fi
echo Generating $FD_CONFIG
- CONFIG_CHANGED=1
+ rm -f $REQUEST_FILE
cat >$FD_CONFIG <<EOF
#
# List Directors who are permitted to contact this File daemon
# directors to verify the authenticity of this file daemon
TLS Certificate = "/etc/bacula/bacula-fd.pem"
TLS Key = "/etc/bacula/bacula-fd.pem"
- TLS DH File = "/etc/bacula/dh1024.pem"
+ TLS DH File = "/etc/bacula/dh2048.pem"
}
#
Name = $HOST-fd
FDport = 9102 # where we listen for the director
WorkingDirectory = /var/lib/bacula
- Pid Directory = /var/run/bacula
+ Pid Directory = /run/bacula
Maximum Concurrent Jobs = 20
+ Plugin Directory = /usr/lib/bacula
FDAddress = $IP
# you need these TLS entries so the FD and SD can communicate
fi
echo Generating $BCONSOLE_CONFIG
- CONFIG_CHANGED=1
+ rm -f $REQUEST_FILE
cat >$BCONSOLE_CONFIG <<EOF
#
# Bacula User Agent (or Console) Configuration File
}
generate_dh() {
- DH_FILE=/etc/bacula/dh1024.pem
+ DH_FILE=/etc/bacula/dh2048.pem
if [ -s $DH_FILE ]; then
echo $DH_FILE already exists, skipping.
umask 077
echo Generating $DH_FILE
- openssl dhparam -out $DH_FILE -5 1024
+ ###openssl dhparam -out $DH_FILE -5 1024
+ openssl dhparam -out $DH_FILE -2 2048
+
fi
}
umask 077
echo Generating $CERT_FILE
- CONFIG_CHANGED=1
+ rm -f $REQUEST_FILE
openssl req -new -newkey rsa:2048 -nodes -keyout $CERT_FILE \
-subj "/C=HR/ST=Croatia/O=CARNet/OU=sysbackup/CN=$IP" \
- -x509 -extensions usr_cert -days $((365*5)) \
+ -x509 -extensions usr_cert -days $((365*10)) \
-out $CERT_FILE
fi
}
}
random_string() {
- head -n 20 /dev/urandom | openssl dgst -sha1
+ head -n 20 /dev/urandom | openssl dgst -sha1 | sed 's/^.* //'
}
-send_mail() {
- REQUEST_FILE=/etc/bacula/bacula-fd.txt
- GPG_HOME=/var/lib/bacula-cn/gpg
-
- BOUNDARY=$( random_string )
- GPG="gpg --homedir $GPG_HOME --batch --encrypt --armour --recipient rt@tt.carnet.hr --always-trust"
+send_request() {
+ # cleanup gpg files
+ rm -rf /var/lib/bacula-cn
- if [ -z "$CONFIG_CHANGED" ]; then
+ if [ -e $REQUEST_FILE ]; then
echo Config has not changed, skipping request.
return
fi
- umask 022
- chmod 0700 $GPG_HOME
- echo Generating request in $REQUEST_FILE
- rm -f $REQUEST_FILE
-
- # Header
- cat > $REQUEST_FILE <<EOF
-From: $CONTACT
-To: sysbackup@carnet.hr
-Subject: Backup za $HOST
-MIME-Version: 1.0
-Content-Type: multipart/mixed; boundary="$BOUNDARY"
-
-This is a message with multiple parts in MIME format.
