bls problems with encryption
92 views
Skip to first unread message
Douglas K. Rand
Aug 26, 2016, 4:13:59 PM8/26/16
to bareos...@googlegroups.com
I'm testing some disaster recovery scenarios and I'm having problems
with the bls and bextract commands and encrypted LTO tapes.
Running bls results in the tape looking empty except for the header:
% sudo bls -V ND0000 /dev/nsa0
bls: butil.c:271-0 Using device: "/dev/nsa0" for reading.
26-Aug 14:48 bls JobId 0: No slot defined in catalog (slot=0) for Volume
"ND0000" on "lto6-1" (/dev/nsa0).
26-Aug 14:48 bls JobId 0: Cartridge change or "update slots" may be
required.
26-Aug 14:48 bls JobId 0: Ready to read from volume "ND0000" on device
"lto6-1" (/dev/nsa0).
26-Aug 14:49 bls JobId 0: End of Volume at file 1 on device "lto6-1"
(/dev/nsa0), Volume "ND0000"
26-Aug 14:49 bls JobId 0: End of all volumes.
0 files found.
The crypto cache file is up to date and that is where I got the key to
set with bscrypto. And I verified in the debug output of bls that it
reads the crypto cache. And it loads the sd_plugin scsicrypto-sd.
Later on it clears the crypto key before reading the tape label, and
after reading the tape label it loads a new crypto key. The debugging
output for the crypto module when loading the new key doesn't look at
all like the key that I'm setting with bscrypto. The key from
scsicrytpo-sd debug is full of unprintable characters.
But if I turn off Drive Crypto Enabled and Query Crypto Status in the
bareos-sd.conf file and then set the encryption key by hand everything
works fine:
% sudo bscrypto -s /tmp/ND0000.key /dev/nsa0
% sudo bls -V ND0000 /dev/nsa0
bls: butil.c:271-0 Using device: "/dev/nsa0" for reading.
26-Aug 14:51 bls JobId 0: No slot defined in catalog (slot=0) for Volume
"ND0000" on "lto6-1" (/dev/nsa0).
26-Aug 14:51 bls JobId 0: Cartridge change or "update slots" may be
required.
26-Aug 14:51 bls JobId 0: Ready to read from volume "ND0000" on device
"lto6-1" (/dev/nsa0).
bls JobId 1: -rw------- 1 root wheel 9837 2016-05-31
17:56:30 /root/.history
bls JobId 1: -rw-r--r-- 2 root wheel 969 2014-05-22
14:10:45 /root/.cshrc
bls JobId 1: -rw------- 1 root wheel 46 2014-11-05
10:40:19 /root/.lesshst
bls JobId 1: -rw-r--r-- 1 root wheel 152 2014-05-22
14:10:45 /root/.k5login
[...]
This is Bareos 15.2.2 on FreeBSD.
Any thoughts?
with the bls and bextract commands and encrypted LTO tapes.
Running bls results in the tape looking empty except for the header:
% sudo bls -V ND0000 /dev/nsa0
bls: butil.c:271-0 Using device: "/dev/nsa0" for reading.
26-Aug 14:48 bls JobId 0: No slot defined in catalog (slot=0) for Volume
"ND0000" on "lto6-1" (/dev/nsa0).
26-Aug 14:48 bls JobId 0: Cartridge change or "update slots" may be
required.
26-Aug 14:48 bls JobId 0: Ready to read from volume "ND0000" on device
"lto6-1" (/dev/nsa0).
26-Aug 14:49 bls JobId 0: End of Volume at file 1 on device "lto6-1"
(/dev/nsa0), Volume "ND0000"
26-Aug 14:49 bls JobId 0: End of all volumes.
0 files found.
The crypto cache file is up to date and that is where I got the key to
set with bscrypto. And I verified in the debug output of bls that it
reads the crypto cache. And it loads the sd_plugin scsicrypto-sd.
Later on it clears the crypto key before reading the tape label, and
after reading the tape label it loads a new crypto key. The debugging
output for the crypto module when loading the new key doesn't look at
all like the key that I'm setting with bscrypto. The key from
scsicrytpo-sd debug is full of unprintable characters.
But if I turn off Drive Crypto Enabled and Query Crypto Status in the
bareos-sd.conf file and then set the encryption key by hand everything
works fine:
% sudo bscrypto -s /tmp/ND0000.key /dev/nsa0
% sudo bls -V ND0000 /dev/nsa0
bls: butil.c:271-0 Using device: "/dev/nsa0" for reading.
26-Aug 14:51 bls JobId 0: No slot defined in catalog (slot=0) for Volume
"ND0000" on "lto6-1" (/dev/nsa0).
26-Aug 14:51 bls JobId 0: Cartridge change or "update slots" may be
required.
