Hello Tim,
Could you check if you are able to connect to the database using the bellow
command (please replace the .pem certificates with your server certificate
-
db.example.com - and client certificate -
ops.jokefire.com)?
#mysql -uadmin_ssl -p --ssl-ca=server-ca.pem --ssl-cert=client-cert.pem
--ssl-key=client-key.pem -h db.example.com -e "use bacula;show tables" |
head -5
If this works, could you check with a "\s" command in which port mysql
daemon is listening?
Best regards,
Ana
On Sun, Aug 16, 2015 at 11:23 PM, Tim Dunphy <bluethu...@gmail.com> wrote:
> Hey guys,
>
> I finally have some progress to report! Not all the way there yet, but
> some good progress has been made. As of now I am able to use the external
> (load balanced) database from within bacula. However I still can't use the
> SSL enabled database user.
>
> Here's my catalog config:
>
> # Generic catalog service
> Catalog {
> Name = JokefireCatalog
> # Uncomment the following line if you want the dbi driver
> # dbdriver = "dbi:mysql"; dbaddress = localhost; dbport = 3306
> #dbname = "bacula"; dbuser = "admin"; dbpassword = "secret"
> dbname = "bacula"; dbuser = "admin"; dbpassword = "secret"; dbaddress =
> "
>
> db.example.com"; dbport = 3306
> }
>
> With the non ssl enabled database user in the config I can verify that the
> director is listening:
>
> [root@ops:/etc/bacula] #lsof -i :9101
> COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
> bacula-di 15357 bacula 5u IPv4 4789422 0t0 TCP *:bacula-dir
> (LISTEN)
>
> And I can get into the console.
>
> [root@ops:/etc/bacula] #bconsole
> Connecting to Director ops.jokefire.com:9101
> 1000 OK:
>
> ops.jokefire.com Version: 5.2.13 (19 February 2013)
> Enter a period to cancel a command.
> *
>
> But with the ssl database user in the config, none of that can happen.
>
> I've verified once again that I can connect with the ssl database user:
>
>
>
> #mysql -uadmin_ssl -p -h db.example.com -e "use bacula;show tables" |
> head -5
> Enter password:
> Tables_in_bacula
> BaseFiles
> CDImages
> Client
> Counters
>
> But starting the bacula director with the ssl enabled user in the config,
> I'm getting an error in the logs and I can no longer user the director with
> bconsole:
>
>
> #tail -f /var/log/bacula/bacula.log
> 17-Aug 02:17 bacula-dir JobId 0: Fatal error: Could not open Catalog
> "JokefireCatalog", database "bacula".
> 17-Aug 02:17 bacula-dir JobId 0: Fatal error: mysql.c:210 Unable to
> connect to MySQL server.
> Database=bacula User=admin_ssl
> MySQL connect failed either server not running or your authorization is
> incorrect.
> 17-Aug 02:17 bacula-dir ERROR TERMINATION
> Please correct configuration file: /etc/bacula/bacula-dir.conf
>
>
> This is my catalog definition with the ssl user in the config:
>
> # Generic catalog service
> Catalog {
> Name = JokefireCatalog
> # Uncomment the following line if you want the dbi driver
> # dbdriver = "dbi:mysql"; dbaddress = localhost; dbport = 3306
> #dbname = "bacula"; dbuser = "admin"; dbpassword = "secret"
> dbname = "bacula"; dbuser = "admin_ssl"; dbpassword = "secret";
> dbaddress = "db.example.com"; dbport = 3306
> }
>
> I've gained a little experience in using SSL database users with a couple
> different apps. I've setup both mediawiki and wordpress to use SSL database
> connections. But for both of those apps you had to go through extra steps
> to get an SSL database user to work. Simply adding the user to the config
> wouldn't allow them to work. You would have to go through extra
> configuration steps to make them work correctly.
>
> So what I'm wondering is if this might be a similar similar situation with
> bacula. That maybe just adding an ssl enabled user to the connection string
> isn't enough. And maybe there's some other configuration that has to happen
> to get this to work. It's just a guess on my part, but based on my recent
> experiences I think it may be a good one!
>
> I'd appreciate hearing your thoughts on this!
>
> Thanks,
> Tim
>
> On Thu, Aug 6, 2015 at 9:19 AM, Alex Domoradov <alex....@gmail.com> wrote:
>
>> You could find out with which version of mysql client has been compiled
>> your bacula with the following command
>>
>> # ldd /usr/sbin/bacula-dir | grep mysql
>> libmysqlclient.so.18 => /lib64/libmysqlclient.so.18
>> (0x00007f07abe3d000)
>>
>>
>> # rpm -qf /lib64/libmysqlclient.so.18
>> Percona-Server-shared-55-5.5.43-rel37.2.el7.x86_64
>>
>> On Thu, Aug 6, 2015 at 3:47 PM, Heitor Faria <hei...@bacula.com.br>
>> wrote:
>>
>>> Hey Heitor,
>>>
>>> Actually to 1, no they are not. I have mariadb-5.5.41 on the bacula
>>> server (client side) and mariadb 10 on the db server. I might try upgrading
>>> the client on the bacula server tomorrow. I don't have SELinux enabled
>>> anywhere currently. I probably will enable that tho once I get everything
>>> working.
