Enabling TLS Authentication between Client and Storage
Let’s consider “darkstar-fd” (on “darkstar.example.com”) and “arrakis-fd” (at “arrakis.example.com”) clients need to connect to the “aladan-sd” storage daemon running on “caladan.example.com” using TLS.
In bacula-fd.conf file at darkstar.example.com:
FileDaemon { Name = darkstar-fd FD Port = 9112 FD Address = darkstar.example.com WorkingDirectory = /usr/local/bacula/working Pid Directory = /var/run Maximum Concurrent Jobs = 10 TLS Enable = yes TLS Require = yes TLS Authenticate = yes TLS CA Certificate File = /usr/local/bacula/etc/ssl/certs/root_cert.pem TLS Certificate = /usr/local/bacula/etc/ssl/certs/darkstar_cert.pem TLS Key = /usr/local/bacula/etc/ssl/keys/darkstar_key.pem }In bacula-fd.conf file at “arrakis.example.com”:
FileDaemon { Name = arrakis-fd FD Port = 9112 FD Address = arrakis.example.com WorkingDirectory = /usr/local/bacula/working Pid Directory = /var/run Maximum Concurrent Jobs = 10 TLS Enable = yes TLS Require = yes TLS Authenticate = yes TLS CA Certificate File = /usr/local/bacula/etc/ssl/certs/root_cert.pem TLS Certificate = /usr/local/bacula/etc/ssl/certs/arrakis_cert.pem TLS Key = /usr/local/bacula/etc/ssl/keys/arrakis_key.pem }In bacula-sd.conf file at “caladan.example.com”:
Storage { Name = caladan-sd SD Port = 9113 SD Address = caladan.example.com WorkingDirectory = "/usr/local/bacula/working" Pid Directory = "/var/run" Maximum Concurrent Jobs = 40 TLS Enable = yes TLS Require = yes TLS Authenticate = yes TLS Allowed CN = darkstar.example.com , arrakis.example.com TLS CA Certificate File = /usr/local/bacula/etc/ssl/certs/root_cert.pem TLS Certificate = /usr/local/bacula/etc/ssl/certs/caladan_cert.pem TLS Key = /usr/local/bacula/etc/ssl/keys/caladan_key.pem }
See also
Previous articles:
Go back to: Enable TLS Authentication Between Daemons.