Failed to initialize TLS context for Director, Storage, etc => how do I configure TLS support ?
Tilman Glotzner
I have just installed ubuntu 16.04.
A) As there is no released package available, I tried the experimental nightly build. That did not work, I am getting an error message:
bareos-dir ABORTING due to ERROR
Unable to load any shared library for libbareoscats-mysql.so
B) I then compiled 15.2.4 from source.
Given that TLS Enable = yes and TLS Require = no in the configuration file, I am getting an error message:
4-Aug 11:03 bareos-dir JobId 0: Fatal error: Failed to initialize TLS context for Director "bareos-dir" in /etc/bareos/bareos-dir.conf
If I set TLS Enable = yes and TLS Require = yes, I get the error message:
14-Aug 11:06 bareos-dir JobId 0: Fatal error: TLS required but not configured in BAREOS.
I then checked the configure log in config.out. Openssl is not configured to be supported. I installed gnu-tls, but the state for gnu-tls seems not to be defined (as it is blank in configure log). I would guess the error messages try to tell me that I need to compile TLS support into baroes. What options do I need to add to the configure script to get tls support ?
Many thanks
Tilman
============
Configuration on Sun Aug 14 10:44:10 CEST 2016:
Host: i686-pc-linux-gnu -- ubuntu Ubuntu 16.04.1 LTS
Bareos version: Bareos 15.2.4 (09 June 2016)
Distribution: ubuntu
Source code location: .
Modify package list:
Install binaries: /bin
Install system binaries: /sbin
Install libraries: /usr/lib
Install system config files: /etc
Install Bareos config files: /etc/bareos/
Scripts directory: /etc/bareos/
Archive directory: /tmp
Working directory: /var/bareos/working
PID directory: /var/run
Subsys directory: /var/lock/subsys
Man directory: ${datarootdir}/man
Data directory: /usr/share
Backend directory: /usr/lib
Plugin directory: /usr/lib
C Compiler: gcc 5.4.0-6ubuntu1~16.04.2)
C++ Compiler: /usr/bin/g++ 5.4.0-6ubuntu1~16.04.2)
Compiler flags: -g -O2 -Wall -fno-strict-aliasing -fno-exceptions
Linker flags:
Libraries: -lpthread -ldl -ldl
Statically Linked Tools: no
Statically Linked FD: no
Statically Linked SD: no
Statically Linked DIR: no
Statically Linked CONS: no
Database backends: MySQL
Database port:
Database name: bareos
Database user: bareos
Database version: 2004
Job Output Email: root@localhost
Traceback Email: root@localhost
SMTP Host Address: localhost
Director Port: 9101
File daemon Port: 9102
Storage daemon Port: 9103
Director User:
Director Group:
Storage Daemon User:
Storage DaemonGroup:
File Daemon User:
File Daemon Group:
Large file support: yes
Bareos conio support: no
readline support: no
TCP Wrappers support: no
TLS support: no
Encryption support: no
OpenSSL support: no
GNUTLS support:
ZLIB support: yes
LZO support: no
FASTLZ support: no
JANSSON support: no
LMDB support: no
NDMP support: yes
enable-smartalloc: yes
enable-lockmgr: no
bat support: no
tray-monitor support: no
client-only: no
build-dird: yes
build-stored: yes
Plugin support: yes
AFS support: no
ACL support: no
XATTR support: yes
SCSI Crypto support: no
GLUSTERFS support: no
DROPLET support: no
CEPH RADOS support: no
RADOS striping support: no
CEPHFS support: no
ELASTO support: no
Python support: no
systemd support: yes /lib/systemd/system
Batch insert enabled: MySQL
cmocka support: no
Bruno Friedmann
> You received this message because you are subscribed to the Google Groups "bareos-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to bareos-users...@googlegroups.com.
> To post to this group, send email to bareos...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
>
Tilman Glotzner
On Sunday, August 14, 2016 at 12:20:19 PM UTC+2, Bruno Friedmann wrote:
> If I remember correctly bareos need to be compiled with openssl . Not sure it could work with gnu-tls.
>
I thought it just that. To configure, I used the following options (in the directory of the untgz'ed tarball of bareos):
./configure --with-mysql --with-openssl --with-gnutls --with-confdir=/etc/bareos/ --enable-ndmp --with-lzo
The log "configure.out" says however that neither tls nor openssl are to be supported.
Many Thanks
Tilman
Bruno Friedmann
Let's hope you will get more anwser after this long sunny summer week-end.
;)
Also forgive my top posting due to my phone.
Jörg Steffens
Am 14.08.2016 um 11:16 schrieb 'Tilman Glotzner' via bareos-users:
> I have just installed ubuntu 16.04.
>
> A) As there is no released package available, I tried the experimental nightly build. That did not work, I am getting an error message:
> bareos-dir ABORTING due to ERROR
> Unable to load any shared library for libbareoscats-mysql.so
for all distributions before publishing. It tests installation with the
different backends and some basic backup jobs. Bareos nightly (master)
does work on Ubuntu 16.04 and MySQL backend.
I checked our test environment.
Did you install the bareos mysql backend package bareos-database-mysql ?
Our test uses the default mysql-server (= mysql-server-5.5) package.
(As a side note: bareos-14.2.6 is included in Ubuntu universe.)
> B) I then compiled 15.2.4 from source.
