Hey guys,
I finally have some progress to report! Not all the way there yet, but some
good progress has been made. As of now I am able to use the external (load
balanced) database from within bacula. However I still can't use the SSL
enabled database user.
Here's my catalog config:
# Generic catalog service
Catalog {
Name = JokefireCatalog
# Uncomment the following line if you want the dbi driver
# dbdriver = "dbi:mysql"; dbaddress = localhost; dbport = 3306
#dbname = "bacula"; dbuser = "admin"; dbpassword = "secret"
dbname = "bacula"; dbuser = "admin"; dbpassword = "secret"; dbaddress = "
db.example.com"; dbport = 3306
}
With the non ssl enabled database user in the config I can verify that the
director is listening:
[root@ops:/etc/bacula] #lsof -i :9101
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
bacula-di 15357 bacula 5u IPv4 4789422 0t0 TCP *:bacula-dir
(LISTEN)
And I can get into the console.
[root@ops:/etc/bacula] #bconsole
Connecting to Director ops.jokefire.com:9101
1000 OK: ops.jokefire.com Version: 5.2.13 (19 February 2013)
Enter a period to cancel a command.
*
But with the ssl database user in the config, none of that can happen.
I've verified once again that I can connect with the ssl database user:
#mysql -uadmin_ssl -p -h db.example.com -e "use bacula;show tables" | head
-5
Enter password:
Tables_in_bacula
BaseFiles
CDImages
Client
Counters
But starting the bacula director with the ssl enabled user in the config,
I'm getting an error in the logs and I can no longer user the director with
bconsole:
#tail -f /var/log/bacula/bacula.log
17-Aug 02:17 bacula-dir JobId 0: Fatal error: Could not open Catalog
"JokefireCatalog", database "bacula".
17-Aug 02:17 bacula-dir JobId 0: Fatal error: mysql.c:210 Unable to connect
to MySQL server.
Database=bacula User=admin_ssl
MySQL connect failed either server not running or your authorization is
incorrect.
17-Aug 02:17 bacula-dir ERROR TERMINATION
Please correct configuration file: /etc/bacula/bacula-dir.conf
This is my catalog definition with the ssl user in the config:
# Generic catalog service
Catalog {
Name = JokefireCatalog
# Uncomment the following line if you want the dbi driver
# dbdriver = "dbi:mysql"; dbaddress = localhost; dbport = 3306
#dbname = "bacula"; dbuser = "admin"; dbpassword = "secret"
dbname = "bacula"; dbuser = "admin_ssl"; dbpassword = "secret";
dbaddress = "db.example.com"; dbport = 3306
}
I've gained a little experience in using SSL database users with a couple
different apps. I've setup both mediawiki and wordpress to use SSL database
connections. But for both of those apps you had to go through extra steps
to get an SSL database user to work. Simply adding the user to the config
wouldn't allow them to work. You would have to go through extra
configuration steps to make them work correctly.
So what I'm wondering is if this might be a similar similar situation with
bacula. That maybe just adding an ssl enabled user to the connection string
isn't enough. And maybe there's some other configuration that has to happen
to get this to work. It's just a guess on my part, but based on my recent
experiences I think it may be a good one!
I'd appreciate hearing your thoughts on this!
Thanks,
Tim
On Thu, Aug 6, 2015 at 9:19 AM, Alex Domoradov <alex....@gmail.com> wrote:
> You could find out with which version of mysql client has been compiled
> your bacula with the following command
>
> # ldd /usr/sbin/bacula-dir | grep mysql
> libmysqlclient.so.18 => /lib64/libmysqlclient.so.18
> (0x00007f07abe3d000)
>
>
> # rpm -qf /lib64/libmysqlclient.so.18
> Percona-Server-shared-55-5.5.43-rel37.2.el7.x86_64
>
> On Thu, Aug 6, 2015 at 3:47 PM, Heitor Faria <hei...@bacula.com.br> wrote:
>
>> Hey Heitor,
>>
>> Actually to 1, no they are not. I have mariadb-5.5.41 on the bacula
>> server (client side) and mariadb 10 on the db server. I might try upgrading
>> the client on the bacula server tomorrow. I don't have SELinux enabled
>> anywhere currently. I probably will enable that tho once I get everything
>> working.
