2 # postinst script for bacula-cn
4 # see: dh_installdeb(1)
8 # Source debconf library.
9 . /usr/share/debconf/confmodule
11 # summary of how this script can be called:
12 # * <postinst> `configure' <most-recently-configured-version>
13 # * <old-postinst> `abort-upgrade' <new version>
14 # * <conflictor's-postinst> `abort-remove' `in-favour' <package>
16 # * <postinst> `abort-remove'
17 # * <deconfigured's-postinst> `abort-deconfigure' `in-favour'
18 # <failed-install-package> <version> `removing'
19 # <conflicting-package> <version>
20 # for details, see http://www.debian.org/doc/debian-policy/ or
21 # the debian-policy package
23 generate_fd_config() {
24 FD_CONFIG=/etc/bacula/bacula-fd.conf
26 if [ -s $FD_CONFIG ] && grep -q 'PKI Keypair' $FD_CONFIG; then
27 echo $FD_CONFIG already exists, skipping.
31 if [ -e $FD_CONFIG -a ! -e $FD_CONFIG.bak ]; then
32 cp -av $FD_CONFIG $FD_CONFIG.bak
35 echo Generating $FD_CONFIG
39 # List Directors who are permitted to contact this File daemon
48 # Allow only the Director to connect
49 TLS Allowed CN = "sysbackup.carnet.hr"
50 TLS CA Certificate File = "/etc/bacula/sysbackup.pem"
51 # This is a server certificate. It is used by connecting
52 # directors to verify the authenticity of this file daemon
53 TLS Certificate = "/etc/bacula/bacula-fd.pem"
54 TLS Key = "/etc/bacula/bacula-fd.pem"
55 TLS DH File = "/etc/bacula/dh1024.pem"
59 # "Global" File daemon configuration specifications
61 FileDaemon { # this is me
63 FDport = 9102 # where we listen for the director
64 WorkingDirectory = /var/lib/bacula
65 Pid Directory = /var/run/bacula
66 Maximum Concurrent Jobs = 20
69 # you need these TLS entries so the FD and SD can communicate
72 TLS CA Certificate File = "/etc/bacula/sysbackup.pem"
73 TLS Certificate = "/etc/bacula/bacula-fd.pem"
74 TLS Key = "/etc/bacula/bacula-fd.pem"
76 # you need these PKI entries to encrypt data before sending it to backup
77 PKI Signatures = Yes # Enable Data Signing
78 PKI Encryption = Yes # Enable Data Encryption
79 PKI Keypair = "/etc/bacula/bacula-fd.pem" # Public and Private Keys
82 # Send all messages except skipped files back to Director
85 director = sysbackup-dir = all, !skipped, !restored
91 generate_bconsole_config() {
92 BCONSOLE_CONFIG=/etc/bacula/bconsole.conf
94 if [ -s $BCONSOLE_CONFIG ] && grep -q 'Console {' $BCONSOLE_CONFIG; then
95 echo $BCONSOLE_CONFIG already exists, skipping.
99 if [ -e $BCONSOLE_CONFIG -a ! -e $BCONSOLE_CONFIG.bak ]; then
100 cp -av $BCONSOLE_CONFIG $BCONSOLE_CONFIG.bak
103 echo Generating $BCONSOLE_CONFIG
105 cat >$BCONSOLE_CONFIG <<EOF
107 # Bacula User Agent (or Console) Configuration File
113 address = sysbackup.carnet.hr
114 Password = "__INVALID__" # not used
116 # you need these TLS entries so the bconsole and Director can communicate
119 TLS CA Certificate File = "/etc/bacula/sysbackup.pem"
120 TLS Certificate = "/etc/bacula/bacula-fd.pem"
121 TLS Key = "/etc/bacula/bacula-fd.pem"
126 Password = "$PASS_BCONSOLE"
133 DH_FILE=/etc/bacula/dh1024.pem
135 if [ -s $DH_FILE ]; then
136 echo $DH_FILE already exists, skipping.
140 echo Generating $DH_FILE
141 openssl dhparam -out $DH_FILE -5 1024
146 CERT_FILE=/etc/bacula/bacula-fd.pem
148 if [ -s $CERT_FILE ]; then
149 echo $CERT_FILE already exists, skipping.
153 echo Generating $CERT_FILE
155 openssl req -new -newkey rsa:2048 -nodes -keyout $CERT_FILE \
156 -subj "/C=HR/ST=Croatia/O=CARNet/OU=sysbackup/CN=$IP" \
157 -x509 -extensions usr_cert -days $((365*5)) \
163 if [ -x "/etc/init.d/bacula-fd" ]; then
164 if [ -x "`which invoke-rc.d 2>/dev/null`" ]; then
165 invoke-rc.d bacula-fd restart || exit $?
