Re: [Bacula-users] Webacula cannot execute bconsole

2012-11-21 Thread Clark, Patricia A. 

From: Ryan Jantz mailto:rja...@scifit.com>>
Date: Tuesday, November 20, 2012 6:06 PM
To: 
"bacula-users@lists.sourceforge.net" 
mailto:bacula-users@lists.sourceforge.net>>
Subject: Re: [Bacula-users] Webacula cannot execute bconsole

Hello again. So I've been reading and learning (a little) about SELinux today, 
but I haven't made much progress. Setting selinux to permissive resolves the 
error. Selinux context on my /var/www/webacula is:
drwxr-xr-x.  apache apache  system_u:object_r:httpd_sys_content_t:s0

Entries in /var/log/messages are:
bconsole: bsock.c:135 Unable to connect to Director daemon on localhost:9101. 
ERR=Permission denied

My interpretation of that error is bconsole is not able to connect to 
bacula-dir, but I can manually start bconsole. It seems the problem is when 
apache or webacula tries to start bconsole

Selinux context on /usr/sbin/bacula-dir:
lrwxrwxrwx.  root root  unconfined_u:object_r:bin_t:s0

Selinux context on /usr/sbin/bconsole
-rwxr-x---.  root bacula  system_u:object_r:bin_t:s0

I'm not sure what permissions need to be modified. Any ideas?

Thanks

On 11/20/2012 6:31 AM, Ryan Jantz wrote:
Yes.

I figured out SELinux is the problem. If I disable it, the errors stop. Now to 
figure out how to configure SELinux so it plays nice with Apache.

Thanks

On Nov 20, 2012, at 2:17 AM, Radosław Korzeniewski 
mailto:rados...@korzeniewski.net>> wrote:

Hello,

2012/11/19 Ryan Jantz mailto:rja...@scifit.com>>
I am able to run the above command in terminal as root and the apache user 
without any errors. The apache user is a member of the bacula group.
(...)
Any ideas?

Did you restart an apache webserver?

best regards
--
Radosław Korzeniewski
rados...@korzeniewski.net
--
SELinux is not a simple modify permissions type of fix.  You will need to 
create the policies within SELinux in order to provide the "permissions" in the 
extended attributes that allows Webacula to interact with the director.  This 
is not a trivial exercise, but would be quite valuable to the community if 
successful.  This is why many shops don't consistently use SELinux in enforcing 
mode.

Patti Clark
Linux System Administrator
Research and Development Systems Support Oak Ridge National Laboratory




--
Monitor your physical, virtual and cloud infrastructure from a single
web console. Get in-depth insight into apps, servers, databases, vmware,
SAP, cloud infrastructure, etc. Download 30-day Free Trial.
Pricing starts from $795 for 25 servers or applications!
http://p.sf.net/sfu/zoho_dev2dev_nov
___
Bacula-users mailing list
Bacula-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bacula-users

Re: [Bacula-users] Webacula cannot execute bconsole

2012-11-21 Thread Simone Caronni 
Can you do the following?
I'm assuming you are on Fedora or RHEL

1) Install the policycoreutils-python
2) Erase the audit log
3) Launch webacula
4) Check for denials

In detail

# yum -y install policycoreutils-python
# > /var/log/audit/audit.log
[start webacula or whatever]
# audit2allow -a

Please paste the output here. Probably it can be fixed by a SELinux
boolean or a context change on the binary.