>>>
>>> Most important of all is to know what MySQL / MariaDB development
>>> libraries were used to build you Bacula binaries. You may want / need to
>>> update Bacula with binaries built from source:
>>> http://bacula.us/compilation/
>>>
>>> Regards,
>>>
>>> ===========================================================================
>>> Heitor Medrado de Faria - LPIC-III | ITIL-F | Bacula Systems Certified
>>> Administrator II
>>> Do you need Bacula training?
>>> https://www.udemy.com/bacula-backup-software/?couponCode=bacula-list
>>> +55 61 <%2B55%2061%202021-8260>8268-4220 <%2B55%2061%208268-4220>
>>> Site: http://bacula.us FB: heitor.faria
>>> <http://www.facebook.com/heitor.faria>
>>>
>>> ===========================================================================
>>>
>>>
>>> I'll try to update you guys tomorrow.
>>>
>>> Thanks for all your input!
>>>
>>> Tim
>>>
>>> On Wed, Aug 5, 2015 at 8:45 AM, Heitor Faria <hei...@bacula.com.br>
>>> wrote:
>>>
>>>>
>>>>> Em ter, 4 de ago de 2015 às 23:01, Tim Dunphy <bluethu...@gmail.com>
>>>>> escreveu:
>>>>>
>>>>>> Hey Ana,
>>>>>> Nice to hear from you!
>>>>>>
>>>>>> Tried that:
>>>>>>
>>>>>>
>>>>>> Catalog {
>>>>>> Name = MyCatalog
>>>>>> # Uncomment the following line if you want the dbi driver
>>>>>> #dbdriver = "dbi:mysql"; dbaddress = "db.example.com"; dbport =
>>>>>> 3306
>>>>>> dbname = "bacula"; dbuser = "admin_ssl"; dbpassword = "secret";
>>>>>> dbaddress = "db.example.com"; dbport = 3306
>>>>>> }
>>>>>>
>>>>>> And restarted. Same result unfortunately! :(
>>>>>>
>>>>>> [root@ops:~] #tail -f /var/log/bacula/bacula.log
>>>>>> Database=bacula User=admin_ssl
>>>>>> MySQL connect failed either server not running or your authorization
>>>>>> is incorrect.
>>>>>> 05-Aug 01:59 bacula-dir ERROR TERMINATION
>>>>>> Please correct configuration file: /etc/bacula/bacula-dir.conf
>>>>>> 05-Aug 01:59 bacula-dir JobId 0: Fatal error: Could not open Catalog
>>>>>> "MyCatalog", database "bacula".
>>>>>> 05-Aug 01:59 bacula-dir JobId 0: Fatal error: mysql.c:210 Unable to
>>>>>> connect to MySQL server.
>>>>>> Database=bacula User=admin_ssl
>>>>>> MySQL connect failed either server not running or your authorization
>>>>>> is incorrect.
>>>>>> 05-Aug 01:59 bacula-dir ERROR TERMINATION
>>>>>> Please correct configuration file: /etc/bacula/bacula-dir.conf
>>>>>>
>>>>> 1. Is your remote MySQL server version the same installed in your
>>>> Bacula Server?
>>>> 2. From your Bacula server can you "telnet ip_address 3306" your MySQL
>>>> server?
>>>> 3. Do you have selinux or iptables enabled at MySQL Server? Someone
>>>> wrote that never had problems with selinux. Neither do I, since I always
>>>> disable it. =)
>>>>
>>>> Just ignore 2 and 3. I forgot you can connect with calling the client
>>>> directly.
>>>>
>>>>
>>>>>> Any more ideas?
>>>>>>
>>>>>> Thanks,
>>>>>> Tim
>>>>>>
>>>>>>
>>>>>>
>>>
>>>
>>> --
>>> GPG me!!
>>>
>>> gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B
>>>
>>>
>>>
>>>
>>> ------------------------------------------------------------------------------
>>>
>>> _______________________________________________
>>> Bacula-users mailing list
>>> Bacula-users@lists.sourceforge.net
>>> https://lists.sourceforge.net/lists/listinfo/bacula-users
>>>
>>>
>>
>
>
> --
> GPG me!!
>
> gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B
>
>
>
> ------------------------------------------------------------------------------
>
> _______________________________________________
> Bacula-users mailing list
> Bacula-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/bacula-users
>
>
------------------------------------------------------------------------------
_______________________________________________
Bacula-users mailing list
Bacula-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bacula-users
