Re: [Bacula-users] bacula-sd systemd service modification prevents daemon failure

2022-08-02 Thread Martin Simmons 
The other service files use -f, but it looks like bacula-sd was broken by this
change:

--
commit e40b2a6ba9bf946b6e8f189e86729b7b262aaee6
Author: Alain Spineux 
Date:   Wed Dec 2 16:17:54 2020 +0100

Fix #7113 Enable timestamp in tracefile for SD

diff --git a/bacula/platforms/systemd/bacula-sd.service.in 
b/bacula/platforms/systemd/bacula-sd.service.in
index ba15a6640..2fb45bf1d 100644
--- a/bacula/platforms/systemd/bacula-sd.service.in
+++ b/bacula/platforms/systemd/bacula-sd.service.in
@@ -24,8 +24,12 @@ RequiresMountsFor=@working_dir@ @sysconfdir@ @sbindir@
 Type=simple
 User=@sd_user@
 Group=@sd_group@
-ExecStart=@sbindir@/bacula-sd -fP -c @sysconfdir@/bacula-sd.conf
-SuccessExitStatus=15
+Environment="LD_LIBRARY_PATH=@libdir@"
+# comment out to get traces working at startup using -T and -d options
+#WorkingDirectory=@working_dir@
+ExecStart=@sbindir@/bacula-sd -dt -c @sysconfdir@/bacula-sd.conf
+StandardError=syslog
+TimeoutStopSec=3min
 LimitMEMLOCK=infinity
 
 [Install]
--

I've just added this to https://bugs.bacula.org/view.php?id=2657

__Martin


> On Mon, 01 Aug 2022 14:49:10 -0400, mark bergman said:
> 
> While bacula-sd would start fine when run manually at the command-line
> with "/opt/bacula/bin/bacula-sd", running it as a systemd service
> consistently resulted in the daemon starting and then stopping almost
> immediately, with no errors from bacula-sd and with systemd reporting
> just an 'unknown error'.
> 
> If the daemon was run with "-T -d xxx -f", it would remain running.
> 
> Modifying the systemd service file 
> (/usr/lib/systemd/system/bacula-sd.service) to use:
> 
>   Type=forking
> 
> (instead of "Type=simple") allowed the daemon to start correctly under
> systemd without any debugging options.
> 
> Thanks,
> 
> Mark
> 
> -- 
> Mark Bergman   voice: 215-746-4061
>
> mark.berg...@pennmedicine.upenn.edu  fax: 215-614-0266
> http://www.med.upenn.edu/cbica/
> IT Technical Director, Center for Biomedical Image Computing and Analytics
> Department of Radiology University of Pennsylvania
> 
> 
> ___
> Bacula-users mailing list
> Bacula-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/bacula-users
> 


___
Bacula-users mailing list
Bacula-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bacula-users

[Bacula-users] running Bacula client on Synology

2022-08-02 Thread Adam Weremczuk 

Hi all,

Synology RS1221+ 8-Bay NAS specifically.

Are there any officially supported fairly recent clients and 
installation guides available?


If not Synology what other budget NAS brands are supported best?

Regards,
Adam



___
Bacula-users mailing list
Bacula-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bacula-users

Re: [Bacula-users] running Bacula client on Synology

2022-08-02 Thread Phil Stracchino 

On 8/2/22 07:16, Adam Weremczuk wrote:

Hi all,

Synology RS1221+ 8-Bay NAS specifically.

Are there any officially supported fairly recent clients and
installation guides available?

If not Synology what other budget NAS brands are supported best?



I have not tried Bacula on Synology, but I can tell you one thing for 
free:  Don't even THINK about trying to run a current Bacula on QNAP. 
There are obsolete Bacula packages for SOME QNAP models in QNAP's 
proprietary package format, but absolutely no way to install a current 
Bacula version.  I tried it once and couldn't even figure out how to get 
a viable build environment set up.



--
  Phil Stracchino
  Babylon Communications
  ph...@caerllewys.net
  p...@co.ordinate.org
  Landline: +1.603.293.8485
  Mobile:   +1.603.998.6958


___
Bacula-users mailing list
Bacula-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bacula-users

Re: [Bacula-users] running Bacula client on Synology

2022-08-02 Thread Andrea Venturoli 


On 8/2/22 16:17, Phil Stracchino wrote:
Don't even THINK about trying to run a current Bacula on QNAP. 


That's a bit of a broad statement.
Much depends on what QNAP NAS you have, what part of Bacula you want to 
run on it, which features you want and what kind of support you expect.


