Kern Sibbald
July 27, 2008
This manual documents Bacula version 2.4.2 (26 July 2008)
Copyright ©1999-2007, Free Software Foundation Europe
e.V.
Permission is granted to copy, distribute and/or modify this document under the terms of the
GNU Free Documentation License, Version 1.2 published by the Free Software Foundation;
with no Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts.
A copy of the license is included in the section entitled "GNU Free Documentation License".
Bacula is a set of computer programs that permits the system administrator to manage backup, recovery, and verification of computer data across a network of computers of different kinds. Bacula can also run entirely upon a single computer and can backup to various types of media, including tape and disk.
In technical terms, it is a network Client/Server based backup program. Bacula is relatively easy to use and efficient, while offering many advanced storage management features that make it easy to find and recover lost or damaged files. Due to its modular design, Bacula is scalable from small single computer systems to systems consisting of hundreds of computers located over a large network.
If you are currently using a program such as tar, dump, or bru to backup your computer data, and you would like a network solution, more flexibility, or catalog services, Bacula will most likely provide the additional features you want. However, if you are new to Unix systems or do not have offsetting experience with a sophisticated backup package, the Bacula project does not recommend using Bacula as it is much more difficult to setup and use than tar or dump.
If you want Bacula to behave like the above mentioned simple programs and write over any tape that you put in the drive, then you will find working with Bacula difficult. Bacula is designed to protect your data following the rules you specify, and this means reusing a tape only as the last resort. It is possible to "force" Bacula to write over any tape in the drive, but it is easier and more efficient to use a simpler program for that kind of operation.
If you are running Amanda and would like a backup program that can write to multiple volumes (i.e. is not limited by your tape drive capacity), Bacula can most likely fill your needs. In addition, quite a number of Bacula users report that Bacula is simpler to setup and use than other equivalent programs.
If you are currently using a sophisticated commercial package such as Legato Networker. ARCserveIT, Arkeia, or PerfectBackup+, you may be interested in Bacula, which provides many of the same features and is free software available under the GNU Version 2 software license.
Bacula is made up of the following five major components or services: Director, Console, File, Storage, and Monitor services.
(thanks to Aristedes Maniatis for this graphic and the one below)
The Bacula Console service is the program that allows the administrator or user to communicate with the Bacula Director Currently, the Bacula Console is available in three versions: text-based console interface, GNOME-based interface, and a wxWidgets graphical interface. The first and simplest is to run the Console program in a shell window (i.e. TTY interface). Most system administrators will find this completely adequate. The second version is a GNOME GUI interface that is far from complete, but quite functional as it has most the capabilities of the shell Console. The third version is a wxWidgets GUI with an interactive file restore. It also has most of the capabilities of the shell console, allows command completion with tabulation, and gives you instant help about the command you are typing. For more details see the Bacula Console Design Document.
The three SQL databases currently supported (MySQL, PostgreSQL or SQLite) provide quite a number of features, including rapid indexing, arbitrary queries, and security. Although the Bacula project plans to support other major SQL databases, the current Bacula implementation interfaces only to MySQL, PostgreSQL and SQLite. For the technical and porting details see the Catalog Services Design Document in the developer's documented.
The packages for MySQL and PostgreSQL are available for several operating systems. Alternatively, installing from the source is quite easy, see the Installing and Configuring MySQL chapter of this document for the details. For more information on MySQL, please see: www.mysql.com. Or see the Installing and Configuring PostgreSQL chapter of this document for the details. For more information on PostgreSQL, please see: www.postgresql.org.
Configuring and building SQLite is even easier. For the details of configuring SQLite, please see the Installing and Configuring SQLite chapter of this document.
To perform a successful save or restore, the following four daemons must be configured and running: the Director daemon, the File daemon, the Storage daemon, and the Catalog service (MySQL, PostgreSQL or SQLite).
In order for Bacula to understand your system, what clients you want backed up and how, you must create a number of configuration files containing resources (or objects). The following presents an overall picture of this:
Bacula is in a state of evolution, and as a consequence, this manual will not always agree with the code. If an item in this manual is preceded by an asterisk (*), it indicates that the particular feature is not implemented. If it is preceded by a plus sign (+), it indicates that the feature may be partially implemented.
If you are reading this manual as supplied in a released version of the software, the above paragraph holds true. If you are reading the online version of the manual, www.bacula.org, please bear in mind that this version describes the current version in development (in the CVS) that may contain features not in the released version. Just the same, it generally lags behind the code a bit.
To get Bacula up and running quickly, the author recommends that you first scan the Terminology section below, then quickly review the next chapter entitled The Current State of Bacula, then the Getting Started with Bacula, which will give you a quick overview of getting Bacula running. After which, you should proceed to the chapter on Installing Bacula, then How to Configure Bacula, and finally the chapter on Running Bacula.
The catalog feature is one part of Bacula that distinguishes it from simple backup and archive programs such as dump and tar.
Verify can also be used to check that the most recent Job data written to a Volume agrees with what is stored in the Catalog (i.e. it compares the file attributes), *or it can check the Volume contents against the original files on disk.
The File Retention Period determines the time that File records are kept in the catalog database. This period is important for two reasons: the first is that as long as File records remain in the database, you can "browse" the database with a console program and restore any individual file. Once the File records are removed or pruned from the database, the individual files of a backup job can no longer be "browsed". The second reason for carefully choosing the File Retention Period is because the volume of the database File records use the most storage space in the database. As a consequence, you must ensure that regular "pruning" of the database file records is done to keep your database from growing too large. (See the Console prune command for more details on this subject).
The Job Retention Period is the length of time that Job records will be kept in the database. Note, all the File records are tied to the Job that saved those files. The File records can be purged leaving the Job records. In this case, information will be available about the jobs that ran, but not the details of the files that were backed up. Normally, when a Job record is purged, all its File records will also be purged.
The Volume Retention Period is the minimum of time that a Volume will be kept before it is reused. Bacula will normally never overwrite a Volume that contains the only backup copy of a file. Under ideal conditions, the Catalog would retain entries for all files backed up for all current Volumes. Once a Volume is overwritten, the files that were backed up on that Volume are automatically removed from the Catalog. However, if there is a very large pool of Volumes or a Volume is never overwritten, the Catalog database may become enormous. To keep the Catalog to a manageable size, the backup information should be removed from the Catalog after the defined File Retention Period. Bacula provides the mechanisms for the catalog to be automatically pruned according to the retention periods defined.
Bacula is a backup, restore and verification program and is not a complete disaster recovery system in itself, but it can be a key part of one if you plan carefully and follow the instructions included in the Disaster Recovery Chapter of this manual.
With proper planning, as mentioned in the Disaster Recovery chapter, Bacula can be a central component of your disaster recovery system. For example, if you have created an emergency boot disk, a Bacula Rescue disk to save the current partitioning information of your hard disk, and maintain a complete Bacula backup, it is possible to completely recover your system from "bare metal" that is starting from an empty disk.
If you have used the WriteBootstrap record in your job or some other means to save a valid bootstrap file, you will be able to use it to extract the necessary files (without using the catalog or manually searching for the files to restore).
The following block diagram shows the typical interactions between the Bacula Services for a backup job. Each block represents in general a separate process (normally a daemon). In general, the Director oversees the flow of information. It also maintains the Catalog.
In other words, what is and what is not currently implemented and functional.
Yes, Bacula supports your tape drive. Bacula does not directly access hardware. If the tape drive is accessible from your operating system, then it should just work with Bacula. If you can access your tape drive from the command line, then so can Bacula.
Bacula uses standard operating system calls (read, write, ioctl) to interface to tape drives. As a consequence, it relies on having a correctly written OS tape driver. Bacula is known to work perfectly well with SCSI tape drivers on FreeBSD, Linux, Solaris, and Windows machines, and it may work on other *nix machines, but we have not tested it. Recently there are many new drives that use IDE, ATAPI, or SATA interfaces rather than SCSI. On Linux the OnStream drive, which uses the OSST driver is one such example, and it is known to work with Bacula. In addition a number of such tape drives (i.e. OS drivers) seem to work on Windows systems. However, non-SCSI tape drives (other than the OnStream) that use ide-scis, ide-tape, or other non-scsi drivers do not function correctly with Bacula (or any other demanding tape application) as of today (April 2007). If you have purchased a non-SCSI tape drive for use with Bacula on Linux, there is a good chance that it will not work. We are working with the kernel developers to rectify this situation, but it will not be resolved in the near future.
Even if your drive is on the list below, please check the Tape Testing Chapter of this manual for procedures that you can use to verify if your tape drive will work with Bacula. If your drive is in fixed block mode, it may appear to work with Bacula until you attempt to do a restore and Bacula wants to position the tape. You can be sure only by following the procedures suggested above and testing.
It is very difficult to supply a list of supported tape drives, or drives that are known to work with Bacula because of limited feedback (so if you use Bacula on a different drive, please let us know). Based on user feedback, the following drives are known to work with Bacula. A dash in a column means unknown:
| OS | Man. | Media | Model | Capacity |
| - | ADIC | DLT | Adic Scalar 100 DLT | 100GB |
| - | ADIC | DLT | Adic Fastor 22 DLT | - |
| FreeBSD 5.4-RELEASE-p1 amd64 | Certance | LTO | AdicCertance CL400 LTO Ultrium 2 | 200GB |
| - | - | DDS | Compaq DDS 2,3,4 | - |
| SuSE 8.1 Pro | Compaq | AIT | Compaq AIT 35 LVD | 35/70GB |
| - | Exabyte | - | Exabyte drives less than 10 years old | - |
| - | Exabyte | - | Exabyte VXA drives | - |
| - | HP | Travan 4 | Colorado T4000S | - |
| - | HP | DLT | HP DLT drives | - |
| - | HP | LTO | HP LTO Ultrium drives | - |
| - | IBM | ?? | 3480, 3480XL, 3490, 3490E, 3580 and 3590 drives | - |
| FreeBSD 4.10 RELEASE | HP | DAT | HP StorageWorks DAT72i | - |
| - | Overland | LTO | LoaderXpress LTO | - |
| - | Overland | - | Neo2000 | - |
| - | OnStream | - | OnStream drives (see below) | - |
| FreeBSD 4.11-Release | Quantum | SDLT | SDLT320 | 160/320GB |
| - | Quantum | DLT | DLT-8000 | 40/80GB |
| Linux | Seagate | DDS-4 | Scorpio 40 | 20/40GB |
| FreeBSD 4.9 STABLE | Seagate | DDS-4 | STA2401LW | 20/40GB |
| FreeBSD 5.2.1 pthreads patched RELEASE | Seagate | AIT-1 | STA1701W | 35/70GB |
| Linux | Sony | DDS-2,3,4 | - | 4-40GB |
| Linux | Tandberg | - | Tandbert MLR3 | - |
| FreeBSD | Tandberg | - | Tandberg SLR6 | - |
| Solaris | Tandberg | - | Tandberg SLR75 | - |
If you do not see your tape drive listed above, go back and read the first few paragraphs of this page. The list above contains only the hardware that people have reported. If your OS can see the hardware, so can Bacula.
There is a list of supported autochangers in the Supported Autochangers chapter of this document, where you will find other tape drives that work with Bacula.
Previously OnStream IDE-SCSI tape drives did not work with Bacula. As of Bacula version 1.33 and the osst kernel driver version 0.9.14 or later, they now work. Please see the testing chapter as you must set a fixed block size.
QIC tapes are known to have a number of particularities (fixed block size, and one EOF rather than two to terminate the tape). As a consequence, you will need to take a lot of care in configuring them to make them work correctly with Bacula.
Unless you have patched the pthreads library on FreeBSD 4.11 systems, you will lose data when Bacula spans tapes. This is because the unpatched pthreads library fails to return a warning status to Bacula that the end of the tape is near. This problem is fixed in FreeBSD systems released after 4.11. Please see the Tape Testing Chapter of this manual for important information on how to configure your tape drive for compatibility with Bacula.
For information on supported autochangers, please see the Autochangers Known to Work with Bacula section of the Supported Autochangers chapter of this manual.
Below, you will find a table of DLT and LTO tape specifications that will give you some idea of the capacity and speed of modern tapes. The capacities that are listed are the native tape capacity without compression. All modern drives have hardware compression, and manufacturers often list compressed capacity using a compression ration of 2:1. The actual compression ratio will depend mostly on the data you have to backup, but I find that 1.5:1 is a much more reasonable number (i.e. multiply the value shown in the table by 1.5 to get a rough average of what you will probably see). The transfer rates are rounded to the nearest GB/hr. All values are provided by various manufacturers.
The Media Type is what is designated by the manufacturers and you are not required to use (but you may) the same name in your Bacula conf resources.
| Media Type | Drive Type | Media Capacity | Transfer Rate |
| DDS-1 | DAT | 2 GB | ?? GB/hr |
| DDS-2 | DAT | 4 GB | ?? GB/hr |
| DDS-3 | DAT | 12 GB | 5.4 GB/hr |
| Travan 40 | Travan | 20 GB | ?? GB/hr |
| DDS-4 | DAT | 20 GB | 11 GB/hr |
| VXA-1 | Exabyte | 33 GB | 11 GB/hr |
| DAT-72 | DAT | 36 GB | 13 GB/hr |
| DLT IV | DLT8000 | 40 GB | 22 GB/hr |
| VXA-2 | Exabyte | 80 GB | 22 GB/hr |
| Half-high Ultrium 1 | LTO 1 | 100 GB | 27 GB/hr |
| Ultrium 1 | LTO 1 | 100 GB | 54 GB/hr |
| Super DLT 1 | SDLT 220 | 110 GB | 40 GB/hr |
| VXA-3 | Exabyte | 160 GB | 43 GB/hr |
| Super DLT I | SDLT 320 | 160 GB | 58 GB/hr |
| Ultrium 2 | LTO 2 | 200 GB | 108 GB/hr |
| Super DLT II | SDLT 600 | 300 GB | 127 GB/hr |
| VXA-4 | Exabyte | 320 GB | 86 GB/hr |
| Ultrium 3 | LTO 3 | 400 GB | 216 GB/hr |
If you are like me, you want to get Bacula running immediately to get a feel for it, then later you want to go back and read about all the details. This chapter attempts to accomplish just that: get you going quickly without all the details. If you want to skip the section on Pools, Volumes and Labels, you can always come back to it, but please read to the end of this chapter, and in particular follow the instructions for testing your tape drive.
We assume that you have managed to build and install Bacula, if not, you might want to first look at the System Requirements then at the Compiling and Installing Bacula chapter of this manual.
In order to make Bacula as flexible as possible, the directions given to Bacula are specified in several pieces. The main instruction is the job resource, which defines a job. A backup job generally consists of a FileSet, a Client, a Schedule for one or several levels or times of backups, a Pool, as well as additional instructions. Another way of looking at it is the FileSet is what to backup; the Client is who to backup; the Schedule defines when, and the Pool defines where (i.e. what Volume).
Typically one FileSet/Client combination will have one corresponding job. Most of the directives, such as FileSets, Pools, Schedules, can be mixed and matched among the jobs. So you might have two different Job definitions (resources) backing up different servers using the same Schedule, the same Fileset (backing up the same directories on two machines) and maybe even the same Pools. The Schedule will define what type of backup will run when (e.g. Full on Monday, incremental the rest of the week), and when more than one job uses the same schedule, the job priority determines which actually runs first. If you have a lot of jobs, you might want to use JobDefs, where you can set defaults for the jobs, which can then be changed in the job resource, but this saves rewriting the identical parameters for each job. In addition to the FileSets you want to back up, you should also have a job that backs up your catalog.
Finally, be aware that in addition to the backup jobs there are restore, verify, and admin jobs, which have different requirements.
If you have been using a program such as tar to backup your system, Pools, Volumes, and labeling may be a bit confusing at first. A Volume is a single physical tape (or possibly a single file) on which Bacula will write your backup data. Pools group together Volumes so that a backup is not restricted to the length of a single Volume (tape). Consequently, rather than explicitly naming Volumes in your Job, you specify a Pool, and Bacula will select the next appendable Volume from the Pool and request you to mount it.
Although the basic Pool options are specified in the Director's Pool resource, the real Pool is maintained in the Bacula Catalog. It contains information taken from the Pool resource (bacula-dir.conf) as well as information on all the Volumes that have been added to the Pool. Adding Volumes to a Pool is usually done manually with the Console program using the label command.
For each Volume, Bacula maintains a fair amount of catalog information such as the first write date/time, the last write date/time, the number of files on the Volume, the number of bytes on the Volume, the number of Mounts, etc.
Before Bacula will read or write a Volume, the physical Volume must have a Bacula software label so that Bacula can be sure the correct Volume is mounted. This is usually done using the label command in the Console program.
The steps for creating a Pool, adding Volumes to it, and writing software labels to the Volumes, may seem tedious at first, but in fact, they are quite simple to do, and they allow you to use multiple Volumes (rather than being limited to the size of a single tape). Pools also give you significant flexibility in your backup process. For example, you can have a "Daily" Pool of Volumes for Incremental backups and a "Weekly" Pool of Volumes for Full backups. By specifying the appropriate Pool in the daily and weekly backup Jobs, you thereby insure that no daily Job ever writes to a Volume in the Weekly Pool and vice versa, and Bacula will tell you what tape is needed and when.
For more on Pools, see the Pool Resource section of the Director Configuration chapter, or simply read on, and we will come back to this subject later.
After running the appropriate ./configure command and doing
a make, and a make install, if this is the first time
you are running Bacula, you must create valid configuration files
for the Director, the File daemon, the Storage daemon, and the
Console programs. If you have followed our recommendations,
default configuration files as well as the daemon binaries will
be located in your installation directory. In any case, the
binaries are found in the directory you specified on the --sbindir option to the ./configure command, and
the configuration files are found in the directory you specified
on the --sysconfdir option.
When initially setting up Bacula you will need to invest a bit of time in modifying the default configuration files to suit your environment. This may entail starting and stopping Bacula a number of times until you get everything right. Please do not despair. Once you have created your configuration files, you will rarely need to change them nor will you stop and start Bacula very often. Most of the work will simply be in changing the tape when it is full.
The Console program is used by the administrator to interact with the Director and to manually start/stop Jobs or to obtain Job status information.
The Console configuration file is found in the directory specified on the
--sysconfdir option that you specified on the ./configure command and by default is named bconsole.conf.
If you choose to build the GNOME console with the --enable-gnome option, you also find a default configuration file
for it, named bgnome-console.conf.
The same applies to the wxWidgets console, which is build with the --enable-bwx-console option, and the name of the default
configuration file is, in this case, bwx-console.conf.
Normally, for first time users, no change is needed to these files. Reasonable defaults are set.
Further details are in the Console configuration chapter.
The Monitor program is typically an icon in the system tray. However, once the icon is expanded into a full window, the administrator or user can obtain status information about the Director or the backup status on the local workstation or any other Bacula daemon that is configured.
The image shows a tray-monitor configured for three daemons. By clicking on the radio buttons in the upper left corner of the image, you can see the status for each of the daemons. The image shows the status for the Storage daemon (MainSD) that is currently selected.
The Monitor configuration file is found in the directory specified on the --sysconfdir option that you specified on the ./configure command
and
by default is named tray-monitor.conf. Normally, for first time users,
you just need to change the permission of this file to allow non-root users to
run the Monitor, as this application must run as the same user as the
graphical environment (don't forget to allow non-root users to execute bacula-tray-monitor). This is not a security problem as long as you use the
default settings.
More information is in the Monitor configuration chapter.
The File daemon is a program that runs on each (Client) machine. At the request of the Director, finds the files to be backed up and sends them (their data) to the Storage daemon.
The File daemon configuration file is found in the directory specified on
the --sysconfdir option that you specified on the ./configure
command. By default, the File daemon's configuration file is named bacula-fd.conf. Normally, for first time users, no change is needed to this
file. Reasonable defaults are set. However, if you are going to back up more
than one machine, you will need to install the File daemon with a unique
configuration file on each machine to be backed up. The information about each
File daemon must appear in the Director's configuration file.
Further details are in the File daemon configuration chapter.
The Director is the central control program for all the other daemons. It schedules and monitors all jobs to be backed up.
The Director configuration file is found in the directory specified on the
--sysconfdir option that you specified on the ./configure
command. Normally the Director's configuration file is named bacula-dir.conf.
In general, the only change you must make is modify the FileSet resource so that the Include configuration directive contains at least one line with a valid name of a directory (or file) to be saved.
If you do not have a DLT tape drive, you will probably want to edit the Storage resource to contain names that are more representative of your actual storage device. You can always use the existing names as you are free to arbitrarily assign them, but they must agree with the corresponding names in the Storage daemon's configuration file.
You may also want to change the email address for notification from the default root to your email address.
Finally, if you have multiple systems to be backed up, you will need a separate File daemon or Client specification for each system, specifying its name, address, and password. We have found that giving your daemons the same name as your system but post fixed with -fd helps a lot in debugging. That is, if your system name is foobaz, you would give the File daemon the name foobaz-fd. For the Director, you should use foobaz-dir, and for the storage daemon, you might use foobaz-sd. Each of your Bacula components must have a unique name. If you make them all the same, aside from the fact that you will not know what daemon is sending what message, if they share the same working directory, the daemons temporary file names will not be unique, and you will get many strange failures.
More information is in the Director configuration chapter.
The Storage daemon is responsible, at the Director's request, for accepting data from a File daemon and placing it on Storage media, or in the case of a restore request, to find the data and send it to the File daemon.
The Storage daemon's configuration file is found in the directory specified on
the --sysconfdir option that you specified on the ./configure
command. By default, the Storage daemon's file is named bacula-sd.conf.
Edit this file to contain the correct Archive device names for any tape
devices that you have. If the configuration process properly detected your
system, they will already be correctly set. These Storage resource name and
Media Type must be the same as the corresponding ones in the Director's
configuration file bacula-dir.conf. If you want to backup to a file
instead of a tape, the Archive device must point to a directory in which the
Volumes will be created as files when you label the Volume.
Further information is in the Storage daemon configuration chapter.
You can test if your configuration file is syntactically correct by running the appropriate daemon with the -t option. The daemon will process the configuration file and print any error messages then terminate. For example, assuming you have installed your binaries and configuration files in the same directory.
cd <installation-directory> ./bacula-dir -t -c bacula-dir.conf ./bacula-fd -t -c bacula-fd.conf ./bacula-sd -t -c bacula-sd.conf ./bconsole -t -c bconsole.conf ./bgnome-console -t -c bgnome-console.conf ./bwx-console -t -c bwx-console.conf ./bat -t -c bat.conf su <normal user> -c "./bacula-tray-monitor -t -c tray-monitor.conf"
will test the configuration files of each of the main programs. If the configuration file is OK, the program will terminate without printing anything. Please note that, depending on the configure options you choose, some, or even all, of the three last commands will not be available on your system. If you have installed the binaries in traditional Unix locations rather than a single file, you will need to modify the above commands appropriately (no ./ in front of the command name, and a path in front of the conf file name).
Before spending a lot of time on Bacula only to find that it doesn't work with your tape drive, please read the btape -- Testing Your Tape Drive chapter of this manual. If you have a modern standard SCSI tape drive on a Linux or Solaris, most likely it will work, but better test than be sorry. For FreeBSD (and probably other xBSD flavors), reading the above mentioned tape testing chapter is a must. Also, for FreeBSD, please see The FreeBSD Diary for a detailed description on how to make Bacula work on your system. In addition, users of FreeBSD prior to 4.9-STABLE dated Mon Dec 29 15:18:01 2003 UTC who plan to use tape devices, please see the file platforms/freebsd/pthreads-fix.txt in the main Bacula directory concerning important information concerning compatibility of Bacula and your system.
This problem does not occur on systems running Linux 2.6.x kernels.
Probably the most important part of running Bacula is being able to restore files. If you haven't tried recovering files at least once, when you actually have to do it, you will be under a lot more pressure, and prone to make errors, than if you had already tried it once.
To get a good idea how to use Bacula in a short time, we strongly recommend that you follow the example in the Running Bacula Chapter of this manual where you will get detailed instructions on how to run Bacula.
If you intend to use Bacula as a disaster recovery tool rather than simply a program to restore lost or damaged files, you will want to read the Disaster Recovery Using Bacula Chapter of this manual.
In any case, you are strongly urged to carefully test restoring some files that you have saved rather than wait until disaster strikes. This way, you will be prepared.
In general, you will need the Bacula source release, and if you want to run a Windows client, you will need the Bacula Windows binary release. However, Bacula needs certain third party packages (such as MySQL, PostgreSQL, or SQLite to build and run properly depending on the options you specify. Normally, MySQL and PostgreSQL are packages that can be installed on your distribution. However, if you do not have them, to simplify your task, we have combined a number of these packages into three depkgs releases (Dependency Packages). This can vastly simplify your life by providing you with all the necessary packages rather than requiring you to find them on the Web, load them, and install them.
Note, this package evolves slower than the Bacula source code, so there may not always be a new release of the rescue package when making minor updates to the Bacula code. For example, when releasing Bacula version 2.0.3, the rescue package may still be at version 2.0.0 if there were no updates.
If you are upgrading from one Bacula version to another, you should first carefully read the ReleaseNotes of all major versions between your current version and the version to which you are upgrading. If the Bacula catalog database has been upgraded (as it is almost every major release), you will either need to reinitialize your database starting from scratch (not normally a good idea), or save an ASCII copy of your database, then proceed to upgrade it. If you are upgrading two major versions (e.g. 1.36 to 2.0) then life will be more complicated because you must do two database upgrades. See below for more on this.
Upgrading the catalog is normally done after Bacula is build and installed by:
cd <installed-scripts-dir> (default /etc/bacula) ./update_bacula_tables
This update script can also be find in the Bacula source src/cats directory.
If there are several database upgrades between your version and the version to which you are upgrading, you will need to apply each database upgrade script. For your convenience, you can find all the old upgrade scripts in the upgradedb directory of the source code. You will need to edit the scripts to correspond to your system configuration. The final upgrade script, if any, can be applied as noted above.
If you are upgrading from one major version to another, you will need to replace all your components at the same time as generally the inter-daemon protocol will change. However, within any particular release (e.g. version 1.32.x) unless there is an oversight or bug, the daemon protocol will not change. If this is confusing, simply read the ReleaseNotes very carefully as they will note if all daemons must be upgraded at the same time.
Finally, please note that in general it is not necessary to do a make uninstall before doing an upgrade providing you are careful not to change the installation directories. In fact, if you do so, you will most likely delete all your conf files, which could be disastrous. The normal procedure during an upgrade is simply:
./configure (your options) make make install
In general none of your existing .conf or .sql files will be overwritten, and you must do both the make and make install commands, a make install without the preceding make will not work.
For additional information on upgrading, please see the Upgrading Bacula Versions in the Tips chapter of this manual.
major.minor.release
For example:
1.38.11
where each component (major, minor, patch) is a number. The major number is currently 1 and normally does not change very frequently. The minor number starts at 0 and increases each for each production release by 2 (i.e. it is always an even number for a production release), and the patch number is starts at zero each time the minor number changes. The patch number is increased each time a bug fix (or fixes) is released to production.
So, as of this date (10 September 2006), the current production Bacula release is version 1.38.11. If there are bug fixes, the next release will be 1.38.12 (i.e. the patch number has increased by one).
For all patch releases where the minor version number does not change, the database and all the daemons will be compatible. That means that you can safely run a 1.38.0 Director with a 1.38.11 Client. Of course, in this case, the Director may have bugs that are not fixed. Generally, within a minor release (some minor releases are not so minor), all patch numbers are officially released to production. This means that while the current Bacula version is 1.38.11, versions 1.38.0, 1.38.1, ... 1.38.10 have all been previously released.
When the minor number is odd, it indicates that the package is under development and thus may not be stable. For example, while the current production release of Bacula is currently 1.38.11, the current development version is 1.39.22. All patch versions of the development code are available in the SVN (source repository). However, not all patch versions of the development code (odd minor version) are officially released. When they are released, they are released as beta versions (see below for a definition of what beta means for Bacula releases).
In general when the minor number increases from one production release to the next (i.e. 1.38.x to 1.40.0), the catalog database must be upgraded, the Director and Storage daemon must always be on the same minor release number, and often (not always), the Clients must also be on the same minor release. As often as possible, we attempt to make new releases that are downwards compatible with prior clients, but this is not always possible. You must check the release notes. In general, you will have fewer problems if you always run all the components on the same minor version number (i.e. all either 1.38.x or 1.40.x but not mixed).
As discussed above, we have combined a number of third party packages that Bacula might need into the depkgs release. You can, of course, get the latest packages from the original authors or from your operating system supplier. The locations of where we obtained the packages are in the README file in each package. However, be aware that the packages in the depkgs files have been tested by us for compatibility with Bacula.
Typically, a dependency package will be named depkgs-ddMMMyy.tar.gz where dd is the day we release it, MMM is the abbreviated month (e.g. Jan), and yy is the year. An actual example is: depkgs-07Apr02.tar.gz. To install and build this package (if needed), you do the following:
Although the exact composition of the dependency packages may change from time to time, the current makeup is the following:
| 3rd Party Package | depkgs | depkgs-qt |
| SQLite | X | |
| SQLite3 | X | |
| mtx | X | |
| qt4 | X | |
| qwt | X |
Note, some of these packages are quite large, so that building them can be a bit time consuming. The above instructions will build all the packages contained in the directory. However, when building Bacula, it will take only those pieces that it actually needs.
Alternatively, you can make just the packages that are needed. For example,
cd bacula/depkgs make sqlite
will configure and build only the SQLite package.
You should build the packages that you will require in depkgs a prior to configuring and building Bacula, since Bacula will need them during the build process.
For more information on the depkgs-qt package, please read the INSTALL file in the main directory of that package. If you are going to build Qt4 using depkgs-qt, you must source the qt4-paths file included in the package prior to building Bacula. Please read the INSTALL file for more details.
Even if you do not use SQLite, you might find it worthwhile to build mtx because the tapeinfo program that comes with it can often provide you with valuable information about your SCSI tape drive (e.g. compression, min/max block sizes, ...). Note, most distros provide mtx as part of their release.
The depkgs1 package is depreciated and previously contained readline, which should be available on all operating systems.
The depkgs-win32 package is deprecated and no longer used in Bacula version 1.39.x and later. It was previously used to build the native Win32 client program, but this program is now built on Linux systems using cross-compiling. All the tools and third party libraries are automatically downloaded by executing the appropriate scripts. See src/win32/README.mingw32 for more details.
Please see the Supported Operating Systems section of the QuickStart chapter of this manual.
The basic installation is rather simple.
Note, if you already have a running MySQL or PostgreSQL on your system, you can skip this phase provided that you have built the thread safe libraries. And you have already installed the additional rpms noted above.
SQLite is not supported on Solaris. This is because it frequently fails with bus errors. However SQLite3 may work.
make distclean
so that you are sure to start from scratch and not have a mixture of the two options. This is because ./configure caches much of the information. The make distclean is also critical if you move the source directory from one machine to another. If the make distclean fails, just ignore it and continue on.
If you skip this step (make) and proceed immediately to the make install you are making two serious errors: 1. your install will fail because Bacula requires a make before a make install. 2. you are depriving yourself of the chance to make sure there are no errors before beginning to write files to your system directories.
make uninstall
make distclean
./configure (your-new-options)
make
make install
If all goes well, the ./configure will correctly determine which operating system you are running and configure the source code appropriately. Currently, FreeBSD, Linux (Red Hat), and Solaris are supported. The Bacula client (File daemon) is reported to work with MacOS X 10.3 is if readline support is not enabled (default) when building the client.
If you install Bacula on more than one system, and they are identical, you can simply transfer the source tree to that other system and do a "make install". However, if there are differences in the libraries or OS versions, or you wish to install on a different OS, you should start from the original compress tar file. If you do transfer the source tree, and you have previously done a ./configure command, you MUST do:
make distclean
prior to doing your new ./configure. This is because the GNU autoconf tools cache the configuration, and if you re-use a configuration for a Linux machine on a Solaris, you can be sure your build will fail. To avoid this, as mentioned above, either start from the tar file, or do a "make distclean".
In general, you will probably want to supply a more complicated configure statement to ensure that the modules you want are built and that everything is placed into the correct directories.
For example, on Fedora, Red Hat, or SuSE one could use the following:
CFLAGS="-g -Wall" \
./configure \
--sbindir=$HOME/bacula/bin \
--sysconfdir=$HOME/bacula/bin \
--with-pid-dir=$HOME/bacula/bin/working \
--with-subsys-dir=$HOME/bacula/bin/working \
--with-mysql \
--with-working-dir=$HOME/bacula/bin/working \
--with-dump-email=$USER
Note, the advantage of using the above configuration to start is that everything will be put into a single directory, which you can later delete once you have run the examples in the next chapter and learned how Bacula works. In addition, the above can be installed and run as non-root.
For the developer's convenience, I have added a defaultconfig script to the examples directory. This script contains the statements that you would normally use, and each developer/user may modify them to suit his needs. You should find additional useful examples in this directory as well.
The --enable-conio or --enable-readline options are useful because
they provide a command line history and editing capability for the Console
program. If you have included either option in the build, either the termcap or the ncurses package will be needed to link. On most
systems, including Red Hat and SuSE, you should include the ncurses package.
If Bacula's configure process finds the ncurses libraries, it will use
those rather than the termcap library.
On some systems, such as SuSE, the termcap library is not in the standard
library directory. As a consequence, the option may be disabled or you may
get an error message such as:
/usr/lib/gcc-lib/i586-suse-linux/3.3.1/.../ld: cannot find -ltermcap collect2: ld returned 1 exit status
while building the Bacula Console. In that case, you will need to set the LDFLAGS environment variable prior to building.
export LDFLAGS="-L/usr/lib/termcap"
The same library requirements apply if you wish to use the readline subroutines for command line editing and history or if you are using a MySQL library that requires encryption. If you need encryption, you can either export the appropriate additional library options as shown above or, alternatively, you can include them directly on the ./configure line as in:
LDFLAGS="-lssl -lcyrpto" \ ./configure <your-options>
On some systems such as Mandriva, readline tends to
gobble up prompts, which makes it totally useless. If this happens to you, use
the disable option, or if you are using version 1.33 and above try using --enable-conio to use a built-in readline replacement. You will still need
either the termcap or the ncurses library, but it is unlikely that the conio
package will gobble up prompts.
readline is no longer supported after version 1.34. The code within Bacula remains, so it should be usable, and if users submit patches for it, we will be happy to apply them. However, due to the fact that each version of readline seems to be incompatible with previous versions, and that there are significant differences between systems, we can no longer afford to support it.
Before building Bacula you need to decide if you want to use SQLite, MySQL, or PostgreSQL. If you are not already running MySQL or PostgreSQL, you might want to start by testing with SQLite (not supported on Solaris). This will greatly simplify the setup for you because SQLite is compiled into Bacula an requires no administration. It performs well and is suitable for small to medium sized installations (maximum 10-20 machines). However, we should note that a number of users have had unexplained database corruption with SQLite. For that reason, we recommend that you install either MySQL or PostgreSQL for production work.
If you wish to use MySQL as the Bacula catalog, please see the Installing and Configuring MySQL chapter of this manual. You will need to install MySQL prior to continuing with the configuration of Bacula. MySQL is a high quality database that is very efficient and is suitable for any sized installation. It is slightly more complicated than SQLite to setup and administer because it has a number of sophisticated features such as userids and passwords. It runs as a separate process, is truly professional and can manage a database of any size.
If you wish to use PostgreSQL as the Bacula catalog, please see the Installing and Configuring PostgreSQL chapter of this manual. You will need to install PostgreSQL prior to continuing with the configuration of Bacula. PostgreSQL is very similar to MySQL, though it tends to be slightly more SQL92 compliant and has many more advanced features such as transactions, stored procedures, and the such. It requires a certain knowledge to install and maintain.
If you wish to use SQLite as the Bacula catalog, please see Installing and Configuring SQLite chapter of this manual. SQLite is not supported on Solaris.
There are a number of options and important considerations given below that you can skip for the moment if you have not had any problems building Bacula with a simplified configuration as shown above.
If the ./configure process is unable to find specific libraries (e.g. libintl, you should ensure that the appropriate package is installed on your system. Alternatively, if the package is installed in a non-standard location (as far as Bacula is concerned), then there is generally an option listed below (or listed with "./configure --help" that will permit you to specify the directory that should be searched. In other cases, there are options that will permit you to disable to feature (e.g. --disable-nls).
If you want to dive right into it, we recommend you skip to the next chapter, and run the example program. It will teach you a lot about Bacula and as an example can be installed into a single directory (for easy removal) and run as non-root. If you have any problems or when you want to do a real installation, come back to this chapter and read the details presented below.
The following command line options are available for configure to customize your installation.
By default, Bacula will install the Unix man pages in /usr/share/man/man1 and /usr/share/man/man8. If you wish the man page to be installed in a different location, use this option to specify the path. Note, the main HTML and PDF Bacula documents are in a separate tar file that is not part of the source distribution.
Qt4 is available on OpenSUSE 10.2, CentOS 5, Fedora, and Debian. If it is not available on your system, you can download the depkgs-qt package from the Bacula Source Forge download area and build it and the qwt package, both of which are needed to build bat. See the INSTALL file in that package for more details. In particular to use the Qt4 built by depkgs-qt you bf must source the file qt4-paths.
The qwt package is available for download from the qwt project on Source Forge. If you wish, you may build and install it on your system (by default in /usr/lib). If you have done so, you would specify:
--with-qwt=/usr/lib/qwt-5.0.2
Alternatively, you can download the Bacula depkgs package (currently version 11Jul07) and build it, then assuming that you have put it into a directory named bacula, you would specify:
--with-qwt=$HOME/bacula/depkgs/qwt
Some packages such as Debian do not adhere to the standard of naming the library libqwt.a or libqwt.so, and you will either need to manually add a soft link to the name they use or use the depkgs version, which handles the naming correctly.
SQLite2 is not thread safe. Batch insert cannot be enabled when using SQLite2
On most systems, MySQL, PostgreSQL and SQLite3 are thread safe.
To verify that your PostgreSQL is thread safe, you can try this (change the path to point to your particular installed libpq.a; these commands were issued on FreeBSD 6.2):
$ nm /usr/local/lib/libpq.a | grep PQputCopyData
00001b08 T PQputCopyData
$ nm /usr/local/lib/libpq.a | grep mutex
U pthread_mutex_lock
U pthread_mutex_unlock
U pthread_mutex_init
U pthread_mutex_lock
U pthread_mutex_unlock
The above example shows a libpq that contains the required function PQputCopyData and is thread enabled (i.e. the pthread_mutex* entries). If you do not see PQputCopyData, your version of PostgreSQL is too old to allow batch insert. If you do not see the mutex entries, then thread support has not been enabled. Our tests indicate you usually need to change the configuration options and recompile/reinstall the PostgreSQL client software to get thread support.
Bacula always links to the thread safe MySQL libraries.
As a default, Bacula runs SQLite3 with PRAGMA synchronous=OFF because it improves performance by more than 30 times. However, it increases the possibility of a corrupted database. If you want more security, please modify src/version.h appropriately (it should be obvious when you look at the file).
Running with Batch Insert turned on is recommended because it can significantly improve attribute insertion times. However, it does put a significantly larger part of the work on your SQL engine, so you may need to pay more attention to tuning it. In particular, Batch Insert can require large temporary table space, and consequently, the default location (often /tmp) may run out of space causing errors. For MySQL, the location is set in my.conf with "tmpdir". You may also want to increase the memory available to your SQL engine to further improve performance during Batch Inserts.
--disable-static-tools.
--enable-client-only option described below is useful for just
building a client so that all the other parts of the program are not
compiled.
When linking a static binary, the linker needs the static versions of all the libraries that are used, so frequently users will experience linking errors when this option is used. The first thing to do is to make sure you have the static glibc library installed on your system. The second thing to do is the make sure you do not specify --openssl or --with-python on your ./configure statement as these options require additional libraries. You may be able to enable those options, but you will need to load additional static libraries.
When linking a static binary, the linker needs the static versions of all the libraries that are used, so frequently users will experience linking errors when this option is used. The first thing to do is to make sure you have the static glibc library installed on your system. The second thing to do is the make sure you do not specify --openssl or --with-python on your ./configure statement as these options require additional libraries. You may be able to enable those options, but you will need to load additional static libraries.
