The Storage Daemon has 2 parts that needs to be TLS enabled, we'll only do the first part now, Director 2 Storage Daemon.

Edit your /usr/local/etc/bacula-sd.conf to look more or less like this: 

Director {
  Name = director1-dir
  Password = "topsecret"
  TLS Enable = yes
  TLS Require = yes
  TLS Verify Peer = yes
  TLS Allowed CN = "director1.example.com"
  TLS CA Certificate File = /usr/local/etc/bacula/certs/cacert.pem
  TLS Certificate = /usr/local/etc/bacula/certs/director1.example.com.cert
  TLS Key = /usr/local/etc/bacula/certs/director1.example.com.key
}

This tells the Storage Daemon it has to use TLS for Director communications and should only allow a machine matching director1.example.com in its certificate to connect.

Now configure the Director by changing /usr/local/etc/bacula-dir.conf to have a Storage Resource matching this: 

Storage {
  Name = director1-sd
  Address = director1.example.com
  SDPort = 9103
  Password = "topsecret"
  Device = FileStorage
  Media Type = File
  TLS Enable = yes
  TLS Require = Yes
  TLS CA Certificate File = /usr/local/etc/bacula/certs/cacert.pem
  TLS Certificate = /usr/local/etc/bacula/certs/director1.example.com.cert
  TLS Key = /usr/local/etc/bacula/certs/director1.example.com.key
}

Restart both the bacula-dir and bacula-sd and you should be able to run a status storage command like this: 

status storage
Using default Catalog name=MyCatalog DB=bacula
Automatically selected Storage: director1-sd
Connecting to Storage daemon director1-sd at director1.example.com:9103

director1-sd Version: 1.38.11 (28 June 2006) i386-portbld-freebsd6.0 freebsd 6.0-STABLE
Daemon started 18-Jul-06 20:36, 9 Jobs run since started.

Running Jobs:
No Jobs running.
====

Jobs waiting to reserve a drive:
====

Terminated Jobs:
 JobId  Level   Files          Bytes Status   Finished        Name 
======================================================================
    23  Incr          2            178 OK       19-Jul-06 04:31 client1_main
====

Device status:
Device "FileStorage" (/export/bacula/storage) is not open or does not exist.
====

In Use Volume status:
====

If this work, then communications between the Director and the Storage Daemon is now encrypted.

Bacula/TLS/director2storage (last edited 2006-07-21 07:27:02 by nat)