subject:"\[Bacula\-users\] Restoring encrypted files to a different host"

Re: [Bacula-users] Restoring encrypted files to a different host

2021-03-24 Thread Dan Langille

On Wed, Mar 24, 2021, at 3:37 PM, Shawn Rappaport wrote:
> What do I need to do in order to be able to restore from one server to the 
> other? Do I need to copy the private key from portal02-px to portal01-px and 
> update bacula-fd.conf on them as well? 

Yes, but note, I have never tried this.

> If so, what would I put in bacula-fd.conf?

Basically, the same as what you had in the other client for PKI Keypair

see

https://www.bacula.org/11.0.x-manuals/en/main/Data_Encryption.html

--
  Dan Langille
  d...@langille.org

___
Bacula-users mailing list
Bacula-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bacula-users

[Bacula-users] Restoring encrypted files to a different host

2021-03-24 Thread Shawn Rappaport

I'm using TLS and encryption for some sensitive backup clients. I'm running 
Bacula 9.0.6 on the Director, Storage and Clients, all running CentOS 7.5. I 
just tried to restore some files from a server called portal02-px to a server 
called portal01-px but it failed due to a missing private key:

24-Mar 11:53 bacdirector01-lv.internal.shutterfly.com-dir JobId 143929: Start 
Restore Job RestoreFiles.2021-03-24_11.53.28_40
24-Mar 11:53 bacdirector01-lv.internal.shutterfly.com-dir JobId 143929: Using 
Device "FileChgr1-Dev1" to read.
24-Mar 11:53 bacmedia02-px.internal.shutterfly.com-sd JobId 143929: Ready to 
read from volume "tempe2-weekly-127" on File device "FileChgr1-Dev1" (/data).
24-Mar 11:53 bacmedia02-px.internal.shutterfly.com-sd JobId 143929: Forward 
spacing Volume "tempe2-weekly-127" to addr=2003871821
24-Mar 11:53 bacmedia02-px.internal.shutterfly.com-sd JobId 143929: Elapsed 
time=00:00:02, Transfer rate=4.821 K Bytes/second
24-Mar 11:53 portal01-px.internal.shutterfly.com-fd JobId 143929: Error: 
Missing private key required to decrypt encrypted backup data.
24-Mar 11:53 portal01-px.internal.shutterfly.com-fd JobId 143929: Error: 
Missing private key required to decrypt encrypted backup data.
24-Mar 11:53 portal01-px.internal.shutterfly.com-fd JobId 143929: Error: 
Missing private key required to decrypt encrypted backup data.
24-Mar 11:53 portal01-px.internal.shutterfly.com-fd JobId 143929: Error: 
Missing private key required to decrypt encrypted backup data.
24-Mar 11:53 portal01-px.internal.shutterfly.com-fd JobId 143929: Error: 
Missing private key required to decrypt encrypted backup data.
24-Mar 11:53 portal01-px.internal.shutterfly.com-fd JobId 143929: Error: 
Missing private key required to decrypt encrypted backup data.
24-Mar 11:53 bacdirector01-lv.internal.shutterfly.com-dir JobId 143929: Error: 
Bacula bacdirector01-lv.internal.shutterfly.com-dir 9.0.6 (20Nov17):
  Build OS:   x86_64-pc-linux-gnu redhat (Core)
  JobId:  143929
  Job:RestoreFiles.2021-03-24_11.53.28_40
  Restore Client: portal01-px-fd
  Start time: 24-Mar-2021 11:53:30
  End time:   24-Mar-2021 11:53:33
  Files Expected: 6
  Files Restored: 6
  Bytes Restored: 0
  Rate:   0.0 KB/s
  FD Errors:  6
  FD termination status:  Error
  SD termination status:  OK
  Termination:*** Restore Error ***

So, it seems that the way I have things configured, I can only restore to the 
same host (I was able to do that successfully).

Here are the File Daemon sections of those two servers:
FileDaemon {  # this is me
  Name = portal02-px.internal.shutterfly.com-fd
  FDport = 9102  # where we listen for the director
  WorkingDirectory = /var/bacula
  Pid Directory = /var/run
  Maximum Concurrent Jobs = 20
  Plugin Directory = /usr/lib64
  TLS Enable = yes
  TLS Require = yes
  TLS CA Certificate File = /etc/bacula/cacert.pem
  TLS Certificate = /etc/bacula/portal02-px.crt
  TLS Key = /etc/bacula/portal02-px-daemon.key
  PKI Encryption = Yes   # Enable Data Encryption
  PKI Signatures = Yes   # Enable Data Signing
  PKI Keypair = /etc/bacula/portal02-px.pem# Public and Private Keys
  PKI Master Key = /etc/bacula/bacdirector01-lv.crt   # ONLY the Public Key
}

FileDaemon {  # this is me
  Name = portal01-px.internal.shutterfly.com-fd
  FDport = 9102  # where we listen for the director
  WorkingDirectory = /opt/bacula/working
  Pid Directory = /var/run
  Maximum Concurrent Jobs = 20
  Plugin Directory = /usr/lib64
  TLS Enable = yes
  TLS Require = yes
  TLS CA Certificate File = /etc/bacula/cacert.pem
  TLS Certificate = /etc/bacula/portal01-px.crt
  TLS Key = /etc/bacula/portal01-px-daemon.key
  PKI Encryption = Yes   # Enable Data Encryption
  PKI Signatures = Yes   # Enable Data Signing
  PKI Keypair = /etc/bacula/portal01-px.pem# Public and Private Keys
  PKI Master Key = /etc/bacula/bacdirector01-lv.crt   # ONLY the Public Key
}

What do I need to do in order to be able to restore from one server to the 
other? Do I need to copy the private key from portal02-px to portal01-px and 
update bacula-fd.conf on them as well? If so, what would I put in 
bacula-fd.conf?

Thanks!

--Shawn
___
Bacula-users mailing list
Bacula-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bacula-users

Re: [Bacula-users] Restoring encrypted files to a different host

[Bacula-users] Restoring encrypted files to a different host

2 matches

Site Navigation

Mail list logo

Footer information