I only run the SD on the NAS; never tried Director or FD, though.
YMMV.





There are obsolete Bacula packages for SOME QNAP models in QNAP's 
proprietary package format, but absolutely no way to install a current 
Bacula version.  I tried it once and couldn't even figure out how to get 
a viable build environment set up.


I've just tried cross-building 13.0.0 for QNAP/ARM: it just took a few 
minutes. (I explicitly left OpenSSL out, since I don't use it, so I 
don't know if it would work).


Unfortunately I cannot test this at least until September.
I'll happy provide the binaries (of course as-is) if you need them.



In any case I have binaries for:

_ 9.4.2, SD only: I believe it was compiled  directly on a Zyxel NAS; 
not used anymore by me, but used to work;


_ 9.6.3 (build through QNAP cross-compilier): SD happily running on a 
QNAP TS-212P, a QNAP TS-231, two Zyxel NSA-310 and a Zyxel NAS-326; 
FD/Director untested;


_ 13.0.0 (build through QNAP cross-compilier): completely untested.

If anyone wants them, just ask.



 bye
av.

P.S. I know the original question was about Synology, but I never had 
the chance to put my hands on any of these.



___
Bacula-users mailing list
Bacula-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bacula-users

Re: [Bacula-users] running Bacula client on Synology

2022-08-02 Thread Phil Stracchino 

On 8/2/22 14:42, Andrea Venturoli wrote:


I've just tried cross-building 13.0.0 for QNAP/ARM: it just took a few
minutes. (I explicitly left OpenSSL out, since I don't use it, so I
don't know if it would work).

Unfortunately I cannot test this at least until September.
I'll happy provide the binaries (of course as-is) if you need them.



Huh.  Now I'm curious about how you set up the QNAP cross-compiler and 
development environment.  I couldn't find any useful information on that 
and QNAP support flatly refused to provide any.


It's only academic curiosity at this point though, as I returned the 
QNAP NAS because it manifestly could not do the things I wanted to do 
with it.  (Starting with manage it in any sensible way beyond pushing 
buttons in its point-and-drool web management interface, which I quickly 
found to be full of You Can't Do That.)




--
  Phil Stracchino
  Babylon Communications
  ph...@caerllewys.net
  p...@co.ordinate.org
  Landline: +1.603.293.8485
  Mobile:   +1.603.998.6958


___
Bacula-users mailing list
Bacula-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bacula-users

Re: [Bacula-users] bsmtp from within a container

2022-08-02 Thread Justin Case 
I run the mailserver put its basically a tightly baked postfix dovecot under 
Synology DSM UI. So I won’t manually change config files. But “Ignore 
authorization for LAN connections” sounds reasonable, I have activated that 
now. Lets see if that helps.

(BTW, bacula-dir and mail server are on different machines. its a home lab, 
yes, but its vast ;)

This does, however, not solve the problem that the hostname is not an FQDN and 
that it cannot be overridden with bsmtp. So I am still 100% away from a working 
solution :(

> On 1. Aug 2022, at 23:12, dmitri maziuk  wrote:
> 
> On 2022-08-01 3:57 PM, Justin Case wrote:
> 
>> bsmtp: bsmtp.c:124-0 Fatal malformed reply from mailserver.dummy.net: 504 
>> 5.5.2 <3422f1072002>: Helo command rejected: need fully-qualified hostname
> 
> Who runs the mailserver? Typically you's set "permit-mynetworks" before 
> "reject-XX-helo-hostname" and add the docker ip ranges to "mynetworks" -- 
> assuming it's postfix.
> 
> Since docker uses private ip ranges, these ips should never appear on "the 
> Internet" side of the mailserver, i.e. it's not opening the relay for 
> everyone: only to docker containers (which could be a problem too dep. on how 
> far they trust their customers).
> 
> $.02
> Dima
> 
> 
> ___
> Bacula-users mailing list
> Bacula-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/bacula-users
> 



___
Bacula-users mailing list
Bacula-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bacula-users

Re: [Bacula-users] running Bacula client on Synology

2022-08-02 Thread Bill Arlofski via Bacula-users 

On 8/2/22 13:00, Phil Stracchino wrote:
>

point-and-drool web management interface,


YOINK!



which I quickly found to be full of You Can't Do That.)


