[Bacula-users] rhel6 (centos6) bug on tape blocksize = 1024k

[Ulrich Leodolter]

Hi,

recently, after upgrading our bacula server from CentOS 5.10
to CentOS 6.4, we have been hit by an upstream kernel bug.

in our bacula config we use the following tape device settings
for some time.

Maximum Block Size = 1024K
Minimum Block Size = 32K

after OS upgrade the tape mount failed most of the times

16-Nov 00:03 bacula-sd JobId 431441: Error: block.c:1002 Read error on
fd=7 at file:blk 0:0 on device Drive-1 (/dev/nst1). ERR=Device or
resource busy.

we got the same error using dd, but not always.
it took me about one week to find the root cause of the problem.

It is described at redhat (need a subscription to read all details)
https://access.redhat.com/site/solutions/303123
There exists a kernel patch,  but it is not released until now.

There i found also a workaround  which works for us:

# cat /etc/modprobe.d/mt-st.conf 
options st max_sg_segs=64


See also the latest technical notes from RHEL 6.5:

---
https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/6.5_Technical_Notes/devices_issues.html

kernel component 
When using large block size (1MB), the tape driver sometimes
returns an EBUSY error. To work around this problem, use a
smaller block size, that is 256KB. 
---

I wrote this just to save u time when u experiment on tape block size
= 1024k on CentOS/RHEL 6.x.


Best regards
Ulrich


-- 
Ulrich Leodolter ulrich.leodol...@obvsg.at
Oesterreichische Bibliothekenverbund und Service GmbH
Raimundgasse 1/3, A-1020 Wien
Fax +43 1 4035158-30
Tel +43 1 4035158-21
Web http://www.obvsg.at



--
Shape the Mobile Experience: Free Subscription
Software experts and developers: Be at the forefront of tech innovation.
Intel(R) Software Adrenaline delivers strategic insight and game-changing 
conversations that shape the rapidly evolving mobile landscape. Sign up now. 
http://pubads.g.doubleclick.net/gampad/clk?id=63431311iu=/4140/ostg.clktrk
___
Bacula-users mailing list
Bacula-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bacula-users

Re: [Bacula-users] Bacula Status Report

[Silver Salonen]

Hi Kern.

Thank you for the information and here are some requests for more details :)

On 25.11.2013 18:49, Kern Sibbald wrote:

2. The Bareos fork of Bacula:

Unfortunately, despite the fact that Bareos hired one of the best 
German Open

Source lawyers , there were a number of serious copyright violations
with their code.


I guess mixing copyright and open source into one sentence makes several 
people quite confused, so can you clarify what are the issues?
Is it, for instance, that Bareos wants to change license of the source 
code, but copyright holder does not permit it?



So as Bacula contributors and users, you would be within
your rights to feel very upset with Bareos, because they never
offered you the code they developed.


I have understood that all of their code is in Github. Isn't it so?


I assure that I will do all in my power to ensure that any
worthwhile features that Bareos implements will be implemented in
Bacula, and most likely better integrated and more robust, and where
possible with even more functionality and growth potential.


How would you do it? Would you port the features, possibly making the 
code better?

Or would you just code the features from scratch?

I'm sorry, but currently it seems there is some soap opera going on 
between these 2 projects and it is just sad to watch. I really do hope 
that it won't affect good ideas being spread between the 2 projects and 
also in the open etc.



3. Bacula Systems and the FSFE:

There are a number of points in the agreement, but probably the most
important of all is that Bacula Systems has now put in writing that it is
an Open Source company (at its heart), as it has always proclaimed, 
and will

contribute all the Enterprise code it creates to the Bacula Community code
base within at most a 5 year period.


So all the Bacula Enterprise features and plugins will ultimately be 
open sourced? Ie. we would see the delta plugin and vSphere plugin as 
open-source within 5 years counting from the point they were announced?


Does it also mean that these features, by worst case scenario, in the 
open source version will always be 5 years behind the Enterprise version?
Do you have any features in mind that you would make open sourced within 
the shorter time-frame?


