On 08/26/16 10:13 PM, Douglas K. Rand wrote: > I'm testing some disaster recovery scenarios and I'm having problems > with the bls and bextract commands and encrypted LTO tapes. > > Running bls results in the tape looking empty except for the header: > > % sudo bls -V ND0000 /dev/nsa0 > bls: butil.c:271-0 Using device: "/dev/nsa0" for reading. > 26-Aug 14:48 bls JobId 0: No slot defined in catalog (slot=0) for Volume > "ND0000" on "lto6-1" (/dev/nsa0). > 26-Aug 14:48 bls JobId 0: Cartridge change or "update slots" may be > required. > 26-Aug 14:48 bls JobId 0: Ready to read from volume "ND0000" on device > "lto6-1" (/dev/nsa0). > 26-Aug 14:49 bls JobId 0: End of Volume at file 1 on device "lto6-1" > (/dev/nsa0), Volume "ND0000" > 26-Aug 14:49 bls JobId 0: End of all volumes. > 0 files found. > > The crypto cache file is up to date and that is where I got the key to > set with bscrypto. And I verified in the debug output of bls that it > reads the crypto cache. And it loads the sd_plugin scsicrypto-sd.
The keys are normally wrapped e.g. encoded even in the crypto cache. So you need the -D option of bls -D <director> specify a director name specified in the Storage configuration file for the Key Encryption Key selection > > Later on it clears the crypto key before reading the tape label, and > after reading the tape label it loads a new crypto key. The debugging > output for the crypto module when loading the new key doesn't look at > all like the key that I'm setting with bscrypto. The key from > scsicrytpo-sd debug is full of unprintable characters. > That is because it cannot unwrap the key so its "expected" behavior. -- Marco van Wieringen [email protected] Bareos GmbH & Co. KG Phone: +49-221-63069389 http://www.bareos.com Sitz der Gesellschaft: Köln | Amtsgericht Köln: HRA 29646 Komplementär: Bareos Verwaltungs-GmbH Geschäftsführer: Stephan Dühr, M. Außendorf, J. Steffens, P. Storz, M. v. Wieringen -- You received this message because you are subscribed to the Google Groups "bareos-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. For more options, visit https://groups.google.com/d/optout.
