From: martingerdes <bac...@ba...> - 2013-01-29 16:13:28
|
Hi List! I am trying to restore an encrypted backup using a grml live cd. The backuped up system as well as the system the director is running on are running debian squeeze, meaning bacula version 5.0.2 grml contains bacula-fd 5.0.3, so after I started having problems I replaced it with the version from debian squeeze (It does not appear to make any difference whether I use bacula-fd 5.0.2 or 5.0.3 - I get precisely the same error messages either way). I have configured bacula-fd on the live system exactly the same way bacula-fd is configured on the backed up system. Here is /etc/bacula/bacula-fd.conf: # Bacula File Daemon Configuration file Director { Name = backupServer-dir Password = "<password>" } FileDaemon { Name = bacula-fd #connections from FDAddress = 0.0.0.0 FDPort = 9102 # where we listen for the director #scratch space WorkingDirectory = /var/lib/bacula Pid Directory = /var/run/bacula Maximum Concurrent Jobs = 20 #Encryption PKI Signatures = Yes PKI Encryption = Yes PKI Keypair = "/etc/bacula/server.pem" PKI Master Key = "/etc/bacula/master.cert" } # Send all messages except skipped files back to Director Messages { Name = Standard director = backupServer-dir = all, !skipped, !restored append = '/var/log/bacula/bacula-fd.log' = all, !skipped } This configuration works flawlessly on the source server - The director is able to back the system up, and to restore files. However, starting bacula-fd with this configuration on the grml live cd gives the following error: Starting Bacula File daemon...:29-Jan 15:32 bacula-fd: Fatal Error at filed.c:490 because: Failed to load master key certificate from file '/etc/bacula/master.cert' for File daemon "bacula-fd" in /etc/bacula/bacula-fd.conf. 29-Jan 15:32 bacula-fd: ERROR in filed.c:222 Please correct configuration file: /etc/bacula/bacula-fd.conf Orphaned buffer: bacula-fd 24 bytes buf=fca3f8 allocated at crypto.c:377 failed! which doesn't tell us much. /var/log/syslog contains something more interesting though: 2013-01-29T15:32:41.776885+01:00 grml bacula-fd: openssl.c:86 Unable to open certificate file: ERR=error:02001002:system library:fopen:No such file or directory 2013-01-29T15:32:41.776926+01:00 grml bacula-fd: openssl.c:86 Unable to open certificate file: ERR=error:2006D080:BIO routines:BIO_new_file:no such file The big question is though: WHICH file is it trying to open?? I have also tried downgrading openssl from 1.0.1c-1 (grml live cd) to 0.9.8o-4squeeze13 (version contained in squeeze). Did not make a difference. Experimentally I have tried commenting the line 'PKI Master Key = "/etc/bacula/master.cert"' out, which lets bacula-fd start. However, the director then complains "Passwords or names not the same or Maximum Concurrent Jobs exceeded on the FD or FD networking messed up (restart daemon)." when I try to restore something, so that does not really help either. Interestingly, I don't see what the client tries to tell me at that point (running bacula-fd without master.cert). When I try to restore something, the following entry appears in /var/log/syslog: "Message delivery ERROR: fopen '/var/log/bacula/bacula-fd.log' failed: ERR=No such file or directory". In light of the fact that bacula-fd is running as root and /var/log/bacula/bacula-fd.log is world-writable (and world rx permissions are set for /var/log/bacula) I have no freaking idea where that message is coming from. Not that I really need to resolve that mystery, but it sure would help debugging... Does anyone have an idea what might be going on here? I have tried googling the various error messages without any success what so ever. +---------------------------------------------------------------------- |This was sent by mar...@ds... via Backup Central. |Forward SPAM to ab...@ba.... +---------------------------------------------------------------------- |
From: Josh F. <jf...@pv...> - 2013-01-29 17:50:49
|
