-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
i got my local (home) backups going alright with TLS and everything, but
now i'm running into issues getting my remote work computers
communicating 100%.
to reiterate, i've currently got two systems at home, home1 and home2,
and two at work, work1 and work2. the director and sd are both running
on home1, and i've fd's setup on home1, home2, and now work1.
my home1-dir - work1-fd TLS communication is OK, as i can query work1-fd
through bconsole running on home1. i'm running into a problem when i
try to run the backup, and the communication between work1-fd and
home1-sd is botched. i get this error:
24-Jul 23:40 home1-dir JobId 33: No prior Full backup Job record found.
24-Jul 23:40 home1-dir JobId 33: No prior or suitable Full backup found
in catalog. Doing FULL backup.
24-Jul 23:40 home1-dir JobId 33: Start Backup JobId 33,
Job=work1.2011-07-24_23.40.53_03
24-Jul 23:40 home1-dir JobId 33: Using Device "FileStorage"
24-Jul 23:41 work1-fd JobId 33: Fatal error: Failed to connect to
Storage daemon: home1.local:9103
24-Jul 23:41 home1-dir JobId 33: Fatal error: Bad response to Storage
command: wanted 2000 OK storage
, got 2902 Bad storage
it seems clear to me my remote work1 computer is trying to connect to a
non-local address (home1.local:9103). currently this is what i have in
my dir.conf for the storage:
Storage {
Name = File
Address = home1.local
SDPort = 9103
Password = "X"
Device = FileStorage
Media Type = File
TLS Enable = yes
TLS Require = yes
TLS CA Certificate File = /etc/bacula/certs/myca.crt
TLS Certificate = /etc/bacula/certs/home1.crt
TLS Key = /etc/bacula/certs/home1.key
}
i thought it would be straightforward to just define another Storage
resource but instead using my home's dyndns address, with a new TLS cert
with the CN matching the dyndns address:
Storage {
Name = RemoteFile
Address = home.dyndns.org
SDPort = 9103
Password = "X"
Device = FileStorage
Media Type = File
TLS Enable = yes
TLS Require = yes
TLS CA Certificate File = /etc/bacula/certs/myca.crt
TLS Certificate = /etc/bacula/certs/home.dyndns.org.crt
TLS Key = /etc/bacula/certs/home.dyndns.org.key
}
then i updated the Job resource for work1-fd to use `Storage =
RemoteFile`, restarted the services on both machines, and now i'm
getting a damned TLS error!
25-Jul 00:29 home1-dir JobId 36: No prior Full backup Job record found.
25-Jul 00:29 home1-dir JobId 36: No prior or suitable Full backup found
in catalog. Doing FULL backup.
25-Jul 00:29 home1-dir JobId 36: Start Backup JobId 36,
Job=work1.2011-07-25_00.29.34_06
25-Jul 00:29 home1-dir JobId 36: Fatal error: TLS negotiation failed
with SD at "home.dyndns.org:9103"
25-Jul 00:29 home1-dir JobId 36: Fatal error: bnet.c:306 TLS host
certificate verification failed. Host name "home.dyndns.org" did not
match presented certificate
i'm certain though that i created the certificate with a CN of
"home.dyndns.org".
-----BEGIN PGP SIGNATURE-----
iEYEAREIAAYFAk4tJAUACgkQXhfCJNu98qD1FQCg6j/mmgUpruwvvORk7VsUvMpU
0IYAoO39aYu1UINIRoqxYIfDbTG2rK+6
=vliF
-----END PGP SIGNATURE-----
------------------------------------------------------------------------------
Storage Efficiency Calculator
This modeling tool is based on patent-pending intellectual property that
has been used successfully in hundreds of IBM storage optimization engage-
ments, worldwide. Store less, Store more with what you own, Move data to
the right place. Try It Now! http://www.accelacomm.com/jaw/sfnl/114/51427378/
_______________________________________________
Bacula-users mailing list
Bacula-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bacula-users