When linking a static binary, the linker needs the static versions of all the libraries that are used, so frequently users will experience linking errors when this option is used. The first thing to do is to make sure you have the static glibc library installed on your system. The second thing to do is the make sure you do not specify --openssl or --with-python on your ./configure statement as these options require additional libraries. You may be able to enable those options, but you will need to load additional static libraries.
When linking a static binary, the linker needs the static versions of all the libraries that are used, so frequently users will experience linking errors when this option is used. The first thing to do is to make sure you have the static glibc library installed on your system. The second thing to do is the make sure you do not specify --openssl or --with-python on your ./configure statement as these options require additional libraries. You may be able to enable those options, but you will need to load additional static libraries.
When linking a static binary, the linker needs the static versions of all the libraries that are used, so frequently users will experience linking errors when this option is used. The first thing to do is to make sure you have the static glibc library installed on your system. The second thing to do is the make sure you do not specify --openssl or --with-python on your ./configure statement as these options require additional libraries. You may be able to enable those options, but you will need to load additional static libraries.
--disable-largefile.
See the note below under the --with-postgresql item.
See the note below under the --with-postgresql item.
Note, for Bacula to be configured properly, you must specify one of the four database options supported. That is: --with-sqlite, --with-sqlite3, --with-mysql, or --with-postgresql, otherwise the ./configure will fail.
For more information on configuring and testing TCP wrappers, please see the Configuring and Testing TCP Wrappers section in the Security Chapter.
On SuSE, the libwrappers libraries needed to link Bacula are contained in the tcpd-devel package. On Red Hat, the package is named tcp_wrappers.
This option is designed primarily for use in regression testing. Most users can safely ignore this option.
--with-baseport option will automatically assign three ports beginning at
the base port address specified. You may also change the port number in the
resulting configuration files. However, you need to take care that the
numbers correspond correctly in each of the three daemon configuration
files. The default base port is 9101, which assigns ports 9101 through 9103.
These ports (9101, 9102, and 9103) have been officially assigned to Bacula by
IANA. This option is only used to modify the daemon configuration files. You
may also accomplish the same thing by directly editing them later.
Note, many other options are presented when you do a ./configure
--help, but they are not implemented.
For most systems, we recommend starting with the following options:
./configure \ --enable-smartalloc \ --sbindir=$HOME/bacula/bin \ --sysconfdir=$HOME/bacula/bin \ --with-pid-dir=$HOME/bacula/bin/working \ --with-subsys-dir=$HOME/bacula/bin/working \ --with-mysql=$HOME/mysql \ --with-working-dir=$HOME/bacula/working
If you want to install Bacula in an installation directory rather than run it
out of the build directory (as developers will do most of the time), you
should also include the --sbindir and --sysconfdir options with appropriate
paths. Neither are necessary if you do not use "make install" as is the case
for most development work. The install process will create the sbindir and
sysconfdir if they do not exist, but it will not automatically create the
pid-dir, subsys-dir, or working-dir, so you must ensure that they exist before
running Bacula for the first time.
Using SQLite:
CFLAGS="-g -Wall" ./configure \ --sbindir=$HOME/bacula/bin \ --sysconfdir=$HOME/bacula/bin \ --enable-smartalloc \ --with-sqlite=$HOME/bacula/depkgs/sqlite \ --with-working-dir=$HOME/bacula/working \ --with-pid-dir=$HOME/bacula/bin/working \ --with-subsys-dir=$HOME/bacula/bin/working \ --enable-bat \ --with-qwt=$HOME/bacula/depkgs/qwt \ --enable-conio
or
CFLAGS="-g -Wall" ./configure \ --sbindir=$HOME/bacula/bin \ --sysconfdir=$HOME/bacula/bin \ --enable-smartalloc \ --with-mysql=$HOME/mysql \ --with-working-dir=$HOME/bacula/working --with-pid-dir=$HOME/bacula/bin/working \ --with-subsys-dir=$HOME/bacula/bin/working --enable-gnome \ --enable-conio
or finally, a completely traditional Red Hat Linux install:
CFLAGS="-g -Wall" ./configure \ --prefix=/usr \ --sbindir=/usr/sbin \ --sysconfdir=/etc/bacula \ --with-scriptdir=/etc/bacula \ --enable-smartalloc \ --enable-bat \ --with-qwt=$HOME/bacula/depkgs/qwt \ --with-mysql \ --with-working-dir=/var/bacula \ --with-pid-dir=/var/run \ --enable-conio
Note, Bacula assumes that /var/bacula, /var/run, and /var/lock/subsys exist so it will not automatically create them during the install process.
To build Bacula from source, you will need the following installed on your system (they are not by default): libiconv, gcc 3.3.2, stdc++, libgcc (for stdc++ and gcc_s libraries), make 3.8 or later.
You will probably also need to: Add /usr/local/bin to PATH and Add /usr/ccs/bin to PATH for ar.
It is possible to build Bacula on Solaris with the Solaris compiler, but we recommend using GNU C++ if possible.
A typical configuration command might look like:
#!/bin/sh CFLAGS="-g" ./configure \ --sbindir=$HOME/bacula/bin \ --sysconfdir=$HOME/bacula/bin \ --with-mysql=$HOME/mysql \ --enable-smartalloc \ --with-pid-dir=$HOME/bacula/bin/working \ --with-subsys-dir=$HOME/bacula/bin/working \ --with-working-dir=$HOME/bacula/working
As mentioned above, the install process will create the sbindir and sysconfdir if they do not exist, but it will not automatically create the pid-dir, subsys-dir, or working-dir, so you must ensure that they exist before running Bacula for the first time.
Note, you may need to install the following packages to build Bacula from source:
SUNWbinutils, SUNWarc, SUNWhea, SUNWGcc, SUNWGnutls SUNWGnutls-devel SUNWGmake SUNWgccruntime SUNWlibgcrypt SUNWzlib SUNWzlibs SUNWbinutilsS SUNWGmakeS SUNWlibm export PATH=/usr/bin::/usr/ccs/bin:/etc:/usr/openwin/bin:/usr/local/bin:/usr/sfw/bin:/opt/sfw/bin:/usr/ucb:/usr/sbin
If you have installed special software not normally in the Solaris libraries, such as OpenSSL, or the packages shown above, then you may need to add /usr/sfw/lib to the library search path. Probably the simplest way to do so is to run:
setenv LDFLAGS "-L/usr/sfw/lib -R/usr/sfw/lib"
Prior to running the ./configure command.
Alternatively, you can set the LD_LIBARY_PATH and/or the LD_RUN_PATH environment variables appropriately.
It is also possible to use the crle program to set the library search path. However, this should be used with caution.
Please see: The FreeBSD Diary for a detailed description on how to make Bacula work on your system. In addition, users of FreeBSD prior to 4.9-STABLE dated Mon Dec 29 15:18:01 2003 UTC who plan to use tape devices, please see the Tape Testing Chapter of this manual for important information on how to configure your tape drive for compatibility with Bacula.
If you are using Bacula with MySQL, you should take care to compile MySQL with FreeBSD native threads rather than LinuxThreads, since Bacula is normally built with FreeBSD native threads rather than LinuxTreads. Mixing the two will probably not work.
To install the binary Win32 version of the File daemon please see the Win32 Installation Chapter in this document.
The following script could be used if you want to put everything in a single file:
#!/bin/sh
CFLAGS="-g -Wall" \
./configure \
--sbindir=$HOME/bacula/bin \
--sysconfdir=$HOME/bacula/bin \
--mandir=$HOME/bacula/bin \
--enable-smartalloc \
--enable-gnome \
--enable-bat \
--with-qwt=$HOME/bacula/depkgs/qwt \
--enable-bwx-console \
--enable-tray-monitor \
--with-pid-dir=$HOME/bacula/bin/working \
--with-subsys-dir=$HOME/bacula/bin/working \
--with-mysql \
--with-working-dir=$HOME/bacula/bin/working \
--with-dump-email=$USER@your-site.com \
--with-job-email=$USER@your-site.com \
--with-smtp-host=mail.your-site.com
exit 0
You may also want to put the following entries in your /etc/services file as it will make viewing the connections made by Bacula easier to recognize (i.e. netstat -a):
bacula-dir 9101/tcp bacula-fd 9102/tcp bacula-sd 9103/tcp
Before setting up your configuration files, you will want to install Bacula in its final location. Simply enter:
make install
If you have previously installed Bacula, the old binaries will be overwritten, but the old configuration files will remain unchanged, and the "new" configuration files will be appended with a .new. Generally if you have previously installed and run Bacula you will want to discard or ignore the configuration files with the appended .new.
If you run the Director and the Storage daemon on one machine and you wish to back up another machine, you must have a copy of the File daemon for that machine. If the machine and the Operating System are identical, you can simply copy the Bacula File daemon binary file bacula-fd as well as its configuration file bacula-fd.conf then modify the name and password in the conf file to be unique. Be sure to make corresponding additions to the Director's configuration file (bacula-dir.conf).
If the architecture or the OS level are different, you will need to build a File daemon on the Client machine. To do so, you can use the same ./configure command as you did for your main program, starting either from a fresh copy of the source tree, or using make distclean before the ./configure.
Since the File daemon does not access the Catalog database, you can remove
the --with-mysql or --with-sqlite options, then
add --enable-client-only. This will compile only the
necessary libraries and the client programs and thus avoids the necessity
of installing one or another of those database programs to build the File
daemon. With the above option, you simply enter make and just the
client will be built.
If you wish the daemons to be automatically started and stopped when your system is booted (a good idea), one more step is necessary. First, the ./configure process must recognize your system -- that is it must be a supported platform and not unknown, then you must install the platform dependent files by doing:
(become root) make install-autostart
Please note, that the auto-start feature is implemented only on systems that we officially support (currently, FreeBSD, Red Hat/Fedora Linux, and Solaris), and has only been fully tested on Fedora Linux.
The make install-autostart will cause the appropriate startup scripts to be installed with the necessary symbolic links. On Red Hat/Fedora Linux systems, these scripts reside in /etc/rc.d/init.d/bacula-dir /etc/rc.d/init.d/bacula-fd, and /etc/rc.d/init.d/bacula-sd. However the exact location depends on what operating system you are using.
If you only wish to install the File daemon, you may do so with:
make install-autostart-fd
To simply build a new executable in any directory, enter:
make
To clean out all the objects and binaries (including the files named 1, 2, or 3, which are development temporary files), enter:
make clean
To really clean out everything for distribution, enter:
make distclean
note, this cleans out the Makefiles and is normally done from the top level directory to prepare for distribution of the source. To recover from this state, you must redo the ./configure in the top level directory, since all the Makefiles will be deleted.
To add a new file in a subdirectory, edit the Makefile.in in that directory, then simply do a make. In most cases, the make will rebuild the Makefile from the new Makefile.in. In some case, you may need to issue the make a second time. In extreme cases, cd to the top level directory and enter: make Makefiles.
To add dependencies:
make depend
The make depend appends the header file dependencies for each of the object files to Makefile and Makefile.in. This command should be done in each directory where you change the dependencies. Normally, it only needs to be run when you add or delete source or header files. make depend is normally automatically invoked during the configuration process.
To install:
make install
This not normally done if you are developing Bacula, but is used if you are going to run it to backup your system.
After doing a make install the following files will be installed on your system (more or less). The exact files and location (directory) for each file depends on your ./configure command (e.g. bgnome-console and bgnome-console.conf are not installed if you do not configure GNOME. Also, if you are using SQLite instead of MySQL, some of the files will be different).
NOTE: it is quite probable that this list is out of date. But it is a starting point.
bacula bacula-dir bacula-dir.conf bacula-fd bacula-fd.conf bacula-sd bacula-sd.conf bacula-tray-monitor tray-monitor.conf bextract bls bscan btape btraceback btraceback.gdb bconsole bconsole.conf create_mysql_database dbcheck delete_catalog_backup drop_bacula_tables drop_mysql_tables bgnome-console bgnome-console.conf make_bacula_tables make_catalog_backup make_mysql_tables mtx-changer query.sql bsmtp startmysql stopmysql bwx-console bwx-console.conf 9 man pages
The Tray Monitor is already installed if you used the --enable-tray-monitor configure option and ran make install.
As you don't run your graphical environment as root (if you do, you should change that bad habit), don't forget to allow your user to read tray-monitor.conf, and to execute bacula-tray-monitor (this is not a security issue).
Then log into your graphical environment (KDE, GNOME or something else), run bacula-tray-monitor as your user, and see if a cassette icon appears somewhere on the screen, usually on the task bar. If it doesn't, follow the instructions below related to your environment or window manager.
System tray, or notification area if you use the GNOME terminology, has been supported in GNOME since version 2.2. To activate it, right-click on one of your panels, open the menu Add to this Panel, then Utility and finally click on Notification Area.
System tray has been supported in KDE since version 3.1. To activate it, right-click on one of your panels, open the menu Add, then Applet and finally click on System Tray.
Read the documentation to know if the Freedesktop system tray standard is supported by your window manager, and if applicable, how to activate it.
See the chapter Configuring Bacula in this manual for instructions on how to set Bacula configuration files.
We recommend you take your time before implementing a production a Bacula backup system since Bacula is a rather complex program, and if you make a mistake, you may suddenly find that you cannot restore your files in case of a disaster. This is especially true if you have not previously used a major backup product.
If you follow the instructions in this chapter, you will have covered most of the major problems that can occur. It goes without saying that if you ever find that we have left out an important point, please inform us, so that we can document it to the benefit of everyone.
The following assumes that you have installed Bacula, you more or less understand it, you have at least worked through the tutorial or have equivalent experience, and that you have set up a basic production configuration. If you haven't done the above, please do so and then come back here. The following is a sort of checklist that points with perhaps a brief explanation of why you should do it. In most cases, you will find the details elsewhere in the manual. The order is more or less the order you would use in setting up a production system (if you already are in production, use the checklist anyway).
On most modern Win32 machines, you can edit the conf files with notebook and choose output encoding UTF-8.
Although these items may not be critical, they are recommended and will help you avoid problems.
If you absolutely must implement a system where you write a different tape each night and take it offsite in the morning. We recommend that you do several things:
This chapter will guide you through running Bacula. To do so, we assume you have installed Bacula, possibly in a single file as shown in the previous chapter, in which case, you can run Bacula as non-root for these tests. However, we assume that you have not changed the .conf files. If you have modified the .conf files, please go back and uninstall Bacula, then reinstall it, but do not make any changes. The examples in this chapter use the default configuration files, and will write the volumes to disk in your /tmp directory, in addition, the data backed up will be the source directory where you built Bacula. As a consequence, you can run all the Bacula daemons for these tests as non-root. Please note, in production, your File daemon(s) must run as root. See the Security chapter for more information on this subject.
The general flow of running Bacula is:
Each of these steps is described in more detail below.
Before running Bacula for the first time in production, we recommend that you run the test command in the btape program as described in the Utility Program Chapter of this manual. This will help ensure that Bacula functions correctly with your tape drive. If you have a modern HP, Sony, or Quantum DDS or DLT tape drive running on Linux or Solaris, you can probably skip this test as Bacula is well tested with these drives and systems. For all other cases, you are strongly encouraged to run the test before continuing. btape also has a fill command that attempts to duplicate what Bacula does when filling a tape and writing on the next tape. You should consider trying this command as well, but be forewarned, it can take hours (about four hours on my drive) to fill a large capacity tape.
If you are using MySQL or PostgreSQL as the Bacula database, you should start it before you attempt to run a job to avoid getting error messages from Bacula when it starts. The scripts startmysql and stopmysql are what I (Kern) use to start and stop my local MySQL. Note, if you are using SQLite, you will not want to use startmysql or stopmysql. If you are running this in production, you will probably want to find some way to automatically start MySQL or PostgreSQL after each system reboot.
If you are using SQLite (i.e. you specified the --with-sqlite=xxx option
on the ./configure command, you need do nothing. SQLite is automatically
started by Bacula.
Assuming you have built from source or have installed the rpms, to start the three daemons, from your installation directory, simply enter:
./bacula start
The bacula script starts the Storage daemon, the File daemon, and the Director daemon, which all normally run as daemons in the background. If you are using the autostart feature of Bacula, your daemons will either be automatically started on reboot, or you can control them individually with the files bacula-dir, bacula-fd, and bacula-sd, which are usually located in /etc/init.d, though the actual location is system dependent. Some distributions may do this differently.
Note, on Windows, currently only the File daemon is ported, and it must be started differently. Please see the Windows Version of Bacula Chapter of this manual.
The rpm packages configure the daemons to run as user=root and group=bacula. The rpm installation also creates the group bacula if it does not exist on the system. Any users that you add to the group bacula will have access to files created by the daemons. To disable or alter this behavior edit the daemon startup scripts:
and then restart as noted above.
The installation chapter of this manual explains how you can install scripts that will automatically restart the daemons when the system starts.
To communicate with the director and to query the state of Bacula or run jobs, from the top level directory, simply enter:
./bconsole
Alternatively to running the command line console, if you have
Qt4 installed and used the --enable-bat on the configure command,
you may use the Bacula Administration Tool (bat):
./bat
Which has a graphical interface, and many more features than bconsole.
Two other possibilities are to run the GNOME console bgnome-console or the wxWidgets program bwx-console.
For simplicity, here we will describe only the ./bconsole program. Most of what is described here applies equally well to ./bat, ./bgnome-console, and to bwx-console.
The ./bconsole runs the Bacula Console program, which connects to the Director daemon. Since Bacula is a network program, you can run the Console program anywhere on your network. Most frequently, however, one runs it on the same machine as the Director. Normally, the Console program will print something similar to the following:
[kern@polymatou bin]$ ./bconsole Connecting to Director lpmatou:9101 1000 OK: HeadMan Version: 2.1.8 (14 May 2007) *
the asterisk is the console command prompt.
Type help to see a list of available commands:
*help Command Description ======= =========== add add media to a pool autodisplay autodisplay [on|off] -- console messages automount automount [on|off] -- after label cancel cancel [<jobid=nnn> | <job=name>] -- cancel a job create create DB Pool from resource delete delete [pool=<pool-name> | media volume=<volume-name>] disable disable <job=name> -- disable a job enable enable <job=name> -- enable a job estimate performs FileSet estimate, listing gives full listing exit exit = quit gui gui [on|off] -- non-interactive gui mode help print this command list list [pools | jobs | jobtotals | media <pool=pool-name> | files <jobid=nn>]; from catalog label label a tape llist full or long list like list command memory print current memory usage messages messages mount mount <storage-name> prune prune expired records from catalog purge purge records from catalog python python control commands quit quit query query catalog restore restore files relabel relabel a tape release release <storage-name> reload reload conf file run run <job-name> status status [storage | client]=<name> setdebug sets debug level setip sets new client address -- if authorized show show (resource records) [jobs | pools | ... | all] sqlquery use SQL to query catalog time print current time trace turn on/off trace to file unmount unmount <storage-name> umount umount <storage-name> for old-time Unix guys update update Volume, Pool or slots use use catalog xxx var does variable expansion version print Director version wait wait until no jobs are running [<jobname=name> | <jobid=nnn> | <ujobid=complete_name>] *
Details of the console program's commands are explained in the Console Chapter of this manual.
At this point, we assume you have done the following:
--your-options
Furthermore, we assume for the moment you are using the default configuration files.
At this point, enter the following command:
show filesets
and you should get something similar to:
FileSet: name=Full Set
O M
N
I /home/kern/bacula/regress/build
N
E /proc
E /tmp
E /.journal
E /.fsck
N
FileSet: name=Catalog
O M
N
I /home/kern/bacula/regress/working/bacula.sql
N
This is a pre-defined FileSet that will backup the Bacula source directory. The actual directory names printed should correspond to your system configuration. For testing purposes, we have chosen a directory of moderate size (about 40 Megabytes) and complexity without being too big. The FileSet Catalog is used for backing up Bacula's catalog and is not of interest to us for the moment. The I entries are the files or directories that will be included in the backup and the E are those that will be excluded, and the O entries are the options specified for the FileSet. You can change what is backed up by editing bacula-dir.conf and changing the File = line in the FileSet resource.
Now is the time to run your first backup job. We are going to backup your Bacula source directory to a File Volume in your /tmp directory just to show you how easy it is. Now enter:
status dir
and you should get the following output:
rufus-dir Version: 1.30 (28 April 2003) Daemon started 28-Apr-2003 14:03, 0 Jobs run. Console connected at 28-Apr-2003 14:03 No jobs are running. Level Type Scheduled Name ================================================================= Incremental Backup 29-Apr-2003 01:05 Client1 Full Backup 29-Apr-2003 01:10 BackupCatalog ====
where the times and the Director's name will be different according to your setup. This shows that an Incremental job is scheduled to run for the Job Client1 at 1:05am and that at 1:10, a BackupCatalog is scheduled to run. Note, you should probably change the name Client1 to be the name of your machine, if not, when you add additional clients, it will be very confusing. For my real machine, I use Rufus rather than Client1 as in this example.
Now enter:
status client
and you should get something like:
The defined Client resources are:
1: rufus-fd
Item 1 selected automatically.
Connecting to Client rufus-fd at rufus:8102
rufus-fd Version: 1.30 (28 April 2003)
Daemon started 28-Apr-2003 14:03, 0 Jobs run.
Director connected at: 28-Apr-2003 14:14
No jobs running.
====
In this case, the client is named rufus-fd your name will be different, but the line beginning with rufus-fd Version ... is printed by your File daemon, so we are now sure it is up and running.
Finally do the same for your Storage daemon with:
status storage
and you should get:
The defined Storage resources are:
1: File
Item 1 selected automatically.
Connecting to Storage daemon File at rufus:8103
rufus-sd Version: 1.30 (28 April 2003)
Daemon started 28-Apr-2003 14:03, 0 Jobs run.
Device /tmp is not open.
No jobs running.
====
You will notice that the default Storage daemon device is named File and that it will use device /tmp, which is not currently open.
Now, let's actually run a job with:
run
you should get the following output:
Using default Catalog name=MyCatalog DB=bacula
A job name must be specified.
The defined Job resources are:
1: Client1
2: BackupCatalog
3: RestoreFiles
Select Job resource (1-3):
Here, Bacula has listed the three different Jobs that you can run, and you should choose number 1 and type enter, at which point you will get:
Run Backup job JobName: Client1 FileSet: Full Set Level: Incremental Client: rufus-fd Storage: File Pool: Default When: 2003-04-28 14:18:57 OK to run? (yes/mod/no):
At this point, take some time to look carefully at what is printed and understand it. It is asking you if it is OK to run a job named Client1 with FileSet Full Set (we listed above) as an Incremental job on your Client (your client name will be different), and to use Storage File and Pool Default, and finally, it wants to run it now (the current time should be displayed by your console).
Here we have the choice to run (yes), to modify one or more of the above parameters (mod), or to not run the job (no). Please enter yes, at which point you should immediately get the command prompt (an asterisk). If you wait a few seconds, then enter the command messages you will get back something like:
28-Apr-2003 14:22 rufus-dir: Last FULL backup time not found. Doing
FULL backup.
28-Apr-2003 14:22 rufus-dir: Start Backup JobId 1,
Job=Client1.2003-04-28_14.22.33
28-Apr-2003 14:22 rufus-sd: Job Client1.2003-04-28_14.22.33 waiting.
Cannot find any appendable volumes.
Please use the "label" command to create a new Volume for:
Storage: FileStorage
Media type: File
Pool: Default
The first message, indicates that no previous Full backup was done, so Bacula is upgrading our Incremental job to a Full backup (this is normal). The second message indicates that the job started with JobId 1., and the third message tells us that Bacula cannot find any Volumes in the Pool for writing the output. This is normal because we have not yet created (labeled) any Volumes. Bacula indicates to you all the details of the volume it needs.
At this point, the job is BLOCKED waiting for a Volume. You can check this if you want by doing a status dir. In order to continue, we must create a Volume that Bacula can write on. We do so with:
label
and Bacula will print:
The defined Storage resources are:
1: File
Item 1 selected automatically.
Enter new Volume name:
at which point, you should enter some name beginning with a letter and containing only letters and numbers (period, hyphen, and underscore) are also permitted. For example, enter TestVolume001, and you should get back:
Defined Pools:
1: Default
Item 1 selected automatically.
Connecting to Storage daemon File at rufus:8103 ...
Sending label command for Volume "TestVolume001" Slot 0 ...
3000 OK label. Volume=TestVolume001 Device=/tmp
Catalog record for Volume "TestVolume002", Slot 0 successfully created.
Requesting mount FileStorage ...
3001 OK mount. Device=/tmp
Finally, enter messages and you should get something like:
28-Apr-2003 14:30 rufus-sd: Wrote label to prelabeled Volume "TestVolume001" on device /tmp 28-Apr-2003 14:30 rufus-dir: Bacula 1.30 (28Apr03): 28-Apr-2003 14:30 JobId: 1 Job: Client1.2003-04-28_14.22.33 FileSet: Full Set Backup Level: Full Client: rufus-fd Start time: 28-Apr-2003 14:22 End time: 28-Apr-2003 14:30 Files Written: 1,444 Bytes Written: 38,988,877 Rate: 81.2 KB/s Software Compression: None Volume names(s): TestVolume001 Volume Session Id: 1 Volume Session Time: 1051531381 Last Volume Bytes: 39,072,359 FD termination status: OK SD termination status: OK Termination: Backup OK 28-Apr-2003 14:30 rufus-dir: Begin pruning Jobs. 28-Apr-2003 14:30 rufus-dir: No Jobs found to prune. 28-Apr-2003 14:30 rufus-dir: Begin pruning Files. 28-Apr-2003 14:30 rufus-dir: No Files found to prune. 28-Apr-2003 14:30 rufus-dir: End auto prune.
If you don't see the output immediately, you can keep entering messages until the job terminates, or you can enter, autodisplay on and your messages will automatically be displayed as soon as they are ready.
If you do an ls -l of your /tmp directory, you will see that you have the following item:
-rw-r----- 1 kern kern 39072153 Apr 28 14:30 TestVolume001
This is the file Volume that you just wrote and it contains all the data of the job just run. If you run additional jobs, they will be appended to this Volume unless you specify otherwise.
You might ask yourself if you have to label all the Volumes that Bacula is going to use. The answer for disk Volumes, like the one we used, is no. It is possible to have Bacula automatically label volumes. For tape Volumes, you will most likely have to label each of the Volumes you want to use.
If you would like to stop here, you can simply enter quit in the Console program, and you can stop Bacula with ./bacula stop. To clean up, simply delete the file /tmp/TestVolume001, and you should also re-initialize your database using:
./drop_bacula_tables ./make_bacula_tables
Please note that this will erase all information about the previous jobs that have run, and that you might want to do it now while testing but that normally you will not want to re-initialize your database.
If you would like to try restoring the files that you just backed up, read the following section.
If you have run the default configuration and the save of the Bacula source code as demonstrated above, you can restore the backed up files in the Console program by entering:
restore all
where you will get:
First you select one or more JobIds that contain files
to be restored. You will be presented several methods
of specifying the JobIds. Then you will be allowed to
select which files from those JobIds are to be restored.
To select the JobIds, you have the following choices:
1: List last 20 Jobs run
2: List Jobs where a given File is saved
3: Enter list of comma separated JobIds to select
4: Enter SQL list command
5: Select the most recent backup for a client
6: Select backup for a client before a specified time
7: Enter a list of files to restore
8: Enter a list of files to restore before a specified time
9: Find the JobIds of the most recent backup for a client
10: Find the JobIds for a backup for a client before a specified time
11: Enter a list of directories to restore for found JobIds
12: Cancel
Select item: (1-12):
As you can see, there are a number of options, but for the current demonstration, please enter 5 to do a restore of the last backup you did, and you will get the following output:
Defined Clients:
1: rufus-fd
Item 1 selected automatically.
The defined FileSet resources are:
1: 1 Full Set 2003-04-28 14:22:33
Item 1 selected automatically.
+-------+-------+----------+---------------------+---------------+
| JobId | Level | JobFiles | StartTime | VolumeName |
+-------+-------+----------+---------------------+---------------+
| 1 | F | 1444 | 2003-04-28 14:22:33 | TestVolume002 |
+-------+-------+----------+---------------------+---------------+
You have selected the following JobId: 1
Building directory tree for JobId 1 ...
1 Job inserted into the tree and marked for extraction.
The defined Storage resources are:
1: File
Item 1 selected automatically.
You are now entering file selection mode where you add and
remove files to be restored. All files are initially added.
Enter "done" to leave this mode.
cwd is: /
$
where I have truncated the listing on the right side to make it more readable. As you can see by starting at the top of the listing, Bacula knows what client you have, and since there was only one, it selected it automatically, likewise for the FileSet. Then Bacula produced a listing containing all the jobs that form the current backup, in this case, there is only one, and the Storage daemon was also automatically chosen. Bacula then took all the files that were in Job number 1 and entered them into a directory tree (a sort of in memory representation of your filesystem). At this point, you can use the cd and ls ro dir commands to walk up and down the directory tree and view what files will be restored. For example, if I enter cd /home/kern/bacula/bacula-1.30 and then enter dir I will get a listing of all the files in the Bacula source directory. On your system, the path will be somewhat different. For more information on this, please refer to the Restore Command Chapter of this manual for more details.
To exit this mode, simply enter:
done
and you will get the following output:
Bootstrap records written to /home/kern/bacula/testbin/working/restore.bsr The restore job will require the following Volumes: TestVolume001 1444 files selected to restore. Run Restore job JobName: RestoreFiles Bootstrap: /home/kern/bacula/testbin/working/restore.bsr Where: /tmp/bacula-restores Replace: always FileSet: Full Set Backup Client: rufus-fd Restore Client: rufus-fd Storage: File JobId: *None* When: 2005-04-28 14:53:54 OK to run? (yes/mod/no):
If you answer yes your files will be restored to /tmp/bacula-restores. If you want to restore the files to their original locations, you must use the mod option and explicitly set Where: to nothing (or to /). We recommend you go ahead and answer yes and after a brief moment, enter messages, at which point you should get a listing of all the files that were restored as well as a summary of the job that looks similar to this:
28-Apr-2005 14:56 rufus-dir: Bacula 2.1.8 (08May07): 08-May-2007 14:56:06 Build OS: i686-pc-linux-gnu suse 10.2 JobId: 2 Job: RestoreFiles.2007-05-08_14.56.06 Restore Client: rufus-fd Start time: 08-May-2007 14:56 End time: 08-May-2007 14:56 Files Restored: 1,444 Bytes Restored: 38,816,381 Rate: 9704.1 KB/s FD Errors: 0 FD termination status: OK SD termination status: OK Termination: Restore OK 08-May-2007 14:56 rufus-dir: Begin pruning Jobs. 08-May-2007 14:56 rufus-dir: No Jobs found to prune. 08-May-2007 14:56 rufus-dir: Begin pruning Files. 08-May-2007 14:56 rufus-dir: No Files found to prune. 08-May-2007 14:56 rufus-dir: End auto prune.
After exiting the Console program, you can examine the files in /tmp/bacula-restores, which will contain a small directory tree with all the files. Be sure to clean up at the end with:
rm -rf /tmp/bacula-restore
Simply enter the command quit.
If you have gotten the example shown above to work on your system, you may be ready to add a second Client (File daemon). That is you have a second machine that you would like backed up. The only part you need installed on the other machine is the binary bacula-fd (or bacula-fd.exe for Windows) and its configuration file bacula-fd.conf. You can start with the same bacula-fd.conf file that you are currently using and make one minor modification to it to create the conf file for your second client. Change the File daemon name from whatever was configured, rufus-fd in the example above, but your system will have a different name. The best is to change it to the name of your second machine. For example:
...
#
# "Global" File daemon configuration specifications
#
FileDaemon { # this is me
Name = rufus-fd
FDport = 9102 # where we listen for the director
WorkingDirectory = /home/kern/bacula/working
Pid Directory = /var/run
}
...
would become:
...
#
# "Global" File daemon configuration specifications
#
FileDaemon { # this is me
Name = matou-fd
FDport = 9102 # where we listen for the director
WorkingDirectory = /home/kern/bacula/working
Pid Directory = /var/run
}
...
where I show just a portion of the file and have changed rufus-fd to matou-fd. The names you use are your choice. For the moment, I recommend you change nothing else. Later, you will want to change the password.
Now you should install that change on your second machine. Then you need to make some additions to your Director's configuration file to define the new File daemon or Client. Starting from our original example which should be installed on your system, you should add the following lines (essentially copies of the existing data but with the names changed) to your Director's configuration file bacula-dir.conf.
#
# Define the main nightly save backup job
# By default, this job will back up to disk in /tmp
Job {
Name = "Matou"
Type = Backup
Client = matou-fd
FileSet = "Full Set"
Schedule = "WeeklyCycle"
Storage = File
Messages = Standard
Pool = Default
Write Bootstrap = "/home/kern/bacula/working/matou.bsr"
}
# Client (File Services) to backup
Client {
Name = matou-fd
Address = matou
FDPort = 9102
Catalog = MyCatalog
Password = "xxxxx" # password for
File Retention = 30d # 30 days
Job Retention = 180d # six months
AutoPrune = yes # Prune expired Jobs/Files
}
Then make sure that the Address parameter in the Storage resource is set to the fully qualified domain name and not to something like "localhost". The address specified is sent to the File daemon (client) and it must be a fully qualified domain name. If you pass something like "localhost" it will not resolve correctly and will result in a time out when the File daemon fails to connect to the Storage daemon.
That is all that is necessary. I copied the existing resource to create a second Job (Matou) to backup the second client (matou-fd). It has the name Matou, the Client is named matou-fd, and the bootstrap file name is changed, but everything else is the same. This means that Matou will be backed up on the same schedule using the same set of tapes. You may want to change that later, but for now, let's keep it simple.
The second change was to add a new Client resource that defines matou-fd and has the correct address matou, but in real life, you may need a fully qualified domain name or an IP address. I also kept the password the same (shown as xxxxx for the example).
At this point, if you stop Bacula and restart it, and start the Client on the other machine, everything will be ready, and the prompts that you saw above will now include the second machine.
To make this a real production installation, you will possibly want to use different Pool, or a different schedule. It is up to you to customize. In any case, you should change the password in both the Director's file and the Client's file for additional security.
For some important tips on changing names and passwords, and a diagram of what names and passwords must match, please see Authorization Errors in the FAQ chapter of this manual.
If you have scheduled your job, typically nightly, there will come a time when the tape fills up and Bacula cannot continue. In this case, Bacula will send you a message similar to the following:
rufus-sd: block.c:337 === Write error errno=28: ERR=No space left
on device
This indicates that Bacula got a write error because the tape is full. Bacula will then search the Pool specified for your Job looking for an appendable volume. In the best of all cases, you will have properly set your Retention Periods and you will have all your tapes marked to be Recycled, and Bacula will automatically recycle the tapes in your pool requesting and overwriting old Volumes. For more information on recycling, please see the Recycling chapter of this manual. If you find that your Volumes were not properly recycled (usually because of a configuration error), please see the Manually Recycling Volumes section of the Recycling chapter.
If like me, you have a very large set of Volumes and you label them with the date the Volume was first writing, or you have not set up your Retention periods, Bacula will not find a tape in the pool, and it will send you a message similar to the following:
rufus-sd: Job kernsave.2002-09-19.10:50:48 waiting. Cannot find any
appendable volumes.
Please use the "label" command to create a new Volume for:
Storage: SDT-10000
Media type: DDS-4
Pool: Default
Until you create a new Volume, this message will be repeated an hour later, then two hours later, and so on doubling the interval each time up to a maximum interval of one day.
The obvious question at this point is: What do I do now?
The answer is simple: first, using the Console program, close the tape drive using the unmount command. If you only have a single drive, it will be automatically selected, otherwise, make sure you release the one specified on the message (in this case STD-10000).
Next, you remove the tape from the drive and insert a new blank tape. Note, on some older tape drives, you may need to write an end of file mark (mt -f /dev/nst0 weof) to prevent the drive from running away when Bacula attempts to read the label.
Finally, you use the label command in the Console to write a label to the new Volume. The label command will contact the Storage daemon to write the software label, if it is successful, it will add the new Volume to the Pool, then issue a mount command to the Storage daemon. See the previous sections of this chapter for more details on labeling tapes.
The result is that Bacula will continue the previous Job writing the backup to the new Volume.
If you have a Pool of volumes and Bacula is cycling through them, instead of the above message "Cannot find any appendable volumes.", Bacula may ask you to mount a specific volume. In that case, you should attempt to do just that. If you do not have the volume any more (for any of a number of reasons), you can simply mount another volume from the same Pool, providing it is appendable, and Bacula will use it. You can use the list volumes command in the console program to determine which volumes are appendable and which are not.
If like me, you have your Volume retention periods set correctly, but you have no more free Volumes, you can relabel and reuse a Volume as follows:
To manually relabel the Volume use the following additional steps:
Most of the commands given above, with the exception of list, will prompt you for the necessary arguments if you simply enter the command name.
If you want debug output from the daemons as they are running, start the daemons from the install directory as follows:
./bacula start -d100
This can be particularly helpful if your daemons do not start correctly, because direct daemon output to the console is normally directed to the NULL device, but with the debug level greater than zero, the output will be sent to the starting terminal.
To stop the three daemons, enter the following from the install directory:
./bacula stop
The execution of bacula stop may complain about pids not found. This is OK, especially if one of the daemons has died, which is very rare.
To do a full system save, each File daemon must be running as root so that it will have permission to access all the files. None of the other daemons require root privileges. However, the Storage daemon must be able to open the tape drives. On many systems, only root can access the tape drives. Either run the Storage daemon as root, or change the permissions on the tape devices to permit non-root access. MySQL and PostgreSQL can be installed and run with any userid; root privilege is not necessary.
When you start the Bacula daemons, the Storage daemon attempts to open all defined storage devices and verify the currently mounted Volume (if configured). Until all the storage devices are verified, the Storage daemon will not accept connections from the Console program. If a tape was previously used, it will be rewound, and on some devices this can take several minutes. As a consequence, you may need to have a bit of patience when first contacting the Storage daemon after starting the daemons. If you can see your tape drive, once the lights stop flashing, the drive will be ready to be used.
The same considerations apply if you have just mounted a blank tape in a drive such as an HP DLT. It can take a minute or two before the drive properly recognizes that the tape is blank. If you attempt to mount the tape with the Console program during this recognition period, it is quite possible that you will hang your SCSI driver (at least on my Red Hat Linux system). As a consequence, you are again urged to have patience when inserting blank tapes. Let the device settle down before attempting to access it.
If you are having difficulties getting one or more of your File daemons to connect to the Storage daemon, it is most likely because you have not used a fully qualified domain name on the Address directive in the Director's Storage resource. That is the resolver on the File daemon's machine (not on the Director's) must be able to resolve the name you supply into an IP address. An example of an address that is guaranteed not to work: localhost. An example that may work: megalon. An example that is more likely to work: magalon.mydomain.com. On Win32 if you don't have a good resolver (often true on older Win98 systems), you might try using an IP address in place of a name.
If your address is correct, then make sure that no other program is using the port 9103 on the Storage daemon's machine. The Bacula port number are authorized by IANA, and should not be used by other programs, but apparently some HP printers do use these port numbers. A netstat -a on the Storage daemon's machine can determine who is using the 9103 port (used for FD to SD communications in Bacula).
Each of the three daemons (Director, File, Storage) accepts a small set of options on the command line. In general, each of the daemons as well as the Console program accepts the following options:
The Director has the following additional Director specific option:
The File daemon has the following File daemon specific option:
The Storage daemon has no Storage daemon specific options.
The Console program has no console specific options.
Creating the Pool is automatically done when Bacula starts, so if you understand Pools, you can skip to the next section.
When you run a job, one of the things that Bacula must know is what Volumes to use to backup the FileSet. Instead of specifying a Volume (tape) directly, you specify which Pool of Volumes you want Bacula to consult when it wants a tape for writing backups. Bacula will select the first available Volume from the Pool that is appropriate for the Storage device you have specified for the Job being run. When a volume has filled up with data, Bacula will change its VolStatus from Append to Full, and then Bacula will use the next volume and so on. If no appendable Volume exists in the Pool, the Director will attempt to recycle an old Volume, if there are still no appendable Volumes available, Bacula will send a message requesting the operator to create an appropriate Volume.
Bacula keeps track of the Pool name, the volumes contained in the Pool, and a number of attributes of each of those Volumes.
