LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Server (https://www.linuxquestions.org/questions/linux-server-73/)
-   -   Bacula: how to compile TLS support in OpenSUSE 12.2 (https://www.linuxquestions.org/questions/linux-server-73/bacula-how-to-compile-tls-support-in-opensuse-12-2-a-4175441298/)

knilux 12-13-2012 07:59 AM
Bacula: how to compile TLS support in OpenSUSE 12.2
 
I have been testing and using Bacula now for a while. Now I need to make a backup over a secured channel. I have installed TLS certificates on both sides (server (DIR) and client (FD)). I use OpenSUSE 12.2 on both machines.

On the client side I only installed the bacula-fd, which works fine without encryption. But when I start to make a backup with encryption there is an errormessage telling me that the client (FD) has no TLS support built in.

So the question is: how do I compile TLS support in bacula-fd on OpenSUSE 12.2? I installed bacula-fd with Yast. Is there a configuration script somewhere? There is no info on the OpenSUSE site about this topic.

Habitual 12-13-2012 09:38 AM
http://www.bacula.org/en/dev-manual/...nications.html

knilux 12-13-2012 09:45 AM
Thanks for your quick response!

I already created several .conf files with the help of this page. But the problem seems to come from the fd daemon itself. It has to be compiled with TLSsupport to be able to use the TLS parameters in the .conf file. I do not know how to do that in SUSE. Do you?

Habitual 12-13-2012 12:49 PM
What repo did you say you installed from?

knilux 12-19-2012 05:00 AM
I used http://download.opensuse.org/reposit.../openSUSE_12.2 to install Bacula.

Installing the certificates and config the file seems to be not enough to get this working. Yast is not able to work with encryption. Maybe it is better to use Stunnel?

Habitual 12-20-2012 07:40 AM
YaST/encryption/stunnel?
Is http://download.opensuse.org/reposit...openSUSE_12.2/ listed as a repo or did you browse,choose and download?

IF you installed it from a zypper listed repo then all elements should have installed (may need a config. adjustment or two)

terminal >
Code:
sudo zypper lr
output please.

knilux 12-20-2012 10:06 AM
I browsed for the right location and added it to "software repositories" in Yast. All depencies were solved. But I saw nothing about encryption.

I also added Stunnel to the repositories and tested it. After a while I got it working, but I have problems with backing up Windows machines this way. Also, Stunnel can not be configured with Webmin, so this makes it more difficult to instruct someone else do do it. If possible I would like to use the TLS directives in Bacula. Just adding the certs/keys to the Bacula config files does not do the trick. It looks like something has to be turned on or so. That is why I asked if there was a config file somewhere.

Code:
Output sudo zypper lr:

#  | Alias                    | Name                              | On/Off      | Renew
---+---------------------------+------------------------------------+--------------+-----------
 1 | Bacula                    | Bacula                            | Ja          | Ja (yes)       
 2 | OpenSUSE_Stunnel          | OpenSUSE Stunnel                  | Ja          | Ja       
 3 | openSUSE-12.2-1.6        | openSUSE-12.2-1.6                  | Ja          | Nee (no)     
 4 | repo-debug                | openSUSE-12.2-Debug                | Nee          | Ja       
 5 | repo-debug-update        | openSUSE-12.2-Update-Debug        | Nee          | Ja       
 6 | repo-debug-update-non-oss | openSUSE-12.2-Update-Debug-Non-Oss | Nee          | Ja       
 7 | repo-non-oss              | openSUSE-12.2-Non-Oss              | Ja          | Ja       
 8 | repo-oss                  | openSUSE-12.2-Oss                  | Ja          | Ja       
 9 | repo-source              | openSUSE-12.2-Source              | Nee          | Ja       
10 | repo-update              | openSUSE-12.2-Update              | Ja          | Ja       
11 | repo-update-non-oss      | openSUSE-12.2-Update-Non-Oss      | Ja          | Ja

Habitual 12-20-2012 03:43 PM
Thanks.
You "may" have to compile this thing yourself.
This page suggests compiling with
Code:
--with-openssl=<path>
and further says
"This configuration option is necessary if you want to enable TLS (ssl), which encrypts the communications within Bacula or if you want to use File Daemon PKI data encryption. Normally, the path specification is not necessary since the configuration searches for the OpenSSL libraries"

"...since the configuration searches for the OpenSSL libraries..."

You have openssl libraries installed? :)


All times are GMT -5. The time now is 02:03 PM.