26-Aug 14:51 bls JobId 0: Ready to read from volume "ND0000" on device
"lto6-1" (/dev/nsa0).
bls JobId 1: -rw------- 1 root wheel 9837 2016-05-31
17:56:30 /root/.history
bls JobId 1: -rw-r--r-- 2 root wheel 969 2014-05-22
14:10:45 /root/.cshrc
bls JobId 1: -rw------- 1 root wheel 46 2014-11-05
10:40:19 /root/.lesshst
bls JobId 1: -rw-r--r-- 1 root wheel 152 2014-05-22
14:10:45 /root/.k5login
[...]
This is Bareos 15.2.2 on FreeBSD.
Any thoughts?
Marco van Wieringen
Aug 30, 2016, 1:10:10 PM8/30/16
to bareos...@googlegroups.com
On 08/26/16 10:13 PM, Douglas K. Rand wrote:
> I'm testing some disaster recovery scenarios and I'm having problems
> with the bls and bextract commands and encrypted LTO tapes.
>
> Running bls results in the tape looking empty except for the header:
>
> % sudo bls -V ND0000 /dev/nsa0
> bls: butil.c:271-0 Using device: "/dev/nsa0" for reading.
> 26-Aug 14:48 bls JobId 0: No slot defined in catalog (slot=0) for Volume
> "ND0000" on "lto6-1" (/dev/nsa0).
> 26-Aug 14:48 bls JobId 0: Cartridge change or "update slots" may be
> required.
> 26-Aug 14:48 bls JobId 0: Ready to read from volume "ND0000" on device
> "lto6-1" (/dev/nsa0).
> 26-Aug 14:49 bls JobId 0: End of Volume at file 1 on device "lto6-1"
> (/dev/nsa0), Volume "ND0000"
> 26-Aug 14:49 bls JobId 0: End of all volumes.
> 0 files found.
>
> The crypto cache file is up to date and that is where I got the key to
> set with bscrypto. And I verified in the debug output of bls that it
> reads the crypto cache. And it loads the sd_plugin scsicrypto-sd.
The keys are normally wrapped e.g. encoded even in the crypto cache.
> I'm testing some disaster recovery scenarios and I'm having problems
> with the bls and bextract commands and encrypted LTO tapes.
>
> Running bls results in the tape looking empty except for the header:
>
> % sudo bls -V ND0000 /dev/nsa0
> bls: butil.c:271-0 Using device: "/dev/nsa0" for reading.
> 26-Aug 14:48 bls JobId 0: No slot defined in catalog (slot=0) for Volume
> "ND0000" on "lto6-1" (/dev/nsa0).
> 26-Aug 14:48 bls JobId 0: Cartridge change or "update slots" may be
> required.
> 26-Aug 14:48 bls JobId 0: Ready to read from volume "ND0000" on device
> "lto6-1" (/dev/nsa0).
> 26-Aug 14:49 bls JobId 0: End of Volume at file 1 on device "lto6-1"
> (/dev/nsa0), Volume "ND0000"
> 26-Aug 14:49 bls JobId 0: End of all volumes.
> 0 files found.
>
> The crypto cache file is up to date and that is where I got the key to
> set with bscrypto. And I verified in the debug output of bls that it
> reads the crypto cache. And it loads the sd_plugin scsicrypto-sd.
So you need the -D option of bls
-D <director>
specify a director name specified in the Storage
configuration file for the Key Encryption Key selection
>
> Later on it clears the crypto key before reading the tape label, and
> after reading the tape label it loads a new crypto key. The debugging
> output for the crypto module when loading the new key doesn't look at
> all like the key that I'm setting with bscrypto. The key from
> scsicrytpo-sd debug is full of unprintable characters.
>
--
Marco van Wieringen marco.van...@bareos.com
Bareos GmbH & Co. KG Phone: +49-221-63069389
http://www.bareos.com
Sitz der Gesellschaft: Köln | Amtsgericht Köln: HRA 29646
Komplementär: Bareos Verwaltungs-GmbH
Geschäftsführer: Stephan Dühr, M. Außendorf, J. Steffens,
P. Storz, M. v. Wieringen
Douglas K. Rand
Sep 1, 2016, 12:22:20 PM9/1/16
to bareos...@googlegroups.com
like a charm.
Thanks!
Marco van Wieringen
Sep 1, 2016, 1:03:40 PM9/1/16
to bareos...@googlegroups.com
when I wrote it I for sure knew it worked :-)
John
Aug 19, 2025, 4:57:51 PMAug 19
to bareos-users
For å være sikker på at jeg brukte den offisielle siden, registrerte jeg meg via https://infinitybitwave-official.com/ Infinity Bitwave Official Website. Der fikk jeg tilgang til verktøy som kombinerer krypto, Forex og aksjer på én plattform. Jeg likte spesielt hvor raskt alt ble gjennomført. En ryddig og trygg start på trading i Norge.
Reply all
Reply to author
Forward
0 new messages