Regards,
--Simone



On 21 November 2012 14:28, Clark, Patricia A.  wrote:
>
> From: Ryan Jantz mailto:rja...@scifit.com>>
> Date: Tuesday, November 20, 2012 6:06 PM
> To: 
> "bacula-users@lists.sourceforge.net"
>  
> mailto:bacula-users@lists.sourceforge.net>>
> Subject: Re: [Bacula-users] Webacula cannot execute bconsole
>
> Hello again. So I've been reading and learning (a little) about SELinux 
> today, but I haven't made much progress. Setting selinux to permissive 
> resolves the error. Selinux context on my /var/www/webacula is:
> drwxr-xr-x.  apache apache  system_u:object_r:httpd_sys_content_t:s0
>
> Entries in /var/log/messages are:
> bconsole: bsock.c:135 Unable to connect to Director daemon on localhost:9101. 
> ERR=Permission denied
>
> My interpretation of that error is bconsole is not able to connect to 
> bacula-dir, but I can manually start bconsole. It seems the problem is when 
> apache or webacula tries to start bconsole
>
> Selinux context on /usr/sbin/bacula-dir:
> lrwxrwxrwx.  root root  unconfined_u:object_r:bin_t:s0
>
> Selinux context on /usr/sbin/bconsole
> -rwxr-x---.  root bacula  system_u:object_r:bin_t:s0
>
> I'm not sure what permissions need to be modified. Any ideas?
>
> Thanks
>
> On 11/20/2012 6:31 AM, Ryan Jantz wrote:
> Yes.
>
> I figured out SELinux is the problem. If I disable it, the errors stop. Now 
> to figure out how to configure SELinux so it plays nice with Apache.
>
> Thanks
>
> On Nov 20, 2012, at 2:17 AM, Radosław Korzeniewski 
> mailto:rados...@korzeniewski.net>> wrote:
>
> Hello,
>
> 2012/11/19 Ryan Jantz mailto:rja...@scifit.com>>
> I am able to run the above command in terminal as root and the apache user 
> without any errors. The apache user is a member of the bacula group.
> (...)
> Any ideas?
>
> Did you restart an apache webserver?
>
> best regards
> --
> Radosław Korzeniewski
> rados...@korzeniewski.net
> --
> SELinux is not a simple modify permissions type of fix.  You will need to 
> create the policies within SELinux in order to provide the "permissions" in 
> the extended attributes that allows Webacula to interact with the director.  
> This is not a trivial exercise, but would be quite valuable to the community 
> if successful.  This is why many shops don't consistently use SELinux in 
> enforcing mode.
>
> Patti Clark
> Linux System Administrator
> Research and Development Systems Support Oak Ridge National Laboratory
>
>
>
>
> --
> Monitor your physical, virtual and cloud infrastructure from a single
> web console. Get in-depth insight into apps, servers, databases, vmware,
> SAP, cloud infrastructure, etc. Download 30-day Free Trial.
> Pricing starts from $795 for 25 servers or applications!
> http://p.sf.net/sfu/zoho_dev2dev_nov
> ___
> Bacula-users mailing list
> Bacula-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/bacula-users



-- 
You cannot discover new oceans unless you have the courage to lose
sight of the shore (R. W. Emerson).

--
Monitor your physical, virtual and cloud infrastructure from a single
web console. Get in-depth insight into apps, servers, databases, vmware,
SAP, cloud infrastructure, etc. Download 30-day Free Trial.
Pricing starts from $795 for 25 servers or applications!
http://p.sf.net/sfu/zoho_dev2dev_nov
___
Bacula-users mailing list
Bacula-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bacula-users

[Bacula-users] Restore Client

2012-11-21 Thread Gary Stainburn 
I have the following restore job in bacula-dir.conf

Job {
  Name = "RestoreFiles"
  Type = Restore
  Client=lou-fd 
  FileSet="Linux Full"  
  Storage = eddie1-File  
  Priority = 9   # restore has higher priority
  Pool = Default
  Messages = Standard
  Where = /user/restores
  RunScript {
RunsWhen = After
Command = "/etc/bacula/bacula_restore_run_after %i"
RunsOnClient = no
  }
}

However, when I try to run a restore it always wants to restore back to the 
original client and ignores the client defined in the job.

What do I need to do to get it to always restore to lou-fd?

I'm sure that on my old 5.0.3 based server it used to work. I'm now on 5.2.11.

I've checked the client and that is fine.