167 /etc/init.d/bacula-fd restart || exit $?
173 head -n 20 /dev/urandom | openssl dgst -sha1
177 REQUEST_FILE=/etc/bacula/bacula-fd.txt
178 GPG_HOME=/var/lib/bacula-cn/gpg
180 BOUNDARY=$( random_string )
181 GPG="gpg --homedir $GPG_HOME --batch --encrypt --armour --recipient rt@tt.carnet.hr --always-trust"
183 if [ -z "$CONFIG_CHANGED" ]; then
184 echo Config has not changed, skipping request.
190 echo Generating request in $REQUEST_FILE
194 cat > $REQUEST_FILE <<EOF
196 To: sysbackup@carnet.hr
197 Subject: Backup za $HOST
199 Content-Type: multipart/mixed; boundary="$BOUNDARY"
201 This is a message with multiple parts in MIME format.
203 Content-Type: text/plain
204 Content-Transfer-Encoding: 7bit
205 Content-Disposition: inline
207 Ime posluzitelja: $HOST
209 Kontakt adresa: $CONTACT
212 # attachment: disk sizes
213 cat >> $REQUEST_FILE <<EOF
215 Content-Type: text/plain
216 Content-Transfer-Encoding: 7bit
217 Content-Disposition: inline; filename="df.txt.gpg"
221 df -h | $GPG >> $REQUEST_FILE
223 # attachment: database sizes
224 if [ -d /var/lib/mysql -o -d /var/lib/postgresql ]; then
225 cat >> $REQUEST_FILE <<EOF
227 Content-Type: text/plain
228 Content-Transfer-Encoding: 7bit
229 Content-Disposition: inline; filename="db.txt.gpg"
233 du -sh /var/lib/mysql /var/lib/postgresql 2>/dev/null \
234 | $GPG >> $REQUEST_FILE
237 # attachment: client config
238 cat >> $REQUEST_FILE <<EOF
240 Content-Type: text/plain
241 Content-Transfer-Encoding: 7bit
242 Content-Disposition: inline; filename="$HOST-fd.conf.gpg"
246 cat <<EOF | $GPG >> $REQUEST_FILE
247 # Requested by $CONTACT on $DATE
250 @/etc/bacula/include/client-debian-default.conf
252 Password = "$PASS_FD" # password for bacula-fd(8)
253 TLS CA Certificate File = "/etc/bacula/clients.d/$HOST-fd.pem"
258 @/etc/bacula/include/acl-default.conf
259 Password = "$PASS_BCONSOLE" # password for bconsole(8)
260 JobACL = $HOST, RestoreFiles
262 StorageACL = $HOST-stor
263 PoolACL = $HOST-pool, tmp
268 @/etc/bacula/include/pool-default.conf
269 Label Format = ${HOST}_
274 @/etc/bacula/include/storage-default.conf
276 Media Type = media_$HOST
282 JobDefs = "Job_SysBackup"
288 Console = "purge volume action=all storage=$HOST-stor pool=$HOST-pool"
293 # attachment: client certificate
294 cat >> $REQUEST_FILE <<EOF
296 Content-Type: text/plain
297 Content-Transfer-Encoding: 7bit
298 Content-Disposition: inline; filename="$HOST-fd.pem.gpg"
302 sed -n '/BEGIN CERTIFICATE/,/END CERTIFICATE/p' /etc/bacula/bacula-fd.pem \
303 | $GPG >> $REQUEST_FILE
305 cat >> $REQUEST_FILE <<EOF
310 if [ -x "`which sendmail 2>/dev/null`" ]; then
311 echo Mailing request from $REQUEST_FILE
312 if sendmail -t -oi < $REQUEST_FILE; then
317 if [ -z "$requestsent" ]; then
318 db_input high bacula-cn/mail-failed || true
324 db_get bacula-cn/hostname
330 db_get bacula-cn/contact
333 PASS_FD=$( random_string )
334 PASS_BCONSOLE=$( random_string )
336 DATE=$( date '+%Y-%m-%d' )
348 generate_bconsole_config
356 abort-upgrade|abort-remove|abort-deconfigure)
360 echo "postinst called with unknown argument \`$1'" >&2
365 # dh_installdeb will replace this with shell code automatically
366 # generated by other debhelper scripts.