YOINK!



https://www.youtube.com/watch?v=CJh1hmmLLzw


Thanks Phil. I needed the laughs and the quotes to steal today. :)


Best regards,
Bill


signature.asc
Description: OpenPGP digital signature
___
Bacula-users mailing list
Bacula-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bacula-users

Re: [Bacula-users] running Bacula client on Synology

2022-08-02 Thread Phil Stracchino 

On 8/2/22 15:37, Bill Arlofski via Bacula-users wrote:

Thanks Phil. I needed the laughs and the quotes to steal today. :)


My work here is done.  :)


--
  Phil Stracchino
  Babylon Communications
  ph...@caerllewys.net
  p...@co.ordinate.org
  Landline: +1.603.293.8485
  Mobile:   +1.603.998.6958


___
Bacula-users mailing list
Bacula-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bacula-users

Re: [Bacula-users] bsmtp from within a container

2022-08-02 Thread Bill Arlofski via Bacula-users 

On 8/2/22 13:16, Justin Case wrote:

I run the mailserver put its basically a tightly baked postfix dovecot under 
Synology DSM UI. So I won’t manually change config files. But “Ignore 
authorization for LAN connections” sounds reasonable, I have activated that 
now. Lets see if that helps.

(BTW, bacula-dir and mail server are on different machines. its a home lab, 
yes, but its vast ;)

This does, however, not solve the problem that the hostname is not an FQDN and 
that it cannot be overridden with bsmtp. So I am still 100% away from a working 
solution :(


I always install a postfix MTA on my local Bacula Director, listening on 127.0.0.1, and then from there, I can set all the 
outbound SMTP relay(s) and any auth that is required.


Typically, the local postfix is just there on the local Director because bsmtp is a simple, one-shot deal. If it cannot 
connect to the host to deliver the message for any reason, that email is gone.


With a local postfix MTA, bsmtp sends the messages to thge local postfix, the messages are locally queued and always 
delivered. Your case takes this a couple steps further (configuring auth etc) than I usually ever need to go with postfix and 
Bacula, but it is still what I would recommend trying. :)



Best regards,
Bill

--
Bill Arlofski
w...@protonmail.com


signature.asc
Description: OpenPGP digital signature
___
Bacula-users mailing list
Bacula-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bacula-users

Re: [Bacula-users] bsmtp from within a container

2022-08-02 Thread Justin Case 
Hi Bill,

the container I use is maintained by another person. I will suggest it.
If I would be using Bacula in a platform maintained by me I already had postfix 
installed...

That container not even has apt…. what can I say.

> On 2. Aug 2022, at 22:05, Bill Arlofski via Bacula-users 
>  wrote:
> 
> On 8/2/22 13:16, Justin Case wrote:
>> I run the mailserver put its basically a tightly baked postfix dovecot under 
>> Synology DSM UI. So I won’t manually change config files. But “Ignore 
>> authorization for LAN connections” sounds reasonable, I have activated that 
>> now. Lets see if that helps.
>> (BTW, bacula-dir and mail server are on different machines. its a home lab, 
>> yes, but its vast ;)
>> This does, however, not solve the problem that the hostname is not an FQDN 
>> and that it cannot be overridden with bsmtp. So I am still 100% away from a 
>> working solution :(
> 
> I always install a postfix MTA on my local Bacula Director, listening on 
> 127.0.0.1, and then from there, I can set all the outbound SMTP relay(s) and 
> any auth that is required.
> 
> Typically, the local postfix is just there on the local Director because 
> bsmtp is a simple, one-shot deal. If it cannot connect to the host to deliver 
> the message for any reason, that email is gone.
> 
> With a local postfix MTA, bsmtp sends the messages to thge local postfix, the 
> messages are locally queued and always delivered. Your case takes this a 
> couple steps further (configuring auth etc) than I usually ever need to go 
> with postfix and Bacula, but it is still what I would recommend trying. :)
> 
> 
> Best regards,
> Bill
> 
> -- 
> Bill Arlofski
> w...@protonmail.com
> ___
> Bacula-users mailing list
> Bacula-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/bacula-users



___
Bacula-users mailing list
Bacula-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bacula-users

Re: [Bacula-users] bsmtp from within a container

2022-08-02 Thread dmitri maziuk 

On 2022-08-02 2:16 PM, Justin Case wrote:

I run the mailserver put its basically a tightly baked postfix dovecot under 
Synology DSM UI. So I won’t manually change config files. But “Ignore 
authorization for LAN connections” sounds reasonable, I have activated that 
now. Lets see if that helps.


