2 # postinst script for bacula-cn
4 # see: dh_installdeb(1)
8 # Source debconf library.
9 . /usr/share/debconf/confmodule
11 # summary of how this script can be called:
12 # * <postinst> `configure' <most-recently-configured-version>
13 # * <old-postinst> `abort-upgrade' <new version>
14 # * <conflictor's-postinst> `abort-remove' `in-favour' <package>
16 # * <postinst> `abort-remove'
17 # * <deconfigured's-postinst> `abort-deconfigure' `in-favour'
18 # <failed-install-package> <version> `removing'
19 # <conflicting-package> <version>
20 # for details, see http://www.debian.org/doc/debian-policy/ or
21 # the debian-policy package
23 generate_fd_config() {
24 FD_CONFIG=/etc/bacula/bacula-fd.conf
26 if [ -s $FD_CONFIG ] && grep -q 'PKI Keypair' $FD_CONFIG; then
27 echo $FD_CONFIG already exists, skipping.
31 if [ -e $FD_CONFIG -a ! -e $FD_CONFIG.bak ]; then
32 cp -av $FD_CONFIG $FD_CONFIG.bak
35 echo Generating $FD_CONFIG
39 # List Directors who are permitted to contact this File daemon
48 # Allow only the Director to connect
49 TLS Allowed CN = "sysbackup.carnet.hr"
50 TLS CA Certificate File = "/etc/bacula/sysbackup.pem"
51 # This is a server certificate. It is used by connecting
52 # directors to verify the authenticity of this file daemon
53 TLS Certificate = "/etc/bacula/bacula-fd.pem"
54 TLS Key = "/etc/bacula/bacula-fd.pem"
55 TLS DH File = "/etc/bacula/dh1024.pem"
59 # "Global" File daemon configuration specifications
61 FileDaemon { # this is me
63 FDport = 9102 # where we listen for the director
64 WorkingDirectory = /var/lib/bacula
65 Pid Directory = /var/run/bacula
66 Maximum Concurrent Jobs = 20
69 # you need these TLS entries so the FD and SD can communicate
72 TLS CA Certificate File = "/etc/bacula/sysbackup.pem"
73 TLS Certificate = "/etc/bacula/bacula-fd.pem"
74 TLS Key = "/etc/bacula/bacula-fd.pem"
76 # you need these PKI entries to encrypt data before sending it to backup
77 PKI Signatures = Yes # Enable Data Signing
78 PKI Encryption = Yes # Enable Data Encryption
79 PKI Keypair = "/etc/bacula/bacula-fd.pem" # Public and Private Keys
82 # Send all messages except skipped files back to Director
85 director = sysbackup-dir = all, !skipped, !restored
91 generate_bconsole_config() {
92 BCONSOLE_CONFIG=/etc/bacula/bconsole.conf
94 if [ -s $BCONSOLE_CONFIG ] && grep -q 'Console {' $BCONSOLE_CONFIG; then
95 echo $BCONSOLE_CONFIG already exists, skipping.
99 if [ -e $BCONSOLE_CONFIG -a ! -e $BCONSOLE_CONFIG.bak ]; then
100 cp -av $BCONSOLE_CONFIG $BCONSOLE_CONFIG.bak
103 echo Generating $BCONSOLE_CONFIG
105 cat >$BCONSOLE_CONFIG <<EOF
107 # Bacula User Agent (or Console) Configuration File
113 address = sysbackup.carnet.hr
114 Password = "__INVALID__" # not used
116 # you need these TLS entries so the bconsole and Director can communicate
119 TLS CA Certificate File = "/etc/bacula/sysbackup.pem"
120 TLS Certificate = "/etc/bacula/bacula-fd.pem"
121 TLS Key = "/etc/bacula/bacula-fd.pem"
126 Password = "$PASS_BCONSOLE"
133 DH_FILE=/etc/bacula/dh1024.pem
135 if [ -s $DH_FILE ]; then
136 echo $DH_FILE already exists, skipping.
140 echo Generating $DH_FILE
141 openssl dhparam -out $DH_FILE -5 1024
146 CERT_FILE=/etc/bacula/bacula-fd.pem
148 if [ -s $CERT_FILE ]; then
149 echo $CERT_FILE already exists, skipping.
153 echo Generating $CERT_FILE
155 openssl req -new -newkey rsa:2048 -nodes -keyout $CERT_FILE \
156 -subj "/C=HR/ST=Croatia/O=CARNet/OU=sysbackup/CN=$IP" \
157 -x509 -extensions usr_cert -days $((365*5)) \
163 if [ -x "/etc/init.d/bacula-fd" ]; then
164 if [ -x "`which invoke-rc.d 2>/dev/null`" ]; then
165 invoke-rc.d bacula-fd restart || exit $?
167 /etc/init.d/bacula-fd restart || exit $?
173 head -n 20 /dev/urandom | openssl dgst -sha1 | sed 's/^.* //'
178 rm -rf /var/lib/bacula-cn
180 if [ -e $REQUEST_FILE ]; then
181 echo Config has not changed, skipping request.
186 DF_FILE=$(mktemp bacula-cn.XXXXXXXXXX)
189 # report database sizes
190 DB_FILE=$(mktemp bacula-cn.XXXXXXXXXX)
191 if [ -d /var/lib/mysql -o -d /var/lib/postgresql ]; then
192 du -sh /var/lib/mysql /var/lib/postgresql >$DB_FILE 2>/dev/null || true
195 # generate client config
196 FD_FILE=$(mktemp bacula-cn.XXXXXXXXXX)
197 cat >> $FD_FILE <<EOF
198 # Requested by $CONTACT on $DATE
201 @/etc/bacula/include/client-debian-default.conf
203 Password = "$PASS_FD" # password for bacula-fd(8)
204 TLS CA Certificate File = "/etc/bacula/clients.d/$HOST-fd.pem"
209 @/etc/bacula/include/acl-default.conf
210 Password = "$PASS_BCONSOLE" # password for bconsole(8)
211 JobACL = $HOST, RestoreFiles
218 JobDefs = "Job_TapeBackup"
219 Messages = messages-$HOST
223 Name = messages-$HOST
224 @/etc/bacula/include/messages-defaults.conf
225 mail = $EMAIL = all, !skipped
230 PEM_FILE=$(mktemp bacula-cn.XXXXXXXXXX)
231 sed -n '/BEGIN CERTIFICATE/,/END CERTIFICATE/p' \
232 /etc/bacula/bacula-fd.pem > $PEM_FILE
234 # send using web service
235 echo Sending sysbackup request.
236 [ -s $DB_FILE ] && DB_PARAM="-F db=@$DB_FILE;filename=db.txt"
237 if curl --fail --silent --show-error \
238 -F "contact=$CONTACT" \
241 -F "df=@$DF_FILE;filename=df.txt" \
243 -F "fd=@$FD_FILE;filename=$HOST-fd.conf" \
244 -F "pem=@$PEM_FILE;filename=$HOST-fd.pem" \
245 --cacert /etc/ssl/certs/ca-certificates.crt \
246 https://sysbackup.carnet.hr/bacapp.php >/dev/null
252 rm -f $DF_FILE $DB_FILE $FD_FILE $PEM_FILE
255 if [ ! -e $REQUEST_FILE ]; then
256 db_input high bacula-cn/request-failed || true
262 db_get bacula-cn/hostname
268 db_get bacula-cn/contact
273 PASS_FD=$( random_string )
274 PASS_BCONSOLE=$( random_string )
276 DATE=$( date '+%Y-%m-%d' )
278 REQUEST_FILE=/etc/bacula/bacula-fd.txt
288 generate_bconsole_config
296 abort-upgrade|abort-remove|abort-deconfigure)
300 echo "postinst called with unknown argument \`$1'" >&2
305 # dh_installdeb will replace this with shell code automatically
306 # generated by other debhelper scripts.