Mr Zesty's BrainDump

User Tools

Site Tools

Trace:
bacula

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

bacula [2016/01/06 20:09]
127.0.0.1 external edit 		bacula [2020/02/13 22:55]
Line 1: Line 1:
- 
-====== Bacula ====== 
-<toc><ul><li><link topicref="2">Download/Compile (SUSE)</link></li><li><link topicref="3">Download/Compile (Debian)</link></li><li><link topicref="4">Generate certificates</link></li><li><link topicref="5">Add relevant sections to the .conf files</link></li></ul></toc> 
-If RPM's are not available for your version, then rebuild for your Linux version. 
- 
-<code> 
-rpmbuild --rebuild --define 'build_su9 1' --define 'build_mysql5 1' bacula-2.0.2-1.src.rpm 
-</code> 
-Version 1.38.0 of bacula supports SSL/TLS when compiled from source, but the available RPMS were not built with SSL/TLS support. 
- 
-====== Download/Compile (SUSE) ====== 
-I installed the available RPM first so I could replace the binaries with SSL-enabled ones. 
- 
-I downloaded the source package for 1.38.x (tar.gz) and did a configure with SSL and the options I found in the .spec file of the SRC rpm: 
-<p><strong>Server:</strong></p> 
-<code> 
-./configure \ 
-        --prefix=/usr \ 
-        --sbindir=/usr/sbin \ 
-        --sysconfdir=/etc/bacula \ 
-        --with-scriptdir=/etc/bacula \ 
-        --enable-smartalloc \ 
-        --with-openssl \ 
-        --with-sqlite \ 
-        --with-working-dir=/var/bacula \ 
-        --with-pid-dir=/var/run \ 
-        --with-subsys-dir=/var/lock/subsys \ 
-        --with-dir-user=bacula \ 
-        --with-dir-group=bacula \ 
-        --with-sd-user=bacula \ 
-        --with-sd-group=disk \ 
-        --with-fd-user=root \ 
-        --with-fd-group=bacula \ 
-        --with-readline 
-</code> 
-<strong>Client (fd):</strong> 
- 
-<code> 
-./configure \ 
-        --prefix=/usr \ 
-        --sbindir=/usr/sbin \ 
-        --sysconfdir=/etc/bacula \ 
-        --with-scriptdir=/etc/bacula \ 
-        --enable-smartalloc \ 
-        --with-openssl \ 
-        --enable-client-only \ 
-        --with-working-dir=/var/bacula \ 
-        --with-pid-dir=/var/run \ 
-        --with-subsys-dir=/var/lock/subsys 
-</code> 
-and installed the binaries over top of the RPM ones: 
- 
-<code> 
-make -j6 
- 
-make -C src/dird/ install 
-make -C src/console/ install 
-make -C src/filed/ install 
-make -C src/stored/ install 
-</code> 
-====== Download/Compile (Debian) ====== 
-This is a complete source installation, not replacing existing packages (since there are none for 1.38 yet) 
- 
-<code> 
-apt-get install mysql-server libmysqlclient15-dev libssl-dev libreadline5-dev 
- 
-/usr/sbin/groupadd -g 90 bacula 
-/usr/sbin/useradd -c 'Bacula' -d /var/lib/bacula -m -k /dev/null -g bacula -u 90 -s /bin/bash bacula 
- 
-./configure \ 
-        --prefix=/usr \ 
-        --sbindir=/usr/sbin \ 
-        --sysconfdir=/etc/bacula \ 
-        --with-scriptdir=/etc/bacula \ 
-        --enable-smartalloc \ 
-        --with-openssl \ 
-        --with-mysql \ 
-        --with-working-dir=/var/lib/bacula \ 
-        --with-pid-dir=/var/run \ 
-        --with-subsys-dir=/var/lock \ 
-        --with-dir-user=bacula \ 
-        --with-dir-group=bacula \ 
-        --with-sd-user=bacula \ 
-        --with-sd-group=bacula \ 
-        --with-fd-user=root \ 
-        --with-fd-group=bacula \ 
-        --with-readline 
-make -j6 && make install 
- 
-cd /etc/init.d/ && ln -s /etc/bacula/bacula . && /usr/sbin/update-rc.d bacula defaults 
-</code> 
-====== Generate certificates ====== 
-<code> 
-cd /etc/bacula 