*status client=lou-fd
Connecting to Client lou-fd at 10.1.1.104:9102

lou-fd Version: 5.2.11 (10 September 2012)  x86_64-redhat-linux-gnu redhat 
Miracle)
Daemon started 21-Nov-12 16:37. Jobs: run=0 running=0.
 Heap: heap=131,072 smbytes=23,797 max_bytes=23,944 bufs=61 max_bufs=62
 Sizeof: boffset_t=8 size_t=8 debug=0 trace=0 
Running Jobs:
Director connected at: 21-Nov-12 18:00
No Jobs running.


Terminated Jobs:
 JobId  LevelFiles  Bytes   Status   FinishedName 
==
 23962  Incr  2,097460.3 M  OK   10-Nov-12 19:30 lou
 24111  Incr 2930.03 M  OK   11-Nov-12 19:08 lou
 24270  Incr 347.137 M  OK   12-Nov-12 16:43 lou
 24271  Full  2,099467.9 M  OK   12-Nov-12 16:53 lou
 24621  Full  266.30 M  Cancel   20-Nov-12 11:34 lou
 24745  Full  2,101240.7 M  OK   20-Nov-12 11:39 lou
 24753  Incr 257.608 M  OK   20-Nov-12 19:05 lou
 24868  Full  11.579 G  OK   21-Nov-12 03:00 BackupCatalog
 24873   14,29910.73 G  OK   21-Nov-12 15:30 RestoreFiles

*


-- 
Gary Stainburn
Group I.T. Manager
Ringways Garages
http://www.ringways.co.uk 

--
Monitor your physical, virtual and cloud infrastructure from a single
web console. Get in-depth insight into apps, servers, databases, vmware,
SAP, cloud infrastructure, etc. Download 30-day Free Trial.
Pricing starts from $795 for 25 servers or applications!
http://p.sf.net/sfu/zoho_dev2dev_nov
___
Bacula-users mailing list
Bacula-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bacula-users

[Bacula-users] bacula-dir incl help

2012-11-21 Thread Troy Kocher 
All

I have the following in my bacula-dir.conf:

FileSet{
Name = "Microsoft_MTA3"
Include {
Options {
  Compression = GZIP
  signature = MD5
  Exclude = yes
  IgnoreCase = yes
  }
  @/usr/local/etc/backuplist/mta3_backuplist
}}  


#cat backuplist/mta3_backuplist 
File = "C:/"
WildDir = "[A-Z]:/Documents and Settings/*/Application 
Data/*/Profiles/*/*/Cache"
WildDir = "[A-Z]:/Documents and Settings/*/Application 
Data/*/Profiles/*/*/Cache.Trash"
WildDir = "[A-Z]:/Documents and Settings/*/Application 
Data/*/Profiles/*/*/ImapMail" 
..cut..

trying to start and I receive this complaint:

#bacula start
Starting the Bacula Storage daemon
Starting the Bacula File daemon
Starting the Bacula Director daemon
21-Nov 11:34 bacula-dir: ERROR TERMINATION at inc_conf.c:411
Config error: Keyword WildDir not permitted in this resource
: line 2, col 8 of file /usr/local/etc/backuplist/mta3_backuplist
WildDir = "[A-Z]:/Documents and Settings/*/Application 
Data/*/Profiles/*/*/Cache"


But when my bacula-dir.conf has the Wild keyword without an include file 
director starts.  

FileSet{
   Name = "Microsoft_MTA3"
   Include {
  Options {
Compression = GZIP
signature = MD5
Exclude = yes
IgnoreCase = yes

  WildDir = "[A-Z]:/Documents and Settings/*/Application 
Data/*/Profiles/*/*/Cache"
  WildDir = "[A-Z]:/Documents and Settings/*/Application 
Data/*/Profiles/*/*/Cache.Trash"
  WildDir = "[A-Z]:/Documents and Settings/*/Application 
Data/*/Profiles/*/*/ImapMail"
..cut..
  WildDir = "[A-Z]:/psdata"
   }
  File = "C:/"
  }}

I suspect I've something simple wrong.  Could someone offer some assistance.