> Given that TLS Enable = yes and TLS Require = no in the configuration file, I am getting an error message:
> 4-Aug 11:03 bareos-dir JobId 0: Fatal error: Failed to initialize TLS context for Director "bareos-dir" in /etc/bareos/bareos-dir.conf
>
> If I set TLS Enable = yes and TLS Require = yes, I get the error message:
> 14-Aug 11:06 bareos-dir JobId 0: Fatal error: TLS required but not configured in BAREOS.
>
> I then checked the configure log in config.out. Openssl is not configured to be supported. I installed gnu-tls, but the state for gnu-tls seems not to be defined (as it is blank in configure log). I would guess the error messages try to tell me that I need to compile TLS support into baroes. What options do I need to add to the configure script to get tls support ?
better approach you recompile the Debian source package and adapt it to
your needs, instead of doing in manually. Because then it also tells
you, what package it requires at compile time (see debian/control.in).
Have libssl-dev been installed during compiling?
The Bareos packages included in Debian.org and therefore Ubuntu.com do
you gnutls instead of openssl. See doc.bareos.com to read about the
limitation of this approach.
regards,
Jörg
--
Jörg Steffens joerg.s...@bareos.com
Bareos GmbH & Co. KG Phone: +49 221 630693-91
http://www.bareos.com Fax: +49 221 630693-10
Sitz der Gesellschaft: Köln | Amtsgericht Köln: HRA 29646
Komplementär: Bareos Verwaltungs-GmbH
Geschäftsführer:
S. Dühr, M. Außendorf, Jörg Steffens, P. Storz, M. v. Wieringen
Tilman Glotzner
many thanks for your response.
> > A) As there is no released package available, I tried the experimental nightly build.
> I checked our test environment.
> Did you install the bareos mysql backend package bareos-database-mysql ?
I think I did.
> Our test uses the default mysql-server (= mysql-server-5.5) package.
I have mysql 5.7.13
> (As a side note: bareos-14.2.6 is included in Ubuntu universe.)
The bareos version that is incorporated in 16.04 had an problem with
finding the renamed libmysqlclient_r. The installed version might very well have been 14.2.6
>
> > B) I then compiled 15.2.4 from source.
> You see the options we use in the debian/rules file. It might be a
> better approach you recompile the Debian source package and adapt it to
> your needs, instead of doing in manually. Because then it also tells
> you, what package it requires at compile time (see debian/control.in).
I thought about it as well -- there are procedures to convert and install an rpm-Package in ubuntu.
> Have libssl-dev been installed during compiling?
Apparently I did not. I installed it, and reconfigured and recompiled. That worked. fd and sd can be started. dir makes troubles.
>
This brings me to my next questions:
- make install does not install scripts. Can I install those as as well via make on the command line?
- I need to update the existing bareos database. Any advise on what needs to done after installation and update ? Here my attempt:
/bareos-Release-15.2.4# /home/tilman/bareos-Release-15.2.4/src/cats/update_bareos_tables -u root -p
Updating mysql tables
Enter password:
Upgrading database schema from version 2003 to 2004
Enter password:
ERROR 1067 (42000) at line 2: Invalid default value for 'CreateTime'
Failed to upgrade database schema from version 2003 to 2004
Many thanks
Tilman
Tilman Glotzner
I was able to fix it by running the following sql command on the bareos database using mysql:
ALTER TABLE `FileSet` MODIFY COLUMN `CreateTime` TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP;
For an explanation why this is needed please refer to this posting:
https://stackoverflow.com/questions/35911633/adding-a-column-requires-a-default-value-for-another-column
Running "update_bareos_tables mysql -u root -p" then does the update of the database.
Tilman
Tilman Glotzner
> Udate for "Upgrading baroes database":
Well, the fix was only a partial one -- there are apparently more issues in the definition of the database tables. I tried to run a backup job which results in this error message:
JobId 0: Fatal error: sql_create.c:98 Create DB Job record INSERT INTO Job (Job,Name,Type,Level,JobStatus,SchedTime,JobTDate,ClientId,Comment) VALUES ('BackupTgvs2ToDisk.2016-08-16_23.53.02_14','BackupTgvs2ToDisk','B','F','C','2016-08-16 23:53:00',1471384380,7,'') failed. ERR=Incorrect datetime value: '0000-00-00 00:00:00'
The root cause seems to be identical with that of my last posting, i.e. the default value for the column is invalid. I tried alter the column definition. Now, I am in a dead lock situation however:
mysql> ALTER TABLE `Job` MODIFY COLUMN `StartTime` TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP;
ERROR 1067 (42000): Invalid default value for 'SchedTime'
mysql> ALTER TABLE `Job` MODIFY COLUMN `SchedTime` TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP;
ERROR 1067 (42000): Invalid default value for 'StartTime'
And there is another issue with bconsole: The word completion using the tab key and CTRL-R for reverse search no longer works.
Help is appreciated...
Thanks
Tilman
Tilman Glotzner
The deadlock I could overcome by removing NO_ZERO_DATE and NO_ZERO_IN_DATE in the sql_mode variable -- probably this will not be really sustainable as NO_ZERO_DATE and NO_ZERO_IN_DATE are depreciated and will become part of the strict mode in future release of mysql. For now it seems to work however:
1) To see the current setting of the sql_mode variable:
SELECT @@GLOBAL.sql_mode;
In my case, this is:
'ONLY_FULL_GROUP_BY,STRICT_TRANS_TABLES,NO_ZERO_DATE, NO_ZERO_IN_DATE,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION'
2) then I set the variable new, but without NO_ZERO_DATE and NO_ZERO_IN_DATE
SET GLOBAL sql_mode=
'ONLY_FULL_GROUP_BY,STRICT_TRANS_TABLES,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION';
Regards
Tilman