-</code> 
-The first time, generate a new CA certificate for signing 
- 
-<code> 
-sed -i 's/365'/3650'/' /usr/lib/ssl/misc/CA.pl 
-/usr/lib/ssl/misc/CA.pl -newca 
-</code> 
-Generate a CSR signing request, and then sign it.  The challenge password can be empty, but be sure the Common Name matches the DNS name you will use to connect to the remote bacula-fd server! 
- 
-<code> 
-/usr/lib/ssl/misc/CA.pl -newreq-nodes 
-SSLEAY_CONFIG='-days 3650' /usr/lib/ssl/misc/CA.pl -sign 
- 
-mv newkey.pem bacula-<client>.key  -OR-  head -15 newreq.pem > bacula-<client>.key 
-mv newcert.pem bacula-<client>.crt 
-</code> 
-copy (scp) <tt>bacula-<client>.key</tt> <tt>bacula-<client>.crt</tt> and <tt>cacert.pem</tt> to the FD client machine and change ownership/permissions. 
- 
-<code> 
-chmod 640 bacula-<client>.* cacert.pem 
-chgrp bacula bacula-<client>.* cacert.pem 
-</code> 
-====== Add relevant sections to the .conf files ====== 
-<tt>/etc/bacula/bacula-dir.conf</tt> 
- 
-<code> 
-Director { 
-  ... 
-  # console --> director server 
-  TLS Enable = yes 
-  TLS Require = yes 
-  TLS Verify Peer = yes 
-  TLS Key = /etc/bacula/bacula-<client>.key 
-  TLS Certificate = /etc/bacula/bacula-<client>.crt 
-  TLS CA Certificate File = /etc/bacula/demoCA/cacert.pem 
-} 
- 
-Client { 
-  ... 
-  # director --> file daemon client 
-  TLS Enable = yes 
-  TLS Require = yes 
-  TLS Key = /etc/bacula/bacula.key 
-  TLS Certificate = /etc/bacula/bacula.crt 
-  TLS CA Certificate File = /etc/bacula/demoCA/cacert.pem 
-} 
- 
-Storage { 
-  ... 
-  # director --> storage daemon client 
-  TLS Enable = yes 
-  TLS Require = yes 
-  TLS Key = /etc/bacula/bacula.key 
-  TLS Certificate = /etc/bacula/bacula.crt 
-  TLS CA Certificate File = /etc/bacula/demoCA/cacert.pem 
-} 
-</code> 
-<tt>/etc/bacula/bacula-fd.conf</tt> 
- 
-<code> 
-Director { 
-  ... 
-  # director --> filedaemon server 
-  TLS Enable = yes 
-  TLS Require = yes 
-  TLS Verify Peer = yes 
-  TLS Key = /etc/bacula/bacula.key 
-  TLS Certificate = /etc/bacula/bacula.crt 
-  TLS CA Certificate File = /etc/bacula/cacert.pem 
-} 
- 
-FileDaemon { 
-  ... 
-  # file daemon --> storage daemon client 
-  TLS Enable = yes 
-  TLS Require = yes 
-  TLS Key = /etc/bacula/bacula-<client>.key 
-  TLS Certificate = /etc/bacula/bacula-<client>.crt 
-  TLS CA Certificate File = /etc/bacula/cacert.pem 
-} 
-</code> 
-<tt>/etc/bacula/bacula-sd.conf</tt> 
- 
-<code> 
-Storage { 
-  ... 
-  # file daemon --> storage daemon server 
-  TLS Enable = yes 
-  TLS Require = yes 
-  TLS Verify Peer = yes 
-  TLS Key = /etc/bacula/bacula.key 
-  TLS Certificate = /etc/bacula/bacula.crt 
-  TLS CA Certificate File = /etc/bacula/cacert.pem 
-} 
- 
-Director { 
-  ... 
-  # director --> storage daemon server 
-  TLS Enable = yes 
-  TLS Require = yes 
-  TLS Verify Peer = yes 
-  TLS Key = /etc/bacula/bacula.key 
-  TLS Certificate = /etc/bacula/bacula.crt 
-  TLS CA Certificate File = /etc/bacula/cacert.pem 
-} 
-</code> 
-<tt>/etc/bacula/bconsole.conf</tt> 
- 
-<code> 
-Director { 
-  ... 
-  # bconsole --> director client 
-  TLS Enable = yes 
-  TLS Require = yes 
-  TLS Key = /etc/bacula/bacula.key 
-  TLS Certificate = /etc/bacula/bacula.crt 
-  TLS CA Certificate File = /etc/bacula/demoCA/cacert.pem 
-} 
-</code> 
  
bacula.txt ยท Last modified: 2020/02/13 22:55 (external edit)

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Noncommercial-Share Alike 4.0 International
CC Attribution-Noncommercial-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki
free spam filter