I'm running bacula Version: 5.0.2 (28 April 2010) on my backup server.
I am trying to restore a file that is encrypted during backup from host A
to host B and I get the following error on the failed restore:
22-Oct 16:28 backup1-dir JobId 40417: Start Restore Job
RestoreFiles.2013-10-22_16.28.35_19
22-Oct 16:28 backup1-dir JobId 40417: Using Device "FileStorage"
22-Oct 16:28 backup1-sd JobId 40417: Ready to read from volume
"filestorage0091" on device "FileStorage" (/backups/Bacula-FileStorage/).
22-Oct 16:28 backup1-sd JobId 40417: Forward spacing Volume
"filestorage0091" to file:block 1:817723792.
22-Oct 16:28 backup1-sd JobId 40417: End of Volume at file 1 on device
"FileStorage" (/backups/Bacula-FileStorage/), Volume "filestorage0091"
22-Oct 16:28 backup1-sd JobId 40417: End of all volumes.
22-Oct 16:28 utility2-fd JobId 40417: Error: Missing private key required
to decrypt encrypted backup data.
22-Oct 16:28 backup1-dir JobId 40417: Error: Bacula backup1-dir 5.0.2
(28Apr10): 22-Oct-2013 16:28:37
Build OS: i486-pc-linux-gnu debian 6.0.3
JobId: 40417
Job: RestoreFiles.2013-10-22_16.28.35_19
Restore Client: HOST B
Start time: 22-Oct-2013 16:28:37
End time: 22-Oct-2013 16:28:37
Files Expected: 1
Files Restored: 1
Bytes Restored: 0
Rate: 0.0 KB/s
FD Errors: 1
FD termination status: Error
SD termination status: OK
Termination: *** Restore Error ***
So I've tried the restore with the host A key pair file copied to host B.
Modified the key pair file name to match the bacula-fd.conf on host b,
restarted bacula-fd on host b.
I've also copied the master cert over from the backup server and modified
bacula-fd.conf on host B to use that key pair with a restart of bacula-fd
on host b.
Both result in the error above on restore.
I've also modified the bacula-fd.conf to use the master.pem and
master.cert files. Same error.
Running md5sum on the key pairs I have verified they are the same on both
host A and host B as well as the master cert and .pem on backup server,
host A and host B.
Below are my bacula-fd.conf files on host A and host B.
I'm stumped why this restore of encrypted file fails with missing key
error when the key pair is present and identical on both hosts as well as
restoring with the master.cert and .pem when it is the same on all hosts.
For what its worth, I can successfully restore the encrypted file on the
host it was backed up on, Host A, with no issue.
I've exhausted my resources, any help with this would be greatly
appreciated.
HOST A bacula-fd.conf
#
# List Directors who are permitted to contact this File daemon
#
Director {
Name = backup1-dir
Password = "+C6cLMGyZ5pAF1ldsdZvU8ZrhVM2HY4BkplBVL+61l8v"
}
#
# Restricted Director, used by tray-monitor to get the
# status of the file daemon
#
Director {
Name = HOSTA-mon
Password = "E4LSasq00M0PosQJl6cy5O32WIKtRIp3Qw9Ay"
Monitor = yes
}
#
# "Global" File daemon configuration specifications
#
FileDaemon { # this is me
Name = HOSTA-fd
FDport = 9102 # where we listen for the director
WorkingDirectory = /var/lib/bacula
Pid Directory = /var/run/
Maximum Concurrent Jobs = 20
### BEGIN ENCRYPTION
PKI Signatures = Yes # Enable Data Signing
PKI Encryption = Yes # Enable Data Encryption
PKI Keypair = "/etc/bacula/manage2.pem" # Public and Private Keys
PKI Master Key = "/etc/bacula/master.cert" # ONLY the Public Key
### END ENCRYPTION
}
# Send all messages except skipped files back to Director
Messages {
Name = Standard
director = backup1-dir = all, !skipped, !restored
}
######################################
######################################
######################################
