Доброго времени суток! Поставили задачу, реализовать бэкап linux средствами Bacula. Случайным образом была выбрана версия 11. Есть две схемы:
- Director, Storage, File daemon находятся на одном хосте, производится локальный бэкап машины.
- Director, Storage на одном хосте, File daemon на другом. Первый вариант работает отлично, со вторым проблемы.. На клиента поставил bacula client, настроил bacula-fd.conf. Не использую TLS/SSL, в конфигах явно указываю, что TLS enable = no. Сервер и клиент находятся в одном сегменте сети, обращение к хостам идёт по IP, не по FQDN. По итогу, когда запускаю задание - бэкап удаленного клиента получаю ошибку:
bacula0-dir Start Backup JobId 1165, Job=Backup_configfiles_Bacula_F13.2022-09-05_10.35.36_52
Using Device "DISK3" to write.
Error: openssl.c:81 Connect failure: ERR=error:14094417:SSL routines:ssl3_read_bytes:sslv3 alert illegal parameter
Fatal error: TLS negotiation failed with FD at "10.7.0.139:9102"
Error: getmsg.c:217 Malformed message: [TLS negotiation failed with DIR at "10.7.0.151:9102"
Warning: Unexpected Client Job message: 2999 Authentication failed.
В bconsole чекаю статус клиента:
Connecting to Storage bacula0-storage at 10.7.0.151:9103
Connecting to Client Bacula_F13-fd at 10.7.0.139:9102
Failed to connect to Client.
Вопрос, можно ли делать удаленный бэкап без использования TLS/SSL, как можно обойти/решить данную ситуацию. Спасибо!
Bacula-dir.conf (server)
Name = bacula0-dir
DIRport = 9101
QueryFile = "/usr/local/share/bacula/query.sql"
WorkingDirectory = "/var/db/bacula"
PidDirectory = "/var/run"
Maximum Concurrent Jobs = 2
Password = "console-pass"
Messages = Daemon
DirAddress = 10.7.0.151
TLS Enable = no
TLS Require = no
TLS Verify Peer = no
}
Catalog {
Name = MyCatalog
dbname = "bacula"; dbuser = "bacula"; dbpassword = "999"; dbport=5432; dbaddress = 127.0.0.1;
}
Console {
Name = bacula0-mon
Password = "console-pass"
CommandACL = status, .status
}
##########Client_configuration##############################
Client {
Name = Bacula_F13-fd
Address = 10.7.0.139
FDPort = 9102
Catalog = MyCatalog
Password = "cleint_Bacula_F13" # password for FileDaemon
File Retention = 60 days # 60 days
Job Retention = 6 months # six months
AutoPrune = yes # Prune expired Jobs/Files
TLS Enable = no
TLS Require = no
TLS Verify Peer = no
}
Storage {
Name = bacula0-storage2
Address = 10.7.0.151 # N.B. Use a fully qualified name here
SDPort = 9103
Password = "device-pass"
Device = DISK3
Media Type = FileXXXx
}
Pool {
Name = File_pool_for_Bacula_F11
Pool Type = Backup
Recycle = yes # Bacula can automatically recycle Volumes
AutoPrune = yes # Prune expired volumes
Volume Retention = 2 hours 15 min # one year
Maximum Volumes = 4
Maximum Volume Jobs = 7
Maximum Volume Bytes = 1G # Limit Volume size to something reasonable
Label Format = "F11_HoursIncre-" # Auto label
}
Bacula-fd.conf (server)
Name = Bacula_F13-fd
FDport = 9102
WorkingDirectory = /var/db/bacula
Pid Directory = /var/run
Maximum Concurrent Jobs = 20
Plugin Directory = /usr/local/lib
FDAddress = 10.7.0.139
CommCompression = no
TLS Enable = no
TLS Require = no
}
Messages {
Name = Standard
director = bacula0-dir = all, !skipped, !restored, !saved
}
Bacula-fd.conf (client)
Name = bacula0-dir
Password = "client_Bacula_F13"
TLS Enable = no
TLS Require = no
TLS Verify Peer = no
}
FileDaemon { # this is me
Name = Bacula_F13-fd
FDport = 9102 # where we listen for the director
WorkingDirectory = /var/db/bacula
Pid Directory = /var/run
Maximum Concurrent Jobs = 20
Plugin Directory = /usr/local/lib
FDAddress = 10.7.0.139
CommCompression = no
TLS Enable = no
TLS Require = no
}
# Send all messages except skipped files back to Director
Messages {
Name = Standard
director = bacula0-dir = all, !skipped, !restored, !saved
}