User:Renich/HowTo/Bacula

Description
Bacula is an enterprise-grade backup utility. This HowTo explains how to set up  on Fedora while respecting Fedora's configuration way.

Applicable to Fedora Versions

 * Fedora 12+

Requirements
Bacula supports a few database backends, so, you will need to choose one. On this document, I will choose the mysql backend. Clients do not need a database backend.

Also, you will need to decide which console(s) you want and configure them. I will choose the commandline console.

Storage, database and director could be distributed but, in this case, everything will be managed on the same server.

Basic description of bacula
The basic system comprises three components: the director, the file daemon and the storage daemon. To take them in reverse order, the storage daemon takes data from the file daemon and stores it wherever directed. The file daemon gets the data (files) to be backed up and passes it to the storage daemon. The director then does the rest of the work; that is, defines the task to be performed and the schedule for them to be performed. The basic unit for a backup is the job. This describes what is to be backed-up, when it is to occur and where the data is to be stored.

Some definitions
Volume - basic unit of storage, e.g. a tape, a dvd, a file on a hard drive.

Pool - a collection of volumes, usually used for the same purpose.

FileSet - the files to be backed up.

Job - the overall definition of the work to be performed.

Catalogue - storage area for information about all jobs that have run.

Full Backup - every file in the FileSet is to be copied.

Incremental - a backup that contains all files that have changed since the last full, differential or incremental backup.

Differential - a backup that contains all files that have changed since the last full backup.

Configuration files
To configure each component there is a .conf file in /etc/bacula. Each file defines the interconnectivity with the others, so you need make sure all the passwords agree one with another (you'll see what I mean when you look at the details). bacula-sd.conf defines the storage devices that you want to use, and bacula-fd.conf merely defines itself. The main work is done in bacula-dir.conf, which sets up the everything else. The configuration files are used to define those components that are to be run automatically: ad-hoc jobs can be run through the console.

Workflow
The method of operation for bacula is that the requisite data is stored on Volumes, which are essentially container files stored on differing media. These volumes are organized into Pools in a many to one relationship. Filesets are the collections of files that you want to backup using the same volumes. The timing for preforming backups are defined using Schedules, and all these are tied together as jobs, which define the pool (and hence volumes) to be used to create backups of the files defined within a fileset at a particular schedule.

Configuring the server
su -c 'yum install mysql-server'
 * Install mysql-server:

su -c 'yum install bacula-common \ bacula-console bacula-director-common \ bacula-director-mysql bacula-storage-common \ bacula-storage-mysql bacula-sysconfdir'
 * Install the relevant bacula packages

su -c 'service mysql start'
 * Start the mysql server

su -c '/usr/libexec/bacula/grant_mysql_privileges'
 * Grant privileges to the bacula user

su -c '/usr/libexec/bacula/create_mysql_database'
 * Create the database

su -c '/usr/libexec/bacula/make_mysql_tables'
 * Create the necessary tables

su -c 'mysql -u root' UPDATE mysql.user SET Password=PASSWORD('Somes7r0nGp4s5wrD') WHERE User='bacula'; FLUSH PRIVILEGES;
 * Add a strong password to the bacula user

Passwords
Passwords were the confusing part until now. This diagram will help you understand.

Director {                           # define myself Name = bacula-dir DIRport = 9101               # where we listen for UA connections QueryFile = "/usr/libexec/bacula/query.sql" WorkingDirectory = "/var/spool/bacula" PidDirectory = "/var/run" Maximum Concurrent Jobs = 1 Password = "SomeReallyCoolDirPassword"        # Console password Messages = Daemon }
 * Set /etc/bacula/bacula-dir passwords

JobDefs { Name = "DefaultJob" Type = Backup Level = Incremental Client = bacula-fd FileSet = "Full Set" Schedule = "WeeklyCycle" Storage = File Messages = Standard Pool = Default Priority = 10 }

