I am trying to get bacula to run through an SSH tunnel, losely based on the ssh-tunnel.sh script, but I can't completely figure it out, and consequently bacula is not working.
My first question: I notice that the ssh-tunnel.sh script forwards ports 9101 and 9103 back to the server, but it does not forward port 9102 to the FD. How does the director talk to the FD with this script? Note: reading the README, it seems that this was removed because in a particular situation, it wasn't needed, but generally I think it is necessary. My second question: how does the FD actually find the SD? I see the recommendation to create a separate SD for that situation, but since that would also mean using different pools, schedules, and a general mess, I don't really like that. So I came up with a different approach: I added the name of the machine that hosts the SD to /etc/hosts and have it point to 127.0.0.1. Since that machine is behind the firewall and normally invisible to the client anyway, it shouldn't have any side effects. Is that going to work? My third question: I am getting an authentication File Daemon failure error, even though I double-checked the names and passwords. The error message in the log file is (and before you ask - I did double-check that the FD and director names are the same and that both are using the same password). JobId 1329: Fatal error: Unable to authenticate with File daemon at "localhost:9112". Possible causes: Passwords or names not the same or Maximum Concurrent Jobs exceeded on the FD or FD networking messed up (restart daemon). Please see http://www.bacula.org/rel-manual/faq.html#AuthorizationErrors for help. JobId 1329: Error: Bacula XXXX-dir 2.4.2 (26Jul08): 05-Feb-2009 03:05:17 Build OS: xxxx JobId: 1329 Job: XXXX.2009-02-05_02.36.03 Backup Level: Full Client: "XXXX-fd" FileSet: "Linux Full Set" 2009-01-08 19:49:46 Pool: "Full-1-Pool" (From User input) Storage: "Disk3" (From Pool resource) Scheduled time: 05-Feb-2009 02:36:19 Start time: 05-Feb-2009 03:05:10 End time: 05-Feb-2009 03:05:17 Elapsed time: 7 secs Priority: 10 FD Files Written: 0 SD Files Written: 0 FD Bytes Written: 0 (0 B) SD Bytes Written: 0 (0 B) Rate: 0.0 KB/s Software Compression: None VSS: no Storage Encryption: no Volume name(s): Volume Session Id: 228 Volume Session Time: 1231626007 Last Volume Bytes: 0 (0 B) Non-fatal FD errors: 0 SD Errors: 0 FD termination status: SD termination status: Waiting on FD Termination: *** Backup Error *** In more detail: I have a machine called baculasrv.mydomain.local on my internal network It hosts both the director and the SD, and manages backups for about 10 or so clients on the same network. I also have currently one machine, and in the future probably two or three, completely outside the firewall - they need the SSH tunnel. Let's call that machine pubsrv.mydomain.com. So I establish an ssh connection as follows: /usr/bin/ssh -fnCN2 -R 9101:baculasrv.mydomain.local:9101 -R 9103:baculasrv.mydomain.local:9103 -L 9112:localhost:9102 pubsrv.mydomain.com netstat shows that the correct ports are listening. Netstat on baculasrv: > netstat -ltunp | grep '91[01][123]' tcp 0 0 0.0.0.0:9101 0.0.0.0:* LISTEN 27867/bacula-dir tcp 0 0 0.0.0.0:9102 0.0.0.0:* LISTEN 24311/bacula-fd tcp 0 0 0.0.0.0:9103 0.0.0.0:* LISTEN 16758/bacula-sd tcp 0 0 0.0.0.0:9112 0.0.0.0:* LISTEN 17764/ssh Note that I'm using port 9112 to connect to the pubsrv FD - on the remote end, it connects to 9102, though. On pubsrv: > netstat -ltunp | grep '91[01][123]' tcp 0 0 127.0.0.1:9101 0.0.0.0:* LISTEN 27926/sshd: tcp 0 0 127.0.0.1:9102 0.0.0.0:* LISTEN 10431/bacula-fd tcp 0 0 127.0.0.1:9103 0.0.0.0:* LISTEN 27926/sshd: tcp 0 0 ::1:9101 :::* LISTEN 27926/sshd: tcp 0 0 ::1:9103 :::* LISTEN 27926/sshd: Now I modified /etc/hosts on pubsrv as follows to point the SD's location back to localhost: 127.0.0.1 localhost localhost.localdomain 127.0.0.1 baculasrv.mydomain.local I was hoping that the FD uses the FQDN to find the SD. And here are the relevant parts of the configuration files: pubsrv's bacula-fd.conf: Director { Name = XXX-dir Password = "XXXX" } FileDaemon { # this is me Name = YYY-fd FDAddress = 127.0.0.1 FDport = 9102 # where we listen for the director WorkingDirectory = /var/lib/bacula Pid Directory = /var/run Maximum Concurrent Jobs = 20 } Messages { Name = Standard director = XXXX-dir = all, !skipped, !restored } The relevant parts of bacula-dir.conf on baculasrv: Client { Name = YYY-fd Address = localhost FDPort = 9112 Catalog = MyCatalog Password = "XXX" File Retention = 30 days Job Retention = 6 months Maximum Concurrent Jobs = 10 AutoPrune = yes } Job { Name = "YYY" Client = YYY-fd Schedule = "WeeklyCycle1" JobDefs = "Linux Default Job" Run Before Job = "/usr/local/sbin/nagiosscheduledowntime YYY" Run Before Job = "/usr/local/sbin/sshBacula start YYY" Run After Job = "/usr/local/sbin/sshBacula stop YYY" Run After Failed Job = "/usr/local/sbin/sshBacula stop YYY" } Schedule { Name = "WeeklyCycle1" Run = Level=Full FullPool=Full-1-Pool DifferentialPool=Diff-1-Pool IncrementalPool=Inc-1-Pool on 1 at 19:05 Run = Level=Full FullPool=Full-2-Pool DifferentialPool=Diff-2-Pool IncrementalPool=Inc-2-Pool on 16 at 19:05 Run = Level=Differential FullPool=Full-1-Pool DifferentialPool=Diff-1-Pool IncrementalPool=Inc-1-Pool on 7 at 19:05 Run = Level=Differential FullPool=Full-2-Pool DifferentialPool=Diff-2-Pool IncrementalPool=Inc-2-Pool on 22 at 19:05 Run = Level=Incremental FullPool=Full-1-Pool DifferentialPool=Diff-1-Pool IncrementalPool=Inc-1-Pool on 3-6,8-14 at 19:05 Run = Level=Incremental FullPool=Full-2-Pool DifferentialPool=Diff-2-Pool IncrementalPool=Inc-2-Pool on 18-21,23-31 at 19:05 } Pool { Name = Full-1-Pool Pool Type = Backup Storage = Disk3 Maximum Volume Jobs = 1 Recycle = yes AutoPrune = yes Volume Retention = 35 days Label Format = "${Pool}_${NumVols}.bacula" } Storage { Name = Disk3 Address = baculasrv.mydomain.local SDPort = 9103 Password = "XXXX" Device = ZZZZZ Media Type = File Maximum Concurrent Jobs = 1 } And the Storage definition: Storage { # definition of myself Name = XXXX-sd SDPort = 9103 # Director's port WorkingDirectory = "/var/lib/bacula/working" Pid Directory = "/var/run" Maximum Concurrent Jobs = 20 } # # List Directors who are permitted to contact Storage daemon # Director { Name = XXXX-dir Password = "XXXX" } -- Kevin Keane Owner The NetTech Find the Uncommon: Expert Solutions for a Network You Never Have to Think About Office: 866-642-7116 http://www.4nettech.com This e-mail and attachments, if any, may contain confidential and/or proprietary information. Please be advised that the unauthorized use or disclosure of the information is strictly prohibited. The information herein is intended only for use by the intended recipient(s) named above. If you have received this transmission in error, please notify the sender immediately and permanently delete the e-mail and any copies, printouts or attachments thereof. ------------------------------------------------------------------------------ Create and Deploy Rich Internet Apps outside the browser with Adobe(R)AIR(TM) software. With Adobe AIR, Ajax developers can use existing skills and code to build responsive, highly engaging applications that combine the power of local resources and data with the reach of the web. Download the Adobe AIR SDK and Ajax docs to start building applications today-http://p.sf.net/sfu/adobe-com _______________________________________________ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users