--
Silver
--
Shape the Mobile Experience: Free Subscription
Software experts and developers: Be at the forefront of tech innovation.
Intel(R) Software Adrenaline delivers strategic insight and game-changing 
conversations that shape the rapidly evolving mobile landscape. Sign up now. 
http://pubads.g.doubleclick.net/gampad/clk?id=63431311iu=/4140/ostg.clktrk___
Bacula-users mailing list
Bacula-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bacula-users

Re: [Bacula-users] bacula-fd crashes on FreeBSD 9.2

[Kern Sibbald]

Hello,

Yes, Martin, that is surely the problem.  Bacula has a handler for
SIGUSR1 and if it gets a 0 for a signal number, Bacula will die.

Kern

On 11/25/2013 07:43 PM, Martin Simmons wrote:
 Looks like a recently discovered bug in FreeBSD:

 http://thread.gmane.org/gmane.os.freebsd.devel.hackers/51832

 __Martin


 On Sun, 24 Nov 2013 17:36:50 -0800, David Newman said:
 Apologies for top posting. Kern and Dan asked for more information on
 this issue awhile back, and I'd provided it (see below, or the list
 archives) in two messages on 10 November.

 I'm OK for now by running from the binary, but a backup will crash when
 the binary is called from the FreeBSD startup script.

 Thanks in advance for additional troubleshooting clues.

 Also, should I instead file a FreeBSD PR for this?

 dn



 On 11/10/13, 5:12 PM, David Newman wrote:
 On 11/10/13 12:09 PM, Dan Langille wrote:
 On Nov 10, 2013, at 2:02 PM, David Newman dnew...@networktest.com wrote:

 On 11/9/13, 9:33 AM, Dan Langille wrote:
 On Nov 8, 2013, at 7:51 PM, David Newman dnew...@networktest.com wrote:

 On 11/7/13 6:17 AM, Dan Langille wrote:
 On 2013-11-06 21:05, David Newman wrote:
 On 11/5/13 5:53 PM, Dan Langille wrote:
 You are on 9.2-release.

 Have you run freebsd-update to get the latest security patches?

 Yes


 Did you see the post by Dean E. Weimer today?

 The most recent post from Dean to this list (at least that I have) is
 from 4 November at 2030 UTC, saying essentially that a complete 
 rebuild
 of the OS solved his problem.

 I'm hoping not to have to boil the ocean...


 Second: read below.

 With your help (thanks), I got the debug version built and running.
 Two things:

 1. Just like before, the binary in /usr/local/sbin/bacula-fd runs fine
 when launched on its own. By runs I mean the director successfully
 completes a backup job.

 2. Just like before, the binary in /usr/local/sbin/bacula-fd crashed
 when called from the startup script in /usr/local/etc/rc.d/bacula-fd. 
 By
 crashed I mean the client machine's fd daemon dies during a backup 
 job.
 Please paste the output of ps auwx | grep bacula-fd for both of the
 above scenarios.  I expect to see something like this:

 # ps auwx | grep bacula-fd
 root 1364  0.0  0.4 10156  4192  ??  Is1:47PM   0:15.71
 /usr/local/sbin/bacula-fd -u root -g wheel -v -c
 /usr/local/etc/bacula-fd.conf
 Here's the binary by itself:
 root  27754   0.0  0.3  18696  5548 ??  Ss4:01PM0:00.00
 /usr/local/sbin/bacula-fd

 That’s just bacula-fd raw, no parameters.  Hmmm.

 and here it is called from /usr/local/etc/rc.d/bacula-fd (with debugging
 on):
 root  28337   0.0  0.3  18696  5612 ??  Ss4:15PM0:00.00
 /usr/local/sbin/bacula-fd -u root -g wheel -v -c
 /usr/local/etc/bacula/bacula-fd.conf
 and once more, compiled with debug off:
 root  37399   0.0  0.3  18696  5608 ??  Ss4:38PM0:00.00
 /usr/local/sbin/bacula-fd -u root -g wheel -v -c
 /usr/local/etc/bacula/bacula-fd.conf

 Those are identical.  Good.


