Re: [Bacula-users] bacula-dir service reload crashes next bconsole

Tue, 22 Dec 2015 05:22:23 -0800 

> Hello Heitor,
> root@bacula-dir:/etc/bacula# bacula-dir -t
> root@bacula-dir:/etc/bacula# echo $?
> 0
> 
> There seems to be no syntax error in configuration because after
> restart everything is ok again. After reloading, I get the following
> messages:
> 
> 22-Dec 13:02 bacula-dir.grnet.gr-dir JobId 0: Fatal error: Failed to
> initialize TLS context for Director "bacula-dir.grnet.gr-dir" in
> /etc/bacula/bacula-dir.conf.
> 22-Dec 13:02 bacula-dir.grnet.gr-dir JobId 0: Error: Please correct
> configuration file: /etc/bacula/bacula-dir.conf
> 22-Dec 13:02 bacula-dir.grnet.gr-dir JobId 0: Error: Resetting
> previous configuration.

Hello Kostis: Reloading is not working. 

> 22-Dec 13:02 bacula-dir.grnet.gr-dir: ERROR in bsys.c:562 Could not
> create state file. <NULL>/bacula-dir.0.state ERR=No such file or
> directory
> 
> The TLS context seems ok and it is working after restarting the daemon
> (check the relevant snippets in my first email).
> 
> In bacula-dir.conf:
> Director {
> .
> .
>  # bconsole --> director channel
>  TLS Enable = yes
>  TLS Require = yes
>  TLS CA Certificate File = "/path/to/ca.pem"
>  TLS Certificate = "/path/to/cert.pem"
>  TLS Key = "/path/to/key.pem"
>  TLS Verify Peer = no
> }

If you are using self-signed certificates you need this (this value must match 
the CN one when creating the certificates):

TLS Allowed CN = "192.168.0.50" # Or name

> 
> In bconsole.conf:
> Director {
> .
> .
> .
>  # bconsole --> director channel
>  TLS Enable = yes
>  TLS Require = yes
>  TLS CA Certificate File = "/path/to/ca.pem"

I think there are other necessary directives (in this example I use the keypair 
within the same file):

TLS Certificate = /etc/bacula/scripts/bacula.pem
TLS key = /etc/bacula/scripts/bacula.pem

This tutorial here is in portuguese but there are some conf. examples. The most 
important are the ones in red (encryption of data from client to storage): 
http://www.bacula.com.br/criptografia-das-comunicacoes-do-bacula-tls/

>> Regards,
>> ===========================================================================
>> Heitor Medrado de Faria - LPIC-III | ITIL-F | Bacula Systems Certified
>> Administrator II
>> Do you need Bacula training? http://bacula.us/video-classes/
>> +55 61 8268-4220
>> Site: http://bacula.us FB: heitor.faria
> > ===========================================================================

------------------------------------------------------------------------------
_______________________________________________
Bacula-users mailing list
Bacula-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bacula-users

Reply via email to