Director and Console on the Same “darkstar” Host

1. If you are using an anonymous console: You only need to define the TLS directives in the resource of both bacula-dir.conf and bconsole.conf files.

   • In bacula-dir.conf:

     Director {
         Name = darkstar-dir
         DIR Port = 9111
         DIR Address = darkstar.example.com
         QueryFile = "/usr/local/bacula/scripts/query.sql"
         WorkingDirectory = "/usr/local/bacula/working"
         PidDirectory = "/var/run"
         Maximum Concurrent Jobs = 10
         Password = "password"
         Messages = Daemon
         TLS Enable = yes
         TLS Require = yes
         TLS Verify Peer = yes
         TLS Allowed CN = darkstar.example.com
         TLS CA Certificate File = /usr/local/bacula/etc/ssl/certs/root_cert.pem
         TLS Certificate = /usr/local/bacula/etc/ssl/certs/darkstar_cert.pem
         TLS Key = /usr/local/bacula/etc/ssl/keys/darkstar_key.pem
     }
     

   • In bconsole.conf:

     Director {
         Name = darkstar-dir
         DIRport = 9111
         Address = darkstar.example.com
         Password = "password"
         TLS Enable = yes
         TLS Require = yes
         TLS CA Certificate File = /usr/local/bacula/etc/ssl/certs/root_cert.pem
         TLS Certificate = /usr/local/bacula/etc/ssl/certs/darkstar_cert.pem
         TLS Key = /usr/local/bacula/etc/ssl/keys/darkstar_key.pem
     }
     

#. If a named console is used: You only need to define the TLS directives in the resource of both bacula-dir.conf and bconsole.conf.

• In bacula-dir.conf:: There is no need to configure TLS in the Director resource for a named console:

  Director {
      Name = darkstar-dir
      DIR Port = 9111
      DIR Address = darkstar.example.com
      QueryFile = "/usr/local/bacula/scripts/query.sql"
      WorkingDirectory = "/usr/local/bacula/working"
      PidDirectory = "/var/run"
      Maximum Concurrent Jobs = 10
      Password = "password"
      Messages = Daemon
  }
  

Instead, the named Console resource has the TLS configuration:

Console {
    Name = darkstar-con
    Password = "password"
    TLS Enable = yes
    TLS Require = yes
    TLS Verify Peer = yes
    TLS CA Certificate File = /usr/local/bacula/etc/ssl/certs/root_cert.pem
    TLS Certificate = /usr/local/bacula/etc/ssl/certs/darkstar_cert.pem
    TLS Key = /usr/local/bacula/etc/ssl/keys/darkstar_key.pem
}

• In bconsole.conf:: There is no need to configure TLS in the Director resource as it was in the case of the anonymous console above:

  Director {
      Name = darkstar-dir
      DIRport = 9111
      Address = darkstar.example.com
      Password = "password"
  }
  

Instead, the Console resource contains the TLS configuration:

Console {
    Name = darkstar-con
    Password = "password"
    TLS Enable = yes
    TLS Require = yes
    TLS Verify Peer = yes
    TLS CA Certificate File = /usr/local/bacula/etc/ssl/certs/root_cert.pem
    TLS Certificate = /usr/local/bacula/etc/ssl/certs/darkstar_cert.pem
    TLS Key = /usr/local/bacula/etc/ssl/keys/darkstar_key.pem
}

See also

Go to Director and Console on Different Hosts.

Go back to Enable TLS Communications Encryption between Console and Director.

Go back to the Bacula Communications Encryption chapter.

Go back to the main Advanced Features Usage page.