It is very important to specify what this implementation does NOT
do:
\begin{itemize}
-\item There is still one major gotcha, namely, it's possible for the
- director to restore new keys or a Bacula configuration file to the
- client, and thus force later backups to be made with a compromised
- key and/or with no encryption at all. You can avoid this by not backing
- up your encryption keys using Bacula, and not changing the location
- of the keys in your Bacula File daemon configuration file. However,
- please be sure your File daemon keys securely backed up preferably
- off-site.
+\item There is one important restore problem to be aware of, namely, it's
+ possible for the director to restore new keys or a Bacula configuration
+ file to the client, and thus force later backups to be made with a
+ compromised key and/or with no encryption at all. You can avoid this by
+ not not changing the location of the keys in your Bacula File daemon
+ configuration file, and not changing your File daemon keys. If you do
+ change either one, you must ensure that no restore is done that restores
+ the old configuration or the old keys. In general, the worst effect of
+ this will be that you can no longer connect the File daemon.
\item The implementation does not encrypt file metadata such as file path
names, permissions, and ownership. Extended attributes are also currently
NOTE!!! If you lose your encryption keys, backups will be unrecoverable.
{\bf ALWAYS} store a copy of your master keys in a secure, off-site location.
+The basic algorithm used for each backup session (Job) is:
+\begin{enumerate}
+\item The File daemon generates a session key.
+\item The FD encrypts that session key via PKE for all recipients (the file
+daemon, any master keys).
+\item The FD uses that session key to perform symmetric encryption on the data.
+\end{enumerate}
+
+
\subsection*{Building Bacula with Encryption Support}
\index[general]{Building Bacula with Encryption Support}
\addcontentsline{toc}{subsection}{Building Bacula with Encryption Support}
\addcontentsline{toc}{subsection}{Supported Operating Systems}
\begin{itemize}
-\item Linux systems (built and tested on RedHat Enterprise Linux 3.0).
-\item If you have a recent Red Hat Linux system running the 2.4.x kernel and
- you have the directory {\bf /lib/tls} installed on your system (normally by
- default), bacula will {\bf NOT} run. This is the new pthreads library and it
-is defective. You must remove this directory prior to running Bacula, or you
-can simply change the name to {\bf /lib/tls-broken}) then you must reboot
-your machine (one of the few times Linux must be rebooted). If you are not
-able to remove/rename /lib/tls, an alternative is to set the environment
-variable "LD\_ASSUME\_KERNEL=2.4.19" prior to executing Bacula. For this
-option, you do not need to reboot, and all programs other than Bacula will
-continue to use /lib/tls.
-
-This problem does not occur with 2.6 kernels.
-
-\item Most flavors of Linux (Gentoo, SuSE, Mandriva, Debian, ...).
+\item Linux systems (built and tested on SuSE 10.1).
+\item Most flavors of Linux (Gentoo, RedHat, Fedora, Mandriva, Debian, ...).
\item Solaris various versions.
-\item FreeBSD (tape driver supported in 1.30 -- please see some {\bf
- important} considerations in the
+\item FreeBSD (tape driver supported in 1.30 -- for FreeBSD older than
+ version 5.0, please see some {\bf important} considerations in the
\ilink{ Tape Modes on FreeBSD}{FreeBSDTapes} section of the
Tape Testing chapter of this manual.)
\item Windows (Win98/Me, WinNT/2K/XP) Client (File daemon) binaries.
\item OpenBSD Client (File daemon).
\item Irix Client (File daemon).
\item Tru64
-\item Bacula is said to work on other systems (AIX, BSDI, HPUX, ...) but we
+\item Bacula is said to work on other systems (AIX, BSDI, HPUX, NetBSD, ...) but we
do not have first hand knowledge of these systems.
-\item RHat 7.2 AS2, AS3, AS4, Fedora Core 2, SuSE SLES 7,8,9 and Debian Woody and Sarge Linux on
+\item RHat 7.2 AS2, AS3, AS4, Fedora Core 2,3,4,5, SuSE SLES 7,8,9,10,10.1 and Debian Woody and Sarge Linux on
S/390 and Linux on zSeries.
\item See the Porting chapter of the Bacula Developer's Guide for information
on porting to other systems.