When Bacula starts, it ensures that all Pool resource definitions have been recorded in the catalog. You can verify this by entering:
list pools
to the console program, which should print something like the following:
*list pools Using default Catalog name=MySQL DB=bacula +--------+---------+---------+---------+----------+-------------+ | PoolId | Name | NumVols | MaxVols | PoolType | LabelFormat | +--------+---------+---------+---------+----------+-------------+ | 1 | Default | 3 | 0 | Backup | * | | 2 | File | 12 | 12 | Backup | File | +--------+---------+---------+---------+----------+-------------+ *
If you attempt to create the same Pool name a second time, Bacula will print:
Error: Pool Default already exists.
Once created, you may use the {\bf update} command to
modify many of the values in the Pool record.
Bacula requires that each Volume contains a software label. There are several strategies for labeling volumes. The one I use is to label them as they are needed by Bacula using the console program. That is when Bacula needs a new Volume, and it does not find one in the catalog, it will send me an email message requesting that I add Volumes to the Pool. I then use the label command in the Console program to label a new Volume and to define it in the Pool database, after which Bacula will begin writing on the new Volume. Alternatively, I can use the Console relabel command to relabel a Volume that is no longer used providing it has VolStatus Purged.
Another strategy is to label a set of volumes at the start, then use them as Bacula requests them. This is most often done if you are cycling through a set of tapes, for example using an autochanger. For more details on recycling, please see the Automatic Volume Recycling chapter of this manual.
If you run a Bacula job, and you have no labeled tapes in the Pool, Bacula will inform you, and you can create them "on-the-fly" so to speak. In my case, I label my tapes with the date, for example: DLT-18April02. See below for the details of using the label command.
Labeling volumes is normally done by using the console program.
If Bacula complains that you cannot label the tape because it is already labeled, simply unmount the tape using the unmount command in the console, then physically mount a blank tape and re-issue the label command.
Since the physical storage media is different for each device, the label command will provide you with a list of the defined Storage resources such as the following:
The defined Storage resources are:
1: File
2: 8mmDrive
3: DLTDrive
4: SDT-10000
Select Storage resource (1-4):
At this point, you should have a blank tape in the drive corresponding to the Storage resource that you select.
It will then ask you for the Volume name.
Enter new Volume name:
If Bacula complains:
Media record for Volume xxxx already exists.
It means that the volume name xxxx that you entered already exists in the Media database. You can list all the defined Media (Volumes) with the list media command. Note, the LastWritten column has been truncated for proper printing.
+---------------+---------+--------+----------------+-----/~/-+------------+-----+ | VolumeName | MediaTyp| VolStat| VolBytes | LastWri | VolReten | Recy| +---------------+---------+--------+----------------+---------+------------+-----+ | DLTVol0002 | DLT8000 | Purged | 56,128,042,217 | 2001-10 | 31,536,000 | 0 | | DLT-07Oct2001 | DLT8000 | Full | 56,172,030,586 | 2001-11 | 31,536,000 | 0 | | DLT-08Nov2001 | DLT8000 | Full | 55,691,684,216 | 2001-12 | 31,536,000 | 0 | | DLT-01Dec2001 | DLT8000 | Full | 55,162,215,866 | 2001-12 | 31,536,000 | 0 | | DLT-28Dec2001 | DLT8000 | Full | 57,888,007,042 | 2002-01 | 31,536,000 | 0 | | DLT-20Jan2002 | DLT8000 | Full | 57,003,507,308 | 2002-02 | 31,536,000 | 0 | | DLT-16Feb2002 | DLT8000 | Full | 55,772,630,824 | 2002-03 | 31,536,000 | 0 | | DLT-12Mar2002 | DLT8000 | Full | 50,666,320,453 | 1970-01 | 31,536,000 | 0 | | DLT-27Mar2002 | DLT8000 | Full | 57,592,952,309 | 2002-04 | 31,536,000 | 0 | | DLT-15Apr2002 | DLT8000 | Full | 57,190,864,185 | 2002-05 | 31,536,000 | 0 | | DLT-04May2002 | DLT8000 | Full | 60,486,677,724 | 2002-05 | 31,536,000 | 0 | | DLT-26May02 | DLT8000 | Append | 1,336,699,620 | 2002-05 | 31,536,000 | 1 | +---------------+---------+--------+----------------+-----/~/-+------------+-----+
Once Bacula has verified that the volume does not already exist, it will prompt you for the name of the Pool in which the Volume (tape) is to be created. If there is only one Pool (Default), it will be automatically selected.
If the tape is successfully labeled, a Volume record will also be created in the Pool. That is the Volume name and all its other attributes will appear when you list the Pool. In addition, that Volume will be available for backup if the MediaType matches what is requested by the Storage daemon.
When you labeled the tape, you answered very few questions about it -- principally the Volume name, and perhaps the Slot. However, a Volume record in the catalog database (internally known as a Media record) contains quite a few attributes. Most of these attributes will be filled in from the default values that were defined in the Pool (i.e. the Pool holds most of the default attributes used when creating a Volume).
It is also possible to add media to the pool without physically labeling the Volumes. This can be done with the add command. For more information, please see the Console Chapter of this manual.
When each of the Bacula programs starts, it reads a configuration file specified on the command line or the default bacula-dir.conf, bacula-fd.conf, bacula-sd.conf, or console.conf for the Director daemon, the File daemon, the Storage daemon, and the Console program respectively.
Each service (Director, Client, Storage, Console) has its own configuration file containing a set of Resource definitions. These resources are very similar from one service to another, but may contain different directives (records) depending on the service. For example, in the Director's resource file, the Director resource defines the name of the Director, a number of global Director parameters and his password. In the File daemon configuration file, the Director resource specifies which Directors are permitted to use the File daemon.
Before running Bacula for the first time, you must customize the configuration files for each daemon. Default configuration files will have been created by the installation process, but you will need to modify them to correspond to your system. An overall view of the resources can be seen in the following:
(thanks to Aristides Maniatis for the above graphic)
To ensure that Bacula configuration files can be correctly read including foreign characters the bf LANG environment variable must end in .UTF-8. An full example is en_US.UTF-8. The exact syntax may vary a bit from OS to OS, and exactly how you define it will also vary. On most newer Win32 machines, you can use notepad to edit the conf files, then choose output encoding UTF-8.
Bacula assumes that all filenames are in UTF-8 format on Linux and Unix machines. On Win32 they are in Unicode (UTF-16), and will be automatically converted to UTF-8 format.
Although, you won't need to know the details of all the directives a basic knowledge of Bacula resource directives is essential. Each directive contained within the resource (within the braces) is composed of a keyword followed by an equal sign (=) followed by one or more values. The keywords must be one of the known Bacula resource record keywords, and it may be composed of upper or lower case characters and spaces.
Each resource definition MUST contain a Name directive, and may optionally contain a Description directive. The Name directive is used to uniquely identify the resource. The Description directive is (will be) used during display of the Resource to provide easier human recognition. For example:
Director {
Name = "MyDir"
Description = "Main Bacula Director"
WorkingDirectory = "$HOME/bacula/bin/working"
}
Defines the Director resource with the name "MyDir" and a working directory $HOME/bacula/bin/working. In general, if you want spaces in a name to the right of the first equal sign (=), you must enclose that name within double quotes. Otherwise quotes are not generally necessary because once defined, quoted strings and unquoted strings are all equal.
When reading the configuration file, blank lines are ignored and everything after a hash sign (#) until the end of the line is taken to be a comment. A semicolon (;) is a logical end of line, and anything after the semicolon is considered as the next statement. If a statement appears on a line by itself, a semicolon is not necessary to terminate it, so generally in the examples in this manual, you will not see many semicolons.
Case (upper/lower) and spaces are totally ignored in the resource directive keywords (the part before the equal sign).
Within the keyword (i.e. before the equal sign), spaces are not significant. Thus the keywords: name, Name, and N a m e are all identical.
Spaces after the equal sign and before the first character of the value are ignored.
In general, spaces within a value are significant (not ignored), and if the value is a name, you must enclose the name in double quotes for the spaces to be accepted. Names may contain up to 127 characters. Currently, a name may contain any ASCII character. Within a quoted string, any character following a backslash (\) is taken as itself (handy for inserting backslashes and double quotes (")).
Please note, however, that Bacula resource names as well as certain other names (e.g. Volume names) must contain only letters (including ISO accented letters), numbers, and a few special characters (space, underscore, ...). All other characters and punctuation are invalid.
If you wish to break your configuration file into smaller pieces, you can do so by including other files using the syntax @filename where filename is the full path and filename of another file. The @filename specification can be given anywhere a primitive token would appear.
When parsing the resource directives, Bacula classifies the data according to the types listed below. The first time you read this, it may appear a bit overwhelming, but in reality, it is all pretty logical and straightforward.
Any abbreviation of these modifiers is also permitted (i.e. seconds may be specified as sec or s). A specification of m will be taken as months.
The specification of a time may have as many number/modifier parts as you wish. For example:
1 week 2 days 3 hours 10 mins 1 month 2 days 30 sec
are valid date specifications.
The following table lists all current Bacula resource types. It shows what resources must be defined for each service (daemon). The default configuration files will already contain at least one example of each permitted resource, so you need not worry about creating all these kinds of resources from scratch.
| Resource | Director | Client | Storage | Console |
| Autochanger | No | No | Yes | No |
| Catalog | Yes | No | No | No |
| Client | Yes | Yes | No | No |
| Console | Yes | No | No | Yes |
| Device | No | No | Yes | No |
| Director | Yes | Yes | Yes | Yes |
| FileSet | Yes | No | No | No |
| Job | Yes | No | No | No |
| JobDefs | Yes | No | No | No |
| Message | Yes | Yes | Yes | No |
| Pool | Yes | No | No | No |
| Schedule | Yes | No | No | No |
| Storage | Yes | No | Yes | No |
In order for one daemon to contact another daemon, it must authorize itself with a password. In most cases, the password corresponds to a particular name, so both the name and the password must match to be authorized. Passwords are plain text, any text. They are not generated by any special process; just use random text.
The default configuration files are automatically defined for correct authorization with random passwords. If you add to or modify these files, you will need to take care to keep them consistent.
Here is sort of a picture of what names/passwords in which files/Resources must match up:
In the left column, you will find the Director, Storage, and Client resources, with their names and passwords -- these are all in bacula-dir.conf. In the right column are where the corresponding values should be found in the Console, Storage daemon (SD), and File daemon (FD) configuration files.
Please note that the Address, fd-sd, that appears in the Storage resource of the Director, preceded with and asterisk in the above example, is passed to the File daemon in symbolic form. The File daemon then resolves it to an IP address. For this reason, you must use either an IP address or a fully qualified name. A name such as localhost, not being a fully qualified name, will resolve in the File daemon to the localhost of the File daemon, which is most likely not what is desired. The password used for the File daemon to authorize with the Storage daemon is a temporary password unique to each Job created by the daemons and is not specified in any .conf file.
The details of each Resource and the directives permitted therein are described in the following chapters.
The following configuration files must be defined:
Of all the configuration files needed to run Bacula, the Director's is the most complicated, and the one that you will need to modify the most often as you add clients or modify the FileSets.
For a general discussion of configuration files and resources including the data types recognized by Bacula. Please see the Configuration chapter of this manual.
Director resource type may be one of the following:
Job, JobDefs, Client, Storage, Catalog, Schedule, FileSet, Pool, Director, or Messages. We present them here in the most logical order for defining them:
Note, everything revolves around a job and is tied to a job in one way or another.
The Director resource defines the attributes of the Directors running on the network. In the current implementation, there is only a single Director resource, but the final design will contain multiple Directors to maintain index and media database redundancy.
The password is plain text. It is not generated through any special process but as noted above, it is better to use random text for security reasons.
If you have specified a Director user and/or a Director group on your ./configure line with --with-dir-user and/or --with-dir-group the Working Directory owner and group will be set to those values.
The PID directory specified must already exist and be readable and writable by the Bacula daemon referencing it
Typically on Linux systems, you will set this to: /var/run. If you are not installing Bacula in the system directories, you can use the Working Directory as defined above. This directive is required.
Please note that the Volume format becomes much more complicated with multiple simultaneous jobs, consequently, restores can take much longer if Bacula must sort through interleaved volume blocks from multiple simultaneous jobs. This can be avoided by having each simultaneously running job write to a different volume or by using data spooling, which will first spool the data to disk simultaneously, then write each spool file to the volume in sequence.
There may also still be some cases where directives such as Maximum Volume Jobs are not properly synchronized with multiple simultaneous jobs (subtle timing issues can arise), so careful testing is recommended.
At the current time, there is no configuration parameter set to limit the number of console connections. A maximum of five simultaneous console connections are permitted.
DirAddresses = {
ip = { addr = 1.2.3.4; port = 1205;}
ipv4 = {
addr = 1.2.3.4; port = http;}
ipv6 = {
addr = 1.2.3.4;
port = 1205;
}
ip = {
addr = 1.2.3.4
port = 1205
}
ip = { addr = 1.2.3.4 }
ip = { addr = 201:220:222::2 }
ip = {
addr = bluedot.thun.net
}
}
where ip, ip4, ip6, addr, and port are all keywords. Note, that the address can be specified as either a dotted quadruple, or IPv6 colon notation, or as a symbolic name (only in the ip specification). Also, port can be specified as a number or as the mnemonic value from the /etc/services file. If a port is not specified, the default will be used. If an ip section is specified, the resolution can be made either by IPv4 or IPv6. If ip4 is specified, then only IPv4 resolutions will be permitted, and likewise with ip6.
Please note that if you use the DirAddresses directive, you must not use either a DirPort or a DirAddress directive in the same resource.
The following is an example of a valid Director resource definition:
Director {
Name = HeadMan
WorkingDirectory = "$HOME/bacula/bin/working"
Password = UA_password
PidDirectory = "$HOME/bacula/bin/working"
QueryFile = "$HOME/bacula/bin/query.sql"
Messages = Standard
}
The Job resource defines a Job (Backup, Restore, ...) that Bacula must perform. Each Job resource definition contains the name of a Client and a FileSet to backup, the Schedule for the Job, where the data are to be stored, and what media Pool can be used. In effect, each Job resource must specify What, Where, How, and When or FileSet, Storage, Backup/Restore/Level, and Schedule respectively. Note, the FileSet must be specified for a restore job for historical reasons, but it is no longer used.
Only a single type (Backup, Restore, ...) can be specified for any job. If you want to backup multiple FileSets on the same Client or multiple Clients, you must define a Job for each one.
Note, you define only a single Job to do the Full, Differential, and Incremental backups since the different backup levels are tied together by a unique Job name. Normally, you will have only one Job per Client, but if a client has a really huge number of files (more than several million), you might want to split it into to Jobs each with a different FileSet covering only part of the total files.
When the job actually runs, the unique Job Name will consist of the name you specify here followed by the date and time the job was scheduled for execution. This directive is required.
Restore jobs cannot be automatically started by the scheduler as is the case for Backup, Verify and Admin jobs. To restore files, you must use the restore command in the console.
For a Backup Job, the Level may be one of the following:
If all the above conditions do not hold, the Director will upgrade the Incremental to a Full save. Otherwise, the Incremental backup will be performed as requested.
The File daemon (Client) decides which files to backup for an Incremental backup by comparing start time of the prior Job (Full, Differential, or Incremental) against the time each file was last "modified" (st_mtime) and the time its attributes were last "changed"(st_ctime). If the file was modified or its attributes changed on or after this start time, it will then be backed up.
Some virus scanning software may change st_ctime while
doing the scan. For example, if the virus scanning program attempts to
reset the access time (st_atime), which Bacula does not use, it will
cause st_ctime to change and hence Bacula will backup the file during
an Incremental or Differential backup. In the case of Sophos virus
scanning, you can prevent it from resetting the access time (st_atime)
and hence changing st_ctime by using the --no-reset-atime
option. For other software, please see their manual.
When Bacula does an Incremental backup, all modified files that are still on the system are backed up. However, any file that has been deleted since the last Full backup remains in the Bacula catalog, which means that if between a Full save and the time you do a restore, some files are deleted, those deleted files will also be restored. The deleted files will no longer appear in the catalog after doing another Full save. However, to remove deleted files from the catalog during an Incremental backup is quite a time consuming process and not currently implemented in Bacula.
In addition, if you move a directory rather than copy it, the files in it do not have their modification time (st_mtime) or their attribute change time (st_ctime) changed. As a consequence, those files will probably not be backed up by an Incremental or Differential backup which depend solely on these time stamps. If you move a directory, and wish it to be properly backed up, it is generally preferable to copy it, then delete the original.
If all the above conditions do not hold, the Director will upgrade the Differential to a Full save. Otherwise, the Differential backup will be performed as requested.
The File daemon (Client) decides which files to backup for a differential backup by comparing the start time of the prior Full backup Job against the time each file was last "modified" (st_mtime) and the time its attributes were last "changed" (st_ctime). If the file was modified or its attributes were changed on or after this start time, it will then be backed up. The start time used is displayed after the Since on the Job report. In rare cases, using the start time of the prior backup may cause some files to be backed up twice, but it ensures that no change is missed. As with the Incremental option, you should ensure that the clocks on your server and client are synchronized or as close as possible to avoid the possibility of a file being skipped. Note, on versions 1.33 or greater Bacula automatically makes the necessary adjustments to the time between the server and the client so that the times Bacula uses are synchronized.
When Bacula does a Differential backup, all modified files that are still on the system are backed up. However, any file that has been deleted since the last Full backup remains in the Bacula catalog, which means that if between a Full save and the time you do a restore, some files are deleted, those deleted files will also be restored. The deleted files will no longer appear in the catalog after doing another Full save. However, to remove deleted files from the catalog during a Differential backup is quite a time consuming process and not currently implemented in Bacula. It is, however, a planned future feature.
As noted above, if you move a directory rather than copy it, the files in it do not have their modification time (st_mtime) or their attribute change time (st_ctime) changed. As a consequence, those files will probably not be backed up by an Incremental or Differential backup which depend solely on these time stamps. If you move a directory, and wish it to be properly backed up, it is generally preferable to copy it, then delete the original. Alternatively, you can move the directory, then use the touch program to update the timestamps.
Every once and a while, someone asks why we need Differential backups as long as Incremental backups pickup all changed files. There are possibly many answers to this question, but the one that is the most important for me is that a Differential backup effectively merges all the Incremental and Differential backups since the last Full backup into a single Differential backup. This has two effects: 1. It gives some redundancy since the old backups could be used if the merged backup cannot be read. 2. More importantly, it reduces the number of Volumes that are needed to do a restore effectively eliminating the need to read all the volumes on which the preceding Incremental and Differential backups since the last Full are done.
For a Restore Job, no level needs to be specified.
For a Verify Job, the Level may be one of the following:
Please note! If you run two Verify Catalog jobs on the same client at the same time, the results will certainly be incorrect. This is because Verify Catalog modifies the Catalog database while running in order to track new files.
Please note! If you run two Verify VolumeToCatalog jobs on the same client at the same time, the results will certainly be incorrect. This is because the Verify VolumeToCatalog modifies the Catalog database while running.
This command can be very useful if you have disk problems because it will compare the current state of your disk against the last successful backup, which may be several jobs.
Note, the current implementation (1.32c) does not identify files that have been deleted.
If you use the Restore command in the Console program, to start a restore job, the bootstrap file will be created automatically from the files you select to be restored.
For additional details of the bootstrap file, please see Restoring Files with the Bootstrap File chapter of this manual.
Using this feature, permits you to constantly have a bootstrap file that can recover the current state of your system. Normally, the file specified should be a mounted drive on another machine, so that if your hard disk is lost, you will immediately have a bootstrap record available. Alternatively, you should copy the bootstrap file to another machine after it is updated. Note, it is a good idea to write a separate bootstrap file for each Job backed up including the job that backs up your catalog database.
If the bootstrap-file-specification begins with a vertical bar (|), Bacula will use the specification as the name of a program to which it will pipe the bootstrap record. It could for example be a shell script that emails you the bootstrap record.
On versions 1.39.22 or greater, before opening the file or executing the specified command, Bacula performs character substitution like in RunScript directive. To automatically manage your bootstrap files, you can use this in your JobDefs resources:
JobDefs {
Write Bootstrap = "%c_%n.bsr"
...
}
For more details on using this file, please see the chapter entitled The Bootstrap File of this manual.
If the directive is set to no, the Storage daemon will prefer finding an unused drive, otherwise, each job started will append to the same Volume (assuming the Pool is the same for all jobs). Setting Prefer Mounted Volumes to no can be useful for those sites with multiple drive autochangers that prefer to maximize backup throughput at the expense of using additional drives and Volumes. This means that the job will prefer to use an unused drive rather than use a drive that is already in use.
This directive is implemented in version 1.39.22 and later. The RunScript directive behaves like a resource in that it requires opening and closing braces around a number of directives that make up the body of the runscript.
The specified Command (see below for details) is run as an external program prior or after the current Job. This is optional.
You can use following options may be specified in the body
of the runscript:
| Options | Value | Default | Information |
| Runs On Success | Yes/No | Yes | Run command if JobStatus is successful |
| Runs On Failure | Yes/No | No | Run command if JobStatus isn't successful |
| Runs On Client | Yes/No | Yes | Run command on client |
| Runs When | Before|After|Always | Never | When run commands |
| Fail Job On Error | Yes/No | Yes | Fail job if script returns something different from 0 |
| Command | Path to your script |
Any output sent by the command to standard output will be included in the Bacula job report. The command string must be a valid program name or name of a shell script.
In addition, the command string is parsed then fed to the OS, which means that the path will be searched to execute your specified command, but there is no shell interpretation, as a consequence, if you invoke complicated commands or want any shell features such as redirection or piping, you must call a shell script and do it inside that script.
Before submitting the specified command to the operating system, Bacula performs character substitution of the following characters:
%% = %
%c = Client's name
%d = Director's name
%e = Job Exit Status
%i = JobId
%j = Unique Job id
%l = Job Level
%n = Job name
%s = Since time
%t = Job type (Backup, ...)
%v = Volume name
The Job Exit Status code %e edits the following values:
Thus if you edit it on a command line, you will need to enclose it within some sort of quotes.
You can use these following shortcuts:
| Keyword | RunsOnSuccess | RunsOnFailure | FailJobOnError | Runs On Client | RunsWhen |
| Run Before Job | Yes | No | Before | ||
| Run After Job | Yes | No | No | After | |
| Run After Failed Job | No | Yes | No | After | |
| Client Run Before Job | Yes | Yes | Before | ||
| Client Run After Job | Yes | No | Yes | After |
Examples:
RunScript {
RunsWhen = Before
FailJobOnError = No
Command = "/etc/init.d/apache stop"
}
RunScript {
RunsWhen = After
RunsOnFailure = yes
Command = "/etc/init.d/apache start"
}
Special Windows Considerations
In addition, for a Windows client on version 1.33 and above, please take note that you must ensure a correct path to your script. The script or program can be a .com, .exe or a .bat file. If you just put the program name in then Bacula will search using the same rules that cmd.exe uses (current directory, Bacula bin directory, and PATH). It will even try the different extensions in the same order as cmd.exe. The command can be anything that cmd.exe or command.com will recognize as an executable file.
However, if you have slashes in the program name then Bacula figures you are fully specifying the name, so you must also explicitly add the three character extension.
The command is run in a Win32 environment, so Unix like commands will not work unless you have installed and properly configured Cygwin in addition to and separately from Bacula.
The System %Path% will be searched for the command. (under the environment variable dialog you have have both System Environment and User Environment, we believe that only the System environment will be available to bacula-fd, if it is running as a service.)
System environment variables can be referenced with %var% and used as either part of the command name or arguments.
So if you have a script in the Bacula
bin directory then the following lines
should work fine:
Client Run Before Job = systemstate
or
Client Run Before Job = systemstate.bat
or
Client Run Before Job = "systemstate"
or
Client Run Before Job = "systemstate.bat"
or
ClientRunBeforeJob = "\"C:/Program Files/Bacula/systemstate.bat\""
The outer set of quotes is removed when the configuration file is parsed. You need to escape the inner quotes so that they are there when the code that parses the command line for execution runs so it can tell what the program name is.
ClientRunBeforeJob = "\"C:/Program Files/Software
Vendor/Executable\" /arg1 /arg2 \"foo bar\""
The special characters
&<>()@^|will need to be quoted, if they are part of a filename or argument.
If someone is logged in, a blank "command" window running the commands will be present during the execution of the command.
Some Suggestions from Phil Stracchino for running on Win32 machines with the native Win32 File daemon:
ClientRunBeforeJob = "c:/bacula/bin/systemstate.bat"
rather than DOS/Windows form:
ClientRunBeforeJob =
"c:\bacula\bin\systemstate.bat" INCORRECT
For Win32, please note that there are certain limitations:
ClientRunBeforeJob = "C:/Program Files/Bacula/bin/pre-exec.bat"
Lines like the above do not work because there are limitations of cmd.exe that is used to execute the command. Bacula prefixes the string you supply with cmd.exe /c . To test that your command works you should type cmd /c "C:/Program Files/test.exe" at a cmd prompt and see what happens. Once the command is correct insert a backslash (\) before each double quote ("), and then put quotes around the whole thing when putting it in the director's .conf file. You either need to have only one set of quotes or else use the short name and don't put quotes around the command path.
Below is the output from cmd's help as it relates to the command line passed to the /c option.
If /C or /K is specified, then the remainder of the command line after the switch is processed as a command line, where the following logic is used to process quote (") characters:
&<>()@^|
The following example of the use of the Client Run Before Job directive was
submitted by a user:
You could write a shell script to back up a DB2 database to a FIFO. The shell
script is:
#!/bin/sh # ===== backupdb.sh DIR=/u01/mercuryd mkfifo $DIR/dbpipe db2 BACKUP DATABASE mercuryd TO $DIR/dbpipe WITHOUT PROMPTING & sleep 1
The following line in the Job resource in the bacula-dir.conf file:
Client Run Before Job = "su - mercuryd -c \"/u01/mercuryd/backupdb.sh '%t' '%l'\""
When the job is run, you will get messages from the output of the script stating that the backup has started. Even though the command being run is backgrounded with &, the job will block until the "db2 BACKUP DATABASE" command, thus the backup stalls.
To remedy this situation, the "db2 BACKUP DATABASE" line should be changed to the following:
db2 BACKUP DATABASE mercuryd TO $DIR/dbpipe WITHOUT PROMPTING > $DIR/backup.log 2>&1 < /dev/null &
It is important to redirect the input and outputs of a backgrounded command to /dev/null to prevent the script from blocking.
Run Before Job = "echo test"it's equivalent to :
RunScript {
Command = "echo test"
RunsOnClient = No
RunsWhen = Before
}
Lutz Kittler has pointed out that using the RunBeforeJob directive can be a simple way to modify your schedules during a holiday. For example, suppose that you normally do Full backups on Fridays, but Thursday and Friday are holidays. To avoid having to change tapes between Thursday and Friday when no one is in the office, you can create a RunBeforeJob that returns a non-zero status on Thursday and zero on all other days. That way, the Thursday job will not run, and on Friday the tape you inserted on Wednesday before leaving will be used.
An example of the use of this directive is given in the Tips Chapter of this manual.
See the Run After Failed Job if you want to run a script after the job has terminated with any non-normal status.
RunScript {
Command = "echo test"
RunsWhen = After
RunsOnFailure = yes
RunsOnClient = no
RunsOnSuccess = yes # default, you can drop this line
}
An example of the use of this directive is given in the Tips Chapter of this manual.
Note, please see the notes above in RunScript concerning Windows clients.
There are several points that must be taken into account when using this directive: first, a failed job is defined as one that has not terminated normally, which includes any running job of the same name (you need to ensure that two jobs of the same name do not run simultaneously); secondly, the Ignore FileSet Changes directive is not considered when checking for failed levels, which means that any FileSet change will trigger a rerun.
If this directive is set to yes (default no), the Storage daemon will be requested to spool the data for this Job to disk rather than write it directly to tape. Once all the data arrives or the spool files' maximum sizes are reached, the data will be despooled and written to tape. Spooling data prevents tape shoe-shine (start and stop) during Incremental saves. If you are writing to a disk file using this option will probably just slow down the backup jobs.
NOTE: When this directive is set to yes, Spool Attributes is also automatically set to yes.
NOTE: When Spool Data is set to yes, Spool Attributes is also automatically set to yes.
Using Add Suffix=.old, /etc/passwd will be restored to /etc/passwsd.old
Using Strip Prefix=/etc, /etc/passwd will be restored to /passwd
Under Windows, if you want to restore c:/files to d:/files, you can use :
Strip Prefix = c: Add Prefix = d:
For more informations about how use this option, see this.
This specification can be useful for portables, laptops, or other machines that are not always connected to the network or switched on.
The part after the equal sign must be enclosed in double quotes, and can contain any string or set of options (overrides) that you can specify when entering the Run command from the console. For example storage=DDS-4 .... In addition, there are two special keywords that permit you to clone the current job. They are level=%l and since=%s. The %l in the level keyword permits entering the actual level of the current job and the %s in the since keyword permits putting the same time for comparison as used on the current job. Note, in the case of the since keyword, the %s must be enclosed in double quotes, and thus they must be preceded by a backslash since they are already inside quotes. For example:
run = "Nightly-backup level=%l since=\"%s\" storage=DDS-4"
A cloned job will not start additional clones, so it is not possible to recurse.
Please note that all cloned jobs, as specified in the Run directives are submitted for running before the original job is run (while it is being initialized). This means that any clone job will actually start before the original job, and may even block the original job from starting until the original job finishes unless you allow multiple simultaneous jobs. Even if you set a lower priority on the clone job, if no other jobs are running, it will start before the original job.
If you are trying to prioritize jobs by using the clone feature (Run directive), you will find it much easier to do using a RunScript resource, or a RunBeforeJob directive.
The priority only affects waiting jobs that are queued to run, not jobs that are already running. If one or more jobs of priority 2 are already running, and a new job is scheduled with priority 1, the currently running priority 2 jobs must complete before the priority 1 job is run.
The default priority is 10.
If you want to run concurrent jobs you should keep these points in mind:
If you have several jobs of different priority, it may not best to start them at exactly the same time, because Bacula must examine them one at a time. If by Bacula starts a lower priority job first, then it will run before your high priority jobs. If you experience this problem, you may avoid it by starting any higher priority jobs a few seconds before lower priority ones. This insures that Bacula will examine the jobs in the correct order, and that your priority scheme will be respected.
It should be set to yes when writing to devices that require mount (for example DVD), so you are sure that the current part, containing this job's data, is written to the device, and that no data is left in the temporary file on the hard disk. However, on some media, like DVD+R and DVD-R, a lot of space (about 10Mb) is lost every time a part is written. So, if you run several jobs each after another, you could set this directive to no for all jobs, except the last one, to avoid wasting too much space, but to ensure that the data is written to the medium when all jobs are finished.
This directive is ignored with tape and FIFO devices.
The following is an example of a valid Job resource definition:
Job {
Name = "Minou"
Type = Backup
Level = Incremental # default
Client = Minou
FileSet="Minou Full Set"
Storage = DLTDrive
Pool = Default
Schedule = "MinouWeeklyCycle"
Messages = Standard
}
The JobDefs resource permits all the same directives that can appear in a Job resource. However, a JobDefs resource does not create a Job, rather it can be referenced within a Job to provide defaults for that Job. This permits you to concisely define several nearly identical Jobs, each one referencing a JobDefs resource which contains the defaults. Only the changes from the defaults need to be mentioned in each Job.
The Schedule resource provides a means of automatically scheduling a Job as well as the ability to override the default Level, Pool, Storage and Messages resources. If a Schedule resource is not referenced in a Job, the Job can only be run manually. In general, you specify an action to be taken and when.
The Job-overrides permit overriding the Level, the Storage, the Messages, and the Pool specifications provided in the Job resource. In addition, the FullPool, the IncrementalPool, and the DifferentialPool specifications permit overriding the Pool specification according to what backup Job Level is in effect.
By the use of overrides, you may customize a particular Job. For example, you may specify a Messages override for your Incremental backups that outputs messages to a log file, but for your weekly or monthly Full backups, you may send the output by email by using a different Messages override.
Job-overrides are specified as: keyword=value where the keyword is Level, Storage, Messages, Pool, FullPool, DifferentialPool, or IncrementalPool, and the value is as defined on the respective directive formats for the Job resource. You may specify multiple Job-overrides on one Run directive by separating them with one or more spaces or by separating them with a trailing comma. For example:
Date-time-specification determines when the Job is to be run. The specification is a repetition, and as a default Bacula is set to run a job at the beginning of the hour of every hour of every day of every week of every month of every year. This is not normally what you want, so you must specify or limit when you want the job to run. Any specification given is assumed to be repetitive in nature and will serve to override or limit the default repetition. This is done by specifying masks or times for the hour, day of the month, day of the week, week of the month, week of the year, and month when you want the job to run. By specifying one or more of the above, you can define a schedule to repeat at almost any frequency you want.
Basically, you must supply a month, day, hour, and minute the Job is to be run. Of these four items to be specified, day is special in that you may either specify a day of the month such as 1, 2, ... 31, or you may specify a day of the week such as Monday, Tuesday, ... Sunday. Finally, you may also specify a week qualifier to restrict the schedule to the first, second, third, fourth, or fifth week of the month.
For example, if you specify only a day of the week, such as Tuesday the Job will be run every hour of every Tuesday of every Month. That is the month and hour remain set to the defaults of every month and all hours.
Note, by default with no other specification, your job will run at the beginning of every hour. If you wish your job to run more than once in any given hour, you will need to specify multiple run specifications each with a different minute.
The date/time to run the Job can be specified in the following way in pseudo-BNF:
<void-keyword> = on
<at-keyword> = at
<week-keyword> = 1st | 2nd | 3rd | 4th | 5th | first |
second | third | fourth | fifth
<wday-keyword> = sun | mon | tue | wed | thu | fri | sat |
sunday | monday | tuesday | wednesday |
thursday | friday | saturday
<week-of-year-keyword> = w00 | w01 | ... w52 | w53
<month-keyword> = jan | feb | mar | apr | may | jun | jul |
aug | sep | oct | nov | dec | january |
february | ... | december
<daily-keyword> = daily
<weekly-keyword> = weekly
<monthly-keyword> = monthly
<hourly-keyword> = hourly
<digit> = 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 0
<number> = <digit> | <digit><number>
<12hour> = 0 | 1 | 2 | ... 12
<hour> = 0 | 1 | 2 | ... 23
<minute> = 0 | 1 | 2 | ... 59
<day> = 1 | 2 | ... 31
<time> = <hour>:<minute> |
<12hour>:<minute>am |
<12hour>:<minute>pm
<time-spec> = <at-keyword> <time> |
<hourly-keyword>
<date-keyword> = <void-keyword> <weekly-keyword>
<day-range> = <day>-<day>
<month-range> = <month-keyword>-<month-keyword>
<wday-range> = <wday-keyword>-<wday-keyword>
<range> = <day-range> | <month-range> |
<wday-range>
<date> = <date-keyword> | <day> | <range>
<date-spec> = <date> | <date-spec>
<day-spec> = <day> | <wday-keyword> |
<day-range> | <wday-range> |
<daily-keyword>
<day-spec> = <day> | <wday-keyword> |
<day> | <wday-range> |
<week-keyword> <wday-keyword> |
<week-keyword> <wday-range>
<month-spec> = <month-keyword> | <month-range> |
<monthly-keyword>
<date-time-spec> = <month-spec> <day-spec> <time-spec>
Note, the Week of Year specification wnn follows the ISO standard definition of the week of the year, where Week 1 is the week in which the first Thursday of the year occurs, or alternatively, the week which contains the 4th of January. Weeks are numbered w01 to w53. w00 for Bacula is the week that precedes the first ISO week (i.e. has the first few days of the year if any occur before Thursday). w00 is not defined by the ISO specification. A week starts with Monday and ends with Sunday.
According to the NIST (US National Institute of Standards and Technology), 12am and 12pm are ambiguous and can be defined to anything. However, 12:01am is the same as 00:01 and 12:01pm is the same as 12:01, so Bacula defines 12am as 00:00 (midnight) and 12pm as 12:00 (noon). You can avoid this abiguity (confusion) by using 24 hour time specifications (i.e. no am/pm). This is the definition in Bacula version 2.0.3 and later.
An example schedule resource that is named WeeklyCycle and runs a job with level full each Sunday at 2:05am and an incremental job Monday through Saturday at 2:05am is:
Schedule {
Name = "WeeklyCycle"
Run = Level=Full sun at 2:05
Run = Level=Incremental mon-sat at 2:05
}
An example of a possible monthly cycle is as follows:
Schedule {
Name = "MonthlyCycle"
Run = Level=Full Pool=Monthly 1st sun at 2:05
Run = Level=Differential 2nd-5th sun at 2:05
Run = Level=Incremental Pool=Daily mon-sat at 2:05
}
The first of every month:
Schedule {
Name = "First"
Run = Level=Full on 1 at 2:05
Run = Level=Incremental on 2-31 at 2:05
}
Every 10 minutes:
Schedule {
Name = "TenMinutes"
Run = Level=Full hourly at 0:05
Run = Level=Full hourly at 0:15
Run = Level=Full hourly at 0:25
Run = Level=Full hourly at 0:35
Run = Level=Full hourly at 0:45
Run = Level=Full hourly at 0:55
}
Internally Bacula keeps a schedule as a bit mask. There are six masks and a minute field to each schedule. The masks are hour, day of the month (mday), month, day of the week (wday), week of the month (wom), and week of the year (woy). The schedule is initialized to have the bits of each of these masks set, which means that at the beginning of every hour, the job will run. When you specify a month for the first time, the mask will be cleared and the bit corresponding to your selected month will be selected. If you specify a second month, the bit corresponding to it will also be added to the mask. Thus when Bacula checks the masks to see if the bits are set corresponding to the current time, your job will run only in the two months you have set. Likewise, if you set a time (hour), the hour mask will be cleared, and the hour you specify will be set in the bit mask and the minutes will be stored in the minute field.
For any schedule you have defined, you can see how these bits are set by doing a show schedules command in the Console program. Please note that the bit mask is zero based, and Sunday is the first day of the week (bit zero).
-
The FileSet resource defines what files are to be included or excluded in a backup job. A FileSet resource is required for each backup Job. It consists of a list of files or directories to be included, a list of files or directories to be excluded and the various backup options such as compression, encryption, and signatures that are to be applied to each file.
Any change to the list of the included files will cause Bacula to automatically create a new FileSet (defined by the name and an MD5 checksum of the Include/Exclude contents). Each time a new FileSet is created, Bacula will ensure that the next backup is always a Full save.
Bacula is designed to handle most character sets of the world, US ASCII, German, French, Chinese, ... However, it does this by encoding everything in UTF-8, and it expects all configuration files (including those read on Win32 machines) to be in UTF-8 format. UTF-8 is typically the default on Linux machines, but not on all Unix machines, nor on Windows, so you must take some care to ensure that your locale is set properly before starting Bacula. On most modern Win32 machines, you can edit the conf files with notebook and choose output encoding UTF-8.
To ensure that Bacula configuration files can be correctly read including foreign characters the bf LANG environment variable must end in .UTF-8. An full example is en_US.UTF-8. The exact syntax may vary a bit from OS to OS, and exactly how you define it will also vary.
Bacula assumes that all filenames are in UTF-8 format on Linux and Unix machines. On Win32 they are in Unicode (UTF-16), and will be automatically converted to UTF-8 format.
We strongly recommend against setting this directive to yes, since doing so may cause you to have an incomplete set of backups.
If this directive is set to yes, any changes you make to the FileSet Include or Exclude lists, will not force a Full during subsequent backups.
The default is no, in which case, if you change the Include or Exclude, Bacula will force a Full backup to ensure that everything is properly backed up.
The Include resource must contain a list of directories and/or files to be processed in the backup job. Normally, all files found in all subdirectories of any directory in the Include File list will be backed up. Note, see below for the definition of <file-list>. The Include resource may also contain one or more Options resources that specify options such as compression to be applied to all or any subset of the files found when processing the file-list for backup. Please see below for more details concerning Options resources.
There can be any number of Include resources within the FileSet, each having its own list of directories or files to be backed up and the backup options defined by one or more Options resources. The file-list consists of one file or directory name per line. Directory names should be specified without a trailing slash with Unix path notation.
