2 # postinst script for bacula-cn
4 # see: dh_installdeb(1)
8 # Source debconf library.
9 . /usr/share/debconf/confmodule
11 # summary of how this script can be called:
12 # * <postinst> `configure' <most-recently-configured-version>
13 # * <old-postinst> `abort-upgrade' <new version>
14 # * <conflictor's-postinst> `abort-remove' `in-favour' <package>
16 # * <postinst> `abort-remove'
17 # * <deconfigured's-postinst> `abort-deconfigure' `in-favour'
18 # <failed-install-package> <version> `removing'
19 # <conflicting-package> <version>
20 # for details, see http://www.debian.org/doc/debian-policy/ or
21 # the debian-policy package
23 generate_fd_config() {
24 FD_CONFIG=/etc/bacula/bacula-fd.conf
26 if [ -s $FD_CONFIG ] && grep -q 'PKI Keypair' $FD_CONFIG; then
27 echo $FD_CONFIG already exists, skipping.
31 if [ -e $FD_CONFIG -a ! -e $FD_CONFIG.bak ]; then
32 cp -av $FD_CONFIG $FD_CONFIG.bak
35 echo Generating $FD_CONFIG
39 # List Directors who are permitted to contact this File daemon
48 # Allow only the Director to connect
49 TLS Allowed CN = "sysbackup.carnet.hr"
50 TLS CA Certificate File = "/etc/bacula/sysbackup.pem"
51 # This is a server certificate. It is used by connecting
52 # directors to verify the authenticity of this file daemon
53 TLS Certificate = "/etc/bacula/bacula-fd.pem"
54 TLS Key = "/etc/bacula/bacula-fd.pem"
55 TLS DH File = "/etc/bacula/dh1024.pem"
59 # "Global" File daemon configuration specifications
61 FileDaemon { # this is me
63 FDport = 9102 # where we listen for the director
64 WorkingDirectory = /var/lib/bacula
65 Pid Directory = /var/run/bacula
66 Maximum Concurrent Jobs = 20
69 # you need these TLS entries so the FD and SD can communicate
72 TLS CA Certificate File = "/etc/bacula/sysbackup.pem"
73 TLS Certificate = "/etc/bacula/bacula-fd.pem"
74 TLS Key = "/etc/bacula/bacula-fd.pem"
76 # you need these PKI entries to encrypt data before sending it to backup
77 PKI Signatures = Yes # Enable Data Signing
78 PKI Encryption = Yes # Enable Data Encryption
79 PKI Keypair = "/etc/bacula/bacula-fd.pem" # Public and Private Keys
82 # Send all messages except skipped files back to Director
85 director = sysbackup-dir = all, !skipped, !restored
91 generate_bconsole_config() {
92 BCONSOLE_CONFIG=/etc/bacula/bconsole.conf
94 if [ -s $BCONSOLE_CONFIG ] && grep -q 'Console {' $BCONSOLE_CONFIG; then
95 echo $BCONSOLE_CONFIG already exists, skipping.
99 if [ -e $BCONSOLE_CONFIG -a ! -e $BCONSOLE_CONFIG.bak ]; then
100 cp -av $BCONSOLE_CONFIG $BCONSOLE_CONFIG.bak
103 echo Generating $BCONSOLE_CONFIG
105 cat >$BCONSOLE_CONFIG <<EOF
107 # Bacula User Agent (or Console) Configuration File
113 address = sysbackup.carnet.hr
114 Password = "__INVALID__" # not used
116 # you need these TLS entries so the bconsole and Director can communicate
119 TLS CA Certificate File = "/etc/bacula/sysbackup.pem"
120 TLS Certificate = "/etc/bacula/bacula-fd.pem"
121 TLS Key = "/etc/bacula/bacula-fd.pem"
126 Password = "$PASS_BCONSOLE"
133 DH_FILE=/etc/bacula/dh1024.pem
135 if [ -s $DH_FILE ]; then
136 echo $DH_FILE already exists, skipping.
140 echo Generating $DH_FILE
141 openssl dhparam -out $DH_FILE -5 1024
146 CERT_FILE=/etc/bacula/bacula-fd.pem
148 if [ -s $CERT_FILE ]; then
149 echo $CERT_FILE already exists, skipping.