 I've pasted below the crash output to STDERR. Thanks in advance for 
 more
 troubleshooting clues.
 For the below, I think you have to find btraceback and get that
 installed to /usr/local/sbin/btraceback
 OK, I found something: This is a problem related to bsmtp. (Again, this
 is on an i386 machine.)
 With debugging on and btraceback in place, the debugger complains it
 can't find bstmp. I copy the bsmtp directory from under the
 bacula-client port into /usr/local/sbin and a backup produces a
 complaint about permissions.
 I do 'chmod -R 777 /usr/local/bstmp' and -- lo and behold, the backup
 now runs with bacula-fd called from the startup script. There's no debug
 output because it works.
 Then I uninstall bacula-client and back out of all the debugging
 changes, both in the bacula-client and bacula-server directories, run
 'make clean' in both directories, and reinstall bacula-client. I again
 put the bsmtp directory into /usr/local/sbin and again chmod 777 it.
 Now, bacula-fd crashes same as before.

 Try the non-debug and debug versions like this, start them from the 
 command line.

 /usr/local/sbin/bacula-fd -f -u root -g wheel -c 
 /usr/local/etc/bacula/bacula-fd.conf

 The -f ensures bacula-fd will stay in the foreground.  Try the backup?  
 Any messages?

 Yes. I've pasted the output of both here:

 http://pastebin.com/iPEqYDUb

 This time, both debug and non-debug versions failed to complete a
 backup. Not sure what changed from before.
 For starters, you’re running in the foreground… That may affect things.  I 
 do not know for sure.

 This is the only instance I have of bacula-fd on i386 on FreeBSD. There
 are other i386 machines running bacula-fd but they're on other OSs such
 as Linux and OpenBSD. The fact that the backup runs OK from the raw
 binary and doesn't run from the startup script suggests this may be a
 FreeBSD-specific issue.
 I wonder if this might be a compiler optimization issue.  That is, the 
 compiler is attempting
 to 

Re: [Bacula-users] Bacula Status Report

[Kern Sibbald]

Hello,

On 11/26/2013 11:17 AM, Silver Salonen wrote:
 Hi Kern.

 Thank you for the information and here are some requests for more
 details :)

 On 25.11.2013 18:49, Kern Sibbald wrote:
 2. The Bareos fork of Bacula:

 Unfortunately, despite the fact that Bareos hired one of the best
 German Open
 Source lawyers , there were a number of serious copyright violations
 with their code.

 I guess mixing copyright and open source into one sentence makes
 several people quite confused, so can you clarify what are the issues?

All code is licensed one way or another.  Virtually all Open Source code
also has a copyright (the GPL is a copyright with
a license).  I would not like to burden this list with copyright/license
details, so I will do so in my blog
in detail, and besides right now I am on vacation so please excuse me
for not giving any more
details at the moment.

 Is it, for instance, that Bareos wants to change license of the source
 code, but copyright holder does not permit it?
Most of the problems were that they incorrectly added their copyrights
where they legally could
not.  I can imagine they would like to change the license, but that is
speculation on my part.
What is not speculation is that they cannot change the copyright license.


 So as Bacula contributors and users, you would be within
 your rights to feel very upset with Bareos, because they never
 offered you the code they developed.

 I have understood that all of their code is in Github. Isn't it so?
You will need to ask Bareos if all their code is on Github since I don't
have
access to their company.  At least the main source code is there.

 I assure that I will do all in my power to ensure that any
 worthwhile features that Bareos implements will be implemented in
 Bacula, and most likely better integrated and more robust, and where
 possible with even more functionality and growth potential.

 How would you do it? Would you port the features, possibly making the
 code better?
 Or would you just code the features from scratch?
To keep the Bacula FSFE copyright clean, we will probably need to code the
features from scratch.  However, one must realize that when coding a feature
in Bacula, if two people do the same thing, there could be a substantial
overlap
of the code since one would naturally use a lot of the internal subroutines.

 I'm sorry, but currently it seems there is some soap opera going on
 between these 2 projects and it is just sad to watch. I really do hope
 that it won't affect good ideas being spread between the 2 projects
 and also in the open etc.
What gives you the idea that there is a soap opera going on?  And what
do you find sad? 
Hopefully not something that I have done.  

Certainly, if Bareos has good ideas, we will be very interested in them as
I have already stated just above.  They will clearly directly take
anything from
Bacula that they consider useful.