---$BOUNDARY
-Content-Type: text/plain
-Content-Transfer-Encoding: 7bit
-Content-Disposition: inline
-
-Ime posluzitelja: $HOST
-IP adresa: $IP
-Kontakt adresa: $CONTACT
-EOF
-
-# attachment: disk sizes
-cat >> $REQUEST_FILE <<EOF
---$BOUNDARY
-Content-Type: text/plain
-Content-Transfer-Encoding: 7bit
-Content-Disposition: inline; filename="df.txt.gpg"
-
-EOF
-
- df -h | $GPG >> $REQUEST_FILE
-
-# attachment: database sizes
-if [ -d /var/lib/mysql -o -d /var/lib/postgresql ]; then
- cat >> $REQUEST_FILE <<EOF
---$BOUNDARY
-Content-Type: text/plain
-Content-Transfer-Encoding: 7bit
-Content-Disposition: inline; filename="db.txt.gpg"
-
-EOF
+ # report disk sizes
+ DF_FILE=$(mktemp bacula-cn.XXXXXXXXXX)
+ df -h > $DF_FILE
- du -sh /var/lib/mysql /var/lib/postgresql 2>/dev/null \
- | $GPG >> $REQUEST_FILE
-fi
+ # dodaj i /media i /mnt
+ test -d /media && du -hs /media || true >> $DF_FILE
+ test -d /mnt && du -hs /mnt || true >> $DF_FILE
-# attachment: client config
-cat >> $REQUEST_FILE <<EOF
---$BOUNDARY
-Content-Type: text/plain
-Content-Transfer-Encoding: 7bit
-Content-Disposition: inline; filename="$HOST-fd.conf.gpg"
-
-EOF
+ # report database sizes
+ DB_FILE=$(mktemp bacula-cn.XXXXXXXXXX)
+ if [ -d /var/lib/mysql -o -d /var/lib/postgresql ]; then
+ du -sh /var/lib/mysql /var/lib/postgresql >$DB_FILE 2>/dev/null || true
+ fi
- cat <<EOF | $GPG >> $REQUEST_FILE
+ # generate client config
+ FD_FILE=$(mktemp bacula-cn.XXXXXXXXXX)
+ cat >> $FD_FILE <<EOF
# Requested by $CONTACT on $DATE
Client {
Name = $HOST-fd
+ @/etc/bacula/include/client-debian-default.conf
Address = $IP
Password = "$PASS_FD" # password for bacula-fd(8)
- @/etc/bacula/include/client-debian-default.conf
-
- TLS Enable = yes
- TLS Require = yes
TLS CA Certificate File = "/etc/bacula/clients.d/$HOST-fd.pem"
- TLS Certificate = "/etc/bacula/bacula.pem"
- TLS Key = "/etc/bacula/bacula.key"
-}
-
-Job {
- Name = "$HOST"
- Client = $HOST-fd
- JobDefs = "Job_SysBackup"
}
Console {
Name = $HOST-acl
+ @/etc/bacula/include/acl-default.conf
Password = "$PASS_BCONSOLE" # password for bconsole(8)
JobACL = $HOST, RestoreFiles
ClientACL = $HOST-fd
- @/etc/bacula/include/acl-default.conf
}
-EOF
-
-# attachment: client certificate
-cat >> $REQUEST_FILE <<EOF
---$BOUNDARY
-Content-Type: text/plain
-Content-Transfer-Encoding: 7bit
-Content-Disposition: inline; filename="$HOST-fd.pem.gpg"
-
-EOF
- sed -n '/BEGIN CERTIFICATE/,/END CERTIFICATE/p' /etc/bacula/bacula-fd.pem \
- | $GPG >> $REQUEST_FILE
+Job {
+ Name = "$HOST"
+ Client = $HOST-fd
+ JobDefs = "Job_TapeBackup"
+ Messages = messages-$HOST
+}
-cat >> $REQUEST_FILE <<EOF
---$BOUNDARY--
+Messages {
+ Name = messages-$HOST
+ @/etc/bacula/include/messages-defaults.conf
+ mail = $EMAIL = all, !skipped
+}
EOF
- # Try to send it
- if [ -x "`which sendmail 2>/dev/null`" ]; then
- echo Mailing request from $REQUEST_FILE
- if sendmail -t -oi < $REQUEST_FILE; then
- requestsent=1
- fi
+ # client certificate
+ PEM_FILE=$(mktemp bacula-cn.XXXXXXXXXX)
+ sed -n '/BEGIN CERTIFICATE/,/END CERTIFICATE/p' \
+ /etc/bacula/bacula-fd.pem > $PEM_FILE
+
+ # send using web service
+ echo Sending sysbackup request.
+ [ -s $DB_FILE ] && DB_PARAM="-F db=@$DB_FILE;filename=db.txt"
+ if curl --fail --silent --show-error \
+ -F "contact=$CONTACT" \
+ -F "host=$HOST" \
+ -F "ip=$IP" \
+ -F "df=@$DF_FILE;filename=df.txt" \
+ $DB_PARAM \
+ -F "fd=@$FD_FILE;filename=$HOST-fd.conf" \
+ -F "pem=@$PEM_FILE;filename=$HOST-fd.pem" \
+ --cacert /etc/ssl/certs/ca-certificates.crt \
+ https://sysbackup.carnet.hr/bacapp.php >/dev/null
+ then
+ touch $REQUEST_FILE
fi
- if [ -z "$requestsent" ]; then
- db_input high bacula-cn/mail-failed || true
+ # cleanup
+ rm -f $DF_FILE $DB_FILE $FD_FILE $PEM_FILE
+
+ # report problems
+ if [ ! -e $REQUEST_FILE ]; then
+ db_input high bacula-cn/request-failed || true
db_go || true
fi
}
db_get bacula-cn/contact
CONTACT=$RET
+ EMAIL=${CONTACT#*<}
+ EMAIL=${EMAIL%>*}
PASS_FD=$( random_string )
PASS_BCONSOLE=$( random_string )
DATE=$( date '+%Y-%m-%d' )
- CONFIG_CHANGED=
+ REQUEST_FILE=/etc/bacula/bacula-fd.txt
}
case "$1" in
generate_bconsole_config
restart_bacula
- send_mail
+ send_request
db_stop
;;