Thanks you
Troy



_
Scanned by IBM Email Security Management Services 
powered by MessageLabs.
_

--
Monitor your physical, virtual and cloud infrastructure from a single
web console. Get in-depth insight into apps, servers, databases, vmware,
SAP, cloud infrastructure, etc. Download 30-day Free Trial.
Pricing starts from $795 for 25 servers or applications!
http://p.sf.net/sfu/zoho_dev2dev_nov
___
Bacula-users mailing list
Bacula-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bacula-users

Re: [Bacula-users] bacula-dir incl help

2012-11-21 Thread Melissari, Ryan 
> All
> 
> I have the following in my bacula-dir.conf:
> 
> FileSet{
> Name = "Microsoft_MTA3"
> Include {
> Options {
>   Compression = GZIP
>   signature = MD5
>   Exclude = yes
>   IgnoreCase = yes
>   }
>   @/usr/local/etc/backuplist/mta3_backuplist
> }}
> 
> 
> #cat backuplist/mta3_backuplist
> File = "C:/"
> WildDir = "[A-Z]:/Documents and Settings/*/Application
> Data/*/Profiles/*/*/Cache"
> WildDir = "[A-Z]:/Documents and Settings/*/Application
> Data/*/Profiles/*/*/Cache.Trash"
> WildDir = "[A-Z]:/Documents and Settings/*/Application
> Data/*/Profiles/*/*/ImapMail"
> ..cut..
> 
> trying to start and I receive this complaint:
> 
> #bacula start
> Starting the Bacula Storage daemon
> Starting the Bacula File daemon
> Starting the Bacula Director daemon
> 21-Nov 11:34 bacula-dir: ERROR TERMINATION at inc_conf.c:411
> Config error: Keyword WildDir not permitted in this resource
> : line 2, col 8 of file
> /usr/local/etc/backuplist/mta3_backuplist
> WildDir = "[A-Z]:/Documents and Settings/*/Application
> Data/*/Profiles/*/*/Cache"
> 
> 
> But when my bacula-dir.conf has the Wild keyword without an include
> file director starts.
> 
> FileSet{
>Name = "Microsoft_MTA3"
>Include {
>   Options {
> Compression = GZIP
> signature = MD5
> Exclude = yes
> IgnoreCase = yes
> 
>   WildDir = "[A-Z]:/Documents and Settings/*/Application
>   Data/*/Profiles/*/*/Cache"
>   WildDir = "[A-Z]:/Documents and Settings/*/Application
>   Data/*/Profiles/*/*/Cache.Trash"
>   WildDir = "[A-Z]:/Documents and Settings/*/Application
>   Data/*/Profiles/*/*/ImapMail"
> ..cut..
>   WildDir = "[A-Z]:/psdata"
>}
>   File = "C:/"
>   }}
> 
> I suspect I've something simple wrong.  Could someone offer some
> assistance.
> 
> Thanks you
> Troy
> 
> 
> 
> _
> Scanned by IBM Email Security Management Services
> powered by MessageLabs.
> _
> 
> --
> Monitor your physical, virtual and cloud infrastructure from a single
> web console. Get in-depth insight into apps, servers, databases,
> vmware,
> SAP, cloud infrastructure, etc. Download 30-day Free Trial.
> Pricing starts from $795 for 25 servers or applications!
> http://p.sf.net/sfu/zoho_dev2dev_nov
> ___
> Bacula-users mailing list
> Bacula-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/bacula-users
> 

Troy,

The WildDir flag needs to be in an Options {} resource.  In your fileset, you 
closed the Options resource before you brought in mta3_backuplist.  Move 
"@/usr/local/etc/backuplist/mta3_backuplist" inside your Options {} and it 
should work.  You will probably also have to take File = "C:/" out of 
mta3_backuplist and move it outside your Options resource.  Another way to do 
it would be to add another Option resource inside the mta3_backuplist file that 
contains your WildDir excludes.  

