From Fedora Project Wiki

Revision as of 05:48, 1 March 2010 by Renich (talk | contribs) (Added the concepts and definitions section)

Bacula basic configuration

Description

Bacula is an enterprise-grade backup utility. This HowTo explains how to set up bacula on Fedora while respecting Fedora's configuration way.

Applicable to Fedora Versions

  • Fedora 12

Requirements

Bacula supports a few database backends, so, you will need to choose one. On this document, I will choose the mysql backend. Clients do not need a database backend.

Also, you will need to decide which console(s) you want and configure them. I will choose the commandline console.

Storage, database and director could be distributed but, in this case, everything will be managed on the same server.

Server requirements

  • bacula-common
  • bacula-console
  • bacula-director-common
  • bacula-director-mysql
  • bacula-sysconfdir
  • bacula-storage-common
  • bacula-storage-mysql
  • mysql-server

Client's requirements

  • bacula-client
Storage, database and director could be distributed but, in this case, everything will be managed on the same server.

Concepts and definitions

Basic description of bacula

The basic system comprises three components: the director, the file daemon and the storage daemon. To take them in reverse order, the storage daemon takes data from the file daemon and stores it wherever directed. The file daemon gets the data (files) to be backed up and passes it to the storage daemon. The director then does the rest of the work; that is, defines the task to be performed and the schedule for them to be performed. The basic unit for a backup is the job. This describes what is to be backed-up, when it is to occur and where the data is to be stored.

Some definitions

Volume - basic unit of storage, e.g. a tape, a dvd, a file on a hard drive. Pool - a collection of volumes, usually used for the same purpose. FileSet - the files to be backed up. Job - the overall definition of the work to be performed. Catalogue - storage area for information about all jobs that have run. Full Backup - every file in the FileSet is to be copied. Incremental - a backup that contains all files that have changed since the last full, differential or incremental backup. Differential - a backup that contains all files that have changed since the last full backup.

Configuration files

To configure each component there is a .conf file in /etc/bacula. Each file defines the interconnectivity with the others, so you need make sure all the passwords agree one with another (you'll see what I mean when you look at the details). bacula-sd.conf defines the storage devices that you want to use, and bacula-fd.conf merely defines itself. The main work is done in bacula-dir.conf, which sets up the everything else. The configuration files are used to define those components that are to be run automatically: ad-hoc jobs can be run through the console.

Workflow

The method of operation for bacula is that the requisite data is stored on Volumes, which are essentially container files stored on differing media. These volumes are organized into Pools in a many to one relationship. Filesets are the collections of files that you want to backup using the same volumes. The timing for preforming backups are defined using Schedules, and all these are tied together as jobs, which define the pool (and hence volumes) to be used to create backups of the files defined within a fileset at a particular schedule.

Doing the Work

Configuring the server

  • Install mysql-server:
su -c 'yum install mysql-server'
  • Install the relevant bacula packages
su -c 'yum install bacula-common \
bacula-console bacula-director-common \
bacula-director-mysql bacula-storage-common \
bacula-storage-mysql bacula-sysconfdir'
  • Start the mysql server
su -c 'service mysql start'
  • Grant privileges to the bacula user
su -c '/usr/libexec/bacula/grant_mysql_privileges'
  • Create the database
su -c '/usr/libexec/bacula/create_mysql_database'
  • Create the necessary tables
su -c '/usr/libexec/bacula/make_mysql_tables'
  • Add a strong password to the bacula user
su -c 'mysql -u root'
UPDATE mysql.user SET Password=PASSWORD('Somes7r0nGp4s5wrD') WHERE User='bacula';
FLUSH PRIVILEGES;
  • Set /etc/bacula/bacula-dir passwords

  • Configure bacula's mysql user on the /etc/bacula/bacula-dir.conf
Catalog {
  Name = MyCatalog
  dbname = "bacula"; dbuser = "bacula"; dbpassword = ""
}

to:

Catalog {
  Name = MyCatalog
  dbname = "bacula"; dbuser = "bacula"; dbpassword = "Somes7r0nGp4s5wrD"
}
  • Set /etc/bacula/bacula-fd passwords

  • Set /etc/bacula/bacula-sd passwords

+ Open up the relevant iptables port

su -c 'iptables -A INPUT -m state --state NEW -m tcp \
-p tcp --dport 9101 -j ACCEPT'

su -c 'iptables -A INPUT -m state --state NEW -m tcp \
-p tcp --dport 9103 -j ACCEPT'
  • Start the storage and dir services
su -c 'service start bacula-sd'
su -c 'service start bacula-dir'
su -c 'service start bacula-fd'
Since you need to generate quite a few secure passwords, I recommend using apg; specifically: apg -M LCN -m 32 -x 32. This tool can be installed from the repositories.
I've had had problems while using symbols on bacula's passwords. I'd recommend not using them for now.

Configuring the clients

  • Install the bacula client
su -c 'yum install bacula-client'
  • Configure the client's and monitor's names, addresses and passwords. These ones need to be present in the server configuration so, keep track of the passwords and names.
#
# Default  Bacula File Daemon Configuration file
#
#  For Bacula release 3.0.3 (18 October 2009) -- redhat 
#
# There is not much to change here except perhaps the
# File daemon Name to
#

#
# List Directors who are permitted to contact this File daemon
#
Director {
  Name = bacula-dir
  Password = "fd_password" # change to a nice and strong password
}

#
# Restricted Director, used by tray-monitor to get the
#   status of the file daemon
#
Director {
  Name = bacula-mon
  Password = "mon_fd_password" # change to a nice and strong password
  Monitor = yes
}

#
# "Global" File daemon configuration specifications
#
FileDaemon {                          # this is me
  Name = bacula-fd
  FDport = 9102                  # where we listen for the director
  WorkingDirectory = /var/spool/bacula
  Pid Directory = /var/run
  Maximum Concurrent Jobs = 20
}

# Send all messages except skipped files back to Director
Messages {
  Name = Standard
  director = bacula-dir = all, !skipped, !restored
}

+ Open up the relevant firewall port; in this case, 9102

su -c 'iptables -A INPUT -m state --state NEW -m tcp \
-p tcp --dport 9102 -j ACCEPT'

Troubleshooting

How to test

Common problems and fixes

More Information

Disclaimer

I haven't had the opportunity to test this HowTo since I lack of a networked PC to do it, so you may run into problems, if you do, come to #fedora on irc.freenode.net or leave me messages so I know what's up. Feel free to propose changes and stuff.

Added Reading