2 # postinst script for bacula-cn
4 # see: dh_installdeb(1)
8 # Source debconf library.
9 . /usr/share/debconf/confmodule
11 # summary of how this script can be called:
12 # * <postinst> `configure' <most-recently-configured-version>
13 # * <old-postinst> `abort-upgrade' <new version>
14 # * <conflictor's-postinst> `abort-remove' `in-favour' <package>
16 # * <postinst> `abort-remove'
17 # * <deconfigured's-postinst> `abort-deconfigure' `in-favour'
18 # <failed-install-package> <version> `removing'
19 # <conflicting-package> <version>
20 # for details, see http://www.debian.org/doc/debian-policy/ or
21 # the debian-policy package
23 generate_fd_config() {
24 FD_CONFIG=/etc/bacula/bacula-fd.conf
26 if [ -s $FD_CONFIG ] && grep -q 'PKI Keypair' $FD_CONFIG; then
27 echo $FD_CONFIG already exists, skipping.
31 if [ -e $FD_CONFIG -a ! -e $FD_CONFIG.bak ]; then
32 cp -av $FD_CONFIG $FD_CONFIG.bak
35 echo Generating $FD_CONFIG
39 # List Directors who are permitted to contact this File daemon
48 # Allow only the Director to connect
49 TLS Allowed CN = "sysbackup.carnet.hr"
50 TLS CA Certificate File = "/etc/bacula/sysbackup.pem"
51 # This is a server certificate. It is used by connecting
52 # directors to verify the authenticity of this file daemon
53 TLS Certificate = "/etc/bacula/bacula-fd.pem"
54 TLS Key = "/etc/bacula/bacula-fd.pem"
55 TLS DH File = "/etc/bacula/dh1024.pem"
59 # "Global" File daemon configuration specifications
61 FileDaemon { # this is me
63 FDport = 9102 # where we listen for the director
64 WorkingDirectory = /var/lib/bacula
65 Pid Directory = /run/bacula
66 Maximum Concurrent Jobs = 20
67 Plugin Directory = /usr/lib/bacula
70 # you need these TLS entries so the FD and SD can communicate
73 TLS CA Certificate File = "/etc/bacula/sysbackup.pem"
74 TLS Certificate = "/etc/bacula/bacula-fd.pem"
75 TLS Key = "/etc/bacula/bacula-fd.pem"
77 # you need these PKI entries to encrypt data before sending it to backup
78 PKI Signatures = Yes # Enable Data Signing
79 PKI Encryption = Yes # Enable Data Encryption
80 PKI Keypair = "/etc/bacula/bacula-fd.pem" # Public and Private Keys
83 # Send all messages except skipped files back to Director
86 director = sysbackup-dir = all, !skipped, !restored
92 generate_bconsole_config() {
93 BCONSOLE_CONFIG=/etc/bacula/bconsole.conf
95 if [ -s $BCONSOLE_CONFIG ] && grep -q 'Console {' $BCONSOLE_CONFIG; then
96 echo $BCONSOLE_CONFIG already exists, skipping.
100 if [ -e $BCONSOLE_CONFIG -a ! -e $BCONSOLE_CONFIG.bak ]; then
101 cp -av $BCONSOLE_CONFIG $BCONSOLE_CONFIG.bak
104 echo Generating $BCONSOLE_CONFIG
106 cat >$BCONSOLE_CONFIG <<EOF
108 # Bacula User Agent (or Console) Configuration File
114 address = sysbackup.carnet.hr
115 Password = "__INVALID__" # not used
117 # you need these TLS entries so the bconsole and Director can communicate
120 TLS CA Certificate File = "/etc/bacula/sysbackup.pem"
121 TLS Certificate = "/etc/bacula/bacula-fd.pem"
122 TLS Key = "/etc/bacula/bacula-fd.pem"
127 Password = "$PASS_BCONSOLE"
134 DH_FILE=/etc/bacula/dh1024.pem
136 if [ -s $DH_FILE ]; then
137 echo $DH_FILE already exists, skipping.