 3. Bacula Systems and the FSFE:

 There are a number of points in the agreement, but probably the most
 important of all is that Bacula Systems has now put in writing that it is
 an Open Source company (at its heart), as it has always proclaimed,
 and will
 contribute all the Enterprise code it creates to the Bacula Community
 code
 base within at most a 5 year period.

 So all the Bacula Enterprise features and plugins will ultimately be
 open sourced? 
Yes.  Some such as our Oracle plugin will not be Open Sources since it
uses the Oracle API which
is proprietary.  At the moment, this is the only exception I can think
of though.
 Ie. we would see the delta plugin and vSphere plugin as open-source
 within 5 years counting from the point they were announced?
The answer is yes, but with the nuance that the time period for code
developed prior to the agreement
starts as of the agreement.

 Does it also mean that these features, by worst case scenario, in the
 open source version will always be 5 years behind the Enterprise version?
Yes.
 Do you have any features in mind that you would make open sourced
 within the shorter time-frame?
Yes we will probably make many available well before the 5 year period
(I would guess even most features).
I have a number of features in mind that we are internally agreed on and
others that we are
considering.  The official announcement on what they are will certainly
be made at the Bacula Conference
or possibly earlier.

Best regards,
Kern


 --
 Silver

--
Rapidly troubleshoot problems before they affect your business. Most IT 
organizations don't have a clear picture of how application performance 
affects their revenue. With AppDynamics, you get 100% visibility into your 
Java,.NET,  PHP application. Start your 15-day FREE TRIAL of AppDynamics Pro!
http://pubads.g.doubleclick.net/gampad/clk?id=84349351iu=/4140/ostg.clktrk___
Bacula-users mailing list
Bacula-users@lists.sourceforge.net

[Bacula-users] Question on restoring files using bscan with 2 storage servers

[Jerry Lowry]

hello list,
I am hoping you can help me solve this.

I have one director and to storage servers.  Both storage servers have
disks attached but only one sd has a tape drive.  The tape drive is not on
the director.  I need to load some old tapes into the database but when I
run bscan from the sd where the tape is, it does not see the database.  If
I run bscan from the director where there isn't a tape drive it does not
see the tape drive on the other sd.

How can I resolve this?

thanks
--
Rapidly troubleshoot problems before they affect your business. Most IT 
organizations don't have a clear picture of how application performance 
affects their revenue. With AppDynamics, you get 100% visibility into your 
Java,.NET,  PHP application. Start your 15-day FREE TRIAL of AppDynamics Pro!
http://pubads.g.doubleclick.net/gampad/clk?id=84349351iu=/4140/ostg.clktrk___
Bacula-users mailing list
Bacula-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bacula-users

Re: [Bacula-users] Question on restoring files using bscan with 2 storage servers

[John Drescher]

 hello list,
 I am hoping you can help me solve this.

 I have one director and to storage servers.  Both storage servers have disks
 attached but only one sd has a tape drive.  The tape drive is not on the
 director.  I need to load some old tapes into the database but when I run
 bscan from the sd where the tape is, it does not see the database.  If I run
 bscan from the director where there isn't a tape drive it does not see the
 tape drive on the other sd.

 How can I resolve this?


I know this can be made to work since my director, database and tape
storage are on 3 different servers and have been for 8+ years.

Wait a minute bscan has a parameter for database host, port, username
and password. Are you supplying the database info?

Usage: bscan [ options ] bacula-archive
   -b bootstrap  specify a bootstrap file
   -c file specify configuration file
   -d nn   set debug level to nn
   -dt   print timestamp in debug output
   -mupdate media info in database
   -D driver name  specify the driver database name (default NULL)
   -n name specify the database name (default bacula)
   -u user specify database user name (default bacula)
   -P password specify database password (default none)
   -h host specify database host (default NULL)
   -t port specify database port (default 0)
   -pproceed inspite of I/O errors
   -rlist records
   -ssynchronize or store in database
   -Sshow scan progress periodically
   -vverbose
   -V Volumes  specify Volume names (separated by |)
   -w dir  specify working directory (default from conf file)
   -?print this message