- \end{itemize}
+
+\item If you have a older Red Hat Linux system running the 2.4.x kernel and
+ you have the directory {\bf /lib/tls} installed on your system (normally by
+ default), bacula will {\bf NOT} run. This is the new pthreads library and it
+ is defective. You must remove this directory prior to running Bacula, or you
+ can simply change the name to {\bf /lib/tls-broken}) then you must reboot
+ your machine (one of the few times Linux must be rebooted). If you are not
+ able to remove/rename /lib/tls, an alternative is to set the environment
+ variable "LD\_ASSUME\_KERNEL=2.4.19" prior to executing Bacula. For this
+ option, you do not need to reboot, and all programs other than Bacula will
+ continue to use /lib/tls.
+\item The above mentioned {\bf /lib/tls} problem does not occur with 2.6 kernels.
+
+\end{itemize}
Note, one disadvantage of writing to an NFS mounted volume as I do is
that if the other machine goes down, the OS will wait forever on the fopen()
call that Bacula makes. As a consequence, Bacula will completely stall until
-the machine exporting the NSF mounts comes back up. A possible solution to this
+the machine exporting the NFS mounts comes back up. A possible solution to this
problem was provided by Andrew Hilborne, and consists of using the {\bf soft}
option instead of the {\bf hard} option when mounting the NFS volume, which is
typically done in {\bf /etc/fstab}/. The NFS documentation explains these
\footnotesize
\begin{verbatim}
(in the Console program)
-*{\bf restore}
+*restore
First you select one or more JobIds that contain files
to be restored. You will then be presented several methods
of specifying the JobIds. Then you will be allowed to
4: Enter SQL list command
5: Select the most recent backup for a client
6: Cancel
-Select item: (1-6): {\bf 5}
+Select item: (1-6): 5
The defined Client resources are:
1: Minimatou
2: Rufus
3: Timmy
-Select Client (File daemon) resource (1-3): {\bf 2}
+Select Client (File daemon) resource (1-3): 2
The defined FileSet resources are:
1: Kerns Files
Item 1 selected automatically.
remove files to be restored. All files are initially added.
Enter "done" to leave this mode.
cwd is: /
-$ {\bf done}
+$ done
84 files selected to restore.
Run Restore job
JobName: kernsrestore
Client: Rufus
Storage: File
JobId: *None*
-OK to run? (yes/mod/no): {\bf no}
-{\bf quit}
+OK to run? (yes/mod/no): no
+quit
(in a shell window)
-{\bf cp ../working/restore.bsr /mnt/deuter/files/backup/rufus.bsr}
+cp ../working/restore.bsr /mnt/deuter/files/backup/rufus.bsr
\end{verbatim}
\normalsize
\footnotesize
\begin{verbatim}
-{\bf update}
+update
Update choice:
1: Volume parameters
2: Pool from resource
3: Slots from autochanger
-Choose catalog item to update (1-3): {\bf 1}
+Choose catalog item to update (1-3): 1
Defined Pools:
1: Default
2: File
+-------+---------+--------+---------+-----------+------+----------+------+-----+
| 1 | test01 | DDS-4 | Error | 352427156 | ... | 31536000 | 1 | 0 |
+-------+---------+--------+---------+-----------+------+----------+------+-----+
-Enter MediaId or Volume name: {\bf 1}
+Enter MediaId or Volume name: 1
\end{verbatim}
\normalsize
9: Volume Files
10: Pool
11: Done
-Select parameter to modify (1-11): {\bf 9}
+Select parameter to modify (1-11): 9
Warning changing Volume Files can result
in loss of data on your Volume
Current Volume Files is: 10
-Enter new number of Files for Volume: {\bf 11}
+Enter new number of Files for Volume: 11
New Volume Files is: 11
Updating Volume "test01"
Parameters to modify:
9: Volume Files
10: Pool
11: Done
-Select parameter to modify (1-10): {\bf 1}
+Select parameter to modify (1-10): 1
\end{verbatim}
\normalsize
4: Full
5: Used
6: Read-Only
-Choose new Volume Status (1-6): {\bf 1}
+Choose new Volume Status (1-6): 1
New Volume status is: Append
Updating Volume "test01"
Parameters to modify:
9: Volume Files
10: Pool
11: Done
-Select parameter to modify (1-11): {\bf 11}
+Select parameter to modify (1-11): 11
Selection done.
\end{verbatim}
\normalsize
\footnotesize
\begin{verbatim}
-{\bf list volumes}
+list volumes
Using default Catalog name=BackupDB DB=bacula
Pool: Default
-1.39.23 (28 September 2006)
+1.39.25 (08 October 2006)
projects / bacula / docs / commitdiff