View Issue Details

IDProjectCategoryView StatusLast Update
0000825bareos-core[All Projects] storage daemonpublic2021-06-09 17:45
Reporterrenato.ramondaAssigned Toarogge 
PriorityhighSeveritymajorReproducibilityalways
Status closedResolutionfixed 
PlatformLinuxOSCentOSOS Version7
Product Version15.2.4 
Fixed in Version18.2.5 
Summary0000825: Migrate jobs (SD to SD) in TLS
DescriptionHi,
doing some network analysis I just noticed that apparently migration jobs are not TLS encrypted.

Everything else in our setup is in TLS, so I'd like to encrypt SD-to-SD traffic, too.

Am I missing something?
Steps To ReproduceWe have 2 SD in our setup.

SD1 backs up hosts in an isolated security zone.

SD2 backs up hosts in a more relaxed zone, AND it also pulls backups from SD1 to store them long-term on our tapes.

Ideally, the job transfers initiated by the "Migrate" type job should be encrypted (for obvious security reasons). Should I put the TLS directives in the "fake" Client? Which certs would it use?

Here is my migration setup
------------------------------------------------------------------
Job {
    Name = "migrate-zoneA2zoneB"
    Type = Migrate
    Pool = zoneA-staging-pool0
    Client = None
    FileSet = None
    Schedule = "WeeklyCycle-AfterBackup"
    Maximum Concurrent Jobs = 4
    Selection Type = Volume
    Selection Pattern = "StagingFile.*"
    Purge Migration Job = yes
    Messages = Standard
}

#
# Fake fileset and client for migration jobs
#
Fileset {
  Name = None
  Include {
    Options {
      signature = MD5
    }
  }
}

Client {
  Name = None
  Address = localhost
  Password = "NoNe"
  Catalog = MyCatalog
}
Additional InformationSorry if this is already explained somewhere in the documentation, but I looked and could not find it.
TagsNo tags attached.
bareos-master: impact
bareos-master: action
bareos-19.2: impact
bareos-19.2: action
bareos-18.2: impact
bareos-18.2: action
bareos-17.2: impact
bareos-17.2: action
bareos-16.2: impact
bareos-16.2: action
bareos-15.2: impact
bareos-15.2: action
bareos-14.2: impact
bareos-14.2: action
bareos-13.2: impact
bareos-13.2: action
bareos-12.4: impact
bareos-12.4: action

Activities

arogge

arogge

2021-06-09 17:45

developer   ~0004148

Starting with Bareos 18.2 all traffic is encrypted by default, this includes all SD to SD communication.

Issue History

Date Modified Username Field Change
2017-06-06 15:40 renato.ramonda New Issue
2021-06-09 17:45 arogge Assigned To => arogge
2021-06-09 17:45 arogge Status new => resolved
2021-06-09 17:45 arogge Resolution open => fixed
2021-06-09 17:45 arogge Fixed in Version => 18.2.5
2021-06-09 17:45 arogge Note Added: 0004148
2021-06-09 17:45 arogge Status resolved => closed