As per the Main Reference Manual sections 54.3.1 (Client Initiated Backup) and
49.1.6 (Proxied Connection):
I have a Director and SD already running on a cloud server.
I have a FD running on the cloud server and have been doing successful backups
for the last few months (hence the SD and the storage backends have all been
proven to work).
I just added a FD running on a bare metal server behind a firewall and NAT/PAT
gateway.
As per instructions from documentation I adjusted the bare metal and cloud
configuration, restarted required services, and launched my bconsole from the
local bare metal machine.
I typed "proxy" as recommended in the documentation and obtained a full
bconsole from the bare metal machine as expected.
I typed the command "run job=<my new job name> client=baremetal-fd accurate=yes
level=full fdcalled=1" and the job failed due to a permissions issue.
I updated the Console clause in bacula-fd.conf to match its password to that of
the cloud Director and this issue disappeared.
I tried removing the "cloud-mon" Director clause from my bacula-fd.conf and I
now I get a different error:
cloud-dir JobId 234: Error: Bacula Enterprise cloud-dir 13.0.3 (02May23):
Build OS: x86_64-pc-linux-gnu-bacula-enterprise ubuntu 22.04
JobId: 234
Job: MyBackupJob.2024-03-10_06.57.36_48
Backup Level: Full
Client: "baremetal-fd" 13.0.3 (02May23)
x86_64-pc-linux-gnu-bacula-enterprise,ubuntu,22.04
FileSet: "Full Set" 2024-01-18 06:23:13
Pool: "File" (From Job resource)
Catalog: "MyCatalog" (From Client resource)
Storage: "File1" (From Job resource)
Scheduled time: 10-Mar-2024 06:57:32
Start time: 10-Mar-2024 06:57:38
End time: 10-Mar-2024 06:57:39
Elapsed time: 1 sec
Priority: 10
FD Files Written: 0
SD Files Written: 0
FD Bytes Written: 0 (0 B)
SD Bytes Written: 0 (0 B)
Rate: 0.0 KB/s
Software Compression: None
Comm Line Compression: None
Snapshot/VSS: no
Encryption: no
Accurate: yes
Volume name(s):
Volume Session Id: 9
Volume Session Time: 1709388420
Last Volume Bytes: 2,037,962,107 (2.037 GB)
Non-fatal FD errors: 1
SD Errors: 0
FD termination status: Error
SD termination status: Waiting on FD
Termination: *** Backup Error ***
cloud-dir JobId 234: Fatal error: No Job status returned from FD.
cloud-dir JobId 234: Fatal error: File daemon "baremetal-fd" rejected Job
command: 2997 Invalid command for a Director with Monitor directive enabled.
cloud-dir JobId 234: Connected to Client "baremetal-fd" at localhost:9104 with
TLS
cloud-dir JobId 234: Using Device "FileChgr1-Dev2" to write.
cloud-dir JobId 234: Connected to Storage "File1" at cloud:9103 with TLS
cloud-dir JobId 234: Start Backup JobId 234,
Job=KhapBackupVcuClient1.2024-03-10_06.57.36_48
The bacula-dir journal on the cloud server had some SSL related errors :
Mar 10 06:55:57 orb bacula-dir[2952665]: orb-dir: message.c:1835-0 openssl.c:81
TLS read/write failure.: ERR=error:0A000126:SSL routines::unexpected eof while
reading
Mar 10 06:55:57 orb bacula-dir[2952665]: openssl.c:81 TLS read/write failure.:
ERR=error:0A000126:SSL routines::unexpected eof while reading
I checked and the "fdcalled" feature was back-ported from Bacula Enterprise 7
years ago to the Community Edition.
I'm running version 13.0.3 (02 May 2023) bacula-dir and bacula-fd.
