Bacula: how to compile TLS support in OpenSUSE 12.2

knilux · 12-13-2012, 07:59 AM

I have been testing and using Bacula now for a while. Now I need to make a backup over a secured channel. I have installed TLS certificates on both sides (server (DIR) and client (FD)). I use OpenSUSE 12.2 on both machines.

On the client side I only installed the bacula-fd, which works fine without encryption. But when I start to make a backup with encryption there is an errormessage telling me that the client (FD) has no TLS support built in.

So the question is: how do I compile TLS support in bacula-fd on OpenSUSE 12.2? I installed bacula-fd with Yast. Is there a configuration script somewhere? There is no info on the OpenSUSE site about this topic.

Habitual · 12-13-2012, 09:38 AM

http://www.bacula.org/en/dev-manual/...nications.html

knilux · 12-13-2012, 09:45 AM

Thanks for your quick response!

I already created several .conf files with the help of this page. But the problem seems to come from the fd daemon itself. It has to be compiled with TLSsupport to be able to use the TLS parameters in the .conf file. I do not know how to do that in SUSE. Do you?

Habitual · 12-13-2012, 12:49 PM

What repo did you say you installed from?

knilux · 12-19-2012, 05:00 AM

I used http://download.opensuse.org/reposit.../openSUSE_12.2 to install Bacula.

Installing the certificates and config the file seems to be not enough to get this working. Yast is not able to work with encryption. Maybe it is better to use Stunnel?

Habitual · 12-20-2012, 07:40 AM

YaST/encryption/stunnel?
Is http://download.opensuse.org/reposit...openSUSE_12.2/ listed as a repo or did you browse,choose and download?

IF you installed it from a zypper listed repo then all elements should have installed (may need a config. adjustment or two)

terminal >

Code:

sudo zypper lr

output please.

knilux · 12-20-2012, 10:06 AM

I browsed for the right location and added it to "software repositories" in Yast. All depencies were solved. But I saw nothing about encryption.

I also added Stunnel to the repositories and tested it. After a while I got it working, but I have problems with backing up Windows machines this way. Also, Stunnel can not be configured with Webmin, so this makes it more difficult to instruct someone else do do it. If possible I would like to use the TLS directives in Bacula. Just adding the certs/keys to the Bacula config files does not do the trick. It looks like something has to be turned on or so. That is why I asked if there was a config file somewhere.

Code:

Output sudo zypper lr:

#  | Alias                     | Name                               | On/Off       | Renew
---+---------------------------+------------------------------------+--------------+-----------
 1 | Bacula                    | Bacula                             | Ja           | Ja (yes)        
 2 | OpenSUSE_Stunnel          | OpenSUSE Stunnel                   | Ja           | Ja        
 3 | openSUSE-12.2-1.6         | openSUSE-12.2-1.6                  | Ja           | Nee (no)      
 4 | repo-debug                | openSUSE-12.2-Debug                | Nee          | Ja        
 5 | repo-debug-update         | openSUSE-12.2-Update-Debug         | Nee          | Ja        
 6 | repo-debug-update-non-oss | openSUSE-12.2-Update-Debug-Non-Oss | Nee          | Ja        
 7 | repo-non-oss              | openSUSE-12.2-Non-Oss              | Ja           | Ja        
 8 | repo-oss                  | openSUSE-12.2-Oss                  | Ja           | Ja        
 9 | repo-source               | openSUSE-12.2-Source               | Nee          | Ja        
10 | repo-update               | openSUSE-12.2-Update               | Ja           | Ja        
11 | repo-update-non-oss       | openSUSE-12.2-Update-Non-Oss       | Ja           | Ja

Habitual · 12-20-2012, 03:43 PM

Thanks.
You "may" have to compile this thing yourself.
This page suggests compiling with

Code:

--with-openssl=<path>

and further says
"This configuration option is necessary if you want to enable TLS (ssl), which encrypts the communications within Bacula or if you want to use File Daemon PKI data encryption. Normally, the path specification is not necessary since the configuration searches for the OpenSSL libraries"

"...since the configuration searches for the OpenSSL libraries..."

You have openssl libraries installed?