Hi Ana,
Thanks a lot for your response! So I was able to run your command that you
were suggesting, and it was a success! I can connect to the database using
the ssl enabled user and specifying the certs and keys on the command line:
#mysql -uadmin_ssl -p --ssl-ca=/opt/mysql/ca.crt
--ssl-cert=/opt/mysql/ops.example.com.crt
--ssl-key=/opt/mysql/ops.example.com.key -h db.example.com
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 1353569
Server version: 10.0.20-MariaDB-log MariaDB Server
Copyright (c) 2000, 2015, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input
statement.
MariaDB [(none)]> use bacula
No connection. Trying to reconnect...
Connection id: 1374537
Current database: *** NONE ***
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Database changed
And when I run the \s command this is what I can tell:
MariaDB [bacula]> \s
ERROR 2006 (HY000): MySQL server has gone away
No connection. Trying to reconnect...
Connection id: 1374633
Current database: bacula
--------------
mysql Ver 15.1 Distrib 10.0.21-MariaDB, for Linux (x86_64) using readline
5.1
Connection id: 1374633
Current database: bacula
Current user: admin_...@ec2-54-86-143-49.compute-1.amazonaws.com
SSL: Cipher in use is DHE-RSA-AES256-SHA
Current pager: stdout
Using outfile: ''
Using delimiter: ;
Server: MariaDB
Server version: 10.0.20-MariaDB-log MariaDB Server
Protocol version: 10
Connection: db.example.com via TCP/IP
Server characterset: latin1
Db characterset: latin1
Client characterset: utf8
Conn. characterset: utf8
TCP port: 3306
Uptime: 15 days 14 hours 13 min 47 sec
Threads: 3 Questions: 2024374 Slow queries: 0 Opens: 289 Flush tables:
1 Open tables: 215 Queries per second avg: 1.502
--------------
Not sure what all those 'database has gone away' messags are all about.
However they don't seem that terribly important to me. But using the
admin_ssl user in my databas settings in the catalog section of bacula-dir,
I still am having no luck getting this to work:
# Generic catalog service
Catalog {
Name = JokefireCatalog
# Uncomment the following line if you want the dbi driver
# dbdriver = "dbi:mysql"; dbaddress = localhost; dbport = 3306
dbname = "bacula"; dbuser = "admin_ssl"; dbpassword = "secret" ;
dbaddress = "db.example.com"
}
[root@ops:/etc/bacula] #systemctl start bacula-dir
[root@ops:/etc/bacula] #lsof -i :9101
[root@ops:/etc/bacula] #
And this is what I'm seeing in the bacula logs on the bacula server:
#tail /var/log/bacula/bacula.log
20-Aug 15:24 bacula-dir JobId 0: Fatal error: Could not open Catalog
"JokefireCatalog", database "bacula".
20-Aug 15:24 bacula-dir JobId 0: Fatal error: mysql.c:210 Unable to connect
to MySQL server.
Database=bacula User=admin_ssl
MySQL connect failed either server not running or your authorization is
incorrect.
20-Aug 15:24 bacula-dir ERROR TERMINATION
Please correct configuration file: /etc/bacula/bacula-dir.conf
And I still have absolutely no clue where the problem may lie. I still feel
that there may be more to this problem than just setting up the SSL enabled
user in the catalog section of the conf. But I will leave that up to the
bacula experts on the list to tell me! :)
Thanks for all the help!
Tim
On Wed, Aug 19, 2015 at 2:36 PM, Ana Emília M. Arruda <
emiliaarr...@gmail.com> wrote:
Hello Tim,
Could you check if you are able to connect to the database using the bellow
command (please replace the .pem certificates with your server certificate
- db.example.com - and client certificate - ops.example.com
<http://ops.jokefire.com/>)?
#mysql -uadmin_ssl -p --ssl-ca=server-ca.pem --ssl-cert=client-cert.pem
--ssl-key=client-key.pem -h db.example.com -e "use bacula;show tables" |
head -5
If this works, could you check with a "\s" command in which port mysql
daemon is listening?
Best regards,
Ana
On Sun, Aug 16, 2015 at 11:23 PM, Tim Dunphy <bluethu...@gmail.com> wrote:
Hey guys,
I finally have some progress to report! Not all the way there yet, but some
good progress has been made. As of now I am able to use the external (load
balanced) database from within bacula. However I still can't use the SSL
enabled database user.
Here's my catalog config:
# Generic catalog service
Catalog {
Name = exampleCatalog
# Uncomment the following line if you want the dbi driver
# dbdriver = "dbi:mysql"; dbaddress = localhost; dbport = 3306
#dbname = "bacula"; dbuser = "admin"; dbpassword = "secret"
dbname = "bacula"; dbuser = "admin"; dbpassword = "secret"; dbaddress = "
db.example.com"; dbport = 3306
}
With the non ssl enabled database user in the config I can verify that the
director is listening:
[root@ops:/etc/bacula] #lsof -i :9101
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
bacula-di 15357 bacula 5u IPv4 4789422 0t0 TCP *:bacula-dir
(LISTEN)
And I can get into the console.
[root@ops:/etc/bacula] #bconsole
Connecting to Director ops.example.com:9101 <http://ops.jokefire.com:9101/>
1000 OK: ops.example.com <http://ops.jokefire.com/> Version: 5.2.13 (19
February 2013)
Enter a period to cancel a command.
*
But with the ssl database user in the config, none of that can happen.
I've verified once again that I can connect with the ssl database user:
#mysql -uadmin_ssl -p -h db.example.com -e "use bacula;show tables" |
head -5
Enter password:
Tables_in_bacula
BaseFiles
CDImages
Client
Counters
But starting the bacula director with the ssl enabled user in the config,
I'm getting an error in the logs and I can no longer user the director with
bconsole:
#tail -f /var/log/bacula/bacula.log
17-Aug 02:17 bacula-dir JobId 0: Fatal error: Could not open Catalog
"exampleCatalog", database "bacula".
