I'm using TLS and encryption for some sensitive backup clients. I'm running
Bacula 9.0.6 on the Director, Storage and Clients, all running CentOS 7.5. I
just tried to restore some files from a server called portal02-px to a server
called portal01-px but it failed due to a missing private key:
24-Mar 11:53 bacdirector01-lv.internal.shutterfly.com-dir JobId 143929: Start
Restore Job RestoreFiles.2021-03-24_11.53.28_40
24-Mar 11:53 bacdirector01-lv.internal.shutterfly.com-dir JobId 143929: Using
Device "FileChgr1-Dev1" to read.
24-Mar 11:53 bacmedia02-px.internal.shutterfly.com-sd JobId 143929: Ready to
read from volume "tempe2-weekly-127" on File device "FileChgr1-Dev1" (/data).
24-Mar 11:53 bacmedia02-px.internal.shutterfly.com-sd JobId 143929: Forward
spacing Volume "tempe2-weekly-127" to addr=2003871821
24-Mar 11:53 bacmedia02-px.internal.shutterfly.com-sd JobId 143929: Elapsed
time=00:00:02, Transfer rate=4.821 K Bytes/second
24-Mar 11:53 portal01-px.internal.shutterfly.com-fd JobId 143929: Error:
Missing private key required to decrypt encrypted backup data.
24-Mar 11:53 portal01-px.internal.shutterfly.com-fd JobId 143929: Error:
Missing private key required to decrypt encrypted backup data.
24-Mar 11:53 portal01-px.internal.shutterfly.com-fd JobId 143929: Error:
Missing private key required to decrypt encrypted backup data.
24-Mar 11:53 portal01-px.internal.shutterfly.com-fd JobId 143929: Error:
Missing private key required to decrypt encrypted backup data.
24-Mar 11:53 portal01-px.internal.shutterfly.com-fd JobId 143929: Error:
Missing private key required to decrypt encrypted backup data.
24-Mar 11:53 portal01-px.internal.shutterfly.com-fd JobId 143929: Error:
Missing private key required to decrypt encrypted backup data.
24-Mar 11:53 bacdirector01-lv.internal.shutterfly.com-dir JobId 143929: Error:
Bacula bacdirector01-lv.internal.shutterfly.com-dir 9.0.6 (20Nov17):
Build OS: x86_64-pc-linux-gnu redhat (Core)
JobId: 143929
Job: RestoreFiles.2021-03-24_11.53.28_40
Restore Client: portal01-px-fd
Start time: 24-Mar-2021 11:53:30
End time: 24-Mar-2021 11:53:33
Files Expected: 6
Files Restored: 6
Bytes Restored: 0
Rate: 0.0 KB/s
FD Errors: 6
FD termination status: Error
SD termination status: OK
Termination: *** Restore Error ***
So, it seems that the way I have things configured, I can only restore to the
same host (I was able to do that successfully).
Here are the File Daemon sections of those two servers:
FileDaemon { # this is me
Name = portal02-px.internal.shutterfly.com-fd
FDport = 9102 # where we listen for the director
WorkingDirectory = /var/bacula
Pid Directory = /var/run
Maximum Concurrent Jobs = 20
Plugin Directory = /usr/lib64
TLS Enable = yes
TLS Require = yes
TLS CA Certificate File = /etc/bacula/cacert.pem
TLS Certificate = /etc/bacula/portal02-px.crt
TLS Key = /etc/bacula/portal02-px-daemon.key
PKI Encryption = Yes # Enable Data Encryption
PKI Signatures = Yes # Enable Data Signing
PKI Keypair = /etc/bacula/portal02-px.pem # Public and Private Keys
PKI Master Key = /etc/bacula/bacdirector01-lv.crt # ONLY the Public Key
}
FileDaemon { # this is me
Name = portal01-px.internal.shutterfly.com-fd
FDport = 9102 # where we listen for the director
WorkingDirectory = /opt/bacula/working
Pid Directory = /var/run
Maximum Concurrent Jobs = 20
Plugin Directory = /usr/lib64
TLS Enable = yes
TLS Require = yes
TLS CA Certificate File = /etc/bacula/cacert.pem
TLS Certificate = /etc/bacula/portal01-px.crt
TLS Key = /etc/bacula/portal01-px-daemon.key
PKI Encryption = Yes # Enable Data Encryption
PKI Signatures = Yes # Enable Data Signing
PKI Keypair = /etc/bacula/portal01-px.pem # Public and Private Keys
PKI Master Key = /etc/bacula/bacdirector01-lv.crt # ONLY the Public Key
}
What do I need to do in order to be able to restore from one server to the
other? Do I need to copy the private key from portal02-px to portal01-px and
update bacula-fd.conf on them as well? If so, what would I put in
bacula-fd.conf?
Thanks!
--Shawn
_______________________________________________
Bacula-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/bacula-users