John

--
Rapidly troubleshoot problems before they affect your business. Most IT 
organizations don't have a clear picture of how application performance 
affects their revenue. With AppDynamics, you get 100% visibility into your 
Java,.NET,  PHP application. Start your 15-day FREE TRIAL of AppDynamics Pro!
http://pubads.g.doubleclick.net/gampad/clk?id=84349351iu=/4140/ostg.clktrk
___
Bacula-users mailing list
Bacula-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bacula-users

Re: [Bacula-users] Bacula Status Report

[S Cooper]

 Hello,

my name is Maik Außendorf, I am a member of the Bareos project and co-founder 
of the Bareos company. I apologize for not using my original email address but 
that has been banned from this list withoout any given reason.

I attach my original footer below.

I just want to comment on 2 points:

1. The Free Software Foundation Europe  (FSFE) is the copyright holder
of Bacula open source. We've worked together with the FSFE to clear some
formal things in the version history and header files. I.E. some
copyright information had to be changed.

We've changed everything the way the FSFE has asked for. On August 12th
2013 the last mail from the FSFE stated, that they do not see any more
problems. Please read our FAQ article for full quotation:
https://www.bareos.org/en/faq/items/copyright_bacula_bareos.html

In that FAQ you can also find the history about the open source code fragments 
regarding the bandwidth limitation feature.

 2. GIT
Our sources are all on GIT Hub since late 2012. Before that the long
year Bacula community developer Marco van Wieringen has maintained his
own branch mainly with patches by him and other contributors that were
rejected by bacula.org. So a private thing but the only way to preserve
those contributions. After the decision was made to start an own project
based on that branch, it was published, is 100% AGPL and will stay so.

I don't want to comment on more, because these are the important things.
Everyone can reuse our code in a open source way (fully compliant with
AGPL). And everyone can choose whatever open source project he or she
likes best.

One more thing to add: we've given a fundamental value to the Bacula
community, too: the Bareos clients are compatible with Bacula daemons.
And there are repositories for almost all Linux distribution ready to
use + a rewritten Windows installer for the Windows client - ready to
install (graphical or even unattended by command line switches).

If you are missing a bacula client for your particular Linux distribution, 
MacOS or Windows, feel free to test our Bareos client with your Bacula director.

With kind regards.


-- 
Mit freundlichen Grüßen
--
 Maik Außendorf maik.aussend...@bareos.com
 Bareos GmbH  Co. KG   Phone: +49221630693-93
 http://www.bareos.com  Fax: +49221630693-10

 Sitz der Gesellschaft: Köln | Amtsgericht Köln: HRA 29646
 Komplementär: Bareos Verwaltungs-GmbH
 Geschäftsführer: Stephan Dühr, M. Außendorf, 
 J. Steffens, P. Storz, M. v. Wieringen



 



 

 

-Original Message-
From: Kern Sibbald k...@sibbald.com
To: bacula-users bacula-users@lists.sourceforge.net; bacula-devel 
bacula-de...@lists.sourceforge.net; bacula-announce 
bacula-annou...@lists.sourceforge.net
Sent: Mon, Nov 25, 2013 5:57 pm
Subject: [Bacula-users] Bacula Status Report


  
Hello,

I would like to speak to you about the following points:

1. The rumors of the death  of Bacula (the Community version)
2. The Bareos fork of Bacula
3. Bacula Systems and the FSFE (Free Software Foundation Europe)
4. The future of Bacula (the Community version)

1. The rumors of the death of Bacula (the Community version):

I borrow words from a quote of Mark Twain: The rumors of the death
of Bacula are highly exaggerated!  

I began working on Bacula 14 years ago (in January 2000), and it has
been Open Source from the time it was publicly released in April
2002, and it will remain Open Source.  I have been and am fully
devoted to Open Source, and in particular to Bacula, which is like
my “baby”.  So to hear rumors that Bacula is dead or that I have
withheld commits because they are Enterprise features is shocking
and hurtful to me as well as not true.

I did inform the Bacula Community several years ago that my personal
participation in Bacula would decrease a bit for several years to
allow me to focus more on getting Bacula Systems started.  In my
opinion, that has not been a serious disadvantage for the Bacula
project since Bacula Systems over that period has contributed far
more code to Bacula than I could have alone over the same period,
and as you will see a bit later in this status report, Bacula
Systems contributions are absolutely guaranteed to continue in the
long run, and even increase.

