Hello,
2018-04-17 19:53 GMT+02:00 Steve Garcia <sgar...@bak.rr.com>:
>
> And it seems that the storage daemon isn't listening on the localhost
> interface. This is a configuration directive, but the comments in the
> default config file, on Debian at least, say "Do not use localhost here."
> So I didn't.
>
>
:)
> Is there any reason why this should not be localhost?
Yes, there is the reason. By default (when no SD calls client directive is
set) the File Daemon connect directly to the Storage Daemon to make backup
and restore operations. So your SD have to listen to external (other then
localhost) IP to make it work. When you define a localhost as a hostname
for your SD you will be able to make a local backups only.
> Do the file daemons connect directly to the storage daemon,
Yes, and it is a default behavior.
> or are the mediated through the director?
The Director does not forward (*) any backup stream to the SD.
(*) - I think the new Client initiated backup changes it, but I'm not sure.
> I was under the impression that since the only passwords the file
> daemons have is that of the director that there would be no direct
> connection to storage.
To make a backup or restore job SD<->FD communication is authenticated with
an authorization key generated by Director. No password is required. So in
some sense the Director "mediate" the communication between FD and SD. :)
> From a security standpoint, I could see advantages for keeping the
> storage daemon limited to localhost, but obviously not if it needs direct
> access to file daemons.
You can use SD calls client directive to accomplish that.
best regards
--
Radosław Korzeniewski
rados...@korzeniewski.net
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Bacula-users mailing list
Bacula-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bacula-users
