -e "use bacula;show tables" | head -5
Enter password:
Tables_in_bacula
BaseFiles
CDImages
Client
Counters
But starting the bacula director with the ssl enabled user in the config, I'm getting an error in the logs and I can no longer user the director with bconsole:
#tail -f /var/log/bacula/bacula.log
17-Aug 02:17 bacula-dir JobId 0: Fatal error: Could not open Catalog "JokefireCatalog", database "bacula".
17-Aug 02:17 bacula-dir JobId 0: Fatal error: mysql.c:210 Unable to connect to MySQL server.
Database=bacula User=admin_ssl
MySQL connect failed either server not running or your authorization is incorrect.
17-Aug 02:17 bacula-dir ERROR TERMINATION
Please correct configuration file: /etc/bacula/bacula-dir.conf
This is my catalog definition with the ssl user in the config:
# Generic catalog service
Catalog {
Name = JokefireCatalog
# Uncomment the following line if you want the dbi driver
# dbdriver = "dbi:mysql"; dbaddress = localhost; dbport = 3306
#dbname = "bacula"; dbuser = "admin"; dbpassword = "secret"
dbname = "bacula"; dbuser = "admin_ssl"; dbpassword = "secret"; dbaddress = "
db.example.com"; dbport = 3306
}
I've gained a little experience in using SSL database users with a couple different apps. I've setup both mediawiki and wordpress to use SSL database connections. But for both of those apps you had to go through extra steps to get an SSL database user to work. Simply adding the user to the config wouldn't allow them to work. You would have to go through extra configuration steps to make them work correctly.
So what I'm wondering is if this might be a similar similar situation with bacula. That maybe just adding an ssl enabled user to the connection string isn't enough. And maybe there's some other configuration that has to happen to get this to work. It's just a guess on my part, but based on my recent experiences I think it may be a good one!
I'd appreciate hearing your thoughts on this!
Thanks,
Tim