Bareos 18.2 keeps dying
Dakota Pilot
I do not run TLS and did not have the Enable and Require entries inj my /etc/bareos/bareos-dir.d/director/bareos-dir.conf.
I noticed one of my clients stopped backing up. A systemctl -l bareos-dir showed errors about not being able to write to /var/log/bareos logfile. I've checked passwords for the director on both systems and they are good. I have another system that backs up but if I run status client=workingsystem in bconsole I get the errors below in the log (they show up with the bad client, too). and then I get kicked out of bconsole. systemctl status bareos-dir shows these messages but bareos-dir is still running.
Jun 14 12:59:47 srv-1-bkup1a.corp.l1049h.net systemd[1]: Starting Bareos Director Daemon service...
Jun 14 12:59:49 srv-1-bkup1a.corp.l1049h.net systemd[1]: Started Bareos Director Daemon service.
Jun 14 12:59:50 srv-1-bkup1a.corp.l1049h.net bareos-dir[6862]: Connected Storage daemon at srv-1-bkup1a.corp.l1049h.net:9103, encryption: PSK-AES256-CBC-SHA
Jun 14 13:00:43 srv-1-bkup1a.corp.l1049h.net bareos-dir[6862]: Connected Client: ranger at ranger:9102, encryption: None
Jun 14 13:00:43 srv-1-bkup1a.corp.l1049h.net bareos-dir[6862]: TLS read/write failure.: ERR=error:140E0197:SSL routines:SSL_shutdown:shutdown while in init
I'm at a loss to explain why it suddenly stopped working. Any ideas would be appreciated.
Frank Ueberschar
daemon configurations that should talk cleartext, not only the director.
Explained here:
https://docs.bareos.org/TasksAndConcepts/TransportEncryption.html#tls-configuration-reference.
If you are using a system where all compontents are from Bareos 18.2 and
above we do not recommend to disable TLS.
Am 14.06.19 um 19:14 schrieb Dakota Pilot:
Mit freundlichen Grüßen
Frank Ueberschar frank.ue...@bareos.com
Bareos GmbH & Co. KG Phone: +49 221 63 06 93-88
http://www.bareos.com Fax: +49 221 63 06 93-10
Sitz der Gesellschaft: Köln | Amtsgericht Köln: HRA 29646
Geschäftsführer: Stephan Dühr, M. Außendorf, J. Steffens, P. Storz
Dakota Pilot
I just did it in the director daemon. So I need to do it in all daemons on the server then - director, file, storage. This reference, https://docs.bareos.org/TasksAndConcepts/TransportEncryption.html#tls-configuration-directives, lists where to put the TLS options.
At some point I'll enable TLS but for now while testing I'm leaving it off.
Frank Ueberschar
the network messages in cleartext or you have critical performance
issues. Everything will work out of the box with TLS-PSK.
If you really don't want TLS at all you have to adapt all the configs
mentioned in the documentation before, including the console, director,
storage and all clients.
Am 17.06.19 um 16:58 schrieb Dakota Pilot:
> Thank you.
>
> I just did it in the director daemon. So I need to do it in all daemons on the server then - director, file, storage. I assume I put it in the bareos-dir.conf, the bareos-fd.d/director/bareos-dir.conf and the same for storage?
>
> Do I also need to put the TLS Enable = no in the clients? I assume not as one of the clients (Windows 10) works fine without me setting anything up.
> At some point I'll enable TLS but for now while testing I'm leaving it off.
>
Dakota Pilot
Doesn't TLS need certs and I haven't created any or does Bareos create it's own?
Thanks.
Frank Ueberschar
need for certificates. The most common problem is wrong
identity/password in the resources. They have to match.
Am 17.06.19 um 21:42 schrieb Dakota Pilot:
Dakota Pilot
Thanks for the help.
aeron...@gmail.com
Also with the MacOS version work on an IPAD.
I see there are versions for 17 in the repositories.
Thanks
Bruce