Hi Stefan,
the underlying problem is that the way we're using libpq is apparently
not 100% thread-safe when used in conjuction with TLS. Right now we
haven't understood where exactly things break. Maybe it is Bareos' fault
or libpq's or OpenSSL's. Maybe it only happens on with specific versions
of these components.
Sadly, things will work fine for weeks until one of the database
connections fails in really strange ways (i.e. "PGError: lost
synchronization with server" after some strange TLS errors are logged).
This then takes one or more (presumably long-running) backup jobs with
it. In the end, we decided to disable TLS on our end.
Having said that, you can still have a TLS encrypted connection to your
database server using PgBouncer or something like that.
Also, feel free to create a PR that adds a configuration setting to
allow (or even require) TLS on the database connection. We will happily
accept a change like that.
Best Regards,
Andreas
--
Andreas Rogge [email protected]
Bareos GmbH & Co. KG Phone: +49 221-630693-86
http://www.bareos.com
Sitz der Gesellschaft: Köln | Amtsgericht Köln: HRA 29646
Komplementär: Bareos Verwaltungs-GmbH
Geschäftsführer: Stephan Dühr, Jörg Steffens, Philipp Storz
--
You received this message because you are subscribed to the Google Groups
"bareos-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion visit
https://groups.google.com/d/msgid/bareos-users/ade46f8e-1575-46a9-ab7e-86ca654ffcc6%40bareos.com.