Windows users, please take note to specify directories (even c:/...) in
Unix path notation. If you use Windows conventions, you will most likely
not be able to restore your files due to the fact that the Windows
path separator was defined as an escape character long before Windows
existed, and Bacula adheres to that convention (i.e.
means the next character
appears as itself).
You should always specify a full path for every directory and file that you list in the FileSet. In addition, on Windows machines, you should always prefix the directory or filename with the drive specification in lower case (e.g. c:/xxx) using Unix directory name separators (forward slash).
Bacula's default for processing directories is to recursively descend in the directory saving all files and subdirectories. Bacula will not by default cross filesystems (or mount points in Unix parlance). This means that if you specify the root partition (e.g. /), Bacula will save only the root partition and not any of the other mounted filesystems. Similarly on Windows systems, you must explicitly specify each of the drives you want saved (e.g. c:/ and d:/ ...). In addition, at least for Windows systems, you will most likely want to enclose each specification within double quotes particularly if the directory (or file) name contains spaces. The df command on Unix systems will show you which mount points you must specify to save everything. See below for an example.
Take special care not to include a directory twice or Bacula will backup the same files two times wasting a lot of space on your archive device. Including a directory twice is very easy to do. For example:
Include {
File = /
File = /usr
Options { compression=GZIP }
}
on a Unix system where /usr is a subdirectory (rather than a mounted filesystem) will cause /usr to be backed up twice. In this case, on Bacula versions prior to 1.32f-5-09Mar04 due to a bug, you will not be able to restore hard linked files that were backed up twice.
If you have used Bacula prior to version 1.36.3, you will note three things in the new FileSet syntax:
The Options resource is optional, but when specified, it will contain a list of keyword=value options to be applied to the file-list. See below for the definition of file-list. Multiple Options resources may be specified one after another. As the files are found in the specified directories, the Options will applied to the filenames to determine if and how the file should be backed up. The wildcard and regular expression pattern matching parts of the Options resources are checked in the order they are specified in the FileSet until the first one that matches. Once one matches, the compression and other flags within the Options specification will apply to the pattern matched.
A key point is that in the absence of an Option or no other Option is matched, every file is accepted for backing up. This means that if you want to exclude something, you must explicitly specify an Option with an exclude = yes and some pattern matching.
Once Bacula determines that the Options resource matches the file under consideration, that file will be saved without looking at any other Options resources that may be present. This means that any wild cards must appear before an Options resource without wild cards.
If for some reason, Bacula checks all the Options resources to a file under consideration for backup, but there are no matches (generally because of wild cards that don't match), Bacula as a default will then backup the file. This is quite logical if you consider the case of no Options clause is specified, where you want everything to be backed up, and it is important to keep in mind when excluding as mentioned above.
However, one additional point is that in the case that no match was found, Bacula will use the options found in the last Options resource. As a consequence, if you want a particular set of "default" options, you should put them in an Options resource after any other Options.
It is a good idea to put all your wild-card and regex expressions inside double quotes to prevent conf file scanning problems.
This is perhaps a bit overwhelming, so there are a number of examples included below to illustrate how this works.
The directives within an Options resource may be one of the following:
Software compression is very important if you are writing your Volumes to a file, and it can also be helpful if you have a fast computer but a slow network, otherwise it is generally better to rely your tape drive's hardware compression. As noted above, it is not generally a good idea to do both software and hardware compression.
Specifying GZIP uses the default compression level 6 (i.e. GZIP is identical to GZIP6). If you want a different compression level (1 through 9), you can specify it by appending the level number with no intervening spaces to GZIP. Thus compression=GZIP1 would give minimum compression but the fastest algorithm, and compression=GZIP9 would give the highest level of compression, but requires more computation. According to the GZIP documentation, compression levels greater than six generally give very little extra compression and are rather CPU intensive.
A useful set of general options on the Level=Catalog or Level=DiskToCatalog verify is pins5 i.e. compare permission bits, inodes, number of links, size, and MD5 changes.
rufus-fd: /misc is a different filesystem. Will not descend from / into /misc rufus-fd: /net is a different filesystem. Will not descend from / into /net rufus-fd: /var/lib/nfs/rpc_pipefs is a different filesystem. Will not descend from /var/lib/nfs into /var/lib/nfs/rpc_pipefs rufus-fd: /selinux is a different filesystem. Will not descend from / into /selinux rufus-fd: /sys is a different filesystem. Will not descend from / into /sys rufus-fd: /dev is a different filesystem. Will not descend from / into /dev rufus-fd: /home is a different filesystem. Will not descend from / into /home
Note: in previous versions of Bacula, the above message was of the form:
Filesystem change prohibited. Will not descend into /misc
If you wish to backup multiple filesystems, you can explicitly list each filesystem you want saved. Otherwise, if you set the onefs option to no, Bacula will backup all mounted file systems (i.e. traverse mount points) that are found within the FileSet. Thus if you have NFS or Samba file systems mounted on a directory listed in your FileSet, they will also be backed up. Normally, it is preferable to set onefs=yes and to explicitly name each filesystem you want backed up. Explicitly naming the filesystems you want backed up avoids the possibility of getting into a infinite loop recursing filesystems. Another possibility is to use onefs=no and to set fstype=ext2, .... See the example below for more details.
If you think that Bacula should be backing up a particular directory and it is not, and you have onefs=no set, before you complain, please do:
stat / stat <filesystem>
where you replace filesystem with the one in question. If the Device: number is different for / and for your filesystem, then they are on different filesystems. E.g.
stat / File: `/' Size: 4096 Blocks: 16 IO Block: 4096 directory Device: 302h/770d Inode: 2 Links: 26 Access: (0755/drwxr-xr-x) Uid: ( 0/ root) Gid: ( 0/ root) Access: 2005-11-10 12:28:01.000000000 +0100 Modify: 2005-09-27 17:52:32.000000000 +0200 Change: 2005-09-27 17:52:32.000000000 +0200 stat /net File: `/home' Size: 4096 Blocks: 16 IO Block: 4096 directory Device: 308h/776d Inode: 2 Links: 7 Access: (0755/drwxr-xr-x) Uid: ( 0/ root) Gid: ( 0/ root) Access: 2005-11-10 12:28:02.000000000 +0100 Modify: 2005-11-06 12:36:48.000000000 +0100 Change: 2005-11-06 12:36:48.000000000 +0100
Also be aware that even if you include /home in your list of files to backup, as you most likely should, you will get the informational message that "/home is a different filesystem" when Bacula is processing the / directory. This message does not indicate an error. This message means that while examining the File = referred to in the second part of the message, Bacula will not descend into the directory mentioned in the first part of the message. However, it is possible that the separate filesystem will be backed up despite the message. For example, consider the following FileSet:
File = / File = /var
where /var is a separate filesystem. In this example, you will get a message saying that Bacula will not decend from / into /var. But it is important to realise that Bacula will descend into /var from the second File directive shown above. In effect, the warning is bogus, but it is supplied to alert you to possible omissions from your FileSet. In this example, /var will be backed up. If you changed the FileSet such that it did not specify /var, then /var will not be backed up.
Restrictions: Bacula reads files in 32K buffers. If the whole buffer is zero, it will be treated as a sparse block and not written to tape. However, if any part of the buffer is non-zero, the whole buffer will be written to tape, possibly including some disk sectors (generally 4098 bytes) that are all zero. As a consequence, Bacula's detection of sparse blocks is in 32K increments rather than the system block size. If anyone considers this to be a real problem, please send in a request for change with the reason.
If you are not familiar with sparse files, an example is say a file where you wrote 512 bytes at address zero, then 512 bytes at address 1 million. The operating system will allocate only two blocks, and the empty space or hole will have nothing allocated. However, when you read the sparse file and read the addresses where nothing was written, the OS will return all zeros as if the space were allocated, and if you backup such a file, a lot of space will be used to write zeros to the volume. Worse yet, when you restore the file, all the previously empty space will now be allocated using much more disk space. By turning on the sparse option, Bacula will specifically look for empty space in the file, and any empty space will not be written to the Volume, nor will it be restored. The price to pay for this is that Bacula must search each block it reads before writing it. On a slow system, this may be important. If you suspect you have sparse files, you should benchmark the difference or set sparse for only those files that are really sparse.
Unfortunately, when Bacula runs a RunBeforeJob, it waits until that script terminates, and if the script accesses the FIFO to write into the it, the Bacula job will block and everything will stall. However, Vladimir Stavrinov as supplied tip that allows this feature to work correctly. He simply adds the following to the beginning of the RunBeforeJob script:
exec > /dev/null
This option is particularly useful for sites where users are sensitive to their MailBox file access time. It replaces both the keepatime option without the inconveniences of that option (see below).
If your Operating System does not support this option, it will be silently ignored by Bacula.
Note, if you use this feature, when Bacula resets the access time, the change time (st_ctime) will automatically be modified by the system, so on the next incremental job, the file will be backed up even if it has not changed. As a consequence, you will probably also want to use mtimeonly = yes as well as keepatime (thanks to Rudolf Cejka for this tip).
zog-fd: Client1.2007-03-31_09.46.21 Error: /tmp/test mtime changed during backup.
In general, it is recommended to use this option.
You may want to test your expressions prior to running your backup by using the bwild program. Please see the Utilities chapter of this manual for more. You can also test your full FileSet definition by using the estimate command in the Console chapter of this manual. It is recommended to enclose the string in double quotes.
It is recommended to enclose the string in double quotes.
You may want to test your expressions prior to running your backup by using the bwild program. Please see the Utilities chapter of this manual for more. You can also test your full FileSet definition by using the estimate command in the Console chapter of this manual. An example of excluding with the WildDir option on Win32 machines is presented below.
It is recommended to enclose the string in double quotes.
You may want to test your expressions prior to running your backup by using the bwild program. Please see the Utilities chapter of this manual for more. You can also test your full FileSet definition by using the estimate command in the Console chapter of this manual. An example of excluding with the WildFile option on Win32 machines is presented below.
It is recommended to enclose the string in double quotes.
The regex libraries differ from one operating system to another, and in addition, regular expressions are complicated, so you may want to test your expressions prior to running your backup by using the bregex program. Please see the Utilities chapter of this manual for more. You can also test your full FileSet definition by using the estimate command in the Console chapter of this manual.
It is recommended to enclose the string in double quotes.
The regex libraries differ from one operating system to another, and in addition, regular expressions are complicated, so you may want to test your expressions prior to running your backup by using the bregex program. Please see the Utilities chapter of this manual for more.
It is recommended to enclose the string in double quotes.
The regex libraries differ from one operating system to another, and in addition, regular expressions are complicated, so you may want to test your expressions prior to running your backup by using the bregex program. Please see the Utilities chapter of this manual for more.
ext2, jfs, ntfs, proc, reiserfs, xfs, usbdevfs, sysfs, smbfs, iso9660. For ext3 systems, use ext2.
You may have multiple Fstype directives, and thus permit matching of multiple filesystem types within a single Options resource. If the type specified on the fstype directive does not match the filesystem for a particular directive, that directory will not be backed up. This directive can be used to prevent backing up non-local filesystems. Normally, when you use this directive, you would also set onefs=no so that Bacula will traverse filesystems.
This option is not implemented in Win32 systems.
<file-list> is a list of directory and/or filename names specified with a File = directive. To include names containing spaces, enclose the name between double-quotes. Wild-cards are not interpreted in file-lists. They can only be specified in Options resources.
There are a number of special cases when specifying directories and files in a file-list. They are:
Include {
Options { compression=GZIP }
@/home/files/my-files
}
This allows you to have a job that, for example, includes all the local
partitions even if you change the partitioning by adding a disk. The
examples below show you how to do this. However, please note two
things:
1. if you want the local filesystems, you probably should be
using the new fstype directive, which was added in version 1.36.3
and set onefs=no.
2. the exact syntax of the command needed in the examples below is very system dependent. For example, on recent Linux systems, you may need to add the -P option, on FreeBSD systems, the options will be different as well.
In general, you will need to prefix your command or commands with a sh -c so that they are invoked by a shell. This will not be the case if you are invoking a script as in the second example below. Also, you must take care to escape (precede with a \) wild-cards, shell character, and to ensure that any spaces in your command are escaped as well. If you use a single quotes (') within a double quote ("), Bacula will treat everything between the single quotes as one field so it will not be necessary to escape the spaces. In general, getting all the quotes and escapes correct is a real pain as you can see by the next example. As a consequence, it is often easier to put everything in a file and simply use the file name within Bacula. In that case the sh -c will not be necessary providing the first line of the file is #!/bin/sh.
As an example:
Include {
Options { signature = SHA1 }
File = "|sh -c 'df -l | grep \"^/dev/hd[ab]\" | grep -v \".*/tmp\" \
| awk \"{print \\$6}\"'"
}
will produce a list of all the local partitions on a Red Hat Linux system. Note, the above line was split, but should normally be written on one line. Quoting is a real problem because you must quote for Bacula which consists of preceding every \ and every " with a \, and you must also quote for the shell command. In the end, it is probably easier just to execute a small file with:
Include {
Options {
signature=MD5
}
File = "|my_partitions"
}
where my_partitions has:
#!/bin/sh
df -l | grep "^/dev/hd[ab]" | grep -v ".*/tmp" \
| awk "{print \$6}"
If the vertical bar (|) in front of my_partitions is preceded by a backslash as in \|, the program will be executed on the Client's machine instead of on the Director's machine. Please note that if the filename is given within quotes, you will need to use two slashes. An example, provided by John Donagher, that backs up all the local UFS partitions on a remote system is:
FileSet {
Name = "All local partitions"
Include {
Options { signature=SHA1; onefs=yes; }
File = "\\|bash -c \"df -klF ufs | tail +2 | awk '{print \$6}'\""
}
}
The above requires two backslash characters after the double quote (one preserves the next one). If you are a Linux user, just change the ufs to ext3 (or your preferred filesystem type), and you will be in business.
If you know what filesystems you have mounted on your system, e.g. for Red Hat Linux normally only ext2 and ext3, you can backup all local filesystems using something like:
Include {
Options { signature = SHA1; onfs=no; fstype=ext2 }
File = /
}
Include {
Options { signature = SHA1 }
File = "</home/files/local-filelist"
}
If you precede the less-than sign (<) with a backslash as in \<, the file-list will be read on the Client machine instead of on the Director's machine. Please note that if the filename is given within quotes, you will need to use two slashes.
Include {
Options { signature = SHA1 }
File = "\\</home/xxx/filelist-on-client"
}
Include {
Options { signature=MD5; sparse=yes }
File = /dev/hd6
}
will backup the data in device /dev/hd6.
Ludovic Strappazon has pointed out that this feature can be used to backup a full Microsoft Windows disk. Simply boot into the system using a Linux Rescue disk, then load a statically linked Bacula as described in the Disaster Recovery Using Bacula chapter of this manual. Then save the whole disk partition. In the case of a disaster, you can then restore the desired partition by again booting with the rescue disk and doing a restore of the partition.
Include {
Options {
signature=SHA1
readfifo=yes
}
File = /home/abc/fifo
}
if /home/abc/fifo is a fifo device, Bacula will open the fifo, read it, and store all data thus obtained on the Volume. Please note, you must have a process on the system that is writing into the fifo, or Bacula will hang, and after one minute of waiting, Bacula will give up and go on to the next file. The data read can be anything since Bacula treats it as a stream.
This feature can be an excellent way to do a "hot" backup of a very large database. You can use the RunBeforeJob to create the fifo and to start a program that dynamically reads your database and writes it to the fifo. Bacula will then write it to the Volume. Be sure to read the readfifo section that gives a tip to ensure that the RunBeforeJob does not block Bacula.
During the restore operation, the inverse is true, after Bacula creates the fifo if there was any data stored with it (no need to explicitly list it or add any options), that data will be written back to the fifo. As a consequence, if any such FIFOs exist in the fileset to be restored, you must ensure that there is a reader program or Bacula will block, and after one minute, Bacula will time out the write to the fifo and move on to the next file.
The following is an example of a valid FileSet resource definition. Note, the first Include pulls in the contents of the file /etc/backup.list when Bacula is started (i.e. the @), and that file must have each filename to be backed up preceded by a File = and on a separate line.
FileSet {
Name = "Full Set"
Include {
Options {
Compression=GZIP
signature=SHA1
Sparse = yes
}
@/etc/backup.list
}
Include {
Options {
wildfile = "*.o"
wildfile = "*.exe"
Exclude = yes
}
File = /root/myfile
File = /usr/lib/another_file
}
}
In the above example, all the files contained in /etc/backup.list will be compressed with GZIP compression, an SHA1 signature will be computed on the file's contents (its data), and sparse file handling will apply.
The two directories /root/myfile and /usr/lib/another_file will also be saved without any options, but all files in those directories with the extensions .o and .exe will be excluded.
Let's say that you now want to exclude the directory /tmp. The simplest way to do so is to add an exclude directive that lists /tmp. The example above would then become:
FileSet {
Name = "Full Set"
Include {
Options {
Compression=GZIP
signature=SHA1
Sparse = yes
}
@/etc/backup.list
}
Include {
Options {
wildfile = "*.o"
wildfile = "*.exe"
Exclude = yes
}
File = /root/myfile
File = /usr/lib/another_file
}
Exclude {
File = /tmp
}
}
You can add wild-cards to the File directives listed in the Exclude directory, but you need to take care because if you exclude a directory, it and all files and directories below it will also be excluded.
Now lets take a slight variation on the above and suppose you want to save all your whole filesystem except /tmp. The problem that comes up is that Bacula will not normally cross from one filesystem to another. Doing a df command, you get the following output:
[kern@rufus k]$ df Filesystem 1k-blocks Used Available Use% Mounted on /dev/hda5 5044156 439232 4348692 10% / /dev/hda1 62193 4935 54047 9% /boot /dev/hda9 20161172 5524660 13612372 29% /home /dev/hda2 62217 6843 52161 12% /rescue /dev/hda8 5044156 42548 4745376 1% /tmp /dev/hda6 5044156 2613132 2174792 55% /usr none 127708 0 127708 0% /dev/shm //minimatou/c$ 14099200 9895424 4203776 71% /mnt/mmatou lmatou:/ 1554264 215884 1258056 15% /mnt/matou lmatou:/home 2478140 1589952 760072 68% /mnt/matou/home lmatou:/usr 1981000 1199960 678628 64% /mnt/matou/usr lpmatou:/ 995116 484112 459596 52% /mnt/pmatou lpmatou:/home 19222656 2787880 15458228 16% /mnt/pmatou/home lpmatou:/usr 2478140 2038764 311260 87% /mnt/pmatou/usr deuter:/ 4806936 97684 4465064 3% /mnt/deuter deuter:/home 4806904 280100 4282620 7% /mnt/deuter/home deuter:/files 44133352 27652876 14238608 67% /mnt/deuter/files
And we see that there are a number of separate filesystems (/ /boot /home /rescue /tmp and /usr not to mention mounted systems). If you specify only / in your Include list, Bacula will only save the Filesystem /dev/hda5. To save all filesystems except /tmp with out including any of the Samba or NFS mounted systems, and explicitly excluding a /tmp, /proc, .journal, and .autofsck, which you will not want to be saved and restored, you can use the following:
FileSet {
Name = Include_example
Include {
Options {
wilddir = /proc
wilddir = /tmp
wildfile = "/.journal"
wildfile = "/.autofsck"
exclude = yes
}
File = /
File = /boot
File = /home
File = /rescue
File = /usr
}
}
Since /tmp is on its own filesystem and it was not explicitly named in the Include list, it is not really needed in the exclude list. It is better to list it in the Exclude list for clarity, and in case the disks are changed so that it is no longer in its own partition.
Now, lets assume you only want to backup .Z and .gz files and nothing else. This is a bit trickier because Bacula by default will select everything to backup, so we must exclude everything but .Z and .gz files. If we take the first example above and make the obvious modifications to it, we might come up with a FileSet that looks like this:
FileSet {
Name = "Full Set"
Include { !!!!!!!!!!!!
Options { This
wildfile = "*.Z" example
wildfile = "*.gz" doesn't
work
} !!!!!!!!!!!!
File = /myfile
}
}
The *.Z and *.gz files will indeed be backed up, but all other files that are not matched by the Options directives will automatically be backed up too (i.e. that is the default rule).
To accomplish what we want, we must explicitly exclude all other files. We do this with the following:
FileSet {
Name = "Full Set"
Include {
Options {
wildfile = "*.Z"
wildfile = "*.gz"
}
Options {
Exclude = yes
RegexFile = ".*"
}
File = /myfile
}
}
The "trick" here was to add a RegexFile expression that matches all files. It does not match directory names, so all directories in /myfile will be backed up (the directory entry) and any *.Z and *.gz files contained in them. If you know that certain directories do not contain any *.Z or *.gz files and you do not want the directory entries backed up, you will need to explicitly exclude those directories. Backing up a directory entries is not very expensive.
Bacula uses the system regex library and some of them are different on different OSes. The above has been reported not to work on FreeBSD. This can be tested by using the estimate job=job-name listing command in the console and adapting the RegexFile expression appropriately. In a future version of Bacula, we will supply our own Regex code to avoid such system dependencies.
Please be aware that allowing Bacula to traverse or change file systems can be very dangerous. For example, with the following:
FileSet {
Name = "Bad example"
Include {
Options { onefs=no }
File = /mnt/matou
}
}
you will be backing up an NFS mounted partition (/mnt/matou), and since onefs is set to no, Bacula will traverse file systems. Now if /mnt/matou has the current machine's file systems mounted, as is often the case, you will get yourself into a recursive loop and the backup will never end.
As a final example, let's say that you have only one or two subdirectories of /home that you want to backup. For example, you want to backup only subdirectories beginning with the letter a and the letter b -- i.e. /home/a* and /home/b*. Now, you might first try:
FileSet {
Name = "Full Set"
Include {
Options {
wilddir = "/home/a*"
wilddir = "/home/b*"
}
File = /home
}
}
The problem is that the above will include everything in /home. To get things to work correctly, you need to start with the idea of exclusion instead of inclusion. So, you could simply exclude all directories except the two you want to use:
FileSet {
Name = "Full Set"
Include {
Options {
RegexDir = "^/home/[c-z]"
exclude = yes
}
File = /home
}
}
And assuming that all subdirectories start with a lowercase letter, this would work.
An alternative would be to include the two subdirectories desired and exclude everything else:
FileSet {
Name = "Full Set"
Include {
Options {
wilddir = "/home/a*"
wilddir = "/home/b*"
}
Options {
RegexDir = ".*"
exclude = yes
}
File = /home
}
}
The following FileSet definition will backup a raw partition:
FileSet {
Name = "RawPartition"
Include {
Options { sparse=yes }
File = /dev/hda2
}
}
While backing up and restoring a raw partition, you should ensure that no other process including the system is writing to that partition. As a precaution, you are strongly urged to ensure that the raw partition is not mounted or is mounted read-only. If necessary, this can be done using the RunBeforeJob directive.
You may also include full filenames or directory names in addition to using wild-cards and Exclude=yes in the Options resource as specified above by simply including the files to be excluded in an Exclude resource within the FileSet. For example:
FileSet {
Name = Exclusion_example
Include {
Options {
Signature = SHA1
}
File = /
File = /boot
File = /home
File = /rescue
File = /usr
}
Exclude {
File = /proc
File = /tmp
File = .journal
File = .autofsck
}
}
FileSet {
Name = "Windows Set"
Include {
Options {
WildFile = "*.obj"
WildFile = "*.exe"
exclude = yes
}
File = "c:/My Documents"
}
}
For exclude lists to work correctly on Windows, you must observe the following rules:
Thanks to Thiago Lima for summarizing the above items for us. If you are having difficulties getting includes or excludes to work, you might want to try using the estimate job=xxx listing command documented in the Console chapter of this manual.
On Win32 systems, if you move a directory or file or rename a file into the set of files being backed up, and a Full backup has already been made, Bacula will not know there are new files to be saved during an Incremental or Differential backup (blame Microsoft, not me). To avoid this problem, please copy any new directory or files into the backup area. If you do not have enough disk to copy the directory or files, move them, but then initiate a Full backup.
The following example was contributed by Russell Howe. Please note that for presentation purposes, the lines beginning with Data and Internet have been wrapped and should included on the previous line with one space.
This is my Windows 2000 fileset:
FileSet {
Name = "Windows 2000"
Include {
Options {
signature = MD5
Exclude = yes
IgnoreCase = yes
# Exclude Mozilla-based programs' file caches
WildDir = "[A-Z]:/Documents and Settings/*/Application
Data/*/Profiles/*/*/Cache"
WildDir = "[A-Z]:/Documents and Settings/*/Application
Data/*/Profiles/*/*/Cache.Trash"
WildDir = "[A-Z]:/Documents and Settings/*/Application
Data/*/Profiles/*/*/ImapMail"
# Exclude user's registry files - they're always in use anyway.
WildFile = "[A-Z]:/Documents and Settings/*/Local Settings/Application
Data/Microsoft/Windows/usrclass.*"
WildFile = "[A-Z]:/Documents and Settings/*/ntuser.*"
# Exclude directories full of lots and lots of useless little files
WildDir = "[A-Z]:/Documents and Settings/*/Cookies"
WildDir = "[A-Z]:/Documents and Settings/*/Recent"
WildDir = "[A-Z]:/Documents and Settings/*/Local Settings/History"
WildDir = "[A-Z]:/Documents and Settings/*/Local Settings/Temp"
WildDir = "[A-Z]:/Documents and Settings/*/Local Settings/Temporary
Internet Files"
# These are always open and unable to be backed up
WildFile = "[A-Z]:/Documents and Settings/All Users/Application
Data/Microsoft/Network/Downloader/qmgr[01].dat"
# Some random bits of Windows we want to ignore
WildFile = "[A-Z]:/WINNT/security/logs/scepol.log"
WildDir = "[A-Z]:/WINNT/system32/config"
WildDir = "[A-Z]:/WINNT/msdownld.tmp"
WildDir = "[A-Z]:/WINNT/Internet Logs"
WildDir = "[A-Z]:/WINNT/$Nt*Uninstall*"
WildDir = "[A-Z]:/WINNT/sysvol"
WildFile = "[A-Z]:/WINNT/cluster/CLUSDB"
WildFile = "[A-Z]:/WINNT/cluster/CLUSDB.LOG"
WildFile = "[A-Z]:/WINNT/NTDS/edb.log"
WildFile = "[A-Z]:/WINNT/NTDS/ntds.dit"
WildFile = "[A-Z]:/WINNT/NTDS/temp.edb"
WildFile = "[A-Z]:/WINNT/ntfrs/jet/log/edb.log"
WildFile = "[A-Z]:/WINNT/ntfrs/jet/ntfrs.jdb"
WildFile = "[A-Z]:/WINNT/ntfrs/jet/temp/tmp.edb"
WildFile = "[A-Z]:/WINNT/system32/CPL.CFG"
WildFile = "[A-Z]:/WINNT/system32/dhcp/dhcp.mdb"
WildFile = "[A-Z]:/WINNT/system32/dhcp/j50.log"
WildFile = "[A-Z]:/WINNT/system32/dhcp/tmp.edb"
WildFile = "[A-Z]:/WINNT/system32/LServer/edb.log"
WildFile = "[A-Z]:/WINNT/system32/LServer/TLSLic.edb"
WildFile = "[A-Z]:/WINNT/system32/LServer/tmp.edb"
WildFile = "[A-Z]:/WINNT/system32/wins/j50.log"
WildFile = "[A-Z]:/WINNT/system32/wins/wins.mdb"
WildFile = "[A-Z]:/WINNT/system32/wins/winstmp.mdb"
# Temporary directories & files
WildDir = "[A-Z]:/WINNT/Temp"
WildDir = "[A-Z]:/temp"
WildFile = "*.tmp"
WildDir = "[A-Z]:/tmp"
WildDir = "[A-Z]:/var/tmp"
# Recycle bins
WildDir = "[A-Z]:/RECYCLER"
# Swap files
WildFile = "[A-Z]:/pagefile.sys"
# These are programs and are easier to reinstall than restore from
# backup
WildDir = "[A-Z]:/cygwin"
WildDir = "[A-Z]:/Program Files/Grisoft"
WildDir = "[A-Z]:/Program Files/Java"
WildDir = "[A-Z]:/Program Files/Java Web Start"
WildDir = "[A-Z]:/Program Files/JavaSoft"
WildDir = "[A-Z]:/Program Files/Microsoft Office"
WildDir = "[A-Z]:/Program Files/Mozilla Firefox"
WildDir = "[A-Z]:/Program Files/Mozilla Thunderbird"
WildDir = "[A-Z]:/Program Files/mozilla.org"
WildDir = "[A-Z]:/Program Files/OpenOffice*"
}
# Our Win2k boxen all have C: and D: as the main hard drives.
File = "C:/"
File = "D:/"
}
}
Note, the three line of the above Exclude were split to fit on the document page, they should be written on a single line in real use.
NTFS filenames containing Unicode characters should now be supported as of version 1.37.30 or later.
If you wish to get an idea of what your FileSet will really backup or if your exclusion rules will work correctly, you can test it by using the estimate command in the Console program. See the estimate in the Console chapter of this manual.
As an example, suppose you add the following test FileSet:
FileSet {
Name = Test
Include {
File = /home/xxx/test
Options {
regex = ".*\.c$"
}
}
}
You could then add some test files to the directory /home/xxx/test and use the following command in the console:
estimate job=<any-job-name> listing client=<desired-client> fileset=Test
to give you a listing of all files that match.
The Client resource defines the attributes of the Clients that are served by this Director; that is the machines that are to be backed up. You will need one Client resource definition for each machine to be backed up.
The password is plain text. It is not generated through any special process, but it is preferable for security reasons to make the text random.
File records may actually be retained for a shorter period than you specify on this directive if you specify either a shorter Job Retention or a shorter Volume Retention period. The shortest retention period of the three takes precedence. The time may be expressed in seconds, minutes, hours, days, weeks, months, quarters, or years. See the Configuration chapter of this manual for additional details of time specification.
The default is 60 days.
If a Job record is selected for pruning, all associated File and JobMedia records will also be pruned regardless of the File Retention period set. As a consequence, you normally will set the File retention period to be less than the Job retention period. The Job retention period can actually be less than the value you specify here if you set the Volume Retention directive in the Pool resource to a smaller duration. This is because the Job retention period and the Volume retention period are independently applied, so the smaller of the two takes precedence.
The Job retention period is specified as seconds, minutes, hours, days, weeks, months, quarters, or years. See the Configuration chapter of this manual for additional details of time specification.
The default is 180 days.
The following is an example of a valid Client resource definition:
Client {
Name = Minimatou
FDAddress = minimatou
Catalog = MySQL
Password = very_good
}
The Storage resource defines which Storage daemons are available for use by the Director.
The password is plain text. It is not generated through any special process, but it is preferable for security reasons to use random text.
If you are writing to disk Volumes, you must make doubly sure that each Device resource defined in the Storage daemon (and hence in the Director's conf file) has a unique media type. Otherwise for Bacula versions 1.38 and older, your restores may not work because Bacula will assume that you can mount any Media Type with the same name on any Device associated with that Media Type. This is possible with tape drives, but with disk drives, unless you are very clever you cannot mount a Volume in any directory -- this can be done by creating an appropriate soft link.
Currently Bacula permits only a single Media Type per Storage and Device definition. Consequently, if you have a drive that supports more than one Media Type, you can give a unique string to Volumes with different intrinsic Media Type (Media Type = DDS-3-4 for DDS-3 and DDS-4 types), but then those volumes will only be mounted on drives indicated with the dual type (DDS-3-4).
If you want to tie Bacula to using a single Storage daemon or drive, you must specify a unique Media Type for that drive. This is an important point that should be carefully understood. Note, this applies equally to Disk Volumes. If you define more than one disk Device resource in your Storage daemon's conf file, the Volumes on those two devices are in fact incompatible because one can not be mounted on the other device since they are found in different directories. For this reason, you probably should use two different Media Types for your two disk Devices (even though you might think of them as both being File types). You can find more on this subject in the Basic Volume Management chapter of this manual.
The MediaType specified in the Director's Storage resource, must correspond to the Media Type specified in the Device resource of the Storage daemon configuration file. This directive is required, and it is used by the Director and the Storage daemon to ensure that a Volume automatically selected from the Pool corresponds to the physical device. If a Storage daemon handles multiple devices (e.g. will write to various file Volumes on different partitions), this directive allows you to specify exactly which device.
As mentioned above, the value specified in the Director's Storage resource must agree with the value specified in the Device resource in the Storage daemon's configuration file. It is also an additional check so that you don't try to write data for a DLT onto an 8mm device.
For the autochanger to be used, you must also specify Autochanger = yes in the Device Resource in the Storage daemon's configuration file as well as other important Storage daemon configuration information. Please consult the Using Autochangers manual of this chapter for the details of using autochangers.
The following is an example of a valid Storage resource definition:
# Definition of tape storage device
Storage {
Name = DLTDrive
Address = lpmatou
Password = storage_password # password for Storage daemon
Device = "HP DLT 80" # same as Device in Storage daemon
Media Type = DLT8000 # same as MediaType in Storage daemon
}
The Pool resource defines the set of storage Volumes (tapes or files) to be used by Bacula to write the data. By configuring different Pools, you can determine which set of Volumes (media) receives the backup data. This permits, for example, to store all full backup data on one set of Volumes and all incremental backups on another set of Volumes. Alternatively, you could assign a different set of Volumes to each machine that you backup. This is most easily done by defining multiple Pools.
Another important aspect of a Pool is that it contains the default attributes (Maximum Jobs, Retention Period, Recycle flag, ...) that will be given to a Volume when it is created. This avoids the need for you to answer a large number of questions when labeling a new Volume. Each of these attributes can later be changed on a Volume by Volume basis using the update command in the console program. Note that you must explicitly specify which Pool Bacula is to use with each Job. Bacula will not automatically search for the correct Pool.
Most often in Bacula installations all backups for all machines (Clients) go to a single set of Volumes. In this case, you will probably only use the Default Pool. If your backup strategy calls for you to mount a different tape each day, you will probably want to define a separate Pool for each day. For more information on this subject, please see the Backup Strategies chapter of this manual.
To use a Pool, there are three distinct steps. First the Pool must be defined in the Director's configuration file. Then the Pool must be written to the Catalog database. This is done automatically by the Director each time that it starts, or alternatively can be done using the create command in the console program. Finally, if you change the Pool definition in the Director's configuration file and restart Bacula, the pool will be updated alternatively you can use the update pool console command to refresh the database image. It is this database image rather than the Director's resource image that is used for the default Volume attributes. Note, for the pool to be automatically created or updated, it must be explicitly referenced by a Job resource.
Next the physical media must be labeled. The labeling can either be done with the label command in the console program or using the btape program. The preferred method is to use the label command in the console program.
Finally, you must add Volume names (and their attributes) to the Pool. For Volumes to be used by Bacula they must be of the same Media Type as the archive device specified for the job (i.e. if you are going to back up to a DLT device, the Pool must have DLT volumes defined since 8mm volumes cannot be mounted on a DLT drive). The Media Type has particular importance if you are backing up to files. When running a Job, you must explicitly specify which Pool to use. Bacula will then automatically select the next Volume to use from the Pool, but it will ensure that the Media Type of any Volume selected from the Pool is identical to that required by the Storage resource you have specified for the Job.
If you use the label command in the console program to label the Volumes, they will automatically be added to the Pool, so this last step is not normally required.
It is also possible to add Volumes to the database without explicitly labeling the physical volume. This is done with the add console command.
As previously mentioned, each time Bacula starts, it scans all the Pools associated with each Catalog, and if the database record does not already exist, it will be created from the Pool Resource definition. Bacula probably should do an update pool if you change the Pool definition, but currently, you must do this manually using the update pool command in the Console program.
The Pool Resource defined in the Director's configuration file (bacula-dir.conf) may contain the following directives:
The value defined by this directive in the bacula-dir.conf file is the default value used when a Volume is created. Once the volume is created, changing the value in the bacula-dir.conf file will not change what is stored for the Volume. To change the value for an existing Volume you must use the update command in the Console.
Please see the notes below under Maximum Volume Jobs concerning using this directive with multiple simultaneous jobs.
The value defined by this directive in the bacula-dir.conf file is the default value used when a Volume is created. Once the volume is created, changing the value in the bacula-dir.conf file will not change what is stored for the Volume. To change the value for an existing Volume you must use the update command in the Console.
If you are running multiple simultaneous jobs, this directive may not work correctly because when a drive is reserved for a job, this directive is not taken into account, so multiple jobs may try to start writing to the Volume. At some point, when the Media record is updated, multiple simultaneous jobs may fail since the Volume can no longer be written.
The value defined by this directive in the bacula-dir.conf file is the default value used when a Volume is created. Once the volume is created, changing the value in the bacula-dir.conf file will not change what is stored for the Volume. To change the value for an existing Volume you must use the update command in the Console.
This directive is particularly useful for restricting the size of disk volumes, and will work correctly even in the case of multiple simultaneous jobs writing to the volume.
The value defined by this directive in the bacula-dir.conf file is the default value used when a Volume is created. Once the volume is created, changing the value in the bacula-dir.conf file will not change what is stored for the Volume. To change the value for an existing Volume you must use the update command in the Console.
You might use this directive, for example, if you have a Volume used for Incremental backups, and Volumes used for Weekly Full backups. Once the Full backup is done, you will want to use a different Incremental Volume. This can be accomplished by setting the Volume Use Duration for the Incremental Volume to six days. I.e. it will be used for the 6 days following a Full save, then a different Incremental volume will be used. Be careful about setting the duration to short periods such as 23 hours, or you might experience problems of Bacula waiting for a tape over the weekend only to complete the backups Monday morning when an operator mounts a new tape.
The use duration is checked and the Used status is set only at the end of a job that writes to the particular volume, which means that even though the use duration may have expired, the catalog entry will not be updated until the next job that uses this volume is run. This directive is not intended to be used to limit volume sizes and will not work correctly (i.e. will fail jobs) if the use duration expires while multiple simultaneous jobs are writing to the volume.
Please note that the value defined by this directive in the bacula-dir.conf file is the default value used when a Volume is created. Once the volume is created, changing the value in the bacula-dir.conf file will not change what is stored for the Volume. To change the value for an existing Volume you must use the update volume command in the Console.
It is important to know that when the Volume Retention period expires, Bacula does not automatically recycle a Volume. It attempts to keep the Volume data intact as long as possible before over writing the Volume.
By defining multiple Pools with different Volume Retention periods, you may effectively have a set of tapes that is recycled weekly, another Pool of tapes that is recycled monthly and so on. However, one must keep in mind that if your Volume Retention period is too short, it may prune the last valid Full backup, and hence until the next Full backup is done, you will not have a complete backup of your system, and in addition, the next Incremental or Differential backup will be promoted to a Full backup. As a consequence, the minimum Volume Retention period should be at twice the interval of your Full backups. This means that if you do a Full backup once a month, the minimum Volume retention period should be two months.
The default Volume retention period is 365 days, and either the default or the value defined by this directive in the bacula-dir.conf file is the default value used when a Volume is created. Once the volume is created, changing the value in the bacula-dir.conf file will not change what is stored for the Volume. To change the value for an existing Volume you must use the update command in the Console.
Although this directive is called RecyclePool, the Volume in question is actually moved from its current pool to the one you specify on this directive when Bacula prunes the Volume and discovers that there are no records left in the catalog and hence marks it as Purged.
Please note that the value defined by this directive in the bacula-dir.conf file is the default value used when a Volume is created. Once the volume is created, changing the value in the bacula-dir.conf file will not change what is stored for the Volume. To change the value for an existing Volume you must use the update command in the Console.
When all Job and File records have been pruned or purged from the catalog for a particular Volume, if that Volume is marked as Append, Full, Used, or Error, it will then be marked as Purged. Only Volumes marked as Purged will be considered to be converted to the Recycled state if the Recycle directive is set to yes.
This directive can be useful if you have a fixed number of Volumes in the Pool and you want to cycle through them and you have specified the correct retention periods.
However, if you use this directive and have only one Volume in the Pool, you will immediately recycle your Volume if you fill it and Bacula needs another one. Thus your backup will be totally invalid. Please use this directive with care. The default is no.
This directive can be useful if you have: a fixed number of Volumes in the Pool, you want to cycle through them, and you have specified retention periods that prune Volumes before you have cycled through the Volume in the Pool.
However, if you use this directive and have only one Volume in the Pool, you will immediately recycle your Volume if you fill it and Bacula needs another one. Thus your backup will be totally invalid. Please use this directive with care. The default is no.