17-Aug 02:17 bacula-dir JobId 0: Fatal error: mysql.c:210 Unable to connect
to MySQL server.
Database=bacula User=admin_ssl
MySQL connect failed either server not running or your authorization is
incorrect.
17-Aug 02:17 bacula-dir ERROR TERMINATION
Please correct configuration file: /etc/bacula/bacula-dir.conf
This is my catalog definition with the ssl user in the config:
# Generic catalog service
Catalog {
Name = exampleCatalog
# Uncomment the following line if you want the dbi driver
# dbdriver = "dbi:mysql"; dbaddress = localhost; dbport = 3306
#dbname = "bacula"; dbuser = "admin"; dbpassword = "secret"
dbname = "bacula"; dbuser = "admin_ssl"; dbpassword = "secret";
dbaddress = "db.example.com"; dbport = 3306
}
I've gained a little experience in using SSL database users with a couple
different apps. I've setup both mediawiki and wordpress to use SSL database
connections. But for both of those apps you had to go through extra steps
to get an SSL database user to work. Simply adding the user to the config
wouldn't allow them to work. You would have to go through extra
configuration steps to make them work correctly.
So what I'm wondering is if this might be a similar similar situation with
bacula. That maybe just adding an ssl enabled user to the connection string
isn't enough. And maybe there's some other configuration that has to happen
to get this to work. It's just a guess on my part, but based on my recent
experiences I think it may be a good one!
I'd appreciate hearing your thoughts on this!
Thanks,
Tim
On Thu, Aug 6, 2015 at 9:19 AM, Alex Domoradov <alex....@gmail.com> wrote:
You could find out with which version of mysql client has been compiled
your bacula with the following command
# ldd /usr/sbin/bacula-dir | grep mysql
libmysqlclient.so.18 => /lib64/libmysqlclient.so.18
(0x00007f07abe3d000)
# rpm -qf /lib64/libmysqlclient.so.18
Percona-Server-shared-55-5.5.43-rel37.2.el7.x86_64
On Thu, Aug 6, 2015 at 3:47 PM, Heitor Faria <hei...@bacula.com.br> wrote:
Hey Heitor,
Actually to 1, no they are not. I have mariadb-5.5.41 on the bacula server
(client side) and mariadb 10 on the db server. I might try upgrading the
client on the bacula server tomorrow. I don't have SELinux enabled anywhere
currently. I probably will enable that tho once I get everything working.
Most important of all is to know what MySQL / MariaDB development libraries
were used to build you Bacula binaries. You may want / need to update
Bacula with binaries built from source: http://bacula.us/compilation/
Regards,
===========================================================================
Heitor Medrado de Faria - LPIC-III | ITIL-F | Bacula Systems Certified
Administrator II
Do you need Bacula training?
https://www.udemy.com/bacula-backup-software/?couponCode=bacula-list
+55 61 <%2B55%2061%202021-8260>8268-4220 <%2B55%2061%208268-4220>
Site: http://bacula.us FB: heitor.faria
<http://www.facebook.com/heitor.faria>
===========================================================================
I'll try to update you guys tomorrow.
Thanks for all your input!
Tim
On Wed, Aug 5, 2015 at 8:45 AM, Heitor Faria <hei...@bacula.com.br> wrote:
Em ter, 4 de ago de 2015 às 23:01, Tim Dunphy <bluethu...@gmail.com>
escreveu:
Hey Ana,
Nice to hear from you!
Tried that:
Catalog {
Name = MyCatalog
# Uncomment the following line if you want the dbi driver
#dbdriver = "dbi:mysql"; dbaddress = "db.example.com"; dbport = 3306
dbname = "bacula"; dbuser = "admin_ssl"; dbpassword = "secret";
dbaddress = "db.example.com"; dbport = 3306
}
And restarted. Same result unfortunately! :(
[root@ops:~] #tail -f /var/log/bacula/bacula.log
Database=bacula User=admin_ssl
MySQL connect failed either server not running or your authorization is
incorrect.
05-Aug 01:59 bacula-dir ERROR TERMINATION
Please correct configuration file: /etc/bacula/bacula-dir.conf
05-Aug 01:59 bacula-dir JobId 0: Fatal error: Could not open Catalog
"MyCatalog", database "bacula".
05-Aug 01:59 bacula-dir JobId 0: Fatal error: mysql.c:210 Unable to connect
to MySQL server.
Database=bacula User=admin_ssl
MySQL connect failed either server not running or your authorization is
incorrect.
05-Aug 01:59 bacula-dir ERROR TERMINATION
Please correct configuration file: /etc/bacula/bacula-dir.conf
1. Is your remote MySQL server version the same installed in your Bacula
Server?
2. From your Bacula server can you "telnet ip_address 3306" your MySQL
server?
3. Do you have selinux or iptables enabled at MySQL Server? Someone
wrote that never had problems with selinux. Neither do I, since I always
disable it. =)
Just ignore 2 and 3. I forgot you can connect with calling the client
directly.
Any more ideas?
Thanks,
Tim
--
GPG me!!
gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B
------------------------------------------------------------------------------
_______________________________________________
Bacula-users mailing list
Bacula-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bacula-users
--
GPG me!!
gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B
------------------------------------------------------------------------------
_______________________________________________
Bacula-users mailing list
Bacula-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bacula-users
--
GPG me!!
gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B
------------------------------------------------------------------------------
_______________________________________________
Bacula-users mailing list
Bacula-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bacula-users