>>
>> Most important of all is to know what MySQL / MariaDB development
>> libraries were used to build you Bacula binaries. You may want / need to
>> update Bacula with binaries built from source:
>> http://bacula.us/compilation/
>>
>> Regards,
>>
>> ===========================================================================
>> Heitor Medrado de Faria - LPIC-III | ITIL-F | Bacula Systems Certified
>> Administrator II
>> Do you need Bacula training?
>> https://www.udemy.com/bacula-backup-software/?couponCode=bacula-list
>> +55 61 <%2B55%2061%202021-8260>8268-4220 <%2B55%2061%208268-4220>
>> Site: http://bacula.us FB: heitor.faria
>> <http://www.facebook.com/heitor.faria>
>>
>> ===========================================================================
>>
>>
>> I'll try to update you guys tomorrow.
>>
>> Thanks for all your input!
>>
>> Tim
>>
>> On Wed, Aug 5, 2015 at 8:45 AM, Heitor Faria <hei...@bacula.com.br>
>> wrote:
>>
>>>
>>>> Em ter, 4 de ago de 2015 às 23:01, Tim Dunphy <bluethu...@gmail.com>
>>>> escreveu:
>>>>
>>>>> Hey Ana,
>>>>> Nice to hear from you!
>>>>>
>>>>> Tried that:
>>>>>
>>>>>
>>>>> Catalog {
>>>>> Name = MyCatalog
>>>>> # Uncomment the following line if you want the dbi driver
>>>>> #dbdriver = "dbi:mysql"; dbaddress = "db.example.com"; dbport = 3306
>>>>> dbname = "bacula"; dbuser = "admin_ssl"; dbpassword = "secret";
>>>>> dbaddress = "db.example.com"; dbport = 3306
>>>>> }
>>>>>
>>>>> And restarted. Same result unfortunately! :(
>>>>>
>>>>> [root@ops:~] #tail -f /var/log/bacula/bacula.log
>>>>> Database=bacula User=admin_ssl
>>>>> MySQL connect failed either server not running or your authorization
>>>>> is incorrect.
>>>>> 05-Aug 01:59 bacula-dir ERROR TERMINATION
>>>>> Please correct configuration file: /etc/bacula/bacula-dir.conf
>>>>> 05-Aug 01:59 bacula-dir JobId 0: Fatal error: Could not open Catalog
>>>>> "MyCatalog", database "bacula".
>>>>> 05-Aug 01:59 bacula-dir JobId 0: Fatal error: mysql.c:210 Unable to
>>>>> connect to MySQL server.
>>>>> Database=bacula User=admin_ssl
>>>>> MySQL connect failed either server not running or your authorization
>>>>> is incorrect.
>>>>> 05-Aug 01:59 bacula-dir ERROR TERMINATION
>>>>> Please correct configuration file: /etc/bacula/bacula-dir.conf
>>>>>
>>>> 1. Is your remote MySQL server version the same installed in your
>>> Bacula Server?
>>> 2. From your Bacula server can you "telnet ip_address 3306" your MySQL
>>> server?
>>> 3. Do you have selinux or iptables enabled at MySQL Server? Someone
>>> wrote that never had problems with selinux. Neither do I, since I always
>>> disable it. =)
>>>
>>> Just ignore 2 and 3. I forgot you can connect with calling the client
>>> directly.
>>>
>>>
>>>>> Any more ideas?
>>>>>
>>>>> Thanks,
>>>>> Tim
>>>>>
>>>>>
>>>>>
>>
>>
>> --
>> GPG me!!
>>
>> gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B
>>
>>
>>
>>
>> ------------------------------------------------------------------------------
>>
>> _______________________________________________
>> Bacula-users mailing list
>> Bacula-users@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/bacula-users
>>
>>
>
--
GPG me!!
gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B
------------------------------------------------------------------------------
_______________________________________________
Bacula-users mailing list
Bacula-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bacula-users
