Hello Tim, Could you check if you are able to connect to the database using the bellow command (please replace the .pem certificates with your server certificate - db.example.com - and client certificate - ops.jokefire.com)?
#mysql -uadmin_ssl -p --ssl-ca=server-ca.pem --ssl-cert=client-cert.pem --ssl-key=client-key.pem -h db.example.com -e "use bacula;show tables" | head -5 If this works, could you check with a "\s" command in which port mysql daemon is listening? Best regards, Ana On Sun, Aug 16, 2015 at 11:23 PM, Tim Dunphy <bluethu...@gmail.com> wrote: > Hey guys, > > I finally have some progress to report! Not all the way there yet, but > some good progress has been made. As of now I am able to use the external > (load balanced) database from within bacula. However I still can't use the > SSL enabled database user. > > Here's my catalog config: > > # Generic catalog service > Catalog { > Name = JokefireCatalog > # Uncomment the following line if you want the dbi driver > # dbdriver = "dbi:mysql"; dbaddress = localhost; dbport = 3306 > #dbname = "bacula"; dbuser = "admin"; dbpassword = "secret" > dbname = "bacula"; dbuser = "admin"; dbpassword = "secret"; dbaddress = > " > > db.example.com"; dbport = 3306 > } > > With the non ssl enabled database user in the config I can verify that the > director is listening: > > [root@ops:/etc/bacula] #lsof -i :9101 > COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME > bacula-di 15357 bacula 5u IPv4 4789422 0t0 TCP *:bacula-dir > (LISTEN) > > And I can get into the console. > > [root@ops:/etc/bacula] #bconsole > Connecting to Director ops.jokefire.com:9101 > 1000 OK: > > ops.jokefire.com Version: 5.2.13 (19 February 2013) > Enter a period to cancel a command. > * > > But with the ssl database user in the config, none of that can happen. > > I've verified once again that I can connect with the ssl database user: > > > > #mysql -uadmin_ssl -p -h db.example.com -e "use bacula;show tables" | > head -5 > Enter password: > Tables_in_bacula > BaseFiles > CDImages > Client > Counters > > But starting the bacula director with the ssl enabled user in the config, > I'm getting an error in the logs and I can no longer user the director with > bconsole: > > > #tail -f /var/log/bacula/bacula.log > 17-Aug 02:17 bacula-dir JobId 0: Fatal error: Could not open Catalog > "JokefireCatalog", database "bacula". > 17-Aug 02:17 bacula-dir JobId 0: Fatal error: mysql.c:210 Unable to > connect to MySQL server. > Database=bacula User=admin_ssl > MySQL connect failed either server not running or your authorization is > incorrect. > 17-Aug 02:17 bacula-dir ERROR TERMINATION > Please correct configuration file: /etc/bacula/bacula-dir.conf > > > This is my catalog definition with the ssl user in the config: > > # Generic catalog service > Catalog { > Name = JokefireCatalog > # Uncomment the following line if you want the dbi driver > # dbdriver = "dbi:mysql"; dbaddress = localhost; dbport = 3306 > #dbname = "bacula"; dbuser = "admin"; dbpassword = "secret" > dbname = "bacula"; dbuser = "admin_ssl"; dbpassword = "secret"; > dbaddress = "db.example.com"; dbport = 3306 > } > > I've gained a little experience in using SSL database users with a couple > different apps. I've setup both mediawiki and wordpress to use SSL database > connections. But for both of those apps you had to go through extra steps > to get an SSL database user to work. Simply adding the user to the config > wouldn't allow them to work. You would have to go through extra > configuration steps to make them work correctly. > > So what I'm wondering is if this might be a similar similar situation with > bacula. That maybe just adding an ssl enabled user to the connection string > isn't enough. And maybe there's some other configuration that has to happen > to get this to work. It's just a guess on my part, but based on my recent > experiences I think it may be a good one! > > I'd appreciate hearing your thoughts on this! > > Thanks, > Tim > > On Thu, Aug 6, 2015 at 9:19 AM, Alex Domoradov <alex....@gmail.com> wrote: > >> You could find out with which version of mysql client has been compiled >> your bacula with the following command >> >> # ldd /usr/sbin/bacula-dir | grep mysql >> libmysqlclient.so.18 => /lib64/libmysqlclient.so.18 >> (0x00007f07abe3d000) >> >> >> # rpm -qf /lib64/libmysqlclient.so.18 >> Percona-Server-shared-55-5.5.43-rel37.2.el7.x86_64 >> >> On Thu, Aug 6, 2015 at 3:47 PM, Heitor Faria <hei...