It has to know 172.x is a "LAN" connection... if they don't have a way 
to set $mynetworks, I think you might want to add a raspi to your home 
lab to run a proper postfix instance. ;)



This does, however, not solve the problem that the hostname is not an FQDN and 
that it cannot be overridden with bsmtp. So I am still 100% away from a working 
solution :(


It's common enough, half of them get "localhost" from the resolver 
anyway and happily stick it in the mail header. I tend to specify From: 
addresses like "win-acme-on-server-X@mydomain" to know where it came 
from -- and if anyone decides to reply, they can keep the bounce.


As far as mail delivery goes, FQDN is not needed for anything. It's only 
there for that UCE check which should be disabled for "LAN connections".


PS. if bsmtp gets its hostname from the resolver, you might be able to 
fool it by setting up a nameserver for docker ips. Or maybe get names 
from docker network -- but I never looked into that.


Dima


___
Bacula-users mailing list
Bacula-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bacula-users

Re: [Bacula-users] Q: Connection errors on daily backup with ConnectToDirector

2022-08-02 Thread Justin Case 
This chapter was not yet closed and I have interesting further results 
(actually a bug report).
I opened another thread here where bacula-dir was crashing. Today I found the 
cause.

A macOS FD was earlier using normal connection from bacula-dir, but later I 
adapted it to connect to bacula-dir on its own. So far so good? No. Hang on, I 
am coming to it.

Under macOS I am using homebrew bacula-fd and in the meanwhile there was an 
upgrade from 11 to 13. And at that point I made a subtle mistake: I copied 
bacula-fd.conf from the 11 install to the 13 install. The problem with this is 
that I overlooked this directive:

  Plugin Directory = /usr/local/Cellar/bacula-fd/11.0.6/lib

I guess you immediately see where the problem is, the 13.0.0 bacula-fd binary 
is using bpipe plugin 11.0.6 binary.

The result of this seems to be that bacula-fd connects a lot more aggressively 
to bacula-dir (don’t ask me why, I don’t know it).

In an ideal world this shouldn’t pose a problem, but in the container for 
bacula-dir 11 that I am using it caused bacula-dir to crash with a segmentation 
violation.

This is why I am reporting this.

Since I corrected the library path I don’t see the crashes any more and no 
aggressive quick and numerous connections from the fd to the dir.

But! It is still the same director binary and there must be some bug if a 
misbehaving FD can actually make the director crash. This is a security 
problem, as someone could incapacitate the backups when they run and stop doing 
that during the phase when backups are not running, so it would be hard to 
troubleshoot. One could argue it is my own fault if I use v13 FDs with v11 
diriectors. From a security perspective it is a problem with the 
implementation. As long as a v11 director accepts v13 clients, it must not 
crash. 

I don’t know how to better report this, but some developer would probably take 
a look where the problem is with bacula-dir crashing if it gets a lot of FD 
connections quickly over a longer time. I have only tried it with v13 FDs, but 
I suspect it would also happen with v11 FDs.

All the best
 J/C

> On 25. Jul 2022, at 22:33, Justin Case  wrote:
> 
> I think it is great support here from  you people!
> 
> Today I think I might have understood what is happening, and Bill’s 
> explanations about what might be going on were probably correct in the core, 
> but not in the details.
> 
> Let me try to lay out what I think is going on and where I had my problem 
> understanding it in the first place:
> 
> After an update of syslog-ng the syslogging of the FD client host started to 
> work (it was configured a long time ago but somehow it never worked before 
> the update for the syslog-ng server that came in the last days) I began to 
> see where and WHEN(!) the error messages originated.
> 
> It is - as you guys are saying - the FD generating these errors, which are 
> logged without delay in my central syslog-ng server:
> 
> 2022-07-25 12:57:30   
> bsockcore.c:265 Unable to connect to Director daemon on 
> bacula-dir.lan.net:9101 . ERR=Connection 
> refused
> 
> The eye-opener were the timestamps, which explained what is happening (more 
> on that later).
> My problem so far was that the error messages shown in Baculum had the 
> timestamp of the Director when the Director sees the error messages, not when 
> they happened!
> 
> 25-Jul 22:00 bacula-dir JobId 1725: Error: getmsg.c:217 Malformed message: 
> [bsockcore.c:265 Unable to connect to Director daemon on 
> bacula-dir.lan.net:9101 . ERR=Connection 
> refused
> 
> Note the different timestamp. In the first message it is the timestamp of the 
> FD client host when the error occurs there. In the second message you see the 
> timestamp of the Director host when the first error message gets delivered 
> from the FD to the Director.
> 
> So what you guys said is correct: the Director accepts the error messaged 
> from the FD only when a job runs for the FD. Even if the FD connects to the 
> Director many times during the day, the error messages are held back by the 
> FD until a job actually runs and then they are ingested for the first job 
> that runs on the current day. This also explains why there are no errors when 
> a similar job runs shortly after to backup to the other tier storage
> 
> Because so far I was only seeing the Director timestamp I was misled that the 
> error actually happens at the time when the job runs. I now understand that 
> this is not correct, and I think you guys also mentioned it, but I didn’t 
> pick it up consciously enough to understand what this means.
> 
> Now that I can see the timestamp from the FD when the errors actually happen 
> on the FD host I can now confirm:
> 
> (1) the Director is definitely reachable for the FD at the time when the job 
> runs (as I alway also stated), this is why the error messages show the 
> timestamp of when the job runs, as it always is able