This directive can be useful if you have a fixed number of Volumes in the Pool and you want to cycle through them and reusing the oldest one when all Volumes are full, but you don't want to worry about setting proper retention periods. However, by using this option you risk losing valuable data.
Please be aware that Purge Oldest Volume disregards all retention periods. If you have only a single Volume defined and you turn this variable on, that Volume will always be immediately overwritten when it fills! So at a minimum, ensure that you have a decent number of Volumes in your Pool before running any jobs. If you want retention periods to apply do not use this directive. To specify a retention period, use the Volume Retention directive (see above).
We highly recommend against using this directive, because it is sure that some day, Bacula will recycle a Volume that contains current data. The default is no.
The format should be specified in double quotes, and consists of letters, numbers and the special characters hyphen (-), underscore (_), colon (:), and period (.), which are the legal characters for a Volume name. The format should be enclosed in double quotes (").
In addition, the format may contain a number of variable expansion characters which will be expanded by a complex algorithm allowing you to create Volume names of many different formats. In all cases, the expansion process must resolve to the set of characters noted above that are legal Volume names. Generally, these variable expansion characters begin with a dollar sign ($) or a left bracket ([). If you specify variable expansion characters, you should always enclose the format with double quote characters ("). For more details on variable expansion, please see the Variable Expansion Chapter of this manual.
If no variable expansion characters are found in the string, the Volume name will be formed from the format string appended with the number of volumes in the pool plus one, which will be edited as four digits with leading zeros. For example, with a Label Format = "File-", the first volumes will be named File-0001, File-0002, ...
With the exception of Job specific variables, you can test your LabelFormat by using the var command the Console Chapter of this manual.
In almost all cases, you should enclose the format specification (part after the equal sign) in double quotes. Please note that this directive is deprecated and is replaced in version 1.37 and greater with a Python script for creating volume names.
In order for a Pool to be used during a Backup Job, the Pool must have at least one Volume associated with it. Volumes are created for a Pool using the label or the add commands in the Bacula Console, program. In addition to adding Volumes to the Pool (i.e. putting the Volume names in the Catalog database), the physical Volume must be labeled with a valid Bacula software volume label before Bacula will accept the Volume. This will be automatically done if you use the label command. Bacula can automatically label Volumes if instructed to do so, but this feature is not yet fully implemented.
The following is an example of a valid Pool resource definition:
Pool {
Name = Default
Pool Type = Backup
}
The Catalog Resource defines what catalog to use for the current job. Currently, Bacula can only handle a single database server (SQLite, MySQL, PostgreSQL) that is defined when configuring Bacula. However, there may be as many Catalogs (databases) defined as you wish. For example, you may want each Client to have its own Catalog database, or you may want backup jobs to use one database and verify or restore jobs to use another database.
Since SQLite is compiled in, it always runs on the same machine as the Director and the database must be directly accessible (mounted) from the Director. However, since both MySQL and PostgreSQL are networked databases, they may reside either on the same machine as the Director or on a different machine on the network. See below for more details.
the different
The following is an example of a valid Catalog resource definition:
Catalog
{
Name = SQLite
dbname = bacula;
user = bacula;
password = "" # no password = no security
}
or for a Catalog on another machine:
Catalog
{
Name = MySQL
dbname = bacula
user = bacula
password = ""
DB Address = remote.acme.com
DB Port = 1234
}
For the details of the Messages Resource, please see the Messages Resource Chapter of this manual.
As of Bacula version 1.33 and higher, there are three different kinds of consoles, which the administrator or user can use to interact with the Director. These three kinds of consoles comprise three different security levels.
This second type of console begins with absolutely no privileges except those explicitly specified in the Director's Console resource. Thus you can have multiple Consoles with different names and passwords, sort of like multiple users, each with different privileges. As a default, these consoles can do absolutely nothing -- no commands whatsoever. You give them privileges or rather access to commands and resources by specifying access control lists in the Director's Console resource. The ACLs are specified by a directive followed by a list of access names. Examples of this are shown below.
The Console resource is optional and need not be specified. The following directives are permitted within the Director's configuration resource:
The password is plain text. It is not generated through any special process. However, it is preferable for security reasons to choose random text.
JobACL = kernsave, "Backup client 1", "Backup client 2"
JobACL = "RestoreFiles"
With the above specification, the console can access the Director's resources for the four jobs named on the JobACL directives, but for no others.
Aside from Director resource names and console command names, the special keyword *all* can be specified in any of the above access control lists. When this keyword is present, any resource or command name (which ever is appropriate) will be accepted. For an example configuration file, please see the Console Configuration chapter of this manual.
The Counter Resource defines a counter variable that can be accessed by variable expansion used for creating Volume labels with the LabelFormat directive. See the LabelFormat directive in this chapter for more details.
An example Director configuration file might be the following:
#
# Default Bacula Director Configuration file
#
# The only thing that MUST be changed is to add one or more
# file or directory names in the Include directive of the
# FileSet resource.
#
# For Bacula release 1.15 (5 March 2002) -- redhat
#
# You might also want to change the default email address
# from root to your address. See the "mail" and "operator"
# directives in the Messages resource.
#
Director { # define myself
Name = rufus-dir
QueryFile = "/home/kern/bacula/bin/query.sql"
WorkingDirectory = "/home/kern/bacula/bin/working"
PidDirectory = "/home/kern/bacula/bin/working"
Password = "XkSfzu/Cf/wX4L8Zh4G4/yhCbpLcz3YVdmVoQvU3EyF/"
}
# Define the backup Job
Job {
Name = "NightlySave"
Type = Backup
Level = Incremental # default
Client=rufus-fd
FileSet="Full Set"
Schedule = "WeeklyCycle"
Storage = DLTDrive
Messages = Standard
Pool = Default
}
Job {
Name = "Restore"
Type = Restore
Client=rufus-fd
FileSet="Full Set"
Where = /tmp/bacula-restores
Storage = DLTDrive
Messages = Standard
Pool = Default
}
# List of files to be backed up
FileSet {
Name = "Full Set"
Include {
Options { signature=SHA1}
#
# Put your list of files here, one per line or include an
# external list with:
#
# @file-name
#
# Note: / backs up everything
File = /
}
Exclude {}
}
# When to do the backups
Schedule {
Name = "WeeklyCycle"
Run = level=Full sun at 2:05
Run = level=Incremental mon-sat at 2:05
}
# Client (File Services) to backup
Client {
Name = rufus-fd
Address = rufus
Catalog = MyCatalog
Password = "MQk6lVinz4GG2hdIZk1dsKE/LxMZGo6znMHiD7t7vzF+"
File Retention = 60d # sixty day file retention
Job Retention = 1y # 1 year Job retention
AutoPrune = yes # Auto apply retention periods
}
# Definition of DLT tape storage device
Storage {
Name = DLTDrive
Address = rufus
Password = "jMeWZvfikUHvt3kzKVVPpQ0ccmV6emPnF2cPYFdhLApQ"
Device = "HP DLT 80" # same as Device in Storage daemon
Media Type = DLT8000 # same as MediaType in Storage daemon
}
# Definition for a DLT autochanger device
Storage {
Name = Autochanger
Address = rufus
Password = "jMeWZvfikUHvt3kzKVVPpQ0ccmV6emPnF2cPYFdhLApQ"
Device = "Autochanger" # same as Device in Storage daemon
Media Type = DLT-8000 # Different from DLTDrive
Autochanger = yes
}
# Definition of DDS tape storage device
Storage {
Name = SDT-10000
Address = rufus
Password = "jMeWZvfikUHvt3kzKVVPpQ0ccmV6emPnF2cPYFdhLApQ"
Device = SDT-10000 # same as Device in Storage daemon
Media Type = DDS-4 # same as MediaType in Storage daemon
}
# Definition of 8mm tape storage device
Storage {
Name = "8mmDrive"
Address = rufus
Password = "jMeWZvfikUHvt3kzKVVPpQ0ccmV6emPnF2cPYFdhLApQ"
Device = "Exabyte 8mm"
MediaType = "8mm"
}
# Definition of file storage device
Storage {
Name = File
Address = rufus
Password = "jMeWZvfikUHvt3kzKVVPpQ0ccmV6emPnF2cPYFdhLApQ"
Device = FileStorage
Media Type = File
}
# Generic catalog service
Catalog {
Name = MyCatalog
dbname = bacula; user = bacula; password = ""
}
# Reasonable message delivery -- send most everything to
# the email address and to the console
Messages {
Name = Standard
mail = root@localhost = all, !skipped, !terminate
operator = root@localhost = mount
console = all, !skipped, !saved
}
# Default pool definition
Pool {
Name = Default
Pool Type = Backup
AutoPrune = yes
Recycle = yes
}
#
# Restricted console used by tray-monitor to get the status of the director
#
Console {
Name = Monitor
Password = "GN0uRo7PTUmlMbqrJ2Gr1p0fk0HQJTxwnFyE4WSST3MWZseR"
CommandACL = status, .status
}
The Client (or File Daemon) Configuration is one of the simpler ones to specify. Generally, other than changing the Client name so that error messages are easily identified, you will not need to modify the default Client configuration file.
For a general discussion of configuration file and resources including the data types recognized by Bacula, please see the Configuration chapter of this manual. The following Client Resource definitions must be defined:
The Client Resource (or FileDaemon) resource defines the name of the Client (as used by the Director) as well as the port on which the Client listens for Director connections.
On Win32 systems, in some circumstances you may need to specify a drive letter in the specified working directory path. Also, please be sure that this directory is writable by the SYSTEM user otherwise restores may fail (the bootstrap file that is transferred to the File daemon from the Director is temporarily put in this directory before being passed to the Storage daemon).
Typically on Linux systems, you will set this to: /var/run. If you are not installing Bacula in the system directories, you can use the Working Directory as defined above.
If you continue getting broken pipe error messages despite using the Heartbeat Interval, and you are using Windows, you should consider upgrading your ethernet driver. This is a known problem with NVidia NForce 3 drivers (4.4.2 17/05/2004), or try the following workaround suggested by Thomas Simmons for Win32 machines:
Browse to: Start > Control Panel > Network Connections
Right click the connection for the nvidia adapter and select properties. Under the General tab, click "Configure...". Under the Advanced tab set "Checksum Offload" to disabled and click OK to save the change.
Lack of communications, or communications that get interrupted can also be caused by Linux firewalls where you have a rule that throttles connections or traffic.
FDAddresses = {
ip = { addr = 1.2.3.4; port = 1205; }
ipv4 = {
addr = 1.2.3.4; port = http; }
ipv6 = {
addr = 1.2.3.4;
port = 1205;
}
ip = {
addr = 1.2.3.4
port = 1205
}
ip = { addr = 1.2.3.4 }
ip = {
addr = 201:220:222::2
}
ip = {
addr = bluedot.thun.net
}
}
where ip, ip4, ip6, addr, and port are all keywords. Note, that the address can be specified as either a dotted quadruple, or IPv6 colon notation, or as a symbolic name (only in the ip specification). Also, port can be specified as a number or as the mnemonic value from the /etc/services file. If a port is not specified, the default will be used. If an ip section is specified, the resolution can be made either by IPv4 or IPv6. If ip4 is specified, then only IPv4 resolutions will be permitted, and likewise with ip6.
Note, on certain Windows machines, there are reports that the transfer rates are very slow and this seems to be related to the default 65,536 size. On systems where the transfer rates seem abnormally slow compared to other systems, you might try setting the Maximum Network Buffer Size to 32,768 in both the File daemon and in the Storage daemon.
The following is an example of a valid Client resource definition:
Client { # this is me
Name = rufus-fd
WorkingDirectory = $HOME/bacula/bin/working
Pid Directory = $HOME/bacula/bin/working
}
The Director resource defines the name and password of the Directors that are permitted to contact this Client.
Please note that if this director is being used by a Monitor, we highly recommend to set this directive to yes to avoid serious security problems.
Thus multiple Directors may be authorized to use this Client's services. Each Director will have a different name, and normally a different password as well.
The following is an example of a valid Director resource definition:
#
# List Directors who are permitted to contact the File daemon
#
Director {
Name = HeadMan
Password = very_good # password HeadMan must supply
}
Director {
Name = Worker
Password = not_as_good
Monitor = Yes
}
Please see the Messages Resource Chapter of this manual for the details of the Messages Resource.
There must be at least one Message resource in the Client configuration file.
An example File Daemon configuration file might be the following:
#
# Default Bacula File Daemon Configuration file
#
# For Bacula release 1.35.2 (16 August 2004) -- gentoo 1.4.16
#
# There is not much to change here except perhaps to
# set the Director's name and File daemon's name
# to something more appropriate for your site.
#
#
# List Directors who are permitted to contact this File daemon
#
Director {
Name = rufus-dir
Password = "/LqPRkX++saVyQE7w7mmiFg/qxYc1kufww6FEyY/47jU"
}
#
# Restricted Director, used by tray-monitor to get the
# status of the file daemon
#
Director {
Name = rufus-mon
Password = "FYpq4yyI1y562EMS35bA0J0QC0M2L3t5cZObxT3XQxgxppTn"
Monitor = yes
}
#
# "Global" File daemon configuration specifications
#
FileDaemon { # this is me
Name = rufus-fd
WorkingDirectory = $HOME/bacula/bin/working
Pid Directory = $HOME/bacula/bin/working
}
# Send all messages except skipped files back to Director
Messages {
Name = Standard
director = rufus-dir = all, !skipped
}
The Storage Daemon configuration file has relatively few resource definitions. However, due to the great variation in backup media and system capabilities, the storage daemon must be highly configurable. As a consequence, there are quite a large number of directives in the Device Resource definition that allow you to define all the characteristics of your Storage device (normally a tape drive). Fortunately, with modern storage devices, the defaults are sufficient, and very few directives are actually needed.
Examples of Device resource directives that are known to work for a number of common tape drives can be found in the <bacula-src>/examples/devices directory, and most will also be listed here.
For a general discussion of configuration file and resources including the data types recognized by Bacula, please see the Configuration chapter of this manual. The following Storage Resource definitions must be defined:
In general, the properties specified under the Storage resource define global properties of the Storage daemon. Each Storage daemon configuration file must have one and only one Storage resource definition.
Typically on Linux systems, you will set this to: /var/run. If you are not installing Bacula in the system directories, you can use the Working Directory as defined above.
SDAddresses = { ip = {
addr = 1.2.3.4; port = 1205; }
ipv4 = {
addr = 1.2.3.4; port = http; }
ipv6 = {
addr = 1.2.3.4;
port = 1205;
}
ip = {
addr = 1.2.3.4
port = 1205
}
ip = {
addr = 1.2.3.4
}
ip = {
addr = 201:220:222::2
}
ip = {
addr = bluedot.thun.net
}
}
where ip, ip4, ip6, addr, and port are all keywords. Note, that the address can be specified as either a dotted quadruple, or IPv6 colon notation, or as a symbolic name (only in the ip specification). Also, port can be specified as a number or as the mnemonic value from the /etc/services file. If a port is not specified, the default will be used. If an ip section is specified, the resolution can be made either by IPv4 or IPv6. If ip4 is specified, then only IPv4 resolutions will be permitted, and likewise with ip6.
Using this directive, you can replace both the SDPort and SDAddress directives shown below.
The following is a typical Storage daemon Storage definition.
#
# "Global" Storage daemon configuration specifications appear
# under the Storage resource.
#
Storage {
Name = "Storage daemon"
Address = localhost
WorkingDirectory = "~/bacula/working"
Pid Directory = "~/bacula/working"
}
The Director resource specifies the Name of the Director which is permitted to use the services of the Storage daemon. There may be multiple Director resources. The Director Name and Password must match the corresponding values in the Director's configuration file.
Please note that if this director is being used by a Monitor, we highly recommend to set this directive to yes to avoid serious security problems.
The following is an example of a valid Director resource definition:
Director {
Name = MainDirector
Password = my_secret_password
}
The Device Resource specifies the details of each device (normally a tape drive) that can be used by the Storage daemon. There may be multiple Device resources for a single Storage daemon. In general, the properties specified within the Device resource are specific to the Device.
As noted above, normally the Archive Device is the name of a tape drive, but you may also specify an absolute path to an existing directory. If the Device is a directory Bacula will write to file storage in the specified directory, and the filename used will be the Volume name as specified in the Catalog. If you want to write into more than one directory (i.e. to spread the load to different disk drives), you will need to define two Device resources, each containing an Archive Device with a different directory. In addition to a tape device name or a directory name, Bacula will accept the name of a FIFO. A FIFO is a special kind of file that connects two programs via kernel memory. If a FIFO device is specified for a backup operation, you must have a program that reads what Bacula writes into the FIFO. When the Storage daemon starts the job, it will wait for MaximumOpenWait seconds for the read program to start reading, and then time it out and terminate the job. As a consequence, it is best to start the read program at the beginning of the job perhaps with the RunBeforeJob directive. For this kind of device, you never want to specify AlwaysOpen, because you want the Storage daemon to open it only when a job starts, so you must explicitly set it to No. Since a FIFO is a one way device, Bacula will not attempt to read a label of a FIFO device, but will simply write on it. To create a FIFO Volume in the catalog, use the add command rather than the label command to avoid attempting to write a label.
Device {
Name = FifoStorage
Media Type = Fifo
Device Type = Fifo
Archive Device = /tmp/fifo
LabelMedia = yes
Random Access = no
AutomaticMount = no
RemovableMedia = no
MaximumOpenWait = 60
AlwaysOpen = no
}
During a restore operation, if the Archive Device is a FIFO, Bacula will attempt to read from the FIFO, so you must have an external program that writes into the FIFO. Bacula will wait MaximumOpenWait seconds for the program to begin writing and will then time it out and terminate the job. As noted above, you may use the RunBeforeJob to start the writer program at the beginning of the job.
The Archive Device directive is required.
The Device Type directive is not required, and if not specified, Bacula will attempt to guess what kind of device has been specified using the Archive Device specification supplied. There are several advantages to explicitly specifying the Device Type. First, on some systems, block and character devices have the same type, which means that on those systems, Bacula is unlikely to be able to correctly guess that a device is a DVD. Secondly, if you explicitly specify the Device Type, the mount point need not be defined until the device is opened. This is the case with most removable devices such as USB that are mounted by the HAL daemon. If the Device Type is not explicitly specified, then the mount point must exist when the Storage daemon starts.
This directive was implemented in Bacula version 1.38.6.
Even though the names you assign are arbitrary (i.e. you choose the name you want), you should take care in specifying them because the Media Type is used to determine which storage device Bacula will select during restore. Thus you should probably use the same Media Type specification for all drives where the Media can be freely interchanged. This is not generally an issue if you have a single Storage daemon, but it is with multiple Storage daemons, especially if they have incompatible media.
For example, if you specify a Media Type of "DDS-4" then during the restore, Bacula will be able to choose any Storage Daemon that handles "DDS-4". If you have an autochanger, you might want to name the Media Type in a way that is unique to the autochanger, unless you wish to possibly use the Volumes in other drives. You should also ensure to have unique Media Type names if the Media is not compatible between drives. This specification is required for all devices.
In addition, if you are using disk storage, each Device resource will generally have a different mount point or directory. In order for Bacula to select the correct Device resource, each one must have a unique Media Type.
Changer Command = "/path/mtx-changer %c %o %S %a %d"
and you will install the mtx on your system (found in the depkgs release). An example of this command is in the default bacula-sd.conf file. For more details on the substitution characters that may be specified to configure your autochanger please see the Autochangers chapter of this manual. For FreeBSD users, you might want to see one of the several chio scripts in examples/autochangers.
Note, it is not necessary to have an autochanger to use this command. The example below uses the tapeinfo program that comes with the mtx package, but it can be used on any tape drive. However, you will need to specify a Changer Device directive in your Device resource (see above) so that the generic SCSI device name can be edited into the command (with the %c).
An example of the use of this command to print Tape Alerts in the Job report is:
Alert Command = "sh -c 'tapeinfo -f %c | grep TapeAlert'"
and an example output when there is a problem could be:
bacula-sd Alert: TapeAlert[32]: Interface: Problem with SCSI interface
between tape drive and initiator.
If you have Always Open = yes (recommended) and you want to use the drive for something else, simply use the unmount command in the Console program to release the drive. However, don't forget to remount the drive with mount when the drive is available or the next Bacula job will block.
For File storage, this directive is ignored. For a FIFO storage device, you must set this to No.
Please note that if you set this directive to No Bacula will release the tape drive between each job, and thus the next job will rewind the tape and position it to the end of the data. This can be a very time consuming operation. In addition, with this directive set to no, certain multiple drive autochanger operations will fail. We strongly recommend to keep Always Open set to Yes
If the removable medium is not automatically mounted (e.g. udev), then you might consider using additional Storage daemon device directives such as Requires Mount, Mount Point, Mount Command, and Unmount Command, all of which can be used in conjunction with Removable Media.
Most frequently, for a DVD, you will define it as follows:
Mount Command = "/bin/mount -t iso9660 -o ro %a %m"
However, if you have defined a mount point in /etc/fstab, you might be able to use a mount command such as:
Mount Command = "/bin/mount /media/dvd"
See the Edit Codes section below for more details of the editing codes that can be used in this directive.
Most frequently, you will define it as follows:
Unmount Command = "/bin/umount %m"
See the Edit Codes section below for more details of the editing codes that can be used in this directive.
To force the block size to be fixed, as is the case for some non-random access devices (tape drives), set the Minimum block size and the Maximum block size to the same value (zero included). The default is that both the minimum and maximum block size are zero and the default block size is 64,512 bytes.
For example, suppose you want a fixed block size of 100K bytes, then you would specify:
Minimum block size = 100K
Maximum block size = 100K
Please note that if you specify a fixed block size as shown above, the tape drive must either be in variable block size mode, or if it is in fixed block size mode, the block size (generally defined by mt) must be identical to the size specified in Bacula -- otherwise when you attempt to re-read your Volumes, you will get an error.
If you want the block size to be variable but with a 64K minimum and 200K maximum (and default as well), you would specify:
Minimum block size = 64K
Maximum blocksize = 200K
If no value is specified or zero is specified, the Storage daemon will use a default block size of 64,512 bytes (126 * 512).
Default setting for Hardware End of Medium is Yes. This function is used before appending to a tape to ensure that no previously written data is lost. We recommend if you have a non-standard or unusual tape drive that you use the btape program to test your drive to see whether or not it supports this function. All modern (after 1998) tape drives support this feature.
Default setting for Fast Forward Space File is Yes.
If you are using a Linux 2.6 kernel or other OSes such as FreeBSD or Solaris, the Offline On Unmount will leave the drive with no tape, and Bacula will not be able to properly open the drive and may fail the job. For more information on this problem, please see the description of Offline On Unmount in the Tape Testing chapter.
Note, this directive does not limit the size of Volumes that Bacula will create regardless of whether they are tape or disk volumes. It changes only the number of EOF marks on a tape and the number of block positioning records (see below) that are generated. If you want to limit the size of all Volumes for a particular device, use the Maximum Volume Size directive (above), or use the Maximum Volume Bytes directive in the Director's Pool resource, which does the same thing but on a Pool (Volume) basis.
The default size was chosen to be relatively large but not too big in the case that you are transmitting data over Internet. It is clear that on a high speed local network, you can increase this number and improve performance. For example, some users have found that if you use a value of 65,536 bytes they get five to ten times the throughput. Larger values for most users don't seem to improve performance. If you are interested in improving your backup speeds, this is definitely a place to experiment. You will probably also want to make the corresponding change in each of your File daemons conf files.
If the device requires mount, it is transferred to the device when this size is reached. In this case, you must take care to have enough disk space left in the spool directory.
Otherwise, it is left on the hard disk.
It is ignored for tape and FIFO devices.
Before submitting the Mount Command, Unmount Command, Write Part Command, or Free Space Command directives to the operating system, Bacula performs character substitution of the following characters:
%% = %
%a = Archive device name
%e = erase (set if cannot mount and first part)
%n = part number
%m = mount point
%v = last part name (i.e. filename)
All the directives in this section are implemented only in Bacula version 1.37 and later and hence are available in version 1.38.6.
As of version 1.39.5, the directives "Requires Mount", "Mount Point", "Mount Command", and "Unmount Command" apply to removable filesystems such as USB in addition to DVD.
Most frequently, you will define it as follows:
Mount Command = "/bin/mount -t iso9660 -o ro %a %m"
Most frequently, you will define it as follows:
Unmount Command = "/bin/umount %m"
For a DVD, you will most frequently specify the Bacula supplied dvd-handler script as follows:
Write Part Command = "/path/dvd-handler %a write %e %v"
Where /path is the path to your scripts install directory, and dvd-handler is the Bacula supplied script file. This command will already be present, but commented out, in the default bacula-sd.conf file. To use it, simply remove the comment (#) symbol.
For a DVD, you will most frequently specify the Bacula supplied dvd-handler script as follows:
Free Space Command = "/path/dvd-handler %a free"
Where /path is the path to your scripts install directory, and dvd-handler is the Bacula supplied script file. If you want to specify your own command, please look at the code of dvd-handler to see what output Bacula expects from this command. This command will already be present, but commented out, in the default bacula-sd.conf file. To use it, simply remove the comment (#) symbol.
If you do not set it, Bacula will expect there is always free space on the device.
The Autochanger resource supports single or multiple drive autochangers by grouping one or more Device resources into one unit called an autochanger in Bacula (often referred to as a "tape library" by autochanger manufacturers).
If you have an Autochanger, and you want it to function correctly, you must have an Autochanger resource in your Storage conf file, and your Director's Storage directives that want to use an Autochanger must refer to the Autochanger resource name. In previous versions of Bacula, the Director's Storage directives referred directly to Device resources that were autochangers. In version 1.38.0 and later, referring directly to Device resources will not work for Autochangers.
The following is an example of a valid Autochanger resource definition:
Autochanger {
Name = "DDS-4-changer"
Device = DDS-4-1, DDS-4-2, DDS-4-3
Changer Device = /dev/sg0
Changer Command = "/etc/bacula/mtx-changer %c %o %S %a %d"
}
Device {
Name = "DDS-4-1"
Drive Index = 0
Autochanger = yes
...
}
Device {
Name = "DDS-4-2"
Drive Index = 1
Autochanger = yes
...
Device {
Name = "DDS-4-3"
Drive Index = 2
Autochanger = yes
Autoselect = no
...
}
Please note that it is important to include the Autochanger = yes directive in each Device definition that belongs to an Autochanger. A device definition should not belong to more than one Autochanger resource. Also, your Device directive in the Storage resource of the Director's conf file should have the Autochanger's resource name rather than a name of one of the Devices.
If you have a drive that physically belongs to an Autochanger but you don't want to have it automatically used when Bacula references the Autochanger for backups, for example, you want to reserve it for restores, you can add the directive:
Autoselect = no
to the Device resource for that drive. In that case, Bacula will not automatically select that drive when accessing the Autochanger. You can, still use the drive by referencing it by the Device name directly rather than the Autochanger name. An example of such a definition is shown above for the Device DDS-4-3, which will not be selected when the name DDS-4-changer is used in a Storage definition, but will be used if DDS-4-3 is used.
For a description of the Messages Resource, please see the Messages Resource Chapter of this manual.
A example Storage Daemon configuration file might be the following:
#
# Default Bacula Storage Daemon Configuration file
#
# For Bacula release 1.37.2 (07 July 2005) -- gentoo 1.4.16
#
# You may need to change the name of your tape drive
# on the "Archive Device" directive in the Device
# resource. If you change the Name and/or the
# "Media Type" in the Device resource, please ensure
# that bacula-dir.conf has corresponding changes.
#
Storage { # definition of myself
Name = rufus-sd
Address = rufus
WorkingDirectory = "$HOME/bacula/bin/working"
Pid Directory = "$HOME/bacula/bin/working"
Maximum Concurrent Jobs = 20
}
#
# List Directors who are permitted to contact Storage daemon
#
Director {
Name = rufus-dir
Password = "ZF9Ctf5PQoWCPkmR3s4atCB0usUPg+vWWyIo2VS5ti6k"
}
#
# Restricted Director, used by tray-monitor to get the
# status of the storage daemon
#
Director {
Name = rufus-mon
Password = "9usxgc307dMbe7jbD16v0PXlhD64UVasIDD0DH2WAujcDsc6"
Monitor = yes
}
#
# Devices supported by this Storage daemon
# To connect, the Director's bacula-dir.conf must have the
# same Name and MediaType.
#
Autochanger {
Name = Autochanger
Device = Drive-1
Device = Drive-2
Changer Command = "/home/kern/bacula/bin/mtx-changer %c %o %S %a %d"
Changer Device = /dev/sg0
}
Device {
Name = Drive-1 #
Drive Index = 0
Media Type = DLT-8000
Archive Device = /dev/nst0
AutomaticMount = yes; # when device opened, read it
AlwaysOpen = yes;
RemovableMedia = yes;
RandomAccess = no;
AutoChanger = yes
Alert Command = "sh -c 'tapeinfo -f %c |grep TapeAlert|cat'"
}
Device {
Name = Drive-2 #
Drive Index = 1
Media Type = DLT-8000
Archive Device = /dev/nst1
AutomaticMount = yes; # when device opened, read it
AlwaysOpen = yes;
RemovableMedia = yes;
RandomAccess = no;
AutoChanger = yes
Alert Command = "sh -c 'tapeinfo -f %c |grep TapeAlert|cat'"
}
Device {
Name = "HP DLT 80"
Media Type = DLT8000
Archive Device = /dev/nst0
AutomaticMount = yes; # when device opened, read it
AlwaysOpen = yes;
RemovableMedia = yes;
}
#Device {
# Name = SDT-7000 #
# Media Type = DDS-2
# Archive Device = /dev/nst0
# AutomaticMount = yes; # when device opened, read it
# AlwaysOpen = yes;
# RemovableMedia = yes;
#}
#Device {
# Name = Floppy
# Media Type = Floppy
# Archive Device = /mnt/floppy
# RemovableMedia = yes;
# Random Access = Yes;
# AutomaticMount = yes; # when device opened, read it
# AlwaysOpen = no;
#}
#Device {
# Name = FileStorage
# Media Type = File
# Archive Device = /tmp
# LabelMedia = yes; # lets Bacula label unlabeled media
# Random Access = Yes;
# AutomaticMount = yes; # when device opened, read it
# RemovableMedia = no;
# AlwaysOpen = no;
#}
#Device {
# Name = "NEC ND-1300A"
# Media Type = DVD
# Archive Device = /dev/hda
# LabelMedia = yes; # lets Bacula label unlabeled media
# Random Access = Yes;
# AutomaticMount = yes; # when device opened, read it
# RemovableMedia = yes;
# AlwaysOpen = no;
# MaximumPartSize = 800M;
# RequiresMount = yes;
# MountPoint = /mnt/cdrom;
# MountCommand = "/bin/mount -t iso9660 -o ro %a %m";
# UnmountCommand = "/bin/umount %m";
# SpoolDirectory = /tmp/backup;
# WritePartCommand = "/etc/bacula/dvd-handler %a write %e %v"
# FreeSpaceCommand = "/etc/bacula/dvd-handler %a free"
#}
#
# A very old Exabyte with no end of media detection
#
#Device {
# Name = "Exabyte 8mm"
# Media Type = "8mm"
# Archive Device = /dev/nst0
# Hardware end of medium = No;
# AutomaticMount = yes; # when device opened, read it
# AlwaysOpen = Yes;
# RemovableMedia = yes;
#}
#
# Send all messages to the Director,
# mount messages also are sent to the email address
#
Messages {
Name = Standard
director = rufus-dir = all
operator = root = mount
}
The Messages resource defines how messages are to be handled and destinations to which they should be sent.
Even though each daemon has a full message handler, within the File daemon and the Storage daemon, you will normally choose to send all the appropriate messages back to the Director. This permits all the messages associated with a single Job to be combined in the Director and sent as a single email message to the user, or logged together in a single file.
Each message that Bacula generates (i.e. that each daemon generates) has an associated type such as INFO, WARNING, ERROR, FATAL, etc. Using the message resource, you can specify which message types you wish to see and where they should be sent. In addition, a message may be sent to multiple destinations. For example, you may want all error messages both logged as well as sent to you in an email. By defining multiple messages resources, you can have different message handling for each type of Job (e.g. Full backups versus Incremental backups).
In general, messages are attached to a Job and are included in the Job report. There are some rare cases, where this is not possible, e.g. when no job is running, or if a communications error occurs between a daemon and the director. In those cases, the message may remain in the system, and should be flushed at the end of the next Job. However, since such messages are not attached to a Job, any that are mailed will be sent to /usr/lib/sendmail. On some systems, such as FreeBSD, if your sendmail is in a different place, you may want to link it to the the above location.
The records contained in a Messages resource consist of a destination specification followed by a list of message-types in the format:
or for those destinations that need and address specification (e.g. email):
Where destination is one of a predefined set of keywords that define where the message is to be sent (stdout, file, ...), message-type is one of a predefined set of keywords that define the type of message generated by Bacula (ERROR, WARNING, FATAL, ...), and address varies according to the destination keyword, but is typically an email address or a filename.
The following are the list of the possible record definitions that can be used in a message resource.
mail -s "Bacula Message" <recipients>
In many cases, depending on your machine, this command may not work. Using the MailCommand, you can specify exactly how to send the mail. During the processing of the command, normally specified as a quoted string, the following substitutions will be used:
The following is the command I (Kern) use. Note, the whole command should appear on a single line in the configuration file rather than split as is done here for presentation:
mailcommand = "/home/kern/bacula/bin/bsmtp -h mail.example.com -f \"\(Bacula\) %r\" -s \"Bacula: %t %e of %c %l\" %r"
Note, the bsmtp program is provided as part of Bacula. For additional details, please see the bsmtp -- Customizing Your Email Messages section of the Bacula Utility Programs chapter of this manual. Please test any mailcommand that you use to ensure that your bsmtp gateway accepts the addressing form that you use. Certain programs such as Exim can be very selective as to what forms are permitted particularly in the from part.
Where destination may be one of the following:
Where address depends on the destination.
The destination may be one of the following:
syslog = all, !skipped
For any destination, the message-type field is a comma separated list of the following types or classes of messages:
The following is an example of a valid Messages resource definition, where all messages except files explicitly skipped or daemon termination messages are sent by email to enforcement@sec.com. In addition all mount messages are sent to the operator (i.e. emailed to enforcement@sec.com). Finally all messages other than explicitly skipped files and files saved are sent to the console:
Messages {
Name = Standard
mail = enforcement@sec.com = all, !skipped, !terminate
operator = enforcement@sec.com = mount
console = all, !skipped, !saved
}
With the exception of the email address (changed to avoid junk mail from robot's), an example Director's Messages resource is as follows. Note, the mailcommand and operatorcommand are on a single line -- they had to be split for this manual:
Messages {
Name = Standard
mailcommand = "bacula/bin/bsmtp -h mail.example.com \
-f \"\(Bacula\) %r\" -s \"Bacula: %t %e of %c %l\" %r"
operatorcommand = "bacula/bin/bsmtp -h mail.example.com \
-f \"\(Bacula\) %r\" -s \"Bacula: Intervention needed \
for %j\" %r"
MailOnError = security@example.com = all, !skipped, \
!terminate
append = "bacula/bin/log" = all, !skipped, !terminate
operator = security@example.com = mount
console = all, !skipped, !saved
}
The Console configuration file is the simplest of all the configuration files, and in general, you should not need to change it except for the password. It simply contains the information necessary to contact the Director or Directors.
For a general discussion of the syntax of configuration files and their resources including the data types recognized by Bacula, please see the Configuration chapter of this manual.
The following Console Resource definition must be defined:
The Director resource defines the attributes of the Director running on the network. You may have multiple Director resource specifications in a single Console configuration file. If you have more than one, you will be prompted to choose one when you start the Console program.
--with-base-port option of the ./configure command. This port must be
identical to the DIRport specified in the Director resource of
the Director's configuration file. The
default is 9101 so this directive is not normally specified.
An actual example might be:
Director {
Name = HeadMan
address = rufus.cats.com
password = xyz1erploit
}
The ConsoleFont resource is available only in the GNOME version of the console. It permits you to define the font that you want used to display in the main listing window.
Font = "LucidaTypewriter 9"
Thanks to Phil Stracchino for providing the code for this feature.
An different example might be:
ConsoleFont {
Name = Default
Font = "Monospace 10"
}
As of Bacula version 1.33 and higher, there are three different kinds of consoles, which the administrator or user can use to interact with the Director. These three kinds of consoles comprise three different security levels.
This second type of console begins with absolutely no privileges except those explicitly specified in the Director's Console resource. Note, the definition of what these restricted consoles can do is determined by the Director's conf file.
Thus you may define within the Director's conf file multiple Consoles with different names and passwords, sort of like multiple users, each with different privileges. As a default, these consoles can do absolutely nothing -- no commands what so ever. You give them privileges or rather access to commands and resources by specifying access control lists in the Director's Console resource. This gives the administrator fine grained control over what particular consoles (or users) can do.
The Console resource is optional and need not be specified. However, if it is specified, you can use ACLs (Access Control Lists) in the Director's configuration file to restrict the particular console (or user) to see only information pertaining to his jobs or client machine.
You may specify as many Console resources in the console's conf file. If you do so, generally the first Console resource will be used. However, if you have multiple Director resources (i.e. you want to connect to different directors), you can bind one of your Console resources to a particular Director resource, and thus when you choose a particular Director, the appropriate Console configuration resource will be used. See the "Director" directive in the Console resource described below for more information.
Note, the Console resource is optional, but can be useful for restricted consoles as noted above.
The following configuration files were supplied by Phil Stracchino. For example, if we define the following in the user's bconsole.conf file (or perhaps the bwx-console.conf file):
Director {
Name = MyDirector
DIRport = 9101
Address = myserver
Password = "XXXXXXXXXXX" # no, really. this is not obfuscation.
}
Console {
Name = restricted-user
Password = "UntrustedUser"
}
Where the Password in the Director section is deliberately incorrect, and the Console resource is given a name, in this case restricted-user. Then in the Director's bacula-dir.conf file (not directly accessible by the user), we define:
Console {
Name = restricted-user
Password = "UntrustedUser"
JobACL = "Restricted Client Save"
ClientACL = restricted-client
StorageACL = main-storage
ScheduleACL = *all*
PoolACL = *all*
FileSetACL = "Restricted Client's FileSet"
CatalogACL = DefaultCatalog
CommandACL = run
}
the user logging into the Director from his Console will get logged in as restricted-user, and he will only be able to see or access a Job with the name Restricted Client Save a Client with the name restricted-client, a Storage device main-storage, any Schedule or Pool, a FileSet named Restricted Client's FileSet, a Catalog named DefaultCatalog, and the only command he can use in the Console is the run command. In other words, this user is rather limited in what he can see and do with Bacula.
The following is an example of a bconsole conf file that can access several Directors and has different Consoles depending on the director:
Director {
Name = MyDirector
DIRport = 9101
Address = myserver
Password = "XXXXXXXXXXX" # no, really. this is not obfuscation.
}
Director {
Name = SecondDirector
DIRport = 9101
Address = secondserver
Password = "XXXXXXXXXXX" # no, really. this is not obfuscation.
}
Console {
Name = restricted-user
Password = "UntrustedUser"
Director = MyDirector
}
Console {
Name = restricted-user
Password = "A different UntrustedUser"
Director = SecondDirector
}
The second Director referenced at "secondserver" might look like the following:
Console {
Name = restricted-user
Password = "A different UntrustedUser"
JobACL = "Restricted Client Save"
ClientACL = restricted-client
StorageACL = second-storage
ScheduleACL = *all*
PoolACL = *all*
FileSetACL = "Restricted Client's FileSet"
CatalogACL = RestrictedCatalog
CommandACL = run, restore
WhereACL = "/"
}
For more details on running the console and its commands, please see the Bacula Console chapter of this manual.
An example Console configuration file might be the following:
#
# Bacula Console Configuration File
#
Director {
Name = HeadMan
address = "my_machine.my_domain.com"
Password = Console_password
}
The Monitor configuration file is a stripped down version of the Director configuration file, mixed with a Console configuration file. It simply contains the information necessary to contact Directors, Clients, and Storage daemons you want to monitor.
For a general discussion of configuration file and resources including the data types recognized by Bacula, please see the Configuration chapter of this manual.
