NOTE: When replying, remember to CC the list. This helps you by ensuring others review my replies. And also means that someone else can step in and help you if I'm not available.
That said, my responses are below, inline. Dave wrote: > ----- Original Message ----- From: "Dan Langille" <[EMAIL PROTECTED]> > To: "Dave" <[EMAIL PROTECTED]> > Cc: <bacula-users@lists.sourceforge.net> > Sent: Thursday, December 20, 2007 3:43 PM > Subject: Re: [Bacula-users] bacula-dir freebsd port and tls > > >> Dave wrote: >>> Hello, >>> I posted this a while back, but i have additional information on it. >>> I've been having an issue about bacula since upgrading from 2.03 to >>> 2.2.x. I'm running bacula with tls communications for all daemons. >>> THis is >>> on a FreeBSD 6.x machine, all three daemons. I'm able to start the >>> file and >>> storage daemons, they read the configuration files and keys fine, the >>> director did not. I found out via a bug report i atempted to file >>> that the >>> most likely cause was the director was not being started as root. >> >> On FreeBSD, by design, the Director is set to run as bacula:bacula. >> This is the recommended approach for all OS. >> >> > I went to >>> the box and manually started the director with: >>> bacula-dir -c /usr/local/etc/bacula-dir.conf >>> and it fired right up. This told me the most likely cause of the >>> issue was >>> in the bacula-dir startup rc.d file and that the suggestion as >>> starting as root was correct. >> >> I suggest the issue is the permission on the certificate. What are they? >> >> >> > I checked /usr/local/etc/rc.d/bacula-dir and noted the >>> bacula_flags >>> line: >>> -u bacula -g bacula -v -c /usr/local/etc/bacula-dir.conf >> >> I suggest starting bacula-dir from the command line with these >> options. You might see interesting error messages related to this >> issue. Try dd -d as appropriate. >> >>> when i start the director using this line i'm getting an error the >>> private key file can not be read. This is definitely my problem, >>> manually starting with only the -c option works fine. Is there a >>> way to correct this in the port, perhaps with a flag at installtime >>> if one >>> is using tls, or is there a better way? >> >> I suggest adjusting the permissions on the certificate so they are >> bacula:bacula. >> >> There are other solutions, but I do not recommend them until you try >> the above. Changing the permissions, AFAIK, is the right way to go. > Hi, > First of all hope you had a good holiday. > Secondly, permissions are definitely my issue, not sure how. If your > using tls can i get an ls -l of your key files? I'd like to know their > values. It helps if you show us yours too... but here are mine. First, note the users and groups for the running bacula daemons: $ ps auwx | grep bacula bacula 30166 0.0 0.4 7528 3948 ?? Ss 10:54PM 0:00.17 /usr/local/sbin/bacula-dir -u bacula -g bacula -v -c /usr/local/etc/bacula-dir.conf root 30187 0.0 0.3 6364 3224 ?? Is 10:54PM 0:23.98 /usr/local/sbin/bacula-fd -u root -g wheel -v -c /usr/local/etc/bacula-fd.conf bacula 30198 0.0 0.3 6468 3152 ?? Is 10:54PM 0:36.51 /usr/local/sbin/bacula-sd -u bacula -g bacula -v -c /usr/local/etc/bacula-sd.conf The permissions, someone edited to fit this page: -rw-r--r-- 1 bacula bacula bacula.unixathome.org.cert -rw-r--r-- 1 bacula bacula bacula.unixathome.org.nopassword.key -rw-r--r-- 1 bacula bacula cacert.pem > A few related questions, is FreeBSD 6.3/7.0 out yet? No. http://www.freebsd.org. says no. > And is the ports freeze still in effect? No. http://www.freshports.org/ says there is no ports freeze. > If so, do you have a bacula 2.2.7 port i could > try out? There's several bugs i'd like not to see. Not yet. Perhaps this week. -- Dan Langille - http://www.langille.org/ BSDCan - The Technical BSD Conference: http://www.bsdcan.org/ PGCon - The PostgreSQL Conference: http://www.pgcon.org/ ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users