HOST B bacula-fd.conf
#
# PopCap Bacula client configuration file
# This file is distributed by cfengine
# Edit on server-lifecycle-1
#
#
# List Directors who are permitted to contact this File daemon
#
Director {
Name = backup1-dir
Password = "+C6cLMGyZ5pAF1ldsdZvU8ZrhVM2HY4BkplBVL+61l8v"
}
#
# Restricted Director, used by tray-monitor to get the
# status of the file daemon
#
Director {
Name = HOSTB-mon
Password = "E4LSasq00M0PosQJl6cy5O32WIKtRIp3Qw9Ay"
Monitor = yes
}
#
# "Global" File daemon configuration specifications
#
FileDaemon { # this is me
Name = HOSTB-fd
FDport = 9102 # where we listen for the director
WorkingDirectory = /var/lib/bacula
Pid Directory = /var/run/
Maximum Concurrent Jobs = 20
### BEGIN ENCRYPTION
PKI Signatures = Yes # Enable Data Signing
PKI Encryption = Yes # Enable Data Encryption
PKI Keypair = "/etc/bacula/utility2.pem" # Public and Private Keys
PKI Master Key = "/etc/bacula/master.cert" # ONLY the Public Key
### END ENCRYPTION
}
# Send all messages except skipped files back to Director
Messages {
Name = Standard
director = backup1-dir = all, !skipped, !restored
}
################
################
################
output from successful backup job showing encryption: Yes
22-Oct 17:21 backup1-dir JobId 40421: Start Backup JobId 40421,
Job=HOSTA:default.2013-10-22_17.21.01_08
22-Oct 17:21 backup1-dir JobId 40421: Using Device "FileStorage"
22-Oct 17:21 backup1-sd JobId 40421: Volume "filestorage0544" previously
written, moving to end of data.
22-Oct 17:21 backup1-sd JobId 40421: Ready to append to end of Volume
"filestorage0544" size=3330847211
22-Oct 17:21 backup1-sd JobId 40421: Job write elapsed time = 00:00:01,
Transfer rate = 2.017 K Bytes/second
22-Oct 17:21 backup1-dir JobId 40421: Bacula backup1-dir 5.0.2 (28Apr10):
22-Oct-2013 17:21:03
Build OS: i486-pc-linux-gnu debian 6.0.3
JobId: 40421
Job: HOSTA:default.2013-10-22_17.21.01_08
Backup Level: Differential, since=2013-10-22 01:52:23
Client: "HOSTA" 5.0.2 (28Apr10)
x86_64-pc-linux-gnu,debian,6.0.6
FileSet: "HOSTA" 2013-10-16 17:44:53
Pool: "Disk" (From Job resource)
Catalog: "MyCatalog" (From Client resource)
Storage: "File" (From Pool resource)
Scheduled time: 22-Oct-2013 17:21:00
Start time: 22-Oct-2013 17:21:03
End time: 22-Oct-2013 17:21:03
Elapsed time: 0 secs
Priority: 10
FD Files Written: 2
SD Files Written: 2
FD Bytes Written: 1,504 (1.504 KB)
SD Bytes Written: 2,017 (2.017 KB)
Rate: 0.0 KB/s
Software Compression: None
VSS: no
Encryption: yes
Accurate: no
Volume name(s): filestorage0544
Volume Session Id: 4
Volume Session Time: 1382459539
Last Volume Bytes: 3,330,849,714 (3.330 GB)
Non-fatal FD errors: 0
SD Errors: 0
FD termination status: OK
SD termination status: OK
Termination: Backup OK
22-Oct 17:21 backup1-dir JobId 40421: Begin pruning Jobs older than 7
years .
22-Oct 17:21 backup1-dir JobId 40421: No Jobs found to prune.
22-Oct 17:21 backup1-dir JobId 40421: Begin pruning Jobs.
22-Oct 17:21 backup1-dir JobId 40421: No Files found to prune.
22-Oct 17:21 backup1-dir JobId 40421: End auto prune.
------------------------------------------------------------------------------
October Webinars: Code for Performance
Free Intel webinars can help you accelerate application performance.
Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from
the latest Intel processors and coprocessors. See abstracts and register >
http://pubads.g.doubleclick.net/gampad/clk?id=60135991&iu=/4140/ostg.clktrk
_______________________________________________
Bacula-users mailing list
Bacula-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bacula-users