141 echo Generating $DH_FILE
142 openssl dhparam -out $DH_FILE -5 1024
147 CERT_FILE=/etc/bacula/bacula-fd.pem
149 if [ -s $CERT_FILE ]; then
150 echo $CERT_FILE already exists, skipping.
154 echo Generating $CERT_FILE
156 openssl req -new -newkey rsa:2048 -nodes -keyout $CERT_FILE \
157 -subj "/C=HR/ST=Croatia/O=CARNet/OU=sysbackup/CN=$IP" \
158 -x509 -extensions usr_cert -days $((365*10)) \
164 if [ -x "/etc/init.d/bacula-fd" ]; then
165 if [ -x "`which invoke-rc.d 2>/dev/null`" ]; then
166 invoke-rc.d bacula-fd restart || exit $?
168 /etc/init.d/bacula-fd restart || exit $?
174 head -n 20 /dev/urandom | openssl dgst -sha1 | sed 's/^.* //'
179 rm -rf /var/lib/bacula-cn
181 if [ -e $REQUEST_FILE ]; then
182 echo Config has not changed, skipping request.
187 DF_FILE=$(mktemp bacula-cn.XXXXXXXXXX)
190 # dodaj i /media i /mnt
191 test -d /media && du -hs /media || true >> $DF_FILE
192 test -d /mnt && du -hs /mnt || true >> $DF_FILE
194 # report database sizes
195 DB_FILE=$(mktemp bacula-cn.XXXXXXXXXX)
196 if [ -d /var/lib/mysql -o -d /var/lib/postgresql ]; then
197 du -sh /var/lib/mysql /var/lib/postgresql >$DB_FILE 2>/dev/null || true
200 # generate client config
201 FD_FILE=$(mktemp bacula-cn.XXXXXXXXXX)
202 cat >> $FD_FILE <<EOF
203 # Requested by $CONTACT on $DATE
206 @/etc/bacula/include/client-debian-default.conf
208 Password = "$PASS_FD" # password for bacula-fd(8)
209 TLS CA Certificate File = "/etc/bacula/clients.d/$HOST-fd.pem"
214 @/etc/bacula/include/acl-default.conf
215 Password = "$PASS_BCONSOLE" # password for bconsole(8)
216 JobACL = $HOST, RestoreFiles
223 JobDefs = "Job_TapeBackup"
224 Messages = messages-$HOST
228 Name = messages-$HOST
229 @/etc/bacula/include/messages-defaults.conf
230 mail = $EMAIL = all, !skipped
235 PEM_FILE=$(mktemp bacula-cn.XXXXXXXXXX)
236 sed -n '/BEGIN CERTIFICATE/,/END CERTIFICATE/p' \
237 /etc/bacula/bacula-fd.pem > $PEM_FILE
239 # send using web service
240 echo Sending sysbackup request.
241 [ -s $DB_FILE ] && DB_PARAM="-F db=@$DB_FILE;filename=db.txt"
242 if curl --fail --silent --show-error \
243 -F "contact=$CONTACT" \
246 -F "df=@$DF_FILE;filename=df.txt" \
248 -F "fd=@$FD_FILE;filename=$HOST-fd.conf" \
249 -F "pem=@$PEM_FILE;filename=$HOST-fd.pem" \
250 --cacert /etc/ssl/certs/ca-certificates.crt \
251 https://sysbackup.carnet.hr/bacapp.php >/dev/null
257 rm -f $DF_FILE $DB_FILE $FD_FILE $PEM_FILE
260 if [ ! -e $REQUEST_FILE ]; then
261 db_input high bacula-cn/request-failed || true
267 db_get bacula-cn/hostname
273 db_get bacula-cn/contact
278 PASS_FD=$( random_string )
279 PASS_BCONSOLE=$( random_string )
281 DATE=$( date '+%Y-%m-%d' )
283 REQUEST_FILE=/etc/bacula/bacula-fd.txt
293 generate_bconsole_config
301 abort-upgrade|abort-remove|abort-deconfigure)
305 echo "postinst called with unknown argument \`$1'" >&2
310 # dh_installdeb will replace this with shell code automatically
311 # generated by other debhelper scripts.