Job { Name = "BackupClient1" JobDefs = "DefaultJob" Write Bootstrap = "/var/spool/bacula/Client1.bsr" }
 * 1) Define the main nightly save backup job
 * 2)   By default, this job will back up to disk in /tmp
 * 1)   By default, this job will back up to disk in /tmp


 * 1) Job {
 * 2)  Name = "BackupClient2"
 * 3)  Client = bacula2-fd
 * 4)  JobDefs = "DefaultJob"
 * 5)  Write Bootstrap = "/var/spool/bacula/Client2.bsr"
 * }

Job { Name = "BackupCatalog" JobDefs = "DefaultJob" Level = Full FileSet="Catalog" Schedule = "WeeklyCycleAfterBackup" # This creates an ASCII copy of the catalog # WARNING!!! Passing the password via the command line is insecure. # see comments in make_catalog_backup for details. # Arguments to make_catalog_backup are: # make_catalog_backup   RunBeforeJob = "/usr/libexec/bacula/make_catalog_backup bacula bacula ASlickDBPasswordWithNumbersAndAll" # This deletes the copy of the catalog RunAfterJob = "/usr/libexec/bacula/delete_catalog_backup" Write Bootstrap = "/var/spool/bacula/BackupCatalog.bsr" Priority = 11                  # run after main backup }
 * 1) Backup the catalog database (after the nightly save)

Job { Name = "RestoreFiles" Type = Restore Client=bacula-fd FileSet="Full Set" Storage = File Pool = Default Messages = Standard Where = /tmp/bacula-restores }
 * 1) Standard Restore template, to be changed by Console program
 * 2)  Only one such job is needed for all Jobs/Clients/Storage ...
 * 1)  Only one such job is needed for all Jobs/Clients/Storage ...

FileSet { Name = "Full Set" Include { Options { signature = MD5 }   File = /usr/sbin }
 * 1) List of files to be backed up
 * 1)  Put your list of files here, preceded by 'File =', one per line
 * 2)    or include an external list with:
 * 3)    File = <file-name
 * 4)  Note: / backs up everything on the root partition.
 * 5)    if you have other partitions such as /usr or /home
 * 6)    you will probably want to add them too.
 * 7)  By default this is defined to point to the Bacula binary
 * 8)    directory to give a reasonable FileSet to backup to
 * 9)    disk storage during initial testing.
 * 1)  By default this is defined to point to the Bacula binary
 * 2)    directory to give a reasonable FileSet to backup to
 * 3)    disk storage during initial testing.
 * 1)    disk storage during initial testing.

Exclude { File = /var/spool/bacula File = /tmp File = /proc File = /tmp File = /.journal File = /.fsck } }
 * 1) If you backup the root directory, the following two excluded
 * 2)   files can be useful
 * 1)   files can be useful

Schedule { Name = "WeeklyCycle" Run = Full 1st sun at 23:05 Run = Differential 2nd-5th sun at 23:05 Run = Incremental mon-sat at 23:05 }
 * 1) When to do the backups, full backup on first sunday of the month,
 * 2)  differential (i.e. incremental since full) every other sunday,
 * 3)  and incremental backups other days
 * 1)  and incremental backups other days

Schedule { Name = "WeeklyCycleAfterBackup" Run = Full sun-sat at 23:10 }
 * 1) This schedule does the catalog. It starts after the WeeklyCycle

FileSet { Name = "Catalog" Include { Options { signature = MD5 }   File = /var/spool/bacula/bacula.sql } }
 * 1) This is the backup of the catalog

Client { Name = bacula-fd Address = client.example.com FDPort = 9102 Catalog = MyCatalog Password = "TheCoolFileDaemonPassword"         # password for FileDaemon File Retention = 30 days           # 30 days Job Retention = 6 months           # six months AutoPrune = yes                    # Prune expired Jobs/Files }
 * 1) Client (File Services) to backup

Storage { Name = File Address = storage.example.com               # N.B. Use a fully qualified name here SDPort = 9103 Password = "TheStorageDaemonPassword" Device = FileStorage Media Type = File }
 * 1) Definition of file storage device
 * 1) Do not use "localhost" here

