On Monday 10 October 2005 23:34, Josh Fisher wrote: > Kern Sibbald wrote: > >On Monday 10 October 2005 18:29, Josh Fisher wrote: > >>Kern Sibbald wrote: > >>>On Sunday 09 October 2005 22:27, Josh Fisher wrote: > >>>>Sounds like you are using the 1.36.3 stable version of bacula-rescue, > >>>>which will not work with a 2.6.x kernel. You need to grab the latest > >>>>1.37.x development version of bacula-rescue from CVS. You do not have > >>>> to use 1.37.x versions of the other bacula programs, just the > >>>> bacula-rescue module. You will need the source for 1.36.3 installed > >>>> and configured before making the bacula-rescue stuff. > >>>> > >>>>I have made a CD-R using bacula-rescue 1.37.40 compiled against the > >>>>1.36.3 source. I believe the 1.36.3 source is only needed to make the > >>>>statically linked bacula-fd daemon. In any case, I was able to create a > >>>>rescue CD-R under Fedora Core 4, boot from it, reformat the partitions, > >>>>mount the partitions, start networking, start the statically linked > >>>>bacula-fd and then run a restore job from bconsole on another machine > >>>>and restore the machine. Once all files are restored it is necessary to > >>>>install grub in order for the restored machine to boot. > >>>> > >>>>So, yes, it works. There are scripts on the rescue CD to perform most > >>>> of the tasks. The script to copy the bacula-fd daemon and conf file to > >>>> the newly formatted partition did not work for me and I had to do that > >>>> manually, but hey, it worked. > >>> > >>>Thanks for the nice response and the confirmation that the 1.37.40 > >>> rescue does work. I'm pleased to hear that someone other than myself > >>> has got it to work. :-) > >>> > >>>Do you happen to remember exactly what went wrong in the script to copy > >>>bacula-fd and the conf file? > >> > >>Sorry, it wasn't the copy_static_bacula script, it was the > >>restore_bacula script. It is a bit confusing because the Makefile and > >>several scripts that are used to create the CD-R are also included in > >>the bacula-xxx directory on the initrd image. The restore_bacula script > >>expects to find the static bacula-fd and bacula-fd.conf files under > >>/mnt/floppy, and so does not work on the CD-ROM version. > > > >Oh, I hadn't noticed that. I've now fixed it and will commit it to the > > CVS. > > > >>Also, is it by design that my bacula-fd.conf is not copied to the > >>bacula-xxx directory on the initrd image? > > > >I hadn't thought about that too much, and it appears that I just put a > > sort of "template" in the bin directory (from where the restore copies > > it). I've modified the script that makes the static Bacula to copy the > > bacula-fd.conf that it finds in the build directory overwriting my > > "template". Perhaps this will make it easier for you ... > > > >Thanks for the comments. > > If the client's bacula-fd.conf is put on the CD, then the CD is a > security risk. Even though root's password is needed to login when > booting from the CD, anyone could extract the bacula-fd.conf file from > the initrd image on the CD, create their own bootable CD, and possibly > convince the director into restoring the client's file to the wrong > machine. I can think of two solutions: > > 1. Don't put the client's bacula-fd.conf on the CD and require entering > the key manually. Possibly an ssh client could be put on the CD to make > it easier to get the key from the director machine. > > 2. Use mcrypt or something to password protect the client's > bacula-fd.conf file on the CD.
The rescue CD must be kept secure. The bacula-fd.conf is the least of the problems. Making a rescue CD also copies your /etc/ssh directory, and tells you so very clearly. If you want to avoid the problem of keeping the rescue CD secure, it seems to me you have two choices: 1. Cleanup or delete the files that pose a security problem before burning the CD. 2. Don't use the Bacula rescude CD. > > >>>>Josh Fisher > >>>>[EMAIL PROTECTED] > >>>> > >>>>Gordon Larsen wrote: > >>>>>Has anyone tried/been able to build a rescue CD that works with Fedora > >>>>>yet? The build scripts still look for the deprecated modules.conf and > >>>>>raidstart on my system, neither of which are used any longer (replaced > >>>>>by modprobe.conf/modprobe.conf.dist and mdadm). I can build a CD, but > >>>>>a kernel panic happens when trying to mount the root file system when > >>>>>starting up. > >>>>> > >>>>>Thanks muchly, > >>>>> > >>>>>Gordon Larsen > >>>>>[EMAIL PROTECTED] > >>>>> > >>>>> > >>>>> > >>>>>------------------------------------------------------- > >>>>>This SF.Net email is sponsored by: > >>>>>Power Architecture Resource Center: Free content, downloads, > >>>>>discussions, and more. http://solutions.newsforge.com/ibmarch.tmpl > >>>>>_______________________________________________ > >>>>>Bacula-users mailing list > >>>>>Bacula-users@lists.sourceforge.net > >>>>>https://lists.sourceforge.net/lists/listinfo/bacula-users > >>>> > >>>>------------------------------------------------------- > >>>>This SF.Net email is sponsored by: > >>>>Power Architecture Resource Center: Free content, downloads, > >>>> discussions, and more. http://solutions.newsforge.com/ibmarch.tmpl > >>>>_______________________________________________ > >>>>Bacula-users mailing list > >>>>Bacula-users@lists.sourceforge.net > >>>>https://lists.sourceforge.net/lists/listinfo/bacula-users -- Best regards, Kern ("> /\ V_V ------------------------------------------------------- This SF.Net email is sponsored by: Power Architecture Resource Center: Free content, downloads, discussions, and more. http://solutions.newsforge.com/ibmarch.tmpl _______________________________________________ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users