The following Monitor Resource definition must be defined:
The Monitor resource defines the attributes of the Monitor running on the network. The parameters you define here must be configured as a Director resource in Clients and Storages configuration files, and as a Console resource in Directors configuration files.
The Director resource defines the attributes of the Directors that are monitored by this Monitor.
As you are not permitted to define a Password in this resource, to avoid obtaining full Director privileges, you must create a Console resource in the Director's configuration file, using the Console Name and Password defined in the Monitor resource. To avoid security problems, you should configure this Console resource to allow access to no other daemons, and permit the use of only two commands: status and .status (see below for an example).
You may have multiple Director resource specifications in a single Monitor configuration file.
--with-base-port option of the ./configure command. This port must be
identical to the DIRport specified in the Director resource of
the
Director's configuration file. The
default is 9101 so this record is not normally specified.
The Client resource defines the attributes of the Clients that are monitored by this Monitor.
You must create a Director resource in the Client's configuration file, using the Director Name defined in the Monitor resource. To avoid security problems, you should set the Monitor directive to Yes in this Director resource.
You may have multiple Director resource specifications in a single Monitor configuration file.
The Storage resource defines the attributes of the Storages that are monitored by this Monitor.
You must create a Director resource in the Storage's configuration file, using the Director Name defined in the Monitor resource. To avoid security problems, you should set the Monitor directive to Yes in this Director resource.
You may have multiple Director resource specifications in a single Monitor configuration file.
There is no security problem in relaxing the permissions on tray-monitor.conf as long as FD, SD and DIR are configured properly, so the passwords contained in this file only gives access to the status of the daemons. It could be a security problem if you consider the status information as potentially dangerous (I don't think it is the case).
Concerning Director's configuration:
In tray-monitor.conf, the password in the Monitor resource must point to
a restricted console in bacula-dir.conf (see the documentation). So, if
you use this password with bconsole, you'll only have access to the
status of the director (commands status and .status).
It could be a security problem if there is a bug in the ACL code of the
director.
Concerning File and Storage Daemons' configuration:
In tray-monitor.conf, the Name in the Monitor resource must point to a
Director resource in bacula-fd/sd.conf, with the Monitor directive set
to Yes (once again, see the documentation).
It could be a security problem if there is a bug in the code which check
if a command is valid for a Monitor (this is very unlikely as the code
is pretty simple).
An example Tray Monitor configuration file might be the following:
#
# Bacula Tray Monitor Configuration File
#
Monitor {
Name = rufus-mon # password for Directors
Password = "GN0uRo7PTUmlMbqrJ2Gr1p0fk0HQJTxwnFyE4WSST3MWZseR"
RefreshInterval = 10 seconds
}
Client {
Name = rufus-fd
Address = rufus
FDPort = 9102 # password for FileDaemon
Password = "FYpq4yyI1y562EMS35bA0J0QC0M2L3t5cZObxT3XQxgxppTn"
}
Storage {
Name = rufus-sd
Address = rufus
SDPort = 9103 # password for StorageDaemon
Password = "9usxgc307dMbe7jbD16v0PXlhD64UVasIDD0DH2WAujcDsc6"
}
Director {
Name = rufus-dir
DIRport = 9101
address = rufus
}
Click here to see the full example.
#
# Restricted Director, used by tray-monitor to get the
# status of the file daemon
#
Director {
Name = rufus-mon
Password = "FYpq4yyI1y562EMS35bA0J0QC0M2L3t5cZObxT3XQxgxppTn"
Monitor = yes
}
Click here to see the full example.
#
# Restricted Director, used by tray-monitor to get the
# status of the storage daemon
#
Director {
Name = rufus-mon
Password = "9usxgc307dMbe7jbD16v0PXlhD64UVasIDD0DH2WAujcDsc6"
Monitor = yes
}
Click here to see the full example.
#
# Restricted console used by tray-monitor to get the status of the director
#
Console {
Name = Monitor
Password = "GN0uRo7PTUmlMbqrJ2Gr1p0fk0HQJTxwnFyE4WSST3MWZseR"
CommandACL = status, .status
}
The Bacula Console (sometimes called the User Agent) is a program that allows the user or the System Administrator, to interact with the Bacula Director daemon while the daemon is running.
The current Bacula Console comes in two versions: a shell interface (TTY style), and a GNOME GUI interface. Both permit the administrator or authorized users to interact with Bacula. You can determine the status of a particular job, examine the contents of the Catalog as well as perform certain tape manipulations with the Console program.
In addition, there is a bwx-console built with wxWidgets that allows a graphic restore of files. As of version 1.34.1 it is in an early stage of development, but it already is quite useful. Unfortunately, it has not been enhanced for some time now.
Since the Console program interacts with the Director through the network, your Console and Director programs do not necessarily need to run on the same machine.
In fact, a certain minimal knowledge of the Console program is needed in order for Bacula to be able to write on more than one tape, because when Bacula requests a new tape, it waits until the user, via the Console program, indicates that the new tape is mounted.
When the Console starts, it reads a standard Bacula configuration file named bconsole.conf or bgnome-console.conf in the case of the GNOME Console version. This file allows default configuration of the Console, and at the current time, the only Resource Record defined is the Director resource, which gives the Console the name and address of the Director. For more information on configuration of the Console program, please see the Console Configuration File Chapter of this document.
The console program can be run with the following options:
Usage: bconsole [-s] [-c config_file] [-d debug_level]
-c <file> set configuration file to file
-dnn set debug level to nn
-n no conio
-s no signals
-t test - read configuration and exit
-? print this message.
After launching the Console program (bconsole), it will prompt you for the next command with an asterisk (*). (Note, in the GNOME version, the prompt is not present; you simply enter the commands you want in the command text box at the bottom of the screen.) Generally, for all commands, you can simply enter the command name and the Console program will prompt you for the necessary arguments. Alternatively, in most cases, you may enter the command followed by arguments. The general format is:
<command> <keyword1>[=<argument1>] <keyword2>[=<argument2>] ...
where command is one of the commands listed below; keyword is one of the keywords listed below (usually followed by an argument); and argument is the value. The command may be abbreviated to the shortest unique form. If two commands have the same starting letters, the one that will be selected is the one that appears first in the help listing. If you want the second command, simply spell out the full command. None of the keywords following the command may be abbreviated.
For example:
list files jobid=23
will list all files saved for JobId 23. Or:
show pools
will display all the Pool resource records.
The maximum command line length is limited to 511 characters, so if you are scripting the console, you may need to take some care to limit the line length.
Normally, you simply enter quit or exit and the Console program will terminate. However, it waits until the Director acknowledges the command. If the Director is already doing a lengthy command (e.g. prune), it may take some time. If you want to immediately terminate the Console program, enter the .quit command.
There is currently no way to interrupt a Console command once issued (i.e. Ctrl-C does not work). However, if you are at a prompt that is asking you to select one of several possibilities and you would like to abort the command, you can enter a period (.), and in most cases, you will either be returned to the main command prompt or if appropriate the previous prompt (in the case of nested prompts). In a few places such as where it is asking for a Volume name, the period will be taken to be the Volume name. In that case, you will most likely be able to cancel at the next prompt.
jobid=536
Please note, this list is incomplete as it is currently in the process of being created and is not currently totally in alphabetic order ...
The following commands are currently implemented:
Normally, the label command is used rather than this command because the label command labels the physical media (tape, disk, DVD, ...) and does the equivalent of the add command. The add command affects only the Catalog and not the physical media (data on Volumes). The physical media must exist and be labeled before use (usually with the label command). This command can, however, be useful if you wish to add a number of Volumes to the Pool that will be physically labeled at a later time. It can also be useful if you are importing a tape from another site. Please see the label command below for the list of legal characters in a Volume name.
When autodisplay is turned off, you must explicitly retrieve the messages with the messages command. When autodisplay is turned on, the messages will be displayed on the console as they are received.
Once a Job is marked to be canceled, it may take a bit of time (generally within a minute) before it actually terminates, depending on what operations it is doing.
When starting a Job, if Bacula determines that there is no Pool record in the database, but there is a Pool resource of the appropriate name, it will create it for you. If you want the Pool record to appear in the database immediately, simply use this command to force it to be created.
If the keyword Volume appears on the command line, the named Volume will be deleted from the catalog, if the keyword Pool appears on the command line, a Pool will be deleted, and if the keyword Job appears on the command line, a Job and all its associated records (File and JobMedia) will be deleted from the catalog. The full form of this command is:
delete pool=<pool-name>
or
delete volume=>volume-name> pool=>pool-name> or
delete JobId=>job-id> JobId=>job-id2> ... or
delete Job JobId=n,m,o-r,t ...
The first form deletes a Pool record from the catalog database. The second form deletes a Volume record from the specified pool in the catalog database. The third form deletes the specified Job record from the catalog database. The last form deletes JobId records for JobIds n, m, o, p, q, r, and t. Where each one of the n,m,... is, of course, a number. That is a "delete jobid" accepts lists and ranges of jobids.
Optionally you may specify the keyword listing in which case, all the files to be backed up will be listed. Note, it could take quite some time to display them if the backup is large. The full form is:
estimate job=<job-name> listing client=<client-name>
fileset=<fileset-name> level=<level-name>
Specification of the job is sufficient, but you can also override the client, fileset and/or level by specifying them on the estimate command line.
As an example, you might do:
@output /tmp/listing
estimate job=NightlySave listing level=Incremental
@output
which will do a full listing of all files to be backed up for the Job NightlySave during an Incremental save and put it in the file /tmp/listing. Note, the byte estimate provided by this command is based on the file size contained in the directory item. This can give wildly incorrect estimates of the actual storage used if there are sparse files on your systems. Sparse files are often found on 64 bit systems for certain system files. The size that is returned is the size Bacula will backup if the sparse option is not specified in the FileSet. There is currently no way to get an estimate of the real file size that would be found should the sparse option be enabled.
label storage=>storage-name> volume=>volume-name>
slot=>slot>
If you leave out any part, you will be prompted for it. The media type is automatically taken from the Storage resource definition that you supply. Once the necessary information is obtained, the Console program contacts the specified Storage daemon and requests that the Volume be labeled. If the Volume labeling is successful, the Console program will create a Volume record in the appropriate Pool.
The Volume name is restricted to letters, numbers, and the special characters hyphen (-), underscore (_), colon (:), and period (.). All other characters including a space are invalid. This restriction is to ensure good readability of Volume names to reduce operator errors.
Please note, when labeling a blank tape, Bacula will get read I/O error when it attempts to ensure that the tape is not already labeled. If you wish to avoid getting these messages, please write an EOF mark on your tape before attempting to label it:
mt rewind
mt weof
The label command can fail for a number of reasons:
There are two ways to relabel a volume that already has a Bacula label. The brute force method is to write an end of file mark on the tape using the system mt program, something like the following:
mt -f /dev/st0 rewind
mt -f /dev/st0 weof
For a disk volume, you would manually delete the Volume.
Then you use the label command to add a new label. However, this could leave traces of the old volume in the catalog.
The preferable method to relabel a Volume is to first purge the volume, either automatically, or explicitly with the purge command, then use the relabel command described below.
If your autochanger has barcode labels, you can label all the Volumes in your autochanger one after another by using the label barcodes command. For each tape in the changer containing a barcode, Bacula will mount the tape and then label it with the same name as the barcode. An appropriate Media record will also be created in the catalog. Any barcode that begins with the same characters as specified on the "CleaningPrefix=xxx" directive in the Director's Pool resource, will be treated as a cleaning tape, and will not be labeled. However, an entry for the cleaning tape will be created in the catalog. For example with:
Pool {
Name ...
Cleaning Prefix = "CLN"
}
Any slot containing a barcode of CLNxxxx will be treated as a cleaning tape and will not be mounted. Note, the full form of the command is:
label storage=xxx pool=yyy slots=1-5,10 barcodes
list jobs
list jobid=<id> (list jobid id)
list ujobid<unique job name> (list job with unique name)
list job=<job-name> (list all jobs with "job-name")
list jobname=<job-name> (same as above)
In the above, you can add "limit=nn" to limit the output to
nn jobs.
list jobmedia
list jobmedia jobid=<id>
list jobmedia job=<job-name>
list files jobid=<id>
list files job=<job-name>
list pools
list clients
list jobtotals
list volumes
list volumes jobid=<id>
list volumes pool=<pool-name>
list volumes job=<job-name>
list volume=<volume-name>
list nextvolume job=<job-name>
list nextvol job=<job-name>
list nextvol job=<job-name> days=nnn
What most of the above commands do should be more or less obvious. In general if you do not specify all the command line arguments, the command will prompt you for what is needed.
The list nextvol command will print the Volume name to be used by the specified job. You should be aware that exactly what Volume will be used depends on a lot of factors including the time and what a prior job will do. It may fill a tape that is not full when you issue this command. As a consequence, this command will give you a good estimate of what Volume will be used but not a definitive answer. In addition, this command may have certain side effect because it runs through the same algorithm as a job, which means it may automatically purge or recycle a Volume. By default, the job specified must run within the next two days or no volume will be found. You can, however, use the days=nnn specification to specify up to 50 days. For example, if on Friday, you want to see what Volume will be needed on Monday, for job MyJob, you would use list nextvol job=MyJob days=3.
If you wish to add specialized commands that list the contents of the catalog, you can do so by adding them to the query.sql file. However, this takes some knowledge of programming SQL. Please see the query command below for additional information. See below for listing the full contents of a catalog record with the llist command.
As an example, the command list pools might produce the following output:
+------+---------+---------+---------+----------+-------------+ | PoId | Name | NumVols | MaxVols | PoolType | LabelFormat | +------+---------+---------+---------+----------+-------------+ | 1 | Default | 0 | 0 | Backup | * | | 2 | Recycle | 0 | 8 | Backup | File | +------+---------+---------+---------+----------+-------------+
As mentioned above, the list command lists what is in the database. Some things are put into the database immediately when Bacula starts up, but in general, most things are put in only when they are first used, which is the case for a Client as with Job records, etc.
Bacula should create a client record in the database the first time you run a job for that client. Doing a status will not cause a database record to be created. The client database record will be created whether or not the job fails, but it must at least start. When the Client is actually contacted, additional info from the client will be added to the client record (a "uname -a" output).
If you want to see what Client resources you have available in your conf file, you use the Console command show clients.
If instead of the list pools as in the example above, you enter llist pools you might get the following output:
PoolId: 1
Name: Default
NumVols: 0
MaxVols: 0
UseOnce: 0
UseCatalog: 1
AcceptAnyVolume: 1
VolRetention: 1,296,000
VolUseDuration: 86,400
MaxVolJobs: 0
MaxVolBytes: 0
AutoPrune: 0
Recycle: 1
PoolType: Backup
LabelFormat: *
PoolId: 2
Name: Recycle
NumVols: 0
MaxVols: 8
UseOnce: 0
UseCatalog: 1
AcceptAnyVolume: 1
VolRetention: 3,600
VolUseDuration: 3,600
MaxVolJobs: 1
MaxVolBytes: 0
AutoPrune: 0
Recycle: 1
PoolType: Backup
LabelFormat: File
mount storage=<storage-name> [ slot=<num> ] [ drive=<num> ]
mount [ jobid=<id> | job=<job-name> ]
If you have specified Automatic Mount = yes in the Storage daemon's Device resource, under most circumstances, Bacula will automatically access the Volume unless you have explicitly unmounted it in the Console program.
python restart
This causes the Python interpreter in the Director to be reinitialized. This can be helpful for testing because once the Director starts and the Python interpreter is initialized, there is no other way to make it accept any changes to the startup script DirStartUp.py. For more details on Python scripting, please see the Python Scripting chapter of this manual.
prune files|jobs|volume client=<client-name> volume=<volume-name>
For a Volume to be pruned, the VolStatus must be Full, Used, or Append, otherwise the pruning will not take place.
purge files jobid=<jobid>|job=<job-name>|client=<client-name>
purge jobs client=<client-name> (of all jobs)
purge volume|volume=<vol-name> (of all jobs)
For the purge command to work on Volume Catalog database records the VolStatus must be Append, Full, Used, or Error.
The actual data written to the Volume will be unaffected by this command.
relabel storage=<storage-name> oldvolume=<old-volume-name> volume=<newvolume-name>
If you leave out any part, you will be prompted for it. In order for the Volume (old-volume-name) to be relabeled, it must be in the catalog, and the volume status must be marked Purged or Recycle. This happens automatically as a result of applying retention periods, or you may explicitly purge the volume using the purge command.
Once the volume is physically relabeled, the old data previously written on the Volume is lost and cannot be recovered.
release storage=<storage-name>
After a release command, the device is still kept open by Bacula (unless Always Open is set to No in the Storage Daemon's configuration) so it cannot be used by another program. However, with some tape drives, the operator can remove the current tape and to insert a different one, and when the next Job starts, Bacula will know to re-read the tape label to find out what tape is mounted. If you want to be able to use the drive with another program (e.g. mt), you must use the unmount command to cause Bacula to completely release (close) the device.
While it is possible to reload the Director's configuration on the fly, even while jobs are executing, this is a complex operation and not without side effects. Accordingly, if you have to reload the Director's configuration while Bacula is running, it is advisable to restart the Director at the next convenient opportunity.
restore storage=<storage-name> client=<backup-client-name> where=<path> pool=<pool-name> fileset=<fileset-name> restoreclient=<restore-client-name> select current all done
Where current, if specified, tells the restore command to automatically select a restore to the most current backup. If not specified, you will be prompted. The all specification tells the restore command to restore all files. If it is not specified, you will be prompted for the files to restore. For details of the restore command, please see the Restore Chapter of this manual.
The client keyword initially specifies the client from which the backup was made and the client to which the restore will be make. However, if the restoreclient keyword is specified, then the restore is written to that client.
run job=<job-name> client=<client-name> fileset=<FileSet-name> level=<level-keyword> storage=<storage-name> where=<directory-prefix> when=<universal-time-specification> yes
Any information that is needed but not specified will be listed for selection, and before starting the job, you will be prompted to accept, reject, or modify the parameters of the job to be run, unless you have specified yes, in which case the job will be immediately sent to the scheduler.
On my system, when I enter a run command, I get the following prompt:
A job name must be specified.
The defined Job resources are:
1: Matou
2: Polymatou
3: Rufus
4: Minimatou
5: Minou
6: PmatouVerify
7: MatouVerify
8: RufusVerify
9: Watchdog
Select Job resource (1-9):
If I then select number 5, I am prompted with:
Run Backup job JobName: Minou FileSet: Minou Full Set Level: Incremental Client: Minou Storage: DLTDrive Pool: Default When: 2003-04-23 17:08:18 OK to run? (yes/mod/no):
If I now enter yes, the Job will be run. If I enter mod, I will be presented with the following prompt.
Parameters to modify:
1: Level
2: Storage
3: Job
4: FileSet
5: Client
6: When
7: Pool
Select parameter to modify (1-7):
If you wish to start a job at a later time, you can do so by setting the When time. Use the mod option and select When (no. 6). Then enter the desired start time in YYYY-MM-DD HH:MM:SS format.
setdebug level=nn [trace=0/1 client=<client-name> | dir | director | storage=<storage-name> | all]
If trace=1 is set, then tracing will be enabled, and the daemon will be placed in trace mode, which means that all debug output as set by the debug level will be directed to the file bacula.trace in the current directory of the daemon. Normally, tracing is needed only for Win32 clients where the debug output cannot be written to a terminal or redirected to a file. When tracing, each debug output message is appended to the trace file. You must explicitly delete the file when you are done.
Using this command, you can query the SQL catalog database directly. Note you should really know what you are doing otherwise you could damage the catalog database. See the query command below for simpler and safer way of entering SQL queries.
Depending on what database engine you are using (MySQL, PostgreSQL or SQLite), you will have somewhat different SQL commands available. For more detailed information, please refer to the MySQL, PostgreSQL or SQLite documentation.
status [all | dir=<dir-name> | director | client=<client-name> | storage=<storage-name> | days=nnn]
If you do a status dir, the console will list any currently running jobs, a summary of all jobs scheduled to be run in the next 24 hours, and a listing of the last ten terminated jobs with their statuses. The scheduled jobs summary will include the Volume name to be used. You should be aware of two things: 1. to obtain the volume name, the code goes through the same code that will be used when the job runs, but it does not do pruning nor recycling of Volumes; 2. The Volume listed is at best a guess. The Volume actually used may be different because of the time difference (more durations may expire when the job runs) and another job could completely fill the Volume requiring a new one.
In the Running Jobs listing, you may find the following types of information:
2507 Catalog MatouVerify.2004-03-13_05.05.02 is waiting execution
5349 Full CatalogBackup.2004-03-13_01.10.00 is waiting for higher
priority jobs to finish
5348 Differe Minou.2004-03-13_01.05.09 is waiting on max Storage jobs
5343 Full Rufus.2004-03-13_01.05.04 is running
Looking at the above listing from bottom to top, obviously JobId 5343 (Rufus) is running. JobId 5348 (Minou) is waiting for JobId 5343 to finish because it is using the Storage resource, hence the "waiting on max Storage jobs". JobId 5349 has a lower priority than all the other jobs so it is waiting for higher priority jobs to finish, and finally, JobId 2508 (MatouVerify) is waiting because only one job can run at a time, hence it is simply "waiting execution"
If you do a status dir, it will by default list the first occurrence of all jobs that are scheduled today and tomorrow. If you wish to see the jobs that are scheduled in the next three days (e.g. on Friday you want to see the first occurrence of what tapes are scheduled to be used on Friday, the weekend, and Monday), you can add the days=3 option. Note, a days=0 shows the first occurrence of jobs scheduled today only. If you have multiple run statements, the first occurrence of each run statement for the job will be displayed for the period specified.
If your job seems to be blocked, you can get a general idea of the problem by doing a status dir, but you can most often get a much more specific indication of the problem by doing a status storage=xxx. For example, on an idle test system, when I do status storage=File, I get:
status storage=File
Connecting to Storage daemon File at 192.168.68.112:8103
rufus-sd Version: 1.39.6 (24 March 2006) i686-pc-linux-gnu redhat (Stentz)
Daemon started 26-Mar-06 11:06, 0 Jobs run since started.
Running Jobs:
No Jobs running.
====
Jobs waiting to reserve a drive:
====
Terminated Jobs:
JobId Level Files Bytes Status Finished Name
======================================================================
59 Full 234 4,417,599 OK 15-Jan-06 11:54 kernsave
====
Device status:
utochanger "DDS-4-changer" with devices:
"DDS-4" (/dev/nst0)
Device "DDS-4" (/dev/nst0) is mounted with Volume="TestVolume002"
Pool="*unknown*"
Slot 2 is loaded in drive 0.
Total Bytes Read=0 Blocks Read=0 Bytes/block=0
Positioned at File=0 Block=0
Device "Dummy" is not open or does not exist.
No DEVICE structure.
Device "DVD-Writer" (/dev/hdc) is not open.
Device "File" (/tmp) is not open.
====
In Use Volume status:
====
Now, what this tells me is that no jobs are running and that none of the devices are in use. Now, if I unmount the autochanger, which will not be used in this example, and then start a Job that uses the File device, the job will block. When I re-issue the status storage command, I get for the Device status:
status storage=File
...
Device status:
Autochanger "DDS-4-changer" with devices:
"DDS-4" (/dev/nst0)
Device "DDS-4" (/dev/nst0) is not open.
Device is BLOCKED. User unmounted.
Drive 0 is not loaded.
Device "Dummy" is not open or does not exist.
No DEVICE structure.
Device "DVD-Writer" (/dev/hdc) is not open.
Device "File" (/tmp) is not open.
Device is BLOCKED waiting for media.
====
...
Now, here it should be clear that if a job were running that wanted to use the Autochanger (with two devices), it would block because the user unmounted the device. The real problem for the Job I started using the "File" device is that the device is blocked waiting for media -- that is Bacula needs you to label a Volume.
unmount storage=<storage-name> [ drive=<num> ] unmount [ jobid=<id> | job=<job-name> ]
Once you unmount a storage device, Bacula will no longer be able to use it until you issue a mount command for that device. If Bacula needs to access that device, it will block and issue mount requests periodically to the operator.
If the device you are unmounting is an autochanger, it will unload the drive you have specified on the command line. If no drive is specified, it will assume drive 1.
media, volume, pool, slots
In the case of updating a Volume, you will be prompted for which value you wish to change. The following Volume parameters may be changed:
Volume Status Volume Retention Period Volume Use Duration Maximum Volume Jobs Maximum Volume Files Maximum Volume Bytes Recycle Flag Recycle Pool Slot InChanger Flag Pool Volume Files Volume from Pool All Volumes from Pool All Volumes from all Pools
For slots update slots, Bacula will obtain a list of slots and their barcodes from the Storage daemon, and for each barcode found, it will automatically update the slot in the catalog Media record to correspond to the new value. This is very useful if you have moved cassettes in the magazine, or if you have removed the magazine and inserted a different one. As the slot of each Volume is updated, the InChanger flag for that Volume will also be set, and any other Volumes in the Pool that were last mounted on the same Storage device will have their InChanger flag turned off. This permits Bacula to know what magazine (tape holder) is currently in the autochanger.
If you do not have barcodes, you can accomplish the same thing in version 1.33 and later by using the update slots scan command. The scan keyword tells Bacula to physically mount each tape and to read its VolumeName.
For Pool update pool, Bacula will move the Volume record from its existing pool to the pool specified.
For Volume from Pool, All Volumes from Pool and All Volumes from all Pools, the following values are updated from the Pool record: Recycle, RecyclePool, VolRetention, VolUseDuration, MaxVolJobs, MaxVolFiles, and MaxVolBytes. (RecyclePool feature is available with bacula 2.1.4 or higher.)
The full form of the update command with all command line arguments is:
update volume=xxx pool=yyy slots volstatus=xxx VolRetention=ddd
VolUse=ddd MaxVolJobs=nnn MaxVolBytes=nnn Recycle=yes|no
slot=nnn enabled=n recyclepool=zzz
use <database-name>
The following queries are currently available (version 1.24):
Available queries: 1: List Job totals: 2: List where a file is saved: 3: List where the most recent copies of a file are saved: 4: List total files/bytes by Job: 5: List total files/bytes by Volume: 6: List last 20 Full Backups for a Client: 7: List Volumes used by selected JobId: 8: List Volumes to Restore All Files: 9: List where a File is saved: Choose a query (1-9):
wait [jobid=nn] [jobuid=unique id] [job=job name]If specified with a specific JobId, ... the wait command will wait for that particular job to terminate before continuing.
There is a list of commands that are prefixed with a period (.). These commands are intended to be used either by batch programs or graphical user interface front-ends. They are not normally used by interactive users. Once GUI development begins, this list will be considerably expanded. The following is the list of dot commands:
.backups job=xxx list backups for specified job
.clients list all client names
.defaults client=xxx fileset=yyy list defaults for specified client
.die cause the Director to segment fault (for debugging)
.dir when in tree mode prints the equivalent to the dir command,
but with fields separated by commas rather than spaces.
.exit quit
.filesets list all fileset names
.help help command output
.jobs list all job names
.levels list all levels
.messages get quick messages
.msgs return any queued messages
.pools list all pool names
.quit quit
.status get status output
.storage return storage resource names
.types list job types
Normally, all commands entered to the Console program are immediately forwarded to the Director, which may be on another machine, to be executed. However, there is a small list of at commands, all beginning with an at character (@), that will not be sent to the Director, but rather interpreted by the Console program directly. Note, these commands are implemented only in the tty console program and not in the GNOME Console. These commands are:
@output /dev/null
commands ...
@output
You can automate many Console tasks by running the console program from a shell script. For example, if you have created a file containing the following commands:
./bconsole -c ./bconsole.conf <<END_OF_DATA unmount storage=DDS-4 quit END_OF_DATA
when that file is executed, it will unmount the current DDS-4 storage device. You might want to run this command during a Job by using the RunBeforeJob or RunAfterJob records.
It is also possible to run the Console program from file input where the file contains the commands as follows:
./bconsole -c ./bconsole.conf <filename
where the file named filename contains any set of console commands.
As a real example, the following script is part of the Bacula regression tests. It labels a volume (a disk volume), runs a backup, then does a restore of the files saved.
bin/bconsole -c bin/bconsole.conf <<END_OF_DATA @output /dev/null messages @output /tmp/log1.out label volume=TestVolume001 run job=Client1 yes wait messages @# @# now do a restore @# @output /tmp/log2.out restore current all yes wait messages @output quit END_OF_DATA
The output from the backup is directed to /tmp/log1.out and the output from the restore is directed to /tmp/log2.out. To ensure that the backup and restore ran correctly, the output files are checked with:
grep "^Termination: *Backup OK" /tmp/log1.out backupstat=$? grep "^Termination: *Restore OK" /tmp/log2.out restorestat=$?
If you have used the label command to label a Volume, it will be automatically added to the Pool, and you will not need to add any media to the pool.
Alternatively, you may choose to add a number of Volumes to the pool without labeling them. At a later time when the Volume is requested by Bacula you will need to label it.
Before adding a volume, you must know the following information:
For example, to add media to a Pool, you would issue the following commands to the console program:
*add Enter name of Pool to add Volumes to: Default Enter the Media Type: DLT8000 Enter number of Media volumes to create. Max=1000: 10 Enter base volume name: Save Enter the starting number: 1 10 Volumes created in pool Default *
To see what you have added, enter:
*list media pool=Default +-------+----------+---------+---------+-------+------------------+ | MedId | VolumeNa | MediaTyp| VolStat | Bytes | LastWritten | +-------+----------+---------+---------+-------+------------------+ | 11 | Save0001 | DLT8000 | Append | 0 | 0000-00-00 00:00 | | 12 | Save0002 | DLT8000 | Append | 0 | 0000-00-00 00:00 | | 13 | Save0003 | DLT8000 | Append | 0 | 0000-00-00 00:00 | | 14 | Save0004 | DLT8000 | Append | 0 | 0000-00-00 00:00 | | 15 | Save0005 | DLT8000 | Append | 0 | 0000-00-00 00:00 | | 16 | Save0006 | DLT8000 | Append | 0 | 0000-00-00 00:00 | | 17 | Save0007 | DLT8000 | Append | 0 | 0000-00-00 00:00 | | 18 | Save0008 | DLT8000 | Append | 0 | 0000-00-00 00:00 | | 19 | Save0009 | DLT8000 | Append | 0 | 0000-00-00 00:00 | | 20 | Save0010 | DLT8000 | Append | 0 | 0000-00-00 00:00 | +-------+----------+---------+---------+-------+------------------+ *
Notice that the console program automatically appended a number to the base Volume name that you specify (Save in this case). If you don't want it to append a number, you can simply answer 0 (zero) to the question "Enter number of Media volumes to create. Max=1000:", and in this case, it will create a single Volume with the exact name you specify.
Below, we will discuss restoring files with the Console restore command, which is the recommended way of doing restoring files. It is not possible to restore files by automatically starting a job as you do with Backup, Verify, ... jobs. However, in addition to the console restore command, there is a standalone program named bextract, which also permits restoring files. For more information on this program, please see the Bacula Utility Programs chapter of this manual. We don't particularly recommend the bextract program because it lacks many of the features of the normal Bacula restore, such as the ability to restore Win32 files to Unix systems, and the ability to restore access control lists (ACL). As a consequence, we recommend, wherever possible to use Bacula itself for restores as described below.
You may also want to look at the bls program in the same chapter, which allows you to list the contents of your Volumes. Finally, if you have an old Volume that is no longer in the catalog, you can restore the catalog entries using the program named bscan, documented in the same Bacula Utility Programs chapter.
In general, to restore a file or a set of files, you must run a restore job. That is a job with Type = Restore. As a consequence, you will need a predefined restore job in your bacula-dir.conf (Director's config) file. The exact parameters (Client, FileSet, ...) that you define are not important as you can either modify them manually before running the job or if you use the restore command, explained below, Bacula will automatically set them for you. In fact, you can no longer simply run a restore job. You must use the restore command.
Since Bacula is a network backup program, you must be aware that when you restore files, it is up to you to ensure that you or Bacula have selected the correct Client and the correct hard disk location for restoring those files. Bacula will quite willingly backup client A, and restore it by sending the files to a different directory on client B. Normally, you will want to avoid this, but assuming the operating systems are not too different in their file structures, this should work perfectly well, if so desired. By default, Bacula will restore data to the same Client that was backed up, and those data will be restored not to the original places but to /tmp/bacula-restores. You may modify any of these defaults when the restore command prompts you to run the job by selecting the mod option.
Since Bacula maintains a catalog of your files and on which Volumes (disk or tape), they are stored, it can do most of the bookkeeping work, allowing you simply to specify what kind of restore you want (current, before a particular date), and what files to restore. Bacula will then do the rest.
This is accomplished using the restore command in the Console. First you select the kind of restore you want, then the JobIds are selected, the File records for those Jobs are placed in an internal Bacula directory tree, and the restore enters a file selection mode that allows you to interactively walk up and down the file tree selecting individual files to be restored. This mode is somewhat similar to the standard Unix restore program's interactive file selection mode.
If a Job's file records have been pruned from the catalog, the restore command will be unable to find any files to restore. See below for more details on this.
Within the Console program, after entering the restore command, you are presented with the following selection prompt:
First you select one or more JobIds that contain files
to be restored. You will be presented several methods
of specifying the JobIds. Then you will be allowed to
select which files from those JobIds are to be restored.
To select the JobIds, you have the following choices:
1: List last 20 Jobs run
2: List Jobs where a given File is saved
3: Enter list of comma separated JobIds to select
4: Enter SQL list command
5: Select the most recent backup for a client
6: Select backup for a client before a specified time
7: Enter a list of files to restore
8: Enter a list of files to restore before a specified time
9: Find the JobIds of the most recent backup for a client
10: Find the JobIds for a backup for a client before a specified time
11: Enter a list of directories to restore for found JobIds
12: Cancel
Select item: (1-12):
There are a lot of options, and as a point of reference, most people will want to slect item 5 (the most recent backup for a client). The details of the above options are:
There are two important things to note. First, this automatic selection will never select a job that failed (terminated with an error status). If you have such a job and want to recover one or more files from it, you will need to explicitly enter the JobId in item 3, then choose the files to restore.
If some of the Jobs that are needed to do the restore have had their File records pruned, the restore will be incomplete. Bacula currently does not correctly detect this condition. You can however, check for this by looking carefully at the list of Jobs that Bacula selects and prints. If you find Jobs with the JobFiles column set to zero, when files should have been backed up, then you should expect problems.
If all the File records have been pruned, Bacula will realize that there are no file records in any of the JobIds chosen and will inform you. It will then propose doing a full restore (non-selective) of those JobIds. This is possible because Bacula still knows where the beginning of the Job data is on the Volumes, even if it does not know where particular files are located or what their names are.
As an example, suppose that we select item 5 (restore to most recent state). If you have not specified a client=xxx on the command line, it it will then ask for the desired Client, which on my system, will print all the Clients found in the database as follows:
Defined clients:
1: Rufus
2: Matou
3: Polymatou
4: Minimatou
5: Minou
6: MatouVerify
7: PmatouVerify
8: RufusVerify
9: Watchdog
Select Client (File daemon) resource (1-9):
You will probably have far fewer Clients than this example, and if you have only one Client, it will be automatically selected. In this case, I enter Rufus to select the Client. Then Bacula needs to know what FileSet is to be restored, so it prompts with:
The defined FileSet resources are:
1: Full Set
2: Other Files
Select FileSet resource (1-2):
If you have only one FileSet defined for the Client, it will be selected automatically. I choose item 1, which is my full backup. Normally, you will only have a single FileSet for each Job, and if your machines are similar (all Linux) you may only have one FileSet for all your Clients.
At this point, Bacula has all the information it needs to find the most recent set of backups. It will then query the database, which may take a bit of time, and it will come up with something like the following. Note, some of the columns are truncated here for presentation:
+-------+------+----------+-------------+-------------+------+-------+---------- --+ | JobId | Levl | JobFiles | StartTime | VolumeName | File | SesId | VolSesTime | +-------+------+----------+-------------+-------------+------+-------+---------- --+ | 1,792 | F | 128,374 | 08-03 01:58 | DLT-19Jul02 | 67 | 18 | 1028042998 | | 1,792 | F | 128,374 | 08-03 01:58 | DLT-04Aug02 | 0 | 18 | 1028042998 | | 1,797 | I | 254 | 08-04 13:53 | DLT-04Aug02 | 5 | 23 | 1028042998 | | 1,798 | I | 15 | 08-05 01:05 | DLT-04Aug02 | 6 | 24 | 1028042998 | +-------+------+----------+-------------+-------------+------+-------+---------- --+ You have selected the following JobId: 1792,1792,1797 Building directory tree for JobId 1792 ... Building directory tree for JobId 1797 ... Building directory tree for JobId 1798 ... cwd is: / $
Depending on the number of JobFiles for each JobId, the Building directory tree ..." can take a bit of time. If you notice ath all the JobFiles are zero, your Files have probably been pruned and you will not be able to select any individual files -- it will be restore everything or nothing.
In our example, Bacula found four Jobs that comprise the most recent backup of the specified Client and FileSet. Two of the Jobs have the same JobId because that Job wrote on two different Volumes. The third Job was an incremental backup to the previous Full backup, and it only saved 254 Files compared to 128,374 for the Full backup. The fourth Job was also an incremental backup that saved 15 files.
Next Bacula entered those Jobs into the directory tree, with no files marked to be restored as a default, tells you how many files are in the tree, and tells you that the current working directory (cwd) is /. Finally, Bacula prompts with the dollar sign ($) to indicate that you may enter commands to move around the directory tree and to select files.
If you want all the files to automatically be marked when the directory tree is built, you could have entered the command restore all, or at the $ prompt, you can simply enter mark *.
Instead of choosing item 5 on the first menu (Select the most recent backup for a client), if we had chosen item 3 (Enter list of JobIds to select) and we had entered the JobIds 1792,1797,1798 we would have arrived at the same point.
One point to note, if you are manually entering JobIds, is that you must enter them in the order they were run (generally in increasing JobId order). If you enter them out of order and the same file was saved in two or more of the Jobs, you may end up with an old version of that file (i.e. not the most recent).
Directly entering the JobIds can also permit you to recover data from a Job that wrote files to tape but that terminated with an error status.
While in file selection mode, you can enter help or a question mark (?) to produce a summary of the available commands:
Command Description ======= =========== cd change current directory count count marked files in and below the cd dir long list current directory, wildcards allowed done leave file selection mode estimate estimate restore size exit same as done command find find files, wildcards allowed help print help ls list current directory, wildcards allowed lsmark list the marked files in and below the cd mark mark dir/file to be restored recursively in dirs markdir mark directory name to be restored (no files) pwd print current working directory unmark unmark dir/file to be restored recursively in dir unmarkdir unmark directory name only no recursion quit quit and do not do restore ? print help
As a default no files have been selected for restore (unless you added all to the command line. If you want to restore everything, at this point, you should enter mark *, and then done and Bacula will write the bootstrap records to a file and request your approval to start a restore job.
If you do not enter the above mentioned mark * command, you will start with an empty slate. Now you can simply start looking at the tree and mark particular files or directories you want restored. It is easy to make a mistake in specifying a file to mark or unmark, and Bacula's error handling is not perfect, so please check your work by using the ls or dir commands to see what files are actually selected. Any selected file has its name preceded by an asterisk.
To check what is marked or not marked, enter the count command, which displays:
128401 total files. 128401 marked to be restored.
Each of the above commands will be described in more detail in the next section. We continue with the above example, having accepted to restore all files as Bacula set by default. On entering the done command, Bacula prints:
Bootstrap records written to /home/kern/bacula/working/restore.bsr The job will require the following Volume(s) Storage(s) SD Device(s) =========================================================================== DLT-19Jul02 Tape DLT8000 DLT-04Aug02 Tape DLT8000 128401 files selected to restore. Run Restore job JobName: kernsrestore Bootstrap: /home/kern/bacula/working/restore.bsr Where: /tmp/bacula-restores Replace: always FileSet: Other Files Client: Rufus Storage: Tape When: 2006-12-11 18:20:33 Catalog: MyCatalog Priority: 10 OK to run? (yes/mod/no):
Please examine each of the items very carefully to make sure that they are correct. In particular, look at Where, which tells you where in the directory structure the files will be restored, and Client, which tells you which client will receive the files. Note that by default the Client which will receive the files is the Client that was backed up. These items will not always be completed with the correct values depending on which of the restore options you chose. You can change any of these default items by entering mod and responding to the prompts.