Catalog { Name = MyCatalog dbname = "bacula"; dbuser = "bacula"; dbpassword = "ASlickDBPasswordWithNumbersAndAll" }
 * 1) Generic catalog service
 * 1) Uncomment the following line if you want the dbi driver
 * 2) dbdriver = "dbi:sqlite3"; dbaddress = 127.0.0.1; dbport =

Messages { Name = Standard
 * 1) Reasonable message delivery -- send most everything to email address
 * 2)  and to the console
 * 1) NOTE! If you send to two email or more email addresses, you will need
 * 2)  to replace the %r in the from field (-f part) with a single valid
 * 3)  email address in both the mailcommand and the operatorcommand.
 * 4)  What this does is, it sets the email address that emails would display
 * 5)  in the FROM field, which is by default the same email as they're being
 * 6)  sent to.  However, if you send email to more than one address, then
 * 7)  you'll have to set the FROM address manually, to a single address.
 * 8)  for example, a 'no-reply@mydomain.com', is better since that tends to
 * 9)  tell (most) people that its coming from an automated source.
 * 1)  tell (most) people that its coming from an automated source.

mailcommand = "/usr/sbin/bsmtp -h localhost -f \"\(Bacula\) \<%r\>\" -s \"Bacula: %t %e of %c %l\" %r" operatorcommand = "/usr/sbin/bsmtp -h localhost -f \"\(Bacula\) \<%r\>\" -s \"Bacula: Intervention needed for %j\" %r" mail = root@localhost = all, !skipped operator = root@localhost = mount console = all, !skipped, !saved append = "/var/spool/bacula/log" = all, !skipped catalog = all }
 * 1) WARNING! the following will create a file that you must cycle from
 * 2)          time to time as it will grow indefinitely. However, it will
 * 3)          also keep all your messages if they scroll off the console.
 * 1)          also keep all your messages if they scroll off the console.

Messages { Name = Daemon mailcommand = "/usr/sbin/bsmtp -h localhost -f \"\(Bacula\) \<%r\>\" -s \"Bacula daemon message\" %r" mail = root@localhost = all, !skipped console = all, !skipped, !saved append = "/var/log/bacula.log" = all, !skipped }
 * 1) Message delivery for daemon messages (no job).
 * 1) Message delivery for daemon messages (no job).

Pool { Name = Default Pool Type = Backup Recycle = yes                      # Bacula can automatically recycle Volumes AutoPrune = yes                    # Prune expired volumes Volume Retention = 365 days        # one year }
 * 1) Default pool definition

Pool { Name = Scratch Pool Type = Backup }
 * 1) Scratch pool definition

Console { Name = bacula-mon Password = "TheDirMonitorPassword" CommandACL = status, .status }
 * 1) Restricted console used by tray-monitor to get the status of the director
 * 1) Restricted console used by tray-monitor to get the status of the director


 * Set /etc/bacula/bacula-fd passwords

Director { Name = bacula-dir Password = "TheCoolFileDaemonPassword" }

Director { Name = bacula-mon Password = "ANeatFDMonitorPassword" Monitor = yes }
 * 1) Restricted Director, used by tray-monitor to get the
 * 2)   status of the file daemon
 * 1)   status of the file daemon

FileDaemon {                         # this is me  Name = bacula-fd FDport = 9102                 # where we listen for the director WorkingDirectory = /var/spool/bacula Pid Directory = /var/run Maximum Concurrent Jobs = 20 }
 * 1) "Global" File daemon configuration specifications
 * 1) "Global" File daemon configuration specifications

Messages { Name = Standard director = bacula-dir = all, !skipped, !restored }
 * 1) Send all messages except skipped files back to Director

Storage {                            # definition of myself Name = bacula-sd SDPort = 9103                 # Director's port WorkingDirectory = "/var/spool/bacula" Pid Directory = "/var/run" Maximum Concurrent Jobs = 20 }
 * Set /etc/bacula/bacula-sd passwords

