From Fedora Project Wiki
< User:Renich | HowTo
(added iptables command) |
m (typo) |
||
| Line 84: | Line 84: | ||
<pre>su -c 'iptables -A INPUT -m state --state NEW -m tcp \ | <pre>su -c 'iptables -A INPUT -m state --state NEW -m tcp \ | ||
-p tcp --dport 9101 -j ACCEPT' | -p tcp --dport 9101 -j ACCEPT' | ||
su -c 'iptables -A INPUT -m state --state NEW -m tcp \ | |||
-p tcp --dport 9103 -j ACCEPT'</pre> | -p tcp --dport 9103 -j ACCEPT'</pre> | ||
Revision as of 21:21, 19 February 2010
Bacula basic configuration
Description
Bacula is an enterprise-grade backup utility. This HowTo explains how to set up bacula on Fedora while respecting Fedora's configuration way.
Applicable to Fedora Versions
- Fedora 12
Requirements
Bacula supports a few database backends, so, you will need to choose one. On this document, I will choose the mysql backend. Clients do not need a database backend.
Also, you will need to decide which console(s) you want and configure them. I will choose the commandline console.
Storage, database and director could be distributed but, in this case, everything will be managed on the same server.
Server requirements
bacula-commonbacula-consolebacula-director-commonbacula-director-mysqlbacula-sysconfdirbacula-storage-commonbacula-storage-mysqlmysql-server
Client's requirements
bacula-client
Storage, database and director could be distributed but, in this case, everything will be managed on the same server.
Doing the Work
Configuring the server
- Install mysql-server:
su -c 'yum install mysql-server'
- Install the relevant bacula packages
su -c 'yum install bacula-common \ bacula-console bacula-director-common \ bacula-director-mysql bacula-storage-common \ bacula-storage-mysql bacula-sysconfdir'
- Start the mysql server
su -c 'service mysql start'
- Grant privileges to the bacula user
su -c '/usr/libexec/bacula/grant_mysql_privileges'
- Create the database
su -c '/usr/libexec/bacula/create_mysql_database'
- Create the necessary tables
su -c '/usr/libexec/bacula/make_mysql_tables'
- Add a strong password to the bacula user
su -c 'mysql -u root'
UPDATE mysql.user SET Password=PASSWORD(',Somes7r0nGp4$5w_rD--') WHERE User='bacula';
FLUSH PRIVILEGES;
- Set /etc/bacula/bacula-dir passwords
- Configure bacula's mysql user on the /etc/bacula/bacula-dir.conf
Catalog {
Name = MyCatalog
dbname = "bacula"; dbuser = "bacula"; dbpassword = ""
}
to:
Catalog {
Name = MyCatalog
dbname = "bacula"; dbuser = "bacula"; dbpassword = ",Somes7r0nGp4$5w_rD--"
}
- Set /etc/bacula/bacula-fd passwords
- Set /etc/bacula/bacula-sd passwords
+ Open up the relevant iptables port
su -c 'iptables -A INPUT -m state --state NEW -m tcp \ -p tcp --dport 9101 -j ACCEPT' su -c 'iptables -A INPUT -m state --state NEW -m tcp \ -p tcp --dport 9103 -j ACCEPT'
- Start the storage and dir services
su -c 'service start bacula-sd' su -c 'service start bacula-dir' su -c 'service start bacula-fd'
Since you need to generate quite a few secure passwords, I recommend using apg; specifically: apg -M LCN -m 32 -x 32. This tool can be installed from the repositories.
Configuring the clients
- Install the bacula client
su -c 'yum install bacula-client'
- Configure the client's and monitor's names, addresses and passwords. These ones need to be present in the server configuration so, keep track of the passwords and names.
#
# Default Bacula File Daemon Configuration file
#
# For Bacula release 3.0.3 (18 October 2009) -- redhat
#
# There is not much to change here except perhaps the
# File daemon Name to
#
#
# List Directors who are permitted to contact this File daemon
#
Director {
Name = bacula-dir
Password = "fd_password" # change to a nice and strong password
}
#
# Restricted Director, used by tray-monitor to get the
# status of the file daemon
#
Director {
Name = bacula-mon
Password = "mon_fd_password" # change to a nice and strong password
Monitor = yes
}
#
# "Global" File daemon configuration specifications
#
FileDaemon { # this is me
Name = bacula-fd
FDport = 9102 # where we listen for the director
WorkingDirectory = /var/spool/bacula
Pid Directory = /var/run
Maximum Concurrent Jobs = 20
}
# Send all messages except skipped files back to Director
Messages {
Name = Standard
director = bacula-dir = all, !skipped, !restored
}
+ Open up the relevant firewall port; in this case, 9102
su -c 'iptables -A INPUT -m state --state NEW -m tcp \ -p tcp --dport 9102 -j ACCEPT'
Troubleshooting
How to test
Common problems and fixes
More Information
Disclaimer
I haven't had the opportunity to test this HowTo since I lack of a networked PC to do it, so you may run into problems, if you do, come to #fedora on irc.freenode.net or leave me messages so I know what's up. Feel free to propose changes and stuff.