The above assumes that you have defined a Restore Job resource in your Director's configuration file. Normally, you will only need one Restore Job resource definition because by its nature, restoring is a manual operation, and using the Console interface, you will be able to modify the Restore Job to do what you want.
An example Restore Job resource definition is given below.
Returning to the above example, you should verify that the Client name is correct before running the Job. However, you may want to modify some of the parameters of the restore job. For example, in addition to checking the Client it is wise to check that the Storage device chosen by Bacula is indeed correct. Although the FileSet is shown, it will be ignored in restore. The restore will choose the files to be restored either by reading the Bootstrap file, or if not specified, it will restore all files associated with the specified backup JobId (i.e. the JobId of the Job that originally backed up the files).
Finally before running the job, please note that the default location for restoring files is not their original locations, but rather the directory /tmp/bacula-restores. You can change this default by modifying your bacula-dir.conf file, or you can modify it using the mod option. If you want to restore the files to their original location, you must have Where set to nothing or to the root, i.e. /.
If you now enter yes, Bacula will run the restore Job. The Storage daemon will first request Volume DLT-19Jul02 and after the appropriate files have been restored from that volume, it will request Volume DLT-04Aug02.
If you have a small number of files to restore, and you know the filenames, you can either put the list of filenames in a file to be read by Bacula, or you can enter the names one at a time. The filenames must include the full path and filename. No wild cards are used.
To enter the files, after the restore, you select item number 7 from the prompt list:
To select the JobIds, you have the following choices:
1: List last 20 Jobs run
2: List Jobs where a given File is saved
3: Enter list of comma separated JobIds to select
4: Enter SQL list command
5: Select the most recent backup for a client
6: Select backup for a client before a specified time
7: Enter a list of files to restore
8: Enter a list of files to restore before a specified time
9: Find the JobIds of the most recent backup for a client
10: Find the JobIds for a backup for a client before a specified time
11: Enter a list of directories to restore for found JobIds
12: Cancel
Select item: (1-12):
which then prompts you for the client name:
Defined Clients:
1: Timmy
2: Tibs
3: Rufus
Select the Client (1-3): 3
Of course, your client list will be different, and if you have only one client, it will be automatically selected. And finally, Bacula requests you to enter a filename:
Enter filename:
At this point, you can enter the full path and filename
Enter filename: /home/kern/bacula/k/Makefile.in Enter filename:
as you can see, it took the filename. If Bacula cannot find a copy of the file, it prints the following:
Enter filename: junk filename No database record found for: junk filename Enter filename:
If you want Bacula to read the filenames from a file, you simply precede the filename with a less-than symbol (<). When you have entered all the filenames, you enter a blank line, and Bacula will write the bootstrap file, tells you what tapes will be used, and proposes a Restore job to be run:
Enter filename: Automatically selected Storage: DDS-4 Bootstrap records written to /home/kern/bacula/working/restore.bsr The restore job will require the following Volumes: test1 1 file selected to restore. Run Restore job JobName: kernsrestore Bootstrap: /home/kern/bacula/working/restore.bsr Where: /tmp/bacula-restores Replace: always FileSet: Other Files Client: Rufus Storage: DDS-4 When: 2003-09-11 10:20:53 Priority: 10 OK to run? (yes/mod/no):
It is possible to automate the selection by file by putting your list of files in say /tmp/file-list, then using the following command:
restore client=Rufus file=</tmp/file-list
If in modifying the parameters for the Run Restore job, you find that Bacula asks you to enter a Job number, this is because you have not yet specified either a Job number or a Bootstrap file. Simply entering zero will allow you to continue and to select another option to be modified.
If all the above sounds complicated, you will probably agree that it really isn't after trying it a few times. It is possible to do everything that was shown above, with the exception of selecting the FileSet, by using command line arguments with a single command by entering:
restore client=Rufus select current all done yes
The client=Rufus specification will automatically select Rufus as the client, the current tells Bacula that you want to restore the system to the most current state possible, and the yes suppresses the final yes/mod/no prompt and simply runs the restore.
The full list of possible command line arguments are:
The where= option is simple, but not very powerful. With file relocation, Bacula can restore a file to the same directory, but with a different name, or in an other directory without recreating the full path.
You can also do filename and path manipulations, implemented in Bacula 2.1.8 or later, such as adding a suffix to all your files, renaming files or directories, etc. Theses options will overwrite where= option.
For example, many users use OS snapshot features so that file /home/eric/mbox will be backed up from the directory /.snap/home/eric/mbox, which can complicate restores. If you use where=/tmp, the file will be restored to /tmp/.snap/home/eric/mbox and you will have to move the file to /home/eric/mbox.bkp by hand. In this case, you could use strip_prefix=/.snap and add_suffix=.bkp options and Bacula will restore the file to its original location -- that is /home/eric/mbox.
To use this feature, there are command line options as described in the restore section of this manual; you can modify your restore job before running it; or you can add options to your restore job in as described in bacula-dir.conf.
Parameters to modify:
1: Level
2: Storage
..
10: File Relocation
..
Select parameter to modify (1-12):
This will replace your current Where value
1: Strip prefix
2: Add prefix
3: Add file suffix
4: Enter a regexp
5: Test filename manipulation
6: Use this ?
Select parameter to modify (1-6):
The format is very close to that used by sed or Perl (s/replace this/by that/) operator. A valid regexwhere expression has three fields :
Each field is delimited by a separator specified by the user as the first character of the expression. The separator can be one of the following:
<separator-keyword> = / ! ; % : , ~ # = &
You can use several expressions separated by a commas.
| Orignal filename | Computed filename | RegexWhere | Comments |
| c:/system.ini | c:/system.old.ini | /.ini$/.old.ini/ | use $ as end of filename |
| /prod/u01/pdata/ | /rect/u01/rdata | /prod/rect/,/pdata/rdata/ | using two regexp |
| /prod/u01/pdata/ | /rect/u01/rdata | !/prod/!/rect/!,/pdata/rdata/ | using ! instead of / |
| C:/WINNT | d:/WINNT | /c:/d:/i | using case-insensitive pattern matching |
Depending how you do the restore, you may or may not get the directory entries back to their original state. Here are a few of the problems you can encounter, and for same machine restores, how to avoid them.
If you are restoring on WinNT/2K/XP systems, Bacula will restore the files with the original ownerships and permissions as would be expected. This is also true if you are restoring those files to an alternate directory (using the Where option in restore). However, if the alternate directory does not already exist, the Bacula File daemon (Client) will try to create it. In some cases, it may not create the directories, and if it does since the File daemon runs under the SYSTEM account, the directory will be created with SYSTEM ownership and permissions. In this case, you may have problems accessing the newly restored files.
To avoid this problem, you should create any alternate directory before doing the restore. Bacula will not change the ownership and permissions of the directory if it is already created as long as it is not one of the directories being restored (i.e. written to tape).
The default restore location is /tmp/bacula-restores/ and if you are restoring from drive E:, the default will be /tmp/bacula-restores/e/, so you should ensure that this directory exists before doing the restore, or use the mod option to select a different where directory that does exist.
Some users have experienced problems restoring files that participate in the Active Directory. They also report that changing the userid under which Bacula (bacula-fd.exe) runs, from SYSTEM to a Domain Admin userid, resolves the problem.
Restoring files is generally much slower than backing them up for several reasons. The first is that during a backup the tape is normally already positioned and Bacula only needs to write. On the other hand, because restoring files is done so rarely, Bacula keeps only the start file and block on the tape for the whole job rather than on a file by file basis which would use quite a lot of space in the catalog.
Bacula will forward space to the correct file mark on the tape for the Job, then forward space to the correct block, and finally sequentially read each record until it gets to the correct one(s) for the file or files you want to restore. Once the desired files are restored, Bacula will stop reading the tape.
Finally, instead of just reading a file for backup, during the restore, Bacula must create the file, and the operating system must allocate disk space for the file as Bacula is restoring it.
For all the above reasons the restore process is generally much slower than backing up (sometimes it takes three times as long).
The most frequent problems users have restoring files are error messages such as:
04-Jan 00:33 z217-sd: RestoreFiles.2005-01-04_00.31.04 Error: block.c:868 Volume data error at 20:0! Short block of 512 bytes on device /dev/tape discarded.
or
04-Jan 00:33 z217-sd: RestoreFiles.2005-01-04_00.31.04 Error: block.c:264 Volume data error at 20:0! Wanted ID: "BB02", got ".". Buffer discarded.
Both these kinds of messages indicate that you were probably running your tape drive in fixed block mode rather than variable block mode. Fixed block mode will work with any program that reads tapes sequentially such as tar, but Bacula repositions the tape on a block basis when restoring files because this will speed up the restore by orders of magnitude when only a few files are being restored. There are several ways that you can attempt to recover from this unfortunate situation.
Try the following things, each separately, and reset your Device resource to what it is now after each individual test:
There are a number of reasons why there may be restore errors or warning messages. Some of the more common ones are:
If the restored size is smaller, then you should be concerned about a possible tape error and check the Bacula output as well as your system logs.
Job {
Name = "RestoreFiles"
Type = Restore
Client = Any-client
FileSet = "Any-FileSet"
Storage = Any-storage
Where = /tmp/bacula-restores
Messages = Standard
Pool = Default
}
If Where is not specified, the default location for restoring files will be their original locations.
After you have selected the Jobs to be restored and Bacula has created the in-memory directory tree, you will enter file selection mode as indicated by the dollar sign ($) prompt. While in this mode, you may use the commands listed above. The basic idea is to move up and down the in memory directory structure with the cd command much as you normally do on the system. Once you are in a directory, you may select the files that you want restored. As a default no files are marked to be restored. If you wish to start with all files, simply enter: cd / and mark *. Otherwise proceed to select the files you wish to restore by marking them with the mark command. The available commands are:
Note, on Windows systems, the various drives (c:, d:, ...) are treated like a directory within the file tree while in the file selection mode. As a consequence, you must do a cd c: or possibly in some cases a cd C: (note upper case) to get down to the first directory.
Any file that is marked to be restored will have its name preceded by an asterisk (*). Directory names will be terminated with a forward slash (/) to distinguish them from filenames.
After executing the mark command, it will print a brief summary:
No files marked.
If no files were marked, or:
nn files marked.
if some files are marked.
This and the following sections will try to present a few of the kinds of problems that can come up making restoring more difficult. We will try to provide a few ideas how to get out of these problem situations. In addition to what is presented here, there is more specific information on restoring a Client and your Server in the Disaster Recovery Using Bacula chapter of this manual.
Assuming the above does not resolve the problem, you will need to restore or rebuild your catalog. Note, if it is a matter of some inconsistencies in the Bacula tables rather than a broken database, then running dbcheck might help, but you will need to ensure that your database indexes are properly setup. Please see the Database Performance Issues sections of this manual for more details.
./drop_bacula_tables ./make_bacula_tablesAfter re-initializing the database, you should be able to run Bacula. If you now try to use the restore command, it will not work because the database will be empty. However, you can manually run a restore job and specify your bootstrap file. You do so by entering the bf run command in the console and selecting the restore job. If you are using the default bacula-dir.conf, this Job will be named RestoreFiles. Most likely it will prompt you with something such as:
Run Restore job JobName: RestoreFiles Bootstrap: /home/kern/bacula/working/restore.bsr Where: /tmp/bacula-restores Replace: always FileSet: Full Set Client: rufus-fd Storage: File When: 2005-07-10 17:33:40 Catalog: MyCatalog Priority: 10 OK to run? (yes/mod/no):
A number of the items will be different in your case. What you want to do is: to use the mod option to change the Bootstrap to point to your saved bootstrap file; and to make sure all the other items such as Client, Storage, Catalog, and Where are correct. The FileSet is not used when you specify a bootstrap file. Once you have set all the correct values, run the Job and it will restore the backup of your database, which is most likely an ASCII dump.
You will then need to follow the instructions for your database type to recreate the database from the ASCII backup file. See the Catalog Maintenance chapter of this manual for examples of the command needed to restore a database from an ASCII dump (they are shown in the Compacting Your XXX Database sections).
Also, please note that after you restore your database from an ASCII backup, you do NOT want to do a make_bacula_tables command, or you will probably erase your newly restored database tables.
22-Apr 10:22 HeadMan: Start Backup JobId 7510, Job=CatalogBackup.2005-04-22_01.10.0 22-Apr 10:23 HeadMan: Bacula 1.37.14 (21Apr05): 22-Apr-2005 10:23:06 JobId: 7510 Job: CatalogBackup.2005-04-22_01.10.00 Backup Level: Full Client: Polymatou FileSet: "CatalogFile" 2003-04-10 01:24:01 Pool: "Default" Storage: "DLTDrive" Start time: 22-Apr-2005 10:21:00 End time: 22-Apr-2005 10:23:06 FD Files Written: 1 SD Files Written: 1 FD Bytes Written: 210,739,395 SD Bytes Written: 210,739,521 Rate: 1672.5 KB/s Software Compression: None Volume name(s): DLT-22Apr05 Volume Session Id: 11 Volume Session Time: 1114075126 Last Volume Bytes: 1,428,240,465 Non-fatal FD errors: 0 SD Errors: 0 FD termination status: OK SD termination status: OK Termination: Backup OK
From the above information, you can manually create a bootstrap file, and then follow the instructions given above for restoring your database. A reconstructed bootstrap file for the above backup Job would look like the following:
Volume="DLT-22Apr05" VolSessionId=11 VolSessionTime=1114075126 FileIndex=1-1
Where we have inserted the Volume name, Volume Session Id, and Volume Session Time that correspond to the values in the job report. We've also used a FileIndex of one, which will always be the case providing that there was only one file backed up in the job.
The disadvantage of this bootstrap file compared to what is created when you ask for one to be written, is that there is no File and Block specified, so the restore code must search all data in the Volume to find the requested file. A fully specified bootstrap file would have the File and Blocks specified as follows:
Volume="DLT-22Apr05" VolSessionId=11 VolSessionTime=1114075126 VolFile=118-118 VolBlock=0-4053 FileIndex=1-1
Once you have restored the ASCII dump of the database, you will then to follow the instructions for your database type to recreate the database from the ASCII backup file. See the Catalog Maintenance chapter of this manual for examples of the command needed to restore a database from an ASCII dump (they are shown in the Compacting Your XXX Database sections).
Also, please note that after you restore your database from an ASCII backup, you do NOT want to do a make_bacula_tables command, or you will probably erase your newly restored database tables.
There is a specific example of how to use bls below.
1 Job 0 Filesand restores nothing.
llist jobid=120
JobId: 120
Job: save.2005-12-05_18.27.33
Job.Name: save
PurgedFiles: 0
Type: B
Level: F
Job.ClientId: 1
Client.Name: Rufus
JobStatus: T
SchedTime: 2005-12-05 18:27:32
StartTime: 2005-12-05 18:27:35
EndTime: 2005-12-05 18:27:37
JobTDate: 1133803657
VolSessionId: 1
VolSessionTime: 1133803624
JobFiles: 236
JobErrors: 0
JobMissingFiles: 0
Job.PoolId: 4
Pool.Name: Full
Job.FileSetId: 1
FileSet.FileSet: BackupSet
Then you can find the Volume(s) used by doing:
sql select VolumeName from JobMedia,Media where JobId=1 and JobMedia.MediaId=Media.MediaId;
Finally, you can create a bootstrap file as described in the previous problem above using this information.
If you are using Bacula version 1.38.0 or greater, when you select item 3 from the menu and enter the JobId, it will ask you if you would like to restore all the files in the job, and it will collect the above information and write the bootstrap file for you.
./bls -j -V DLT-22Apr05 /dev/nst0Might produce the following output:
bls: butil.c:258 Using device: "/dev/nst0" for reading. 21-Jul 18:34 bls: Ready to read from volume "DLT-22Apr05" on device "DLTDrive" (/dev/nst0). Volume Record: File:blk=0:0 SessId=11 SessTime=1114075126 JobId=0 DataLen=164 ... Begin Job Session Record: File:blk=118:0 SessId=11 SessTime=1114075126 JobId=7510 Job=CatalogBackup.2005-04-22_01.10.0 Date=22-Apr-2005 10:21:00 Level=F Type=B End Job Session Record: File:blk=118:4053 SessId=11 SessTime=1114075126 JobId=7510 Date=22-Apr-2005 10:23:06 Level=F Type=B Files=1 Bytes=210,739,395 Errors=0 Status=T ... 21-Jul 18:34 bls: End of Volume at file 201 on device "DLTDrive" (/dev/nst0), Volume "DLT-22Apr05" 21-Jul 18:34 bls: End of all volumes.Of course, there will be many more records printed, but we have indicated the essential lines of output. From the information on the Begin Job and End Job Session Records, you can reconstruct a bootstrap file such as the one shown above.
If you would like to know the JobId where a file was saved, select restore menu option 2.
You can also use the query command to find information such as:
*query
Available queries:
1: List up to 20 places where a File is saved regardless of the
directory
2: List where the most recent copies of a file are saved
3: List last 20 Full Backups for a Client
4: List all backups for a Client after a specified time
5: List all backups for a Client
6: List Volume Attributes for a selected Volume
7: List Volumes used by selected JobId
8: List Volumes to Restore All Files
9: List Pool Attributes for a selected Pool
10: List total files/bytes by Job
11: List total files/bytes by Volume
12: List Files for a selected JobId
13: List Jobs stored on a selected MediaId
14: List Jobs stored for a given Volume name
15: List Volumes Bacula thinks are in changer
16: List Volumes likely to need replacement from age or errors
Choose a query (1-16):
There are basically three steps to take:
When the above is complete, you can begin bscanning your Volumes. Please see the bscan section of the Volume Utility Tools of this chapter for more details.
This document briefly describes the GUI programs that work with Bacula. The GUI programs that are currently available are:
It is very difficult to provide a guide for using bat other than to say to try it. In many of the graphical display "panes" (shown in the right window), you can click with the right mouse button to bring up a context sensitive menu that provides quite a lot of features that can be easily missed.
The Bacula wiki has a number of screenshots of bat.
To build bat, you will need to have Qt4 >= 4.2 loaded (libraries and the devel libraries) as well as the QWT graphics package. Please see the enable-bat section of the Installation chapter of this manual for the details of how to build it.
The major bat features are:
Bat also has a nice online help manual that explains a lot of the interface.
For more information on bimagemgr, please see below.
For more information on bgnome-console, please consult the Console Chapter of this manual.
For more information, please see Configuring the Monitor Program chapter this manual.
Some of its major features are the following:
Please, read the INSTALL file in the bweb source directory for detailed instructions on getting it to work.
Please, read README file in the bweb source directory for detailed instructions on getting it to work.
Here are a few points that one user made concerning this tool:
The documentation for bacula-web can be found in a separate bacula-web document that in the bacula-docs release.
bimagemgr is a utility for those who backup to disk volumes in order to commit them to CDR disk, rather than tapes. It is a web based interface written in Perl and is used to monitor when a volume file needs to be burned to disk. It requires:
DVD burning is not supported by bimagemgr at this time, but both are planned for future releases.
Installation from tarball: 1. Examine the Makefile and adjust it to your configuration if needed. 2. Edit config.pm to fit your configuration. 3. Do 'make install' as root. 4. Edit httpd.conf and change the Timeout value. The web server must not time out and close the connection before the burn process is finished. The exact value needed may vary depending upon your cd recorder speed and whether you are burning on the bacula server on on another machine across your network. In my case I set it to 1000 seconds. Restart httpd. 5. Make sure that cdrecord is setuid root.
Installation from rpm package:
For bacula systems less than 1.36:
1. Edit the configuration section of config.pm to fit your configuration.
2. Run /etc/bacula/create_cdimage_table.pl from a console on your bacula server (as root) to add the CDImage table to your bacula database.
Accessing the Volume files: The Volume files by default have permissions 640 and can only be read by root. The recommended approach to this is as follows (and only works if bimagemgr and apache are running on the same host as bacula.
For bacula-1.34 or 1.36 installed from tarball -
1. Create a new user group bacula and add the user apache to the group for Red Hat or Mandrake systems. For SuSE systems add the user wwwrun to the bacula group.
2. Change ownership of all of your Volume files to root.bacula
3. Edit the /etc/bacula/bacula startup script and set SD_USER=root and SD_GROUP=bacula. Restart bacula.
Note: step 3 should also be done in /etc/init.d/bacula-sd but released versions of this file prior to 1.36 do not support it. In that case it would be necessary after a reboot of the server to execute '/etc/bacula/bacula restart'.
For bacula-1.38 installed from tarball - 1. Your configure statement should include:
--with-dir-user=bacula
--with-dir-group=bacula
--with-sd-user=bacula
--with-sd-group=disk
--with-fd-user=root
--with-fd-group=bacula
2. Add the user apache to the bacula group for Red Hat or Mandrake systems. For SuSE systems add the user wwwrun to the bacula group.
3. Check/change ownership of all of your Volume files to root.bacula
For bacula-1.36 or bacula-1.38 installed from rpm -
1. Add the user apache to the group bacula for Red Hat or Mandrake systems. For SuSE systems add the user wwwrun to the bacula group.
2. Check/change ownership of all of your Volume files to root.bacula
bimagemgr installed from rpm > 1.38.9 will add the web server user to the bacula group in a post install script. Be sure to edit the configuration information in config.pm after installation of rpm package.
bimagemgr will now be able to read the Volume files but they are still not world readable.
If you are running bimagemgr on another host (not recommended) then you will need to change the permissions on all of your backup volume files to 644 in order to access them via nfs share or other means. This approach should only be taken if you are sure of the security of your environment as it exposes the backup Volume files to world read.
Calling the program in your web browser, e.g. http://localhost/cgi-bin/bimagemgr.pl will produce a display as shown below in Figure 1. The program will query the bacula database and display all volume files with the date last written and the date last burned to disk. If a volume needs to be burned (last written is newer than last burn date) a "Burn" button will be displayed in the rightmost column.
Place a blank CDR disk in your recorder and click the "Burn" button. This will cause a pop up window as shown in Figure 2 to display the burn progress.
When the burn finishes the pop up window will display the results of cdrecord as shown in Figure 3. Close the pop up window and refresh the main window. The last burn date will be updated and the "Burn" button for that volume will disappear. Should you have a failed burn you can reset the last burn date of that volume by clicking its "Reset" link.
In the bottom row of the main display window are two more buttons labeled "Burn Catalog" and "Blank CDRW". "Burn Catalog" will place a copy of your bacula catalog on a disk. If you use CDRW disks rather than CDR then "Blank CDRW" allows you to erase the disk before re-burning it. Regularly committing your backup volume files and your catalog to disk with bimagemgr ensures that you can rebuild easily in the event of some disaster on the bacula server itself.
Without proper setup and maintenance, your Catalog may continue to grow indefinitely as you run Jobs and backup Files, and/or it may become very inefficient and slow. How fast the size of your Catalog grows depends on the number of Jobs you run and how many files they backup. By deleting records within the database, you can make space available for the new records that will be added during the next Job. By constantly deleting old expired records (dates older than the Retention period), your database size will remain constant.
If you started with the default configuration files, they already contain reasonable defaults for a small number of machines (less than 5), so if you fall into that case, catalog maintenance will not be urgent if you have a few hundred megabytes of disk space free. Whatever the case may be, some knowledge of retention periods will be useful.
Bacula uses three Retention periods: the File Retention period, the Job Retention period, and the Volume Retention period. Of these three, the File Retention period is by far the most important in determining how large your database will become.
The File Retention and the Job Retention are specified in each Client resource as is shown below. The Volume Retention period is specified in the Pool resource, and the details are given in the next chapter of this manual.
Since File records in the database account for probably 80 percent of the size of the database, you should carefully determine exactly what File Retention period you need. Once the File records have been removed from the database, you will no longer be able to restore individual files in a Job. However, with Bacula version 1.37 and later, as long as the Job record still exists, you will be able to restore all files in the job.
Retention periods are specified in seconds, but as a convenience, there are a number of modifiers that permit easy specification in terms of minutes, hours, days, weeks, months, quarters, or years on the record. See the Configuration chapter of this manual for additional details of modifier specification.
The default File retention period is 60 days.
As mentioned above, once the File records are removed from the database, you will no longer be able to restore individual files from the Job. However, as long as the Job record remains in the database, you will be able to restore all the files backuped for the Job (on version 1.37 and later). As a consequence, it is generally a good idea to retain the Job records much longer than the File records.
The retention period is specified in seconds, but as a convenience, there are a number of modifiers that permit easy specification in terms of minutes, hours, days, weeks, months, quarters, or years. See the Configuration chapter of this manual for additional details of modifier specification.
The default Job Retention period is 180 days.
If you turn this off by setting it to no, your Catalog will grow each time you run a Job.
Over time, as noted above, your database will tend to grow. I've noticed that even though Bacula regularly prunes files, MySQL does not effectively use the space, and instead continues growing. To avoid this, from time to time, you must compact your database. Normally, large commercial database such as Oracle have commands that will compact a database to reclaim wasted file space. MySQL has the OPTIMIZE TABLE command that you can use, and SQLite version 2.8.4 and greater has the VACUUM command. We leave it to you to explore the utility of the OPTIMIZE TABLE command in MySQL.
All database programs have some means of writing the database out in ASCII format and then reloading it. Doing so will re-create the database from scratch producing a compacted result, so below, we show you how you can do this for MySQL, PostgreSQL and SQLite.
For a MySQL database, you could write the Bacula database as an ASCII file (bacula.sql) then reload it by doing the following:
mysqldump -f --opt bacula > bacula.sql mysql bacula < bacula.sql rm -f bacula.sql
Depending on the size of your database, this will take more or less time and a fair amount of disk space. For example, if I cd to the location of the MySQL Bacula database (typically /opt/mysql/var or something similar) and enter:
du bacula
I get 620,644 which means there are that many blocks containing 1024 bytes each or approximately 635 MB of data. After doing the mysqldump, I had a bacula.sql file that had 174,356 blocks, and after doing the mysql command to recreate the database, I ended up with a total of 210,464 blocks rather than the original 629,644. In other words, the compressed version of the database took approximately one third of the space of the database that had been in use for about a year.
As a consequence, I suggest you monitor the size of your database and from time to time (once every six months or year), compress it.
If you find that you are getting errors writing to your MySQL database, or Bacula hangs each time it tries to access the database, you should consider running MySQL's database check and repair routines. The program you need to run depends on the type of database indexing you are using. If you are using the default, you will probably want to use myisamchk. For more details on how to do this, please consult the MySQL document at: http://www.mysql.com/doc/en/Repair.html.
If the errors you are getting are simply SQL warnings, then you might try running dbcheck before (or possibly after) using the MySQL database repair program. It can clean up many of the orphaned record problems, and certain other inconsistencies in the Bacula database.
A typical cause of MySQL database problems is if your partition fills. In such a case, you will need to create additional space on the partition or free up some space then repair the database probably using myisamchk. Recently my root partition filled and the MySQL database was corrupted. Simply running myisamchk -r did not fix the problem. However, the following script did the trick for me:
#!/bin/sh
for i in *.MYD ; do
mv $i x${i}
t=`echo $i | cut -f 1 -d '.' -`
mysql bacula <<END_OF_DATA
set autocommit=1;
truncate table $t;
quit
END_OF_DATA
cp x${i} ${i}
chown mysql:mysql ${i}
myisamchk -r ${t}
done
I invoked it with the following commands:
cd /var/lib/mysql/bacula ./repair
Then after ensuring that the database was correctly fixed, I did:
cd /var/lib/mysql/bacula rm -f x*.MYD
If you are running into the error The table 'File' is full ..., it is probably because on version 4.x MySQL, the table is limited by default to a maximum size of 4 GB and you have probably run into the limit. The solution can be found at: http://dev.mysql.com/doc/refman/5.0/en/full-table.html
You can display the maximum length of your table with:
mysql bacula SHOW TABLE STATUS FROM bacula like "File";
If the column labeled "Max_data_length" is around 4Gb, this is likely to be the source of your problem, and you can modify it with:
mysql bacula ALTER TABLE File MAX_ROWS=281474976710656;
Alternatively you can modify your /etc/my.conf file before creating the Bacula tables, and in the [mysqld] section set:
set-variable = myisam_data_pointer_size=6
The above myisam data pointer size must be made before you create your Bacula tables or it will have no effect.
The row and pointer size changes should already be the default on MySQL version 5.x, so making these changes should only be necessary on MySQL 4.x depending on the size of your catalog database.
http://dev.mysql.com/doc/refman/5.0/en/gone-away.html
The same considerations apply that are indicated above for MySQL. That is, consult the PostgreSQL documents for how to repair the database, and also consider using Bacula's dbcheck program if the conditions are reasonable for using (see above).
There are a considerable number of ways each of the databases can be tuned to improve the performance. Going from an untuned database to one that is properly tuned can make a difference of a factor of 100 or more in the time to insert or search for records.
For each of the databases, you may get significant improvements by adding additional indexes. The comments in the Bacula make_xxx_tables give some indications as to what indexes may be appropriate. Please see below for specific instructions on checking indexes.
For MySQL, what is very important is to use the examine the my.cnf file (usually in /etc/my.cnf). You may obtain significant performances by switching to the my-large.cnf or my-huge.cnf files that come with the MySQL source code.
For SQLite3, one significant factor in improving the performance is to ensure that there is a "PRAGMA synchronous = NORMAL;" statement. This reduces the number of times that the database flushes the in memory cache to disk. There are other settings for this PRAGMA that can give even further performance improvements at the risk of a database corruption if your system crashes.
For PostgreSQL, you might want to consider turning fsync off. Of course doing so can cause corrupted databases in the event of a machine crash. There are many different ways that you can tune PostgreSQL, the following document discusses a few of them: http://www.varlena.com/varlena/GeneralBits/Tidbits/perf.html.
There is also a PostgreSQL FAQ question number 3.3 that may answer some of your questions about how to improve performance of the PostgreSQL engine: http://www.postgresql.org/docs/faqs.FAQ.html#3.3.
Also for PostgreSQL, look at what "effective_cache_size". For a 2GB memory machine, you probably want to set it at 131072, but don't set it too high. In addition, for a 2GB system, work_mem = 256000 and maintenance_work_mem = 256000 seem to be reasonable values. Make sure your checkpoint_segments is set to at least 8.
The most important indexes for performance are the three indexes on the File table. The first index is on FileId and is automatically made because it is the unique key used to access the table. The other two are the JobId index and the (Filename, PathId) index. If these Indexes are not present, your performance may suffer a lot.
psql bacula select * from pg_indexes where tablename='file';
If you do not see output that indicates that all three indexes are created, you can create the two additional indexes using:
psql bacula CREATE INDEX file_jobid_idx on file (jobid); CREATE INDEX file_fp_idx on file (filenameid, pathid);
mysql bacula show index from File;
If the indexes are not present, especially the JobId index, you can create them with the following commands:
mysql bacula CREATE INDEX file_jobid_idx on File (JobId); CREATE INDEX file_jpf_idx on File (JobId, FilenameId, PathId);
Though normally not a problem, you should ensure that the indexes defined for Filename and Path are both set to 255 characters. Some users reported performance problems when their indexes were set to 50 characters. To check, do:
mysql bacula show index from Filename; show index from Path;
and what is important is that for Filename, you have an index with Key_name "Name" and Sub_part "255". For Path, you should have a Key_name "Path" and Sub_part "255". If one or the other does not exist or the Sub_part is less that 255, you can drop and recreate the appropriate index with:
mysql bacula DROP INDEX Path on Path; CREATE INDEX Path on Path (Path(255); DROP INDEX Name on Filename; CREATE INDEX Name on Filename (Name(255));
sqlite <path>bacula.db select * from sqlite_master where type='index' and tbl_name='File';
If the indexes are not present, especially the JobId index, you can create them with the following commands:
mysql bacula CREATE INDEX file_jobid_idx on File (JobId); CREATE INDEX file_jfp_idx on File (JobId, FilenameId, PathId);
Over time, as noted above, your database will tend to grow. I've noticed that even though Bacula regularly prunes files, PostgreSQL has a VACUUM command that will compact your database for you. Alternatively you may want to use the vacuumdb command, which can be run from a cron job.
All database programs have some means of writing the database out in ASCII format and then reloading it. Doing so will re-create the database from scratch producing a compacted result, so below, we show you how you can do this for PostgreSQL.
For a PostgreSQL database, you could write the Bacula database as an ASCII file (bacula.sql) then reload it by doing the following:
pg_dump -c bacula > bacula.sql cat bacula.sql | psql bacula rm -f bacula.sql
Depending on the size of your database, this will take more or less time and a fair amount of disk space. For example, you can cd to the location of the Bacula database (typically /usr/local/pgsql/data or possible /var/lib/pgsql/data) and check the size.
There are certain PostgreSQL users who do not recommend the above procedure. They have the following to say: PostgreSQL does not need to be dumped/restored to keep the database efficient. A normal process of vacuuming will prevent the database from every getting too large. If you want to fine-tweak the database storage, commands such as VACUUM FULL, REINDEX, and CLUSTER exist specifically to keep you from having to do a dump/restore.
Finally, you might want to look at the PostgreSQL documentation on this subject at http://www.postgresql.org/docs/8.1/interactive/maintenance.html.
First please read the previous section that explains why it is necessary to compress a database. SQLite version 2.8.4 and greater have the Vacuum command for compacting the database.
cd {\bf working-directory}
echo 'vacuum;' | sqlite bacula.db
As an alternative, you can use the following commands, adapted to your system:
cd {\bf working-directory}
echo '.dump' | sqlite bacula.db > bacula.sql
rm -f bacula.db
sqlite bacula.db < bacula.sql
rm -f bacula.sql
Where working-directory is the directory that you specified in the Director's configuration file. Note, in the case of SQLite, it is necessary to completely delete (rm) the old database before creating a new compressed version.
You may begin using Bacula with SQLite then later find that you want to switch to MySQL or Postgres for any of a number of reasons: SQLite tends to use more disk than MySQL; when the database is corrupted it is often more catastrophic than with MySQL or PostgreSQL. Several users have succeeded in converting by exporting the SQLite data and then processing it with Perl scripts prior to putting it into MySQL or PostgreSQL. This is, however, not a simple process. Scripts are available on bacula source distribution under examples/database.
If ever the machine on which your Bacula database crashes, and you need to restore from backup tapes, one of your first priorities will probably be to recover the database. Although Bacula will happily backup your catalog database if it is specified in the FileSet, this is not a very good way to do it, because the database will be saved while Bacula is modifying it. Thus the database may be in an instable state. Worse yet, you will backup the database before all the Bacula updates have been applied.
To resolve these problems, you need to backup the database after all the backup jobs have been run. In addition, you will want to make a copy while Bacula is not modifying it. To do so, you can use two scripts provided in the release make_catalog_backup and delete_catalog_backup. These files will be automatically generated along with all the other Bacula scripts. The first script will make an ASCII copy of your Bacula database into bacula.sql in the working directory you specified in your configuration, and the second will delete the bacula.sql file.
The basic sequence of events to make this work correctly is as follows:
Assuming that you start all your nightly backup jobs at 1:05 am (and that they run one after another), you can do the catalog backup with the following additional Director configuration statements:
# Backup the catalog database (after the nightly save)
Job {
Name = "BackupCatalog"
Type = Backup
Client=rufus-fd
FileSet="Catalog"
Schedule = "WeeklyCycleAfterBackup"
Storage = DLTDrive
Messages = Standard
Pool = Default
# WARNING!!! Passing the password via the command line is insecure.
# see comments in make_catalog_backup for details.
RunBeforeJob = "/home/kern/bacula/bin/make_catalog_backup"
RunAfterJob = "/home/kern/bacula/bin/delete_catalog_backup"
Write Bootstrap = "/home/kern/bacula/working/BackupCatalog.bsr"
}
# This schedule does the catalog. It starts after the WeeklyCycle
Schedule {
Name = "WeeklyCycleAfterBackup
Run = Level=Full sun-sat at 1:10
}
# This is the backup of the catalog
FileSet {
Name = "Catalog"
Include {
Options {
signature=MD5
}
File = \lt{}working_directory\gt{}/bacula.sql
}
}
Be sure to write a bootstrap file as in the above example. However, it is preferable to write or copy the bootstrap file to another computer. It will allow you to quickly recover the database backup should that be necessary. If you do not have a bootstrap file, it is still possible to recover your database backup, but it will be more work and take longer.
We provide make_catalog_backup as an example of what can be used to backup your Bacula database. We expect you to take security precautions relevant to your situation. make_catalog_backup is designed to take a password on the command line. This is fine on machines with only trusted users. It is not acceptable on machines without trusted users. Most database systems provide a alternative method, which does not place the password on the command line.
The make_catalog_backup script contains some warnings about how to use it. Please read those tips.
To help you get started, we know PostgreSQL has a password file, .pgpass, and we know MySQL has .my.cnf.
Only you can decide what is appropriate for your situation. We have provided you with a starting point. We hope it helps.
If you are running a database in production mode on your machine, Bacula will happily backup the files, but if the database is in use while Bacula is reading it, you may back it up in an unstable state.
The best solution is to shutdown your database before backing it up, or use some tool specific to your database to make a valid live copy perhaps by dumping the database in ASCII format. I am not a database expert, so I cannot provide you advice on how to do this, but if you are unsure about how to backup your database, you might try visiting the Backup Central site, which has been renamed Storage Mountain (www.backupcentral.com). In particular, their Free Backup and Recovery Software page has links to scripts that show you how to shutdown and backup most major databases.
As mentioned above, if you do not do automatic pruning, your Catalog will grow each time you run a Job. Normally, you should decide how long you want File records to be maintained in the Catalog and set the File Retention period to that time. Then you can either wait and see how big your Catalog gets or make a calculation assuming approximately 154 bytes for each File saved and knowing the number of Files that are saved during each backup and the number of Clients you backup.
For example, suppose you do a backup of two systems, each with 100,000 files. Suppose further that you do a Full backup weekly and an Incremental every day, and that the Incremental backup typically saves 4,000 files. The size of your database after a month can roughly be calculated as:
Size = 154 * No. Systems * (100,000 * 4 + 10,000 * 26)
where we have assumed four weeks in a month and 26 incremental backups per month. This would give the following:
Size = 154 * 2 * (100,000 * 4 + 10,000 * 26) or Size = 308 * (400,000 + 260,000) or Size = 203,280,000 bytes
So for the above two systems, we should expect to have a database size of approximately 200 Megabytes. Of course, this will vary according to how many files are actually backed up.
Below are some statistics for a MySQL database containing Job records for five Clients beginning September 2001 through May 2002 (8.5 months) and File records for the last 80 days. (Older File records have been pruned). For these systems, only the user files and system files that change are backed up. The core part of the system is assumed to be easily reloaded from the Red Hat rpms.
In the list below, the files (corresponding to Bacula Tables) with the extension .MYD contain the data records whereas files with the extension .MYI contain indexes.
You will note that the File records (containing the file attributes) make up the large bulk of the number of records as well as the space used (459 Mega Bytes including the indexes). As a consequence, the most important Retention period will be the File Retention period. A quick calculation shows that for each File that is saved, the database grows by approximately 150 bytes.
Size in
Bytes Records File
============ ========= ===========
168 5 Client.MYD
3,072 Client.MYI
344,394,684 3,080,191 File.MYD
115,280,896 File.MYI
2,590,316 106,902 Filename.MYD
3,026,944 Filename.MYI
184 4 FileSet.MYD
2,048 FileSet.MYI
49,062 1,326 JobMedia.MYD
30,720 JobMedia.MYI
141,752 1,378 Job.MYD
13,312 Job.MYI
1,004 11 Media.MYD
3,072 Media.MYI
1,299,512 22,233 Path.MYD
581,632 Path.MYI
36 1 Pool.MYD
3,072 Pool.MYI
5 1 Version.MYD
1,024 Version.MYI
This database has a total size of approximately 450 Megabytes.
If we were using SQLite, the determination of the total database size would be much easier since it is a single file, but we would have less insight to the size of the individual tables as we have in this case.
Note, SQLite databases may be as much as 50% larger than MySQL databases due to the fact that all data is stored as ASCII strings. That is even binary integers are stored as ASCII strings, and this seems to increase the space needed.