2. The Bareos fork of Bacula:

The Bacula repository has been on “hold” since our last release
in early February, because on 27 February 2013, I learned that there
was a fork of Bacula made by a former “consultant” of Bacula
Systems with a former reseller of Bacula Systems.  Unfortunately,
despite the fact that Bareos hired one of the best German Open
Source lawyers , there were a number of serious copyright violations
with their code.  Since the Bacula code is copyrighted by the Free
Software Foundation Europe 

[Bacula-users] Backing up catalog into a Pool defeats the purpose?

[jackbroni]

Thanks for your help guys. 

I think the problem can be resolved in 2 ways:

Maintaining the dumped sql of the catalog separately as specified. 
Backing up the catalog backup job bootstrap which is provided in (atleast) the 
debian flavor binaries' configuration as an incremented snapshot.

+--
|This was sent by imagene...@gmail.com via Backup Central.
|Forward SPAM to ab...@backupcentral.com.
+--



--
Rapidly troubleshoot problems before they affect your business. Most IT 
organizations don't have a clear picture of how application performance 
affects their revenue. With AppDynamics, you get 100% visibility into your 
Java,.NET,  PHP application. Start your 15-day FREE TRIAL of AppDynamics Pro!
http://pubads.g.doubleclick.net/gampad/clk?id=84349351iu=/4140/ostg.clktrk
___
Bacula-users mailing list
Bacula-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bacula-users

[Bacula-users] Does Copy support resume?

[jackbroni]

The basic question is: 

1. Does the Copy job support resume?

More precisely:

2. It has been specified that migration decompresses the contents (and perhaps 
decrypts) in it's execution. Is this the case for Copy?
3. What occurs in if the Copy job is canceled? Are the target volumes reverted 
to their original condition?
4. If it doesn't support resume, does it revert the target volumes to their 
original condition, removing the invalid truncated data and restart?

It would appear that the Copy job copies the contents of volumes into a new 
volume pool. Considering, this, if Copy can resume, it can understand the 
current internal state of the target volume in comparison to the source in the 
event of termination.

+--
|This was sent by imagene...@gmail.com via Backup Central.
|Forward SPAM to ab...@backupcentral.com.
+--



--
Rapidly troubleshoot problems before they affect your business. Most IT 
organizations don't have a clear picture of how application performance 
affects their revenue. With AppDynamics, you get 100% visibility into your 
Java,.NET,  PHP application. Start your 15-day FREE TRIAL of AppDynamics Pro!
http://pubads.g.doubleclick.net/gampad/clk?id=84349351iu=/4140/ostg.clktrk
___
Bacula-users mailing list
Bacula-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bacula-users

[Bacula-users] bacula TLS help

[Tim Dunphy]

Hello all,


 I'm trying to add TLS encryption to my bacula setup.



 I've been following this guide which got me almost all of the way there:


http://blog.earth-works.com/2013/08/03/configuring-bacula-to-use-tls-to-encrypt-connections/


I modified the following sections in my bacula-dir.conf file:


Director {# define myself

  Name = storage.jokefire.com

  DIRport = 9101# where we listen for UA connections

  QueryFile = /etc/bacula/query.sql

  WorkingDirectory = /var/spool/bacula

  PidDirectory = /var/run

  Maximum Concurrent Jobs = 1

  Password = secret # Console password

  Messages = Daemon

  TLS Certificate = /etc/pki/tls/certs/storage.jokefire.com.crt

  TLS Key = /etc/pki/tls/private/storage.jokefire.com.key

  TLS CA Certificate File = /etc/pki/CA/certs/rootBaculaCA.pem

  TLS Enable = yes

  TLS Require = yes

  TLS Verify Peer = yes

}


Client {

  Name = ops.jokefire.com

  Address = ops.jokefire.com

  FDPort = 9102

  Catalog = JokefireCatalog

  Password = secret  # password for FileDaemon

  File Retention = 14 days# 14 days

  Job Retention = 14d# 14 days

  AutoPrune = yes # Prune expired Jobs/Files

  TLS Certificate = /etc/pki/tls/certs/storage.jokefire.com.crt

  TLS Key = /etc/pki/tls/private/storage.jokefire.com.key

  TLS CA Certificate File = /etc/pki/CA/certs/rootBaculaCA.pem

  TLS Enable = yes

  TLS Require = yes

}



And in my bacula-fd.conf


Director {

  Name = storage.jokefire.com

  Password = secret

  TLS Certificate = /etc/pki/tls/certs/storage.jokefire.com.crt

  TLS Key = /etc/pki/tls/private/storage.jokefire.com.key

  TLS CA Certificate File = /etc/pki/CA/certs/rootBaculaCA.pem

  TLS Enable = yes

  TLS Require = yes

}


FileDaemon {  # this is me

  Name = storage.jokefire.com

  FDport = 9102  # where we listen for the director

  WorkingDirectory = /var/bacula

  Pid Directory = /var/run

  Maximum Concurrent Jobs = 20

  TLS Certificate = /etc/pki/tls/certs/storage.jokefire.com.crt

  TLS Key = /etc/pki/tls/private/storage.jokefire.com.key

  TLS CA Certificate File = /etc/pki/CA/certs/rootBaculaCA.pem

  TLS Enable = yes

  TLS Require = yes

}


In bacula-sd.conf:


Storage { # definition of myself

  Name = storage.jokefire.com

  SDPort = 9103  # Director's port

  WorkingDirectory = /var/spool/bacula

  Pid Directory = /var/run

  Maximum Concurrent Jobs = 20

  TLS Certificate = /etc/pki/tls/certs/storage.jokefire.com.crt

  TLS Key = /etc/pki/tls/private/storage.jokefire.com.key

  TLS CA Certificate File = /etc/pki/CA/certs/rootBaculaCA.pem

  TLS Enable = yes

  TLS Require = yes

  TLS Verify Peer = yes

}


And finally in bconsole.conf:


Director {

  Name = storage.jokefire.com

  DIRport = 9101

  address = storage.jokefire.com

  Password = secret

  TLS Certificate = /etc/pki/tls/certs/storage.jokefire.com.crt

  TLS Key = /etc/pki/tls/private/storage.jokefire.com.key

  TLS CA Certificate File = /etc/pki/CA/certs/rootBaculaCA.pem

  TLS Enable = yes

  TLS Require = yes

}


Then I bounced the services so all seems well at this point:


[root@storage:/etc/bacula] #bounce-bacula

Stopping Bacula Storage services:  [  OK  ]

Starting Bacula Storage services:  [  OK  ]

Stopping Bacula File services: [  OK  ]

Starting Bacula File services: [  OK  ]

Stopping Bacula Director services: [  OK  ]

Starting Bacula Director services: [  OK  ]


(wrote a script to bounce all services because I'm lazy)


But when I go into bconsole I get the following (until I restore from
backup)


[root@storage:/etc/bacula] #bconsole

Connecting to Director storage.jokefire.com:9101

26-Nov 22:13 bconsole JobId 0: Error: tls.c:92 Error with certificate at
depth: 0, issuer = /C=US/ST=NJ/L=Newark/O=Jokefire LLC/OU=Ops/CN=
storage.jokefire.com/emailAddress=bluethu...@gmail.com, subject =
/C=US/ST=NJ/L=Newark/O=Jokefire LLC/OU=Ops/CN=
storage.jokefire.com/emailAddress=bluethu...@gmail.com, ERR=18:self signed
certificate

TLS negotiation failed

Director authorization problem.

Most likely the passwords do not agree.

If you are using TLS, there may have been a certificate validation error
during the TLS handshake.

Please see
http://www.bacula.org/en/rel-manual/Bacula_Freque_Asked_Questi.html#SECTION0026for
help.


I've saved my work with TLS so I'm eager to get this going. I used the
following guide to generating the certs, and I'm wondering if the problem
could possibly be in the way I generated the certs?


http://datacenteroverlords.com/2012/03/01/creating-your-own-ssl-certificate-authority/


Thanks for any and all advice!


Tim

-- 
GPG me!!

gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B