--
Monitor your physical, virtual and cloud infrastructure from a single
web console. Get in-depth insight into apps, servers, databases, vmware,
SAP, cloud infrastructure, etc. Download 30-day Free Trial.
Pricing starts from $795 for 25 servers or applications!
http://p.sf.net/sfu/zoho_dev2dev_nov
___
Bacula-users mailing list
Bacula-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bacula-users

Re: [Bacula-users] bacula-dir incl help

2012-11-21 Thread Troy Kocher 
On 21,Nov 2012, at 2:20 PM, Melissari, Ryan wrote:

>> All
>> 
>> I have the following in my bacula-dir.conf:
>> 
>> FileSet{
>>Name = "Microsoft_MTA3"
>>Include {
>>Options {
>>  Compression = GZIP
>>  signature = MD5
>>  Exclude = yes
>>  IgnoreCase = yes
>>  }
>>  @/usr/local/etc/backuplist/mta3_backuplist
>>}}
>> 
>> 
>> #cat backuplist/mta3_backuplist
>> File = "C:/"
>> WildDir = "[A-Z]:/Documents and Settings/*/Application
>> Data/*/Profiles/*/*/Cache"
>> WildDir = "[A-Z]:/Documents and Settings/*/Application
>> Data/*/Profiles/*/*/Cache.Trash"
>> WildDir = "[A-Z]:/Documents and Settings/*/Application
>> Data/*/Profiles/*/*/ImapMail"
>> ..cut..
>> 
>> trying to start and I receive this complaint:
>> 
>> #bacula start
>> Starting the Bacula Storage daemon
>> Starting the Bacula File daemon
>> Starting the Bacula Director daemon
>> 21-Nov 11:34 bacula-dir: ERROR TERMINATION at inc_conf.c:411
>> Config error: Keyword WildDir not permitted in this resource
>>: line 2, col 8 of file
>>/usr/local/etc/backuplist/mta3_backuplist
>> WildDir = "[A-Z]:/Documents and Settings/*/Application
>> Data/*/Profiles/*/*/Cache"
>> 
>> 
>> But when my bacula-dir.conf has the Wild keyword without an include
>> file director starts.
>> 
>> FileSet{
>>   Name = "Microsoft_MTA3"
>>   Include {
>>  Options {
>>Compression = GZIP
>>signature = MD5
>>Exclude = yes
>>IgnoreCase = yes
>> 
>>  WildDir = "[A-Z]:/Documents and Settings/*/Application
>>  Data/*/Profiles/*/*/Cache"
>>  WildDir = "[A-Z]:/Documents and Settings/*/Application
>>  Data/*/Profiles/*/*/Cache.Trash"
>>  WildDir = "[A-Z]:/Documents and Settings/*/Application
>>  Data/*/Profiles/*/*/ImapMail"
>> ..cut..
>>  WildDir = "[A-Z]:/psdata"
>>   }
>>  File = "C:/"
>>  }}
>> 
>> I suspect I've something simple wrong.  Could someone offer some
>> assistance.
>> 
>> Thanks you
>> Troy
>> 
>> 
>> 
>> 
> 
> Troy,
> 
> The WildDir flag needs to be in an Options {} resource.  In your fileset, you 
> closed the Options resource before you brought in mta3_backuplist.  Move 
> "@/usr/local/etc/backuplist/mta3_backuplist" inside your Options {} and it 
> should work.  You will probably also have to take File = "C:/" out of 
> mta3_backuplist and move it outside your Options resource.  Another way to do 
> it would be to add another Option resource inside the mta3_backuplist file 
> that contains your WildDir excludes.  
> 

Ryan, 

Thanks for taking time to look at that for me.  That was exactly the problem.

All the best!

Troy

_
Scanned by IBM Email Security Management Services 
powered by MessageLabs.
_

--
Monitor your physical, virtual and cloud infrastructure from a single
web console. Get in-depth insight into apps, servers, databases, vmware,
SAP, cloud infrastructure, etc. Download 30-day Free Trial.
Pricing starts from $795 for 25 servers or applications!
http://p.sf.net/sfu/zoho_dev2dev_nov
___
Bacula-users mailing list
Bacula-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bacula-users