On 1/29/2013 10:01 AM, martingerdes wrote: > Hi List! > ... > Starting Bacula File daemon...:29-Jan 15:32 bacula-fd: Fatal Error at filed.c:490 because: > Failed to load master key certificate from file '/etc/bacula/master.cert' for File daemon "bacula-fd" in /etc/bacula/bacula-fd.conf. > 29-Jan 15:32 bacula-fd: ERROR in filed.c:222 Please correct configuration file: /etc/bacula/bacula-fd.conf > Orphaned buffer: bacula-fd 24 bytes buf=fca3f8 allocated at crypto.c:377 > failed! > > which doesn't tell us much. /var/log/syslog contains something more interesting though: > 2013-01-29T15:32:41.776885+01:00 grml bacula-fd: openssl.c:86 Unable to open certificate file: ERR=error:02001002:system library:fopen:No such file or directory > 2013-01-29T15:32:41.776926+01:00 grml bacula-fd: openssl.c:86 Unable to open certificate file: ERR=error:2006D080:BIO routines:BIO_new_file:no such file > > The big question is though: WHICH file is it trying to open?? > I have also tried downgrading openssl from 1.0.1c-1 (grml live cd) to 0.9.8o-4squeeze13 (version contained in squeeze). Did not make a difference. SELinux? Typo in file path? > > Experimentally I have tried commenting the line 'PKI Master Key = "/etc/bacula/master.cert"' out, which lets bacula-fd start. However, the director then complains "Passwords or names not the same or Maximum Concurrent Jobs exceeded on the FD or FD networking messed up (restart daemon)." when I try to restore something, so that does not really help either. > Interestingly, I don't see what the client tries to tell me at that point (running bacula-fd without master.cert). When I try to restore something, the following entry appears in /var/log/syslog: "Message delivery ERROR: fopen '/var/log/bacula/bacula-fd.log' failed: ERR=No such file or directory". In light of the fact that bacula-fd is running as root and /var/log/bacula/bacula-fd.log is world-writable (and world rx permissions are set for /var/log/bacula) I have no freaking idea where that message is coming from. Not that I really need to resolve that mystery, but it sure would help debugging... > > Does anyone have an idea what might be going on here? I have tried googling the various error messages without any success what so ever. |
From: Martin S. <ma...@li...> - 2013-01-29 18:50:38
|
>>>>> On Tue, 29 Jan 2013 07:01:58 -0800, martingerdes said: > > Hi List! > I am trying to restore an encrypted backup using a grml live cd. > The backuped up system as well as the system the director is running on are running debian squeeze, meaning bacula version 5.0.2 > grml contains bacula-fd 5.0.3, so after I started having problems I replaced it with the version from debian squeeze (It does not appear to make any difference whether I use bacula-fd 5.0.2 or 5.0.3 - I get precisely the same error messages either way). > > I have configured bacula-fd on the live system exactly the same way bacula-fd is configured on the backed up system. Here is /etc/bacula/bacula-fd.conf: > # Bacula File Daemon Configuration file > > Director { > Name = backupServer-dir > Password = "<password>" > } > > FileDaemon { > Name = bacula-fd > #connections from > FDAddress = 0.0.0.0 > FDPort = 9102 # where we listen for the director > #scratch space > WorkingDirectory = /var/lib/bacula > Pid Directory = /var/run/bacula > Maximum Concurrent Jobs = 20 > #Encryption > PKI Signatures = Yes > PKI Encryption = Yes > PKI Keypair = "/etc/bacula/server.pem" > PKI Master Key = "/etc/bacula/master.cert" > } > > # Send all messages except skipped files back to Director > Messages { > Name = Standard > director = backupServer-dir = all, !skipped, !restored > append = '/var/log/bacula/bacula-fd.log' = all, !skipped > } > > This configuration works flawlessly on the source server - The director is able to back the system up, and to restore files. > However, starting bacula-fd with this configuration on the grml live cd gives the following error: > > Starting Bacula File daemon...:29-Jan 15:32 bacula-fd: Fatal Error at filed.c:490 because: > Failed to load master key certificate from file '/etc/bacula/master.cert' for File daemon "bacula-fd" in /etc/bacula/bacula-fd.conf. > 29-Jan 15:32 bacula-fd: ERROR in filed.c:222 Please correct configuration file: /etc/bacula/bacula-fd.conf > Orphaned buffer: bacula-fd 24 bytes buf=fca3f8 allocated at crypto.c:377 > failed! > > which doesn't tell us much. /var/log/syslog contains something more interesting though: > 2013-01-29T15:32:41.776885+01:00 grml bacula-fd: openssl.c:86 Unable to open certificate file: ERR=error:02001002:system library:fopen:No such file or directory > 2013-01-29T15:32:41.776926+01:00 grml bacula-fd: openssl.c:86 Unable to open certificate file: ERR=error:2006D080:BIO routines:BIO_new_file:no such file > > The big question is though: WHICH file is it trying to open?? Almost certainly /etc/bacula/master.cert. You could check it by running under strace: strace -f -o /tmp/strace.log bacula-fd ...usual command line args... __Martin |