Re: [Bacula-users] bsmtp from within a container

2022-08-02 Thread Justin Case 
The container uses the container ID as hostname. nothing I can do about it with 
DNS.
I will retire the Synology mail server at somepoint but that is months in the 
future.

I disabled authentication for local networks, but still:
504 5.5.2 <3422f1072002>: Helo command rejected: need fully-qualified hostname

> On 2. Aug 2022, at 22:29, dmitri maziuk  wrote:
> 
> On 2022-08-02 2:16 PM, Justin Case wrote:
>> I run the mailserver put its basically a tightly baked postfix dovecot under 
>> Synology DSM UI. So I won’t manually change config files. But “Ignore 
>> authorization for LAN connections” sounds reasonable, I have activated that 
>> now. Lets see if that helps.
> 
> It has to know 172.x is a "LAN" connection... if they don't have a way to set 
> $mynetworks, I think you might want to add a raspi to your home lab to run a 
> proper postfix instance. ;)
> 
>> This does, however, not solve the problem that the hostname is not an FQDN 
>> and that it cannot be overridden with bsmtp. So I am still 100% away from a 
>> working solution :(
> 
> It's common enough, half of them get "localhost" from the resolver anyway and 
> happily stick it in the mail header. I tend to specify From: addresses like 
> "win-acme-on-server-X@mydomain" to know where it came from -- and if anyone 
> decides to reply, they can keep the bounce.
> 
> As far as mail delivery goes, FQDN is not needed for anything. It's only 
> there for that UCE check which should be disabled for "LAN connections".
> 
> PS. if bsmtp gets its hostname from the resolver, you might be able to fool 
> it by setting up a nameserver for docker ips. Or maybe get names from docker 
> network -- but I never looked into that.
> 
> Dima
> 
> 
> ___
> Bacula-users mailing list
> Bacula-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/bacula-users



___
Bacula-users mailing list
Bacula-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bacula-users

Re: [Bacula-users] bsmtp from within a container

2022-08-02 Thread dmitri maziuk 

On 2022-08-02 3:46 PM, Justin Case wrote:

The container uses the container ID as hostname. nothing I can do about it with 
DNS.
I will retire the Synology mail server at somepoint but that is months in the 
future.

I disabled authentication for local networks, but still:
504 5.5.2 <3422f1072002>: Helo command rejected: need fully-qualified hostname


Yeah, well, as Phil said elsethread, your Synology has a 
"point-and-drool web management interface ... full of You Can't Do 
That." You probably could configure docker to use your home lab IP range 
-- or even run the container with "host networking" and then its IP 
should be in Synology's "LAN", but... evidently Synology does *not* make 
a usable mailserver and that's your problem.


Dima


___
Bacula-users mailing list
Bacula-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bacula-users

Re: [Bacula-users] running Bacula client on Synology

2022-08-02 Thread Andrea Venturoli 


On 8/2/22 21:00, Phil Stracchino wrote:

Huh.  Now I'm curious about how you set up the QNAP cross-compiler and 
development environment.  I couldn't find any useful information on that 
and QNAP support flatly refused to provide any.


It all stated from here:

https://sourceforge.net/p/bacula/mailman/message/36443243/

Since I'm normally using FreeBSD, I created a Slackware VM in VirtualBox 
just for this.




(Starting with manage it in any sensible way beyond pushing 
buttons in its point-and-drool web management interface, which I quickly 
found to be full of You Can't Do That.)


Can't comment on that.
After I put Bacula-SD on the NASes, usually my work is done.
Occasionally I use SSH to check/delete some volumes.



 bye
av.


___
Bacula-users mailing list
Bacula-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bacula-users