I added the following clauses into my cloud server bacula-dir.conf:
Job {
Name = "NewBareMetalBackupJob"
Client = baremetal-fd
JobDefs = "DefaultJob"
}
# Client (File Services) to backup
Client {
Name = baremetal-fd
Address = localhost
FDPort = 9104 # Don't conflict with local bacula-fd
Catalog = MyCatalog
Password = "fd password" # password for FileDaemon
File Retention = 60 days # 60 days
Job Retention = 6 months # six months
AutoPrune = yes # Prune expired Jobs/Files
}
#
# Console used by remote fd
#
Console { Name = fd-cons
Password = "fd cons password"
CommandACL = status, .status
# These commands are used by the tray-monitor, it is possible to restrict
CommandACL = run, restore, wait, .status, .jobs, .clients
CommandACL = .storages, .pools, .filesets, .defaults, .info
jobacl = *all*
poolacl = *all*
clientacl = *all*
storageacl = *all*
catalogacl = *all*
filesetacl = *all*
}
On the bare metal server, my bacula-fd looks like this:
#
# Default Bacula File Daemon Configuration file
#
# For Bacula release 13.0.3 (02 May 2023) -- ubuntu 22.04
#
# There is not much to change here except perhaps the
# File daemon Name to
#
#
# Copyright (C) 2000-2022 Kern Sibbald
# License: BSD 2-Clause; see file LICENSE-FOSS
#
Console { # Console to connect the Director
Name = fd-cons
DIRPort = 9101
address = cloud
Password = "fd cons password"
}
#
# List Directors who are permitted to contact this File daemon
#
Director {
Name = cloud-dir
Password = "director password" # Console password
Remote = yes
Console = fd-cons
}
#
# Restricted Director, used by tray-monitor to get the
# status of the file daemon
#
Director {
Name = cloud-mon
Monitor = yes
Remote = yes
Password = "cloud mon password"
}
#
# "Global" File daemon configuration specifications
#
FileDaemon { # this is me
Name = baremetal-fd
FDAddress = localhost
FDport = 9104 # where we listen for the director
WorkingDirectory = /opt/bacula/working
Pid Directory = /opt/bacula/working
Maximum Concurrent Jobs = 20
Plugin Directory = /opt/bacula/plugins
}
# Send all messages except skipped files back to Director
Messages {
Name = Standard
director = cloud-dir = all, !skipped, !restored, !verified, !saved
}
On the bare metal server, my bconsole.conf looked like this:
#
# Bacula User Agent (or Console) Configuration File
#
# Copyright (C) 2000-2022 Kern Sibbald
# License: BSD 2-Clause; see file LICENSE-FOSS
#
Director {
Name = baremetal-fd
DIRport = 9104
Address = localhost
Password = "__not_used__"}
Console {
Name = cloud-dir
Password = "director password" # Console password
Director = baremetal-fd
}
The job log looked like this:
cloud-dir JobId 232: Error: Bacula Enterprise cloud-dir 13.0.3 (02May23):
Build OS: x86_64-pc-linux-gnu-bacula-enterprise ubuntu 22.04
JobId: 232
Job: JobName.2024-03-10_06.04.30_55
Backup Level: Full (upgraded from Incremental)
Client: "baremetal-fd" 13.0.3 (02May23)
x86_64-pc-linux-gnu-bacula-enterprise,ubuntu,22.04
FileSet: "Full Set" 2024-01-18 06:23:13
Pool: "File" (From Job resource)
Catalog: "MyCatalog" (From Client resource)
Storage: "File1" (From Job resource)
Scheduled time: 10-Mar-2024 06:04:10
Start time: 10-Mar-2024 06:04:32
End time: 10-Mar-2024 06:04:32
Elapsed time: 1 sec
Priority: 10
FD Files Written: 0
SD Files Written: 0
FD Bytes Written: 0 (0 B)
SD Bytes Written: 0 (0 B)
Rate: 0.0 KB/s
Software Compression: None
Comm Line Compression: None
Snapshot/VSS: no
Encryption: no
Accurate: yes
Volume name(s):
Volume Session Id: 7
Volume Session Time: 1709388420
Last Volume Bytes: 2,037,962,107 (2.037 GB)
Non-fatal FD errors: 2
SD Errors: 0
FD termination status: Error
SD termination status: Waiting on FD
Termination: *** Backup Error ***
cloud-dir JobId 232: Fatal error: No Job status returned from FD.
cloud-dir JobId 232: Warning: Unexpected Client Job message: 2999
Authentication failed.
cloud-dir JobId 232: Error: getmsg.c:219 Malformed message: [TLS negotiation
failed with DIR at "cloud:9101"
]
cloud-dir JobId 232: Fatal error: TLS negotiation failed with FD at
"76.69.54.225:9101"
cloud-dir JobId 232: Error: openssl.c:81 Connect failure:
ERR=error:0A000417:SSL routines::sslv3 alert illegal parameter
cloud-dir JobId 232: Using Device "FileChgr1-Dev2" to write.
cloud-dir JobId 232: Connected to Storage "File1" at cloud:9103 with TLS
cloud-dir JobId 232: Start Backup JobId 232, Job=JobName:.2024-03-10_06.04.30_55
cloud-dir JobId 232: No prior or suitable Full backup found in catalog. Doing
FULL backup._______________________________________________
Bacula-users mailing list
Bacula-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bacula-users