@bacula.com.br> >> wrote: >> >>> Hey Heitor, >>> >>> Actually to 1, no they are not. I have mariadb-5.5.41 on the bacula >>> server (client side) and mariadb 10 on the db server. I might try upgrading >>> the client on the bacula server tomorrow. I don't have SELinux enabled >>> anywhere currently. I probably will enable that tho once I get everything >>> working. >>> >>> Most important of all is to know what MySQL / MariaDB development >>> libraries were used to build you Bacula binaries. You may want / need to >>> update Bacula with binaries built from source: >>> http://bacula.us/compilation/ >>> >>> Regards, >>> >>> =========================================================================== >>> Heitor Medrado de Faria - LPIC-III | ITIL-F | Bacula Systems Certified >>> Administrator II >>> Do you need Bacula training? >>> https://www.udemy.com/bacula-backup-software/?couponCode=bacula-list >>> +55 61 <%2B55%2061%202021-8260>8268-4220 <%2B55%2061%208268-4220> >>> Site: http://bacula.us FB: heitor.faria >>> <http://www.facebook.com/heitor.faria> >>> >>> =========================================================================== >>> >>> >>> I'll try to update you guys tomorrow. >>> >>> Thanks for all your input! >>> >>> Tim >>> >>> On Wed, Aug 5, 2015 at 8:45 AM, Heitor Faria <hei...@bacula.com.br> >>> wrote: >>> >>>> >>>>> Em ter, 4 de ago de 2015 às 23:01, Tim Dunphy <bluethu...@gmail.com> >>>>> escreveu: >>>>> >>>>>> Hey Ana, >>>>>> Nice to hear from you! >>>>>> >>>>>> Tried that: >>>>>> >>>>>> >>>>>> Catalog { >>>>>> Name = MyCatalog >>>>>> # Uncomment the following line if you want the dbi driver >>>>>> #dbdriver = "dbi:mysql"; dbaddress = "db.example.com"; dbport = >>>>>> 3306 >>>>>> dbname = "bacula"; dbuser = "admin_ssl"; dbpassword = "secret"; >>>>>> dbaddress = "db.example.com"; dbport = 3306 >>>>>> } >>>>>> >>>>>> And restarted. Same result unfortunately! :( >>>>>> >>>>>> [root@ops:~] #tail -f /var/log/bacula/bacula.log >>>>>> Database=bacula User=admin_ssl >>>>>> MySQL connect failed either server not running or your authorization >>>>>> is incorrect. >>>>>> 05-Aug 01:59 bacula-dir ERROR TERMINATION >>>>>> Please correct configuration file: /etc/bacula/bacula-dir.conf >>>>>> 05-Aug 01:59 bacula-dir JobId 0: Fatal error: Could not open Catalog >>>>>> "MyCatalog", database "bacula". >>>>>> 05-Aug 01:59 bacula-dir JobId 0: Fatal error: mysql.c:210 Unable to >>>>>> connect to MySQL server. >>>>>> Database=bacula User=admin_ssl >>>>>> MySQL connect failed either server not running or your authorization >>>>>> is incorrect. >>>>>> 05-Aug 01:59 bacula-dir ERROR TERMINATION >>>>>> Please correct configuration file: /etc/bacula/bacula-dir.conf >>>>>> >>>>> 1. Is your remote MySQL server version the same installed in your >>>> Bacula Server? >>>> 2. From your Bacula server can you "telnet ip_address 3306" your MySQL >>>> server? >>>> 3. Do you have selinux or iptables enabled at MySQL Server? Someone >>>> wrote that never had problems with selinux. Neither do I, since I always >>>> disable it. =) >>>> >>>> Just ignore 2 and 3. I forgot you can connect with calling the client >>>> directly. >>>> >>>> >>>>>> Any more ideas? >>>>>> >>>>>> Thanks, >>>>>> Tim >>>>>> >>>>>> >>>>>> >>> >>> >>> -- >>> GPG me!! >>> >>> gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B >>> >>> >>> >>> >>> ------------------------------------------------------------------------------ >>> >>> _______________________________________________ >>> Bacula-users mailing list >>> Bacula-users@lists.sourceforge.net >>> https://lists.sourceforge.net/lists/listinfo/bacula-users >>> >>> >> > > > -- > GPG me!! > > gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B > > > > ------------------------------------------------------------------------------ > > _______________________________________________ > Bacula-users mailing list > Bacula-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/bacula-users > >
------------------------------------------------------------------------------
_______________________________________________ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users