Director { Name = bacula-dir Password = "TheStorageDaemonPassword" }
 * 1) List Directors who are permitted to contact Storage daemon
 * 1) List Directors who are permitted to contact Storage daemon

Director { Name = bacula-mon Password = "ANiceStorageDaemonMonitorPassword" Monitor = yes }
 * 1) Restricted Director, used by tray-monitor to get the
 * 2)   status of the storage daemon
 * 1)   status of the storage daemon


 * 1) Note, for a list of additional Device templates please
 * 2)  see the directory /examples/devices
 * 3) Or follow the following link:
 * 4)  http://bacula.svn.sourceforge.net/viewvc/bacula/trunk/bacula/examples/devices/
 * 1)  http://bacula.svn.sourceforge.net/viewvc/bacula/trunk/bacula/examples/devices/

Device { Name = FileStorage Media Type = File Archive Device = /tmp LabelMedia = yes;                  # lets Bacula label unlabeled media Random Access = Yes; AutomaticMount = yes;              # when device opened, read it  RemovableMedia = no; AlwaysOpen = no; }
 * 1) Devices supported by this Storage daemon
 * 2) To connect, the Director's bacula-dir.conf must have the
 * 3)  same Name and MediaType.
 * 1)  same Name and MediaType.

Messages { Name = Standard director = bacula-dir = all }
 * 1) Send all messages to the Director,
 * 2) mount messages also are sent to the email address
 * 1) mount messages also are sent to the email address

Firewall
su -c 'iptables -A INPUT -m state --state NEW -m tcp \ -p tcp --dport 9101 -j ACCEPT'
 * Open up the relevant iptables port for the director

su -c 'iptables -A INPUT -m state --state NEW -m tcp \ -p tcp --dport 9103 -j ACCEPT'
 * Open up the relevant iptables port for the storage

Services
su -c 'chkconfig bacula-sd on' su -c 'chkconfig bacula-dir on' su -c 'chkconfig bacula-fd on'
 * Activate the services on boot

su -c 'service start bacula-sd' su -c 'service start bacula-dir' su -c 'service start bacula-fd'
 * Start the storage and dir services

Configuring the clients
su -c 'yum install bacula-client'
 * Install the bacula client

Passwords
#
 * Configure the client's and monitor's names, addresses and passwords. These ones need to be present in the server configuration so, keep track of the passwords and names.
 * 1) Default  Bacula File Daemon Configuration file
 * 2)  For Bacula release 3.0.3 (18 October 2009) -- redhat
 * 3) There is not much to change here except perhaps the
 * 4) File daemon Name to
 * 1) There is not much to change here except perhaps the
 * 2) File daemon Name to

Director { Name = bacula-dir Password = "fd_password" # change to a nice and strong password }
 * 1) List Directors who are permitted to contact this File daemon
 * 1) List Directors who are permitted to contact this File daemon

Director { Name = bacula-mon Password = "mon_fd_password" # change to a nice and strong password Monitor = yes }
 * 1) Restricted Director, used by tray-monitor to get the
 * 2)   status of the file daemon
 * 1)   status of the file daemon

FileDaemon {                         # this is me  Name = bacula-fd FDport = 9102                 # where we listen for the director WorkingDirectory = /var/spool/bacula Pid Directory = /var/run Maximum Concurrent Jobs = 20 }
 * 1) "Global" File daemon configuration specifications
 * 1) "Global" File daemon configuration specifications

Messages { Name = Standard director = bacula-dir = all, !skipped, !restored }
 * 1) Send all messages except skipped files back to Director

Firewall
su -c 'iptables -A INPUT -m state --state NEW -m tcp \ -p tcp --dport 9102 -j ACCEPT'
 * Open up the relevant firewall port; in this case, 9102

Disclaimer
I haven't had the opportunity to test this HowTo since I lack of a networked PC to do it, so you may run into problems, if you do, come to #fedora on irc.freenode.net or leave me messages so I know what's up and, if You know what You're doing, then make the necesary changes with cool comments and, maybe, some discussion.

Feel free to propose changes and stuff.

Added Reading

 * Bacula's documentation