Director and Console on Different Hosts
If you have your bconsole
installed on another host than the
Director one, then it is more likely that different public certificate
and private key files for director and for console are used. Let’s
consider “darkstart-dir” director on “darkstar.example.com” and
“arrakis-con” console on “arrakis.example.com”.
If you’re using an anonymous console:
In bacula-dir.conf:
Director { Name = darkstar-dir DIR Port = 9111 DIR Address = darkstar.example.com QueryFile = "/usr/local/bacula/scripts/query.sql" WorkingDirectory = "/usr/local/bacula/working" PidDirectory = "/var/run" Maximum Concurrent Jobs = 10 Password = "password" Messages = Daemon TLS Enable = yes TLS Require = yes TLS Verify Peer = yes TLS Allowed CN = darkstar.example.com TLS CA Certificate File = /usr/local/bacula/etc/ssl/certs/root_cert.pem TLS Certificate = /usr/local/bacula/etc/ssl/certs/darkstar_cert.pem TLS Key = /usr/local/bacula/etc/ssl/keys/darkstar_key.pem }
In bconsole.conf:
Director { Name = darkstar-dir DIRport = 9111 Address = darkstar.example.com Password = "password" TLS Enable = yes TLS Require = yes TLS CA Certificate File = /usr/local/bacula/etc/ssl/certs/root_cert.pem TLS Certificate = /usr/local/bacula/etc/ssl/certs/darkstar_cert.pem TLS Key = /usr/local/bacula/etc/ssl/keys/darkstar_key.pem }
If you are using a named console:
In bacula-dir.conf: There is no need to configure TLS in the Director resource:
Director { Name = darkstar-dir DIR Port = 9111 DIR Address = darkstar.example.com QueryFile = "/usr/local/bacula/scripts/query.sql" WorkingDirectory = "/usr/local/bacula/working" PidDirectory = "/var/run" Maximum Concurrent Jobs = 10 Password = "password" Messages = Daemon }
Instead, the Console resource has the TLS configurations:
Console { Name = arrakis-con Password = "password" TLS Enable = yes TLS Require = yes TLS Allowed CN = arrakis.example.com TLS CA Certificate File = /usr/local/bacula/etc/ssl/certs/root_cert.pem TLS Certificate = /usr/local/bacula/etc/ssl/certs/darkstar_cert.pem TLS Key = /usr/local/bacula/etc/ssl/keys/darkstar_key.pem }
In bconsole.conf: It is not needed to configure TLS in the Director resource:
Director { Name = darkstar-dir DIRport = 9111 Address = darkstar.example.com Password = "password" }
Instead, the Console resource needs the TLS configuration:
Console { Name = arrakis-con Password = "password" TLS Enable = yes TLS Require = yes TLS Verify Peer = yes TLS CA Certificate File = /usr/local/bacula/etc/ssl/certs/root_cert.pem TLS Certificate = /usr/local/bacula/etc/ssl/certs/arrakis_cert.pem TLS Key = /usr/local/bacula/etc/ssl/keys/arrakis_key.pem }
See also
Go back to Enable TLS Communications Encryption between Console and Director.
Go back to the Bacula Communications Encryption chapter.
Go back to the main Advanced Features Usage page.