Bacula: how to compile TLS support in OpenSUSE 12.2
Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Bacula: how to compile TLS support in OpenSUSE 12.2
I have been testing and using Bacula now for a while. Now I need to make a backup over a secured channel. I have installed TLS certificates on both sides (server (DIR) and client (FD)). I use OpenSUSE 12.2 on both machines.
On the client side I only installed the bacula-fd, which works fine without encryption. But when I start to make a backup with encryption there is an errormessage telling me that the client (FD) has no TLS support built in.
So the question is: how do I compile TLS support in bacula-fd on OpenSUSE 12.2? I installed bacula-fd with Yast. Is there a configuration script somewhere? There is no info on the OpenSUSE site about this topic.
I already created several .conf files with the help of this page. But the problem seems to come from the fd daemon itself. It has to be compiled with TLSsupport to be able to use the TLS parameters in the .conf file. I do not know how to do that in SUSE. Do you?
Installing the certificates and config the file seems to be not enough to get this working. Yast is not able to work with encryption. Maybe it is better to use Stunnel?
I browsed for the right location and added it to "software repositories" in Yast. All depencies were solved. But I saw nothing about encryption.
I also added Stunnel to the repositories and tested it. After a while I got it working, but I have problems with backing up Windows machines this way. Also, Stunnel can not be configured with Webmin, so this makes it more difficult to instruct someone else do do it. If possible I would like to use the TLS directives in Bacula. Just adding the certs/keys to the Bacula config files does not do the trick. It looks like something has to be turned on or so. That is why I asked if there was a config file somewhere.
Code:
Output sudo zypper lr:
# | Alias | Name | On/Off | Renew
---+---------------------------+------------------------------------+--------------+-----------
1 | Bacula | Bacula | Ja | Ja (yes)
2 | OpenSUSE_Stunnel | OpenSUSE Stunnel | Ja | Ja
3 | openSUSE-12.2-1.6 | openSUSE-12.2-1.6 | Ja | Nee (no)
4 | repo-debug | openSUSE-12.2-Debug | Nee | Ja
5 | repo-debug-update | openSUSE-12.2-Update-Debug | Nee | Ja
6 | repo-debug-update-non-oss | openSUSE-12.2-Update-Debug-Non-Oss | Nee | Ja
7 | repo-non-oss | openSUSE-12.2-Non-Oss | Ja | Ja
8 | repo-oss | openSUSE-12.2-Oss | Ja | Ja
9 | repo-source | openSUSE-12.2-Source | Nee | Ja
10 | repo-update | openSUSE-12.2-Update | Ja | Ja
11 | repo-update-non-oss | openSUSE-12.2-Update-Non-Oss | Ja | Ja
Thanks.
You "may" have to compile this thing yourself. This page suggests compiling with
Code:
--with-openssl=<path>
and further says
"This configuration option is necessary if you want to enable TLS (ssl), which encrypts the communications within Bacula or if you want to use File Daemon PKI data encryption. Normally, the path specification is not necessary since the configuration searches for the OpenSSL libraries"
"...since the configuration searches for the OpenSSL libraries..."
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.