By default, once Bacula starts writing a Volume, it can append to the volume, but it will not overwrite the existing data thus destroying it. However when Bacula recycles a Volume, the Volume becomes available for being reused, and Bacula can at some later time overwrite the previous contents of that Volume. Thus all previous data will be lost. If the Volume is a tape, the tape will be rewritten from the beginning. If the Volume is a disk file, the file will be truncated before being rewritten.
You may not want Bacula to automatically recycle (reuse) tapes. This would require a large number of tapes though, and in such a case, it is possible to manually recycle tapes. For more on manual recycling, see the section entitled Manually Recycling Volumes below in this chapter.
Most people prefer to have a Pool of tapes that are used for daily backups and recycled once a week, another Pool of tapes that are used for Full backups once a week and recycled monthly, and finally a Pool of tapes that are used once a month and recycled after a year or two. With a scheme like this, the number of tapes in your pool or pools remains constant.
By properly defining your Volume Pools with appropriate Retention periods, Bacula can manage the recycling (such as defined above) automatically.
Automatic recycling of Volumes is controlled by four records in the Pool resource definition in the Director's configuration file. These four records are:
The above three directives are all you need assuming that you fill each of your Volumes then wait the Volume Retention period before reusing them. If you want Bacula to stop using a Volume and recycle it before it is full, you will need to use one or more additional directives such as:
Automatic recycling of Volumes is performed by Bacula only when it wants a new Volume and no appendable Volumes are available in the Pool. It will then search the Pool for any Volumes with the Recycle flag set and whose Volume Status is Full. At that point, the recycling occurs in two steps. The first is that the Catalog for a Volume must be purged of all Jobs and Files contained on that Volume, and the second step is the actual recycling of the Volume. The Volume will be purged if the VolumeRetention period has expired. When a Volume is marked as Purged, it means that no Catalog records reference that Volume, and the Volume can be recycled. Until recycling actually occurs, the Volume data remains intact. If no Volumes can be found for recycling for any of the reasons stated above, Bacula will request operator intervention (i.e. it will ask you to label a new volume).
A key point mentioned above, that can be a source of frustration, is that Bacula will only recycle purged Volumes if there is no other appendable Volume available, otherwise, it will always write to an appendable Volume before recycling even if there are Volume marked as Purged. This preserves your data as long as possible. So, if you wish to "force" Bacula to use a purged Volume, you must first ensure that no other Volume in the Pool is marked Append. If necessary, you can manually set a volume to Full. The reason for this is that Bacula wants to preserve the data on your old tapes (even though purged from the catalog) as long as absolutely possible before overwriting it. There are also a number of directives such as Volume Use Duration that will automatically mark a volume as Used and thus no longer appendable.
As Bacula writes files to tape, it keeps a list of files, jobs, and volumes in a database called the catalog. Among other things, the database helps Bacula to decide which files to back up in an incremental or differential backup, and helps you locate files on past backups when you want to restore something. However, the catalog will grow larger and larger as time goes on, and eventually it can become unacceptably large.
Bacula's process for removing entries from the catalog is called Pruning. The default is Automatic Pruning, which means that once an entry reaches a certain age (e.g. 30 days old) it is removed from the catalog. Once a job has been pruned, you can still restore it from the backup tape, but one additional step is required: scanning the volume with bscan. The alternative to Automatic Pruning is Manual Pruning, in which you explicitly tell Bacula to erase the catalog entries for a volume. You'd usually do this when you want to reuse a Bacula volume, because there's no point in keeping a list of files that USED TO BE on a tape. Or, if the catalog is starting to get too big, you could prune the oldest jobs to save space. Manual pruning is done with the prune command in the console. (thanks to Bryce Denney for the above explanation).
There are three pruning durations. All apply to catalog database records and not to the actual data in a Volume. The pruning (or retention) durations are for: Volumes (Media records), Jobs (Job records), and Files (File records). The durations inter-depend a bit because if Bacula prunes a Volume, it automatically removes all the Job records, and all the File records. Also when a Job record is pruned, all the File records for that Job are also pruned (deleted) from the catalog.
Having the File records in the database means that you can examine all the files backed up for a particular Job. They take the most space in the catalog (probably 90-95% of the total). When the File records are pruned, the Job records can remain, and you can still examine what Jobs ran, but not the details of the Files backed up. In addition, without the File records, you cannot use the Console restore command to restore the files.
When a Job record is pruned, the Volume (Media record) for that Job can still remain in the database, and if you do a "list volumes", you will see the volume information, but the Job records (and its File records) will no longer be available.
In each case, pruning removes information about where older files are, but it also prevents the catalog from growing to be too large. You choose the retention periods in function of how many files you are backing up and the time periods you want to keep those records online, and the size of the database. You can always re-insert the records (with 98% of the original data) by using "bscan" to scan in a whole Volume or any part of the volume that you want.
By setting AutoPrune to yes you will permit Bacula to automatically prune all Volumes in the Pool when a Job needs another Volume. Volume pruning means removing records from the catalog. It does not shrink the size of the Volume or affect the Volume data until the Volume gets overwritten. When a Job requests another volume and there are no Volumes with Volume Status Append available, Bacula will begin volume pruning. This means that all Jobs that are older than the VolumeRetention period will be pruned from every Volume that has Volume Status Full or Used and has Recycle set to yes. Pruning consists of deleting the corresponding Job, File, and JobMedia records from the catalog database. No change to the physical data on the Volume occurs during the pruning process. When all files are pruned from a Volume (i.e. no records in the catalog), the Volume will be marked as Purged implying that no Jobs remain on the volume. The Pool records that control the pruning are described below.
When this time period expires, and if AutoPrune is set to yes, and a new Volume is needed, but no appendable Volume is available, Bacula will prune (remove) Job records that are older than the specified Volume Retention period.
The Volume Retention period takes precedence over any Job Retention period you have specified in the Client resource. It should also be noted, that the Volume Retention period is obtained by reading the Catalog Database Media record rather than the Pool resource record. This means that if you change the VolumeRetention in the Pool resource record, you must ensure that the corresponding change is made in the catalog by using the update pool command. Doing so will insure that any new Volumes will be created with the changed Volume Retention period. Any existing Volumes will have their own copy of the Volume Retention period that can only be changed on a Volume by Volume basis using the update volume command.
When all file catalog entries are removed from the volume, its VolStatus is set to Purged. The files remain physically on the Volume until the volume is overwritten.
Retention periods are specified in seconds, minutes, hours, days, weeks, months, quarters, or years on the record. See the Configuration chapter of this manual for additional details of time specification.
The default is 1 year.
It is also possible to "force" pruning of all Volumes in the Pool associated with a Job by adding Prune Files = yes to the Job resource.
After all Volumes of a Pool have been pruned (as mentioned above, this happens when a Job needs a new Volume and no appendable Volumes are available), Bacula will look for the oldest Volume that is Purged (all Jobs and Files expired), and if the Recycle flag is on (Recycle=yes) for that Volume, Bacula will relabel it and write new data on it.
As mentioned above, there are two key points for getting a Volume to be recycled. First, the Volume must no longer be marked Append (there are a number of directives to automatically make this change), and second since the last write on the Volume, one or more of the Retention periods must have expired so that there are no more catalog backup job records that reference that Volume. Once both those conditions are satisfied, the volume can be marked Purged and hence recycled.
The full algorithm that Bacula uses when it needs a new Volume is:
The algorithm described below assumes that AutoPrune is enabled, that Recycling is turned on, and that you have defined appropriate Retention periods, or used the defaults for all these items.
The above occurs when Bacula has finished writing a Volume or when no Volume is present in the drive.
On the other hand, if you have inserted a different Volume after the last job, and Bacula recognizes the Volume as valid, it will request authorization from the Director to use this Volume. In this case, if you have set Recycle Current Volume = yes and the Volume is marked as Used or Full, Bacula will prune the volume and if all jobs were removed during the pruning (respecting the retention periods), the Volume will be recycled and used.
The recycling algorithm in this case is:
This permits users to manually change the Volume every day and load tapes in an order different from what is in the catalog, and if the volume does not contain a current copy of your backup data, it will be used.
A few points from Alan Brown to keep in mind:
Each Volume inherits the Recycle status (yes or no) from the Pool resource record when the Media record is created (normally when the Volume is labeled). This Recycle status is stored in the Media record of the Catalog. Using the Console program, you may subsequently change the Recycle status for each Volume. For example in the following output from list volumes:
+----------+-------+--------+---------+------------+--------+-----+ | VolumeNa | Media | VolSta | VolByte | LastWritte | VolRet | Rec | +----------+-------+--------+---------+------------+--------+-----+ | File0001 | File | Full | 4190055 | 2002-05-25 | 14400 | 1 | | File0002 | File | Full | 1896460 | 2002-05-26 | 14400 | 1 | | File0003 | File | Full | 1896460 | 2002-05-26 | 14400 | 1 | | File0004 | File | Full | 1896460 | 2002-05-26 | 14400 | 1 | | File0005 | File | Full | 1896460 | 2002-05-26 | 14400 | 1 | | File0006 | File | Full | 1896460 | 2002-05-26 | 14400 | 1 | | File0007 | File | Purged | 1896466 | 2002-05-26 | 14400 | 1 | +----------+-------+--------+---------+------------+--------+-----+
all the volumes are marked as recyclable, and the last Volume, File0007 has been purged, so it may be immediately recycled. The other volumes are all marked recyclable and when their Volume Retention period (14400 seconds or four hours) expires, they will be eligible for pruning, and possibly recycling. Even though Volume File0007 has been purged, all the data on the Volume is still recoverable. A purged Volume simply means that there are no entries in the Catalog. Even if the Volume Status is changed to Recycle, the data on the Volume will be recoverable. The data is lost only when the Volume is re-labeled and re-written.
To modify Volume File0001 so that it cannot be recycled, you use the update volume pool=File command in the console program, or simply update and Bacula will prompt you for the information.
+----------+------+-------+---------+-------------+-------+-----+ | VolumeNa | Media| VolSta| VolByte | LastWritten | VolRet| Rec | +----------+------+-------+---------+-------------+-------+-----+ | File0001 | File | Full | 4190055 | 2002-05-25 | 14400 | 0 | | File0002 | File | Full | 1897236 | 2002-05-26 | 14400 | 1 | | File0003 | File | Full | 1896460 | 2002-05-26 | 14400 | 1 | | File0004 | File | Full | 1896460 | 2002-05-26 | 14400 | 1 | | File0005 | File | Full | 1896460 | 2002-05-26 | 14400 | 1 | | File0006 | File | Full | 1896460 | 2002-05-26 | 14400 | 1 | | File0007 | File | Purged| 1896466 | 2002-05-26 | 14400 | 1 | +----------+------+-------+---------+-------------+-------+-----+
In this case, File0001 will never be automatically recycled. The same effect can be achieved by setting the Volume Status to Read-Only.
As you have noted, the Volume Status (VolStatus) column in the catalog database contains the current status of the Volume, which is normally maintained automatically by Bacula. To give you an idea of some of the values it can take during the life cycle of a Volume, here is a picture created by Arno Lehmann:
A typical volume life cycle is like this:
because job count or size limit exceeded
Append ----------------------------------------> Used
^ |
| First Job writes to Retention time passed |
| the volume and recycling takes |
| place |
| v
Recycled <-------------------------------------- Purged
Volume is selected for reuse
Most people will want Bacula to fill a tape and when it is full, a new tape will be mounted, and so on. However, as an extreme example, it is possible for Bacula to write on a single tape, and every night to rewrite it. To get this to work, you must do two things: first, set the VolumeRetention to less than your save period (one day), and the second item is to make Bacula mark the tape as full after using it once. This is done using UseVolumeOnce = yes. If this latter record is not used and the tape is not full after the first time it is written, Bacula will simply append to the tape and eventually request another volume. Using the tape only once, forces the tape to be marked Full after each use, and the next time Bacula runs, it will recycle the tape.
An example Pool resource that does this is:
Pool {
Name = DDS-4
Use Volume Once = yes
Pool Type = Backup
AutoPrune = yes
VolumeRetention = 12h # expire after 12 hours
Recycle = yes
}
This example is meant to show you how one could define a fixed set of volumes that Bacula will rotate through on a regular schedule. There are an infinite number of such schemes, all of which have various advantages and disadvantages.
We start with the following assumptions:
We start the system by doing a Full save to one of the weekly volumes or one of the monthly volumes. The next morning, we remove the tape and insert a Daily tape. Friday evening, we remove the Daily tape and insert the next tape in the Weekly series. Monday, we remove the Weekly tape and re-insert the Daily tape. On the first Friday of the next month, we insert the next Monthly tape in the series rather than a Weekly tape, then continue. When a Daily tape finally fills up, Bacula will request the next one in the series, and the next day when you notice the email message, you will mount it and Bacula will finish the unfinished incremental backup.
What does this give? Well, at any point, you will have the last complete Full save plus several Incremental saves. For any given file you want to recover (or your whole system), you will have a copy of that file every day for at least the last 14 days. For older versions, you will have at least three and probably four Friday full saves of that file, and going back further, you will have a copy of that file made on the beginning of the month for at least a year.
So you have copies of any file (or your whole system) for at least a year, but as you go back in time, the time between copies increases from daily to weekly to monthly.
What would the Bacula configuration look like to implement such a scheme?
Schedule {
Name = "NightlySave"
Run = Level=Full Pool=Monthly 1st sat at 03:05
Run = Level=Full Pool=Weekly 2nd-5th sat at 03:05
Run = Level=Incremental Pool=Daily tue-fri at 03:05
}
Job {
Name = "NightlySave"
Type = Backup
Level = Full
Client = LocalMachine
FileSet = "File Set"
Messages = Standard
Storage = DDS-4
Pool = Daily
Schedule = "NightlySave"
}
# Definition of file storage device
Storage {
Name = DDS-4
Address = localhost
SDPort = 9103
Password = XXXXXXXXXXXXX
Device = FileStorage
Media Type = 8mm
}
FileSet {
Name = "File Set"
Include = signature=MD5 {
fffffffffffffffff
}
Exclude = { *.o }
}
Pool {
Name = Daily
Pool Type = Backup
AutoPrune = yes
VolumeRetention = 10d # recycle in 10 days
Maximum Volumes = 10
Recycle = yes
}
Pool {
Name = Weekly
Use Volume Once = yes
Pool Type = Backup
AutoPrune = yes
VolumeRetention = 30d # recycle in 30 days (default)
Recycle = yes
}
Pool {
Name = Monthly
Use Volume Once = yes
Pool Type = Backup
AutoPrune = yes
VolumeRetention = 365d # recycle in 1 year
Recycle = yes
}
Perhaps the best way to understand the various resource records that come into play during automatic pruning and recycling is to run a Job that goes through the whole cycle. If you add the following resources to your Director's configuration file:
Schedule {
Name = "30 minute cycle"
Run = Level=Full Pool=File Messages=Standard Storage=File
hourly at 0:05
Run = Level=Full Pool=File Messages=Standard Storage=File
hourly at 0:35
}
Job {
Name = "Filetest"
Type = Backup
Level = Full
Client=XXXXXXXXXX
FileSet="Test Files"
Messages = Standard
Storage = File
Pool = File
Schedule = "30 minute cycle"
}
# Definition of file storage device
Storage {
Name = File
Address = XXXXXXXXXXX
SDPort = 9103
Password = XXXXXXXXXXXXX
Device = FileStorage
Media Type = File
}
FileSet {
Name = "Test Files"
Include = signature=MD5 {
fffffffffffffffff
}
Exclude = { *.o }
}
Pool {
Name = File
Use Volume Once = yes
Pool Type = Backup
LabelFormat = "File"
AutoPrune = yes
VolumeRetention = 4h
Maximum Volumes = 12
Recycle = yes
}
Where you will need to replace the ffffffffff's by the appropriate files to be saved for your configuration. For the FileSet Include, choose a directory that has one or two megabytes maximum since there will probably be approximately eight copies of the directory that Bacula will cycle through.
In addition, you will need to add the following to your Storage daemon's configuration file:
Device {
Name = FileStorage
Media Type = File
Archive Device = /tmp
LabelMedia = yes;
Random Access = Yes;
AutomaticMount = yes;
RemovableMedia = no;
AlwaysOpen = no;
}
With the above resources, Bacula will start a Job every half hour that saves a copy of the directory you chose to /tmp/File0001 ... /tmp/File0012. After 4 hours, Bacula will start recycling the backup Volumes (/tmp/File0001 ...). You should see this happening in the output produced. Bacula will automatically create the Volumes (Files) the first time it uses them.
To turn it off, either delete all the resources you've added, or simply comment out the Schedule record in the Job resource.
Although automatic recycling of Volumes is implemented in version 1.20 and later (see the Automatic Recycling of Volumes chapter of this manual), you may want to manually force reuse (recycling) of a Volume.
Assuming that you want to keep the Volume name, but you simply want to write new data on the tape, the steps to take are:
Once the Volume is marked Purged, it will be recycled the next time a Volume is needed.
If you wish to reuse the tape by giving it a new name, follow the following steps:
Please note that the relabel command applies only to tape Volumes.
For Bacula versions prior to 1.30 or to manually relabel the Volume, use the instructions below:
mt -f /dev/nst0 rewind mt -f /dev/nst0 weof
where you replace /dev/nst0 with the appropriate device name on your system.
Please be aware that the delete command can be dangerous. Once it is done, to recover the File records, you must either restore your database as it was before the delete command, or use the bscan utility program to scan the tape and recreate the database entries.
This chapter presents most all the features needed to do Volume management. Most of the concepts apply equally well to both tape and disk Volumes. However, the chapter was originally written to explain backing up to disk, so you will see it is slanted in that direction, but all the directives presented here apply equally well whether your volume is disk or tape.
If you have a lot of hard disk storage or you absolutely must have your backups run within a small time window, you may want to direct Bacula to backup to disk Volumes rather than tape Volumes. This chapter is intended to give you some of the options that are available to you so that you can manage either disk or tape volumes.
Getting Bacula to write to disk rather than tape in the simplest case is rather easy. In the Storage daemon's configuration file, you simply define an Archive Device to be a directory. For example, if you want your disk backups to go into the directory /home/bacula/backups, you could use the following:
Device {
Name = FileBackup
Media Type = File
Archive Device = /home/bacula/backups
Random Access = Yes;
AutomaticMount = yes;
RemovableMedia = no;
AlwaysOpen = no;
}
Assuming you have the appropriate Storage resource in your Director's configuration file that references the above Device resource,
Storage {
Name = FileStorage
Address = ...
Password = ...
Device = FileBackup
Media Type = File
}
Bacula will then write the archive to the file /home/bacula/backups/<volume-name> where <volume-name> is the volume name of a Volume defined in the Pool. For example, if you have labeled a Volume named Vol001, Bacula will write to the file /home/bacula/backups/Vol001. Although you can later move the archive file to another directory, you should not rename it or it will become unreadable by Bacula. This is because each archive has the filename as part of the internal label, and the internal label must agree with the system filename before Bacula will use it.
Although this is quite simple, there are a number of problems. The first is that unless you specify otherwise, Bacula will always write to the same volume until you run out of disk space. This problem is addressed below.
In addition, if you want to use concurrent jobs that write to several different volumes at the same time, you will need to understand a number of other details. An example of such a configuration is given at the end of this chapter under Concurrent Disk Jobs.
Some of the options you have, all of which are specified in the Pool record, are:
UseVolumeOnce = yes.
Maximum Volume Jobs = nnn.
Maximum Volume Bytes = mmmm.
Note, if you use disk volumes, with all versions up to and including 1.39.28, you should probably limit the Volume size to some reasonable value such as say 5GB. This is because during a restore, Bacula is currently unable to seek to the proper place in a disk volume to restore a file, which means that it must read all records up to where the restore begins. If your Volumes are 50GB, reading half or more of the volume could take quite a bit of time. Also, if you ever have a partial hard disk failure, you are more likely to be able to recover more data if they are in smaller Volumes.
Volume Use Duration = ttt.
Note that although you probably would not want to limit the number of bytes on a tape as you would on a disk Volume, the other options can be very useful in limiting the time Bacula will use a particular Volume (be it tape or disk). For example, the above directives can allow you to ensure that you rotate through a set of daily Volumes if you wish.
As mentioned above, each of those directives is specified in the Pool or Pools that you use for your Volumes. In the case of Maximum Volume Job, Maximum Volume Bytes, and Volume Use Duration, you can actually specify the desired value on a Volume by Volume basis. The value specified in the Pool record becomes the default when labeling new Volumes. Once a Volume has been created, it gets its own copy of the Pool defaults, and subsequently changing the Pool will have no effect on existing Volumes. You can either manually change the Volume values, or refresh them from the Pool defaults using the update volume command in the Console. As an example of the use of one of the above, suppose your Pool resource contains:
Pool {
Name = File
Pool Type = Backup
Volume Use Duration = 23h
}
then if you run a backup once a day (every 24 hours), Bacula will use a new Volume for each backup, because each Volume it writes can only be used for 23 hours after the first write. Note, setting the use duration to 23 hours is not a very good solution for tapes unless you have someone on-site during the weekends, because Bacula will want a new Volume and no one will be present to mount it, so no weekend backups will be done until Monday morning.
Use of the above records brings up another problem -- that of labeling your Volumes. For automated disk backup, you can either manually label each of your Volumes, or you can have Bacula automatically label new Volumes when they are needed. While, the automatic Volume labeling in version 1.30 and prior is a bit simplistic, but it does allow for automation, the features added in version 1.31 permit automatic creation of a wide variety of labels including information from environment variables and special Bacula Counter variables. In version 1.37 and later, it is probably much better to use Python scripting and the NewVolume event since generating Volume labels in a Python script is much easier than trying to figure out Counter variables. See the Python Scripting chapter of this manual for more details.
Please note that automatic Volume labeling can also be used with tapes, but it is not nearly so practical since the tapes must be pre-mounted. This requires some user interaction. Automatic labeling from templates does NOT work with autochangers since Bacula will not access unknown slots. There are several methods of labeling all volumes in an autochanger magazine. For more information on this, please see the Autochanger chapter of this manual.
Automatic Volume labeling is enabled by making a change to both the Pool resource (Director) and to the Device resource (Storage daemon) shown above. In the case of the Pool resource, you must provide Bacula with a label format that it will use to create new names. In the simplest form, the label format is simply the Volume name, to which Bacula will append a four digit number. This number starts at 0001 and is incremented for each Volume the catalog contains. Thus if you modify your Pool resource to be:
Pool {
Name = File
Pool Type = Backup
Volume Use Duration = 23h
LabelFormat = "Vol"
}
Bacula will create Volume names Vol0001, Vol0002, and so on when new Volumes are needed. Much more complex and elaborate labels can be created using variable expansion defined in the Variable Expansion chapter of this manual.
The second change that is necessary to make automatic labeling work is to give the Storage daemon permission to automatically label Volumes. Do so by adding LabelMedia = yes to the Device resource as follows:
Device {
Name = File
Media Type = File
Archive Device = /home/bacula/backups
Random Access = Yes;
AutomaticMount = yes;
RemovableMedia = no;
AlwaysOpen = no;
LabelMedia = yes
}
You can find more details of the Label Format Pool record in Label Format description of the Pool resource records.
Automatic labeling discussed above brings up the problem of Volume management. With the above scheme, a new Volume will be created every day. If you have not specified Retention periods, your Catalog will continue to fill keeping track of all the files Bacula has backed up, and this procedure will create one new archive file (Volume) every day.
The tools Bacula gives you to help automatically manage these problems are the following:
The first three records (File Retention, Job Retention, and AutoPrune) determine the amount of time that Job and File records will remain in your Catalog, and they are discussed in detail in the Automatic Volume Recycling chapter of this manual.
Volume Retention, AutoPrune, and Recycle determine how long Bacula will keep your Volumes before reusing them, and they are also discussed in detail in the Automatic Volume Recycling chapter of this manual.
The Maximum Volumes record can also be used in conjunction with the Volume Retention period to limit the total number of archive Volumes (files) that Bacula will create. By setting an appropriate Volume Retention period, a Volume will be purged just before it is needed and thus Bacula can cycle through a fixed set of Volumes. Cycling through a fixed set of Volumes can also be done by setting Recycle Oldest Volume = yes or Recycle Current Volume = yes. In this case, when Bacula needs a new Volume, it will prune the specified volume.
Now suppose you want to use multiple Pools, which means multiple Volumes, or suppose you want each client to have its own Volume and perhaps its own directory such as /home/bacula/client1 and /home/bacula/client2 ... With the single Storage and Device definition above, neither of these two is possible. Why? Because Bacula disk storage follows the same rules as tape devices. Only one Volume can be mounted on any Device at any time. If you want to simultaneously write multiple Volumes, you will need multiple Device resources in your bacula-sd.conf file, and thus multiple Storage resources in your bacula-dir.conf.
OK, so now you should understand that you need multiple Device definitions in the case of different directories or different Pools, but you also need to know that the catalog data that Bacula keeps contains only the Media Type and not the specific storage device. This permits a tape for example to be re-read on any compatible tape drive. The compatibility being determined by the Media Type. The same applies to disk storage. Since a volume that is written by a Device in say directory /home/bacula/backups cannot be read by a Device with an Archive Device definition of /home/bacula/client1, you will not be able to restore all your files if you give both those devices Media Type = File. During the restore, Bacula will simply choose the first available device, which may not be the correct one. If this is confusing, just remember that the Directory has only the Media Type and the Volume name. It does not know the Archive Device (or the full path) that is specified in the Storage daemon. Thus you must explicitly tie your Volumes to the correct Device by using the Media Type.
The example shown below shows a case where there are two clients, each using its own Pool and storing their Volumes in different directories.
The following example is not very practical, but can be used to demonstrate the proof of concept in a relatively short period of time. The example consists of a two clients that are backed up to a set of 12 archive files (Volumes) for each client into different directories on the Storage machine. Each Volume is used (written) only once, and there are four Full saves done every hour (so the whole thing cycles around after three hours).
What is key here is that each physical device on the Storage daemon has a different Media Type. This allows the Director to choose the correct device for restores ...
The Director's configuration file is as follows:
Director {
Name = my-dir
QueryFile = "~/bacula/bin/query.sql"
PidDirectory = "~/bacula/working"
WorkingDirectory = "~/bacula/working"
Password = dir_password
}
Schedule {
Name = "FourPerHour"
Run = Level=Full hourly at 0:05
Run = Level=Full hourly at 0:20
Run = Level=Full hourly at 0:35
Run = Level=Full hourly at 0:50
}
Job {
Name = "RecycleExample"
Type = Backup
Level = Full
Client = Rufus
FileSet= "Example FileSet"
Messages = Standard
Storage = FileStorage
Pool = Recycle
Schedule = FourPerHour
}
Job {
Name = "RecycleExample2"
Type = Backup
Level = Full
Client = Roxie
FileSet= "Example FileSet"
Messages = Standard
Storage = FileStorage1
Pool = Recycle1
Schedule = FourPerHour
}
FileSet {
Name = "Example FileSet"
Include = compression=GZIP signature=SHA1 {
/home/kern/bacula/bin
}
}
Client {
Name = Rufus
Address = rufus
Catalog = BackupDB
Password = client_password
}
Client {
Name = Roxie
Address = roxie
Catalog = BackupDB
Password = client1_password
}
Storage {
Name = FileStorage
Address = rufus
Password = local_storage_password
Device = RecycleDir
Media Type = File
}
Storage {
Name = FileStorage1
Address = rufus
Password = local_storage_password
Device = RecycleDir1
Media Type = File1
}
Catalog {
Name = BackupDB
dbname = bacula; user = bacula; password = ""
}
Messages {
Name = Standard
...
}
Pool {
Name = Recycle
Use Volume Once = yes
Pool Type = Backup
LabelFormat = "Recycle-"
AutoPrune = yes
VolumeRetention = 2h
Maximum Volumes = 12
Recycle = yes
}
Pool {
Name = Recycle1
Use Volume Once = yes
Pool Type = Backup
LabelFormat = "Recycle1-"
AutoPrune = yes
VolumeRetention = 2h
Maximum Volumes = 12
Recycle = yes
}
and the Storage daemon's configuration file is:
Storage {
Name = my-sd
WorkingDirectory = "~/bacula/working"
Pid Directory = "~/bacula/working"
MaximumConcurrentJobs = 10
}
Director {
Name = my-dir
Password = local_storage_password
}
Device {
Name = RecycleDir
Media Type = File
Archive Device = /home/bacula/backups
LabelMedia = yes;
Random Access = Yes;
AutomaticMount = yes;
RemovableMedia = no;
AlwaysOpen = no;
}
Device {
Name = RecycleDir1
Media Type = File1
Archive Device = /home/bacula/backups1
LabelMedia = yes;
Random Access = Yes;
AutomaticMount = yes;
RemovableMedia = no;
AlwaysOpen = no;
}
Messages {
Name = Standard
director = my-dir = all
}
With a little bit of work, you can change the above example into a weekly or monthly cycle (take care about the amount of archive disk space used).
Bacula can, of course, use multiple disks, but in general, each disk must be a separate Device specification in the Storage daemon's conf file, and you must then select what clients to backup to each disk. You will also want to give each Device specification a different Media Type so that during a restore, Bacula will be able to find the appropriate drive.
The situation is a bit more complicated if you want to treat two different physical disk drives (or partitions) logically as a single drive, which Bacula does not directly support. However, it is possible to back up your data to multiple disks as if they were a single drive by linking the Volumes from the first disk to the second disk.
For example, assume that you have two disks named /disk1 and /disk2. If you then create a standard Storage daemon Device resource for backing up to the first disk, it will look like the following:
Device {
Name = client1
Media Type = File
Archive Device = /disk1
LabelMedia = yes;
Random Access = Yes;
AutomaticMount = yes;
RemovableMedia = no;
AlwaysOpen = no;
}
Since there is no way to get the above Device resource to reference both /disk1 and /disk2 we do it by pre-creating Volumes on /disk2 with the following:
ln -s /disk2/Disk2-vol001 /disk1/Disk2-vol001 ln -s /disk2/Disk2-vol002 /disk1/Disk2-vol002 ln -s /disk2/Disk2-vol003 /disk1/Disk2-vol003 ...
At this point, you can label the Volumes as Volume Disk2-vol001, Disk2-vol002, ... and Bacula will use them as if they were on /disk1 but actually write the data to /disk2. The only minor inconvenience with this method is that you must explicitly name the disks and cannot use automatic labeling unless you arrange to have the labels exactly match the links you have created.
An important thing to know is that Bacula treats disks like tape drives as much as it can. This means that you can only have a single Volume mounted at one time on a disk as defined in your Device resource in the Storage daemon's conf file. You can have multiple concurrent jobs running that all write to the one Volume that is being used, but if you want to have multiple concurrent jobs that are writing to separate disks drives (or partitions), you will need to define separate Device resources for each one, exactly as you would do for two different tape drives. There is one fundamental difference, however. The Volumes that you create on the two drives cannot be easily exchanged as they can for a tape drive, because they are physically resident (already mounted in a sense) on the particular drive. As a consequence, you will probably want to give them different Media Types so that Bacula can distinguish what Device resource to use during a restore. An example would be the following:
Device {
Name = Disk1
Media Type = File1
Archive Device = /disk1
LabelMedia = yes;
Random Access = Yes;
AutomaticMount = yes;
RemovableMedia = no;
AlwaysOpen = no;
}
Device {
Name = Disk2
Media Type = File2
Archive Device = /disk2
LabelMedia = yes;
Random Access = Yes;
AutomaticMount = yes;
RemovableMedia = no;
AlwaysOpen = no;
}
With the above device definitions, you can run two concurrent jobs each writing at the same time, one to /disk2 and the other to /disk2. The fact that you have given them different Media Types will allow Bacula to quickly choose the correct Storage resource in the Director when doing a restore.
If we take the above example and add a second Client, here are a few considerations:
In this example, we have two clients, each with a different Pool and a different number of archive files retained. They also write to different directories with different Volume labeling.
The Director's configuration file is as follows:
Director {
Name = my-dir
QueryFile = "~/bacula/bin/query.sql"
PidDirectory = "~/bacula/working"
WorkingDirectory = "~/bacula/working"
Password = dir_password
}
# Basic weekly schedule
Schedule {
Name = "WeeklySchedule"
Run = Level=Full fri at 1:30
Run = Level=Incremental sat-thu at 1:30
}
FileSet {
Name = "Example FileSet"
Include = compression=GZIP signature=SHA1 {
/home/kern/bacula/bin
}
}
Job {
Name = "Backup-client1"
Type = Backup
Level = Full
Client = client1
FileSet= "Example FileSet"
Messages = Standard
Storage = File1
Pool = client1
Schedule = "WeeklySchedule"
}
Job {
Name = "Backup-client2"
Type = Backup
Level = Full
Client = client2
FileSet= "Example FileSet"
Messages = Standard
Storage = File2
Pool = client2
Schedule = "WeeklySchedule"
}
Client {
Name = client1
Address = client1
Catalog = BackupDB
Password = client1_password
File Retention = 7d
}
Client {
Name = client2
Address = client2
Catalog = BackupDB
Password = client2_password
}
# Two Storage definitions with different Media Types
# permits different directories
Storage {
Name = File1
Address = rufus
Password = local_storage_password
Device = client1
Media Type = File1
}
Storage {
Name = File2
Address = rufus
Password = local_storage_password
Device = client2
Media Type = File2
}
Catalog {
Name = BackupDB
dbname = bacula; user = bacula; password = ""
}
Messages {
Name = Standard
...
}
# Two pools permits different cycling periods and Volume names
# Cycle through 15 Volumes (two weeks)
Pool {
Name = client1
Use Volume Once = yes
Pool Type = Backup
LabelFormat = "Client1-"
AutoPrune = yes
VolumeRetention = 13d
Maximum Volumes = 15
Recycle = yes
}
# Cycle through 8 Volumes (1 week)
Pool {
Name = client2
Use Volume Once = yes
Pool Type = Backup
LabelFormat = "Client2-"
AutoPrune = yes
VolumeRetention = 6d
Maximum Volumes = 8
Recycle = yes
}
and the Storage daemon's configuration file is:
Storage {
Name = my-sd
WorkingDirectory = "~/bacula/working"
Pid Directory = "~/bacula/working"
MaximumConcurrentJobs = 10
}
Director {
Name = my-dir
Password = local_storage_password
}
# Archive directory for Client1
Device {
Name = client1
Media Type = File1
Archive Device = /home/bacula/client1
LabelMedia = yes;
Random Access = Yes;
AutomaticMount = yes;
RemovableMedia = no;
AlwaysOpen = no;
}
# Archive directory for Client2
Device {
Name = client2
Media Type = File2
Archive Device = /home/bacula/client2
LabelMedia = yes;
Random Access = Yes;
AutomaticMount = yes;
RemovableMedia = no;
AlwaysOpen = no;
}
Messages {
Name = Standard
director = my-dir = all
}
Bacula allows you to specify that you want to write to DVD. However, this feature is implemented only in version 1.37 or later. You may in fact write to DVD+RW, DVD+R, DVD-R, or DVD-RW media. The actual process used by Bacula is to first write the image to a spool directory, then when the Volume reaches a certain size or, at your option, at the end of a Job, Bacula will transfer the image from the spool directory to the DVD. The actual work of transferring the image is done by a script dvd-handler, and the heart of that script is a program called growisofs which allows creating or adding to a DVD ISO filesystem.
You must have dvd+rw-tools loaded on your system for DVD writing to work. Please note that the original dvd+rw-tools package does NOT work with Bacula. You must apply a patch which can be found in the patches directory of Bacula sources with the name dvd+rw-tools-5.21.4.10.8.bacula.patch for version 5.21 of the tools, or patch bf dvd+rw-tools-6.1.bacula.patch if you have version 6.1 on your system. Unfortunately, this requires you to build the dvd_rw-tools from source.
Note, some Linux distros such as Debian dvd+rw-tools-7.0-4 package already have the patch applied, so please check.
The fact that Bacula cannot use the OS to write directly to the DVD makes the whole process a bit more error prone than writing to a disk or a tape, but nevertheless, it does work if you use some care to set it up properly. However, at the current time (version 1.39.30 -- 12 December 2006) we still consider this code to be BETA quality. As a consequence, please do careful testing before relying on DVD backups in production.
The remainder of this chapter explains the various directives that you can use to control the DVD writing.
The following directives are added to the Storage daemon's Device resource.
Most frequently, you will define it as follows:
Mount Command = "/bin/mount -t iso9660 -o ro %a %m"
However, if you have defined a mount point in /etc/fstab, you might be able to use a mount command such as:
Mount Command = "/bin/mount /media/dvd"
Most frequently, you will define it as follows:
Unmount Command = "/bin/umount %m"
For a DVD, you will most frequently specify the Bacula supplied dvd-handler script as follows:
Write Part Command = "/path/dvd-handler %a write %e %v"
Where /path is the path to your scripts install directory, and dvd-handler is the Bacula supplied script file. This command will already be present, but commented out, in the default bacula-sd.conf file. To use it, simply remove the comment (#) symbol.
For a DVD, you will most frequently specify the Bacula supplied dvd-handler script as follows:
Free Space Command = "/path/dvd-handler %a free"
Where /path is the path to your scripts install directory, and dvd-freespace is the Bacula supplied script file. If you want to specify your own command, please look at the code in dvd-handler to see what output Bacula expects from this command. This command will already be present, but commented out, in the default bacula-sd.conf file. To use it, simply remove the comment (#) symbol.
If you do not set it, Bacula will expect there is always free space on the device.
In addition to the directives specified above, you must also specify the other standard Device resource directives. Please see the sample DVD Device resource in the default bacula-sd.conf file. Be sure to specify the raw device name for Archive Device. It should be a name such as /dev/cdrom or /media/cdrecorder or /dev/dvd depending on your system. It will not be a name such as /mnt/cdrom.
Finally, for growisofs to work, it must be able to lock a certain amount of memory in RAM. If you have restrictions on this function, you may have failures. Under bash, you can set this with the following command:
ulimit -l unlimited
Before submitting the Mount Command, Unmount Command, Write Part Command, or Free Space Command directives to the operating system, Bacula performs character substitution of the following characters:
%% = %
%a = Archive device name
%e = erase (set if cannot mount and first part)
%n = part number
%m = mount point
%v = last part name (i.e. filename)
The following directives are added to the Director's Job resource.
It should be set to yes when writing to devices that require a mount (for example DVD), so you are sure that the current part, containing this job's data, is written to the device, and that no data is left in the temporary file on the hard disk. However, on some media, like DVD+R and DVD-R, a lot of space (about 10Mb) is lost everytime a part is written. So, if you run several jobs each after another, you could set this directive to no for all jobs, except the last one, to avoid wasting too much space, but to ensure that the data is written to the medium when all jobs are finished.
This directive is ignored for devices other than DVDs.
To retrieve the current mode of a DVD-RW, run:
dvd+rw-mediainfo /dev/xxxwhere you replace xxx with your DVD device name.
Mounted Media line should give you the information.
To set the device to Restricted Overwrite mode, run:
dvd+rw-format /dev/xxxIf you want to set it back to the default Incremental Sequential mode, run:
dvd+rw-format -blank /dev/xxx
dd if=/dev/zero bs=1024 count=512 | growisofs -Z /dev/xxx=/dev/fd/0Then, try to mount the device, if it cannot be mounted, it will be considered as blank by Bacula, if it can be mounted, try a full blank (see below).
growisofs -Z /dev/xxx=/dev/zerowhere you replace xxx with your DVD device name. However, note that this blanks the whole DVD, which takes quite a long time (16 minutes on mine).
To write to the DVD the first time use:
growisofs -Z /dev/xxx filename
To add additional files (more parts use):
growisofs -M /dev/xxx filename
The option -use-the-force-luke=4gms was added in growisofs 5.20 to override growisofs' behavior of always checking for the 4GB limit. Normally, this option is recommended for all Linux 2.6.8 kernels or greater, since these newer kernels can handle writing more than 4GB. See below for more details on this subject.
If you manage five or ten machines and have a nice tape backup, you don't need Pools, and you may wonder what they are good for. In this chapter, you will see that Pools can help you optimize disk storage space. The same techniques can be applied to a shop that has multiple tape drives, or that wants to mount various different Volumes to meet their needs.
The rest of this chapter will give an example involving backup to disk Volumes, but most of the information applies equally well to tape Volumes.
A site that I administer (a charitable organization) had a tape DDS-3 tape drive that was failing. The exact reason for the failure is still unknown. Worse yet, their full backup size is about 15GB whereas the capacity of their broken DDS-3 was at best 