153 echo Generating $CERT_FILE
155 openssl req -new -newkey rsa:2048 -nodes -keyout $CERT_FILE \
156 -subj "/C=HR/ST=Croatia/O=CARNet/OU=sysbackup/CN=$IP" \
157 -x509 -extensions usr_cert -days $((365*5)) \
163 if [ -x "/etc/init.d/bacula-fd" ]; then
164 if [ -x "`which invoke-rc.d 2>/dev/null`" ]; then
165 invoke-rc.d bacula-fd restart || exit $?
167 /etc/init.d/bacula-fd restart || exit $?
173 REQUEST_FILE=/etc/bacula/bacula-fd.txt
174 GPG_HOME=/var/lib/bacula-cn/gpg
176 BOUNDARY=$( head -20 /dev/urandom | openssl dgst -sha1 )
177 GPG="gpg --homedir $GPG_HOME --batch --encrypt --armour --recipient rt@tt.carnet.hr --always-trust"
179 if [ -z "$CONFIG_CHANGED" ]; then
180 echo Config has not changed, skipping request.
186 echo Generating request in $REQUEST_FILE
190 cat > $REQUEST_FILE <<EOF
192 To: sysbackup@carnet.hr
193 Subject: Backup za $HOST
195 Content-Type: multipart/mixed; boundary="$BOUNDARY"
197 This is a message with multiple parts in MIME format.
199 Content-Type: text/plain
200 Content-Transfer-Encoding: 7bit
201 Content-Disposition: inline
203 Ime posluzitelja: $HOST
205 Kontakt adresa: $CONTACT
208 # attachment: disk sizes
209 cat >> $REQUEST_FILE <<EOF
211 Content-Type: text/plain
212 Content-Transfer-Encoding: 7bit
213 Content-Disposition: inline; filename="df.txt.gpg"
217 df -h | $GPG >> $REQUEST_FILE
219 # attachment: database sizes
220 if [ -d /var/lib/mysql -o -d /var/lib/postgresql ]; then
221 cat >> $REQUEST_FILE <<EOF
223 Content-Type: text/plain
224 Content-Transfer-Encoding: 7bit
225 Content-Disposition: inline; filename="db.txt.gpg"
229 du -sh /var/lib/mysql /var/lib/postgresql 2>/dev/null \
230 | $GPG >> $REQUEST_FILE
233 # attachment: client config
234 cat >> $REQUEST_FILE <<EOF
236 Content-Type: text/plain
237 Content-Transfer-Encoding: 7bit
238 Content-Disposition: inline; filename="$HOST-fd.conf.gpg"
242 cat <<EOF | $GPG >> $REQUEST_FILE
243 # Requested by $CONTACT on $DATE
247 Password = "$PASS_FD" # password for bacula-fd(8)
248 @/etc/bacula/include/client-debian-default.conf
252 TLS CA Certificate File = "/etc/bacula/clients.d/$HOST-fd.pem"
253 TLS Certificate = "/etc/bacula/bacula.pem"
254 TLS Key = "/etc/bacula/bacula.key"
260 JobDefs = "Job_SysBackup"
265 Password = "$PASS_BCONSOLE" # password for bconsole(8)
266 JobACL = $HOST, RestoreFiles
268 @/etc/bacula/include/acl-default.conf
272 # attachment: client certificate
273 cat >> $REQUEST_FILE <<EOF
275 Content-Type: text/plain
276 Content-Transfer-Encoding: 7bit
277 Content-Disposition: inline; filename="$HOST-fd.pem.gpg"
281 sed -n '/BEGIN CERTIFICATE/,/END CERTIFICATE/p' /etc/bacula/bacula-fd.pem \
282 | $GPG >> $REQUEST_FILE
284 cat >> $REQUEST_FILE <<EOF
289 if [ -x "`which sendmail 2>/dev/null`" ]; then
290 echo Mailing request from $REQUEST_FILE
291 if sendmail -t -oi < $REQUEST_FILE; then
296 if [ -z "$requestsent" ]; then
297 db_input high bacula-cn/mail-failed || true
303 db_get bacula-cn/hostname
309 db_get bacula-cn/contact
312 PASS_FD=$( head -20 /dev/urandom | openssl dgst -sha1 )
313 PASS_BCONSOLE=$( head -20 /dev/urandom | openssl dgst -sha1 )
315 DATE=$( date '+%Y-%m-%d' )
327 generate_bconsole_config
335 abort-upgrade|abort-remove|abort-deconfigure)
339 echo "postinst called with unknown argument \`$1'" >&2
344 # dh_installdeb will replace this with shell code automatically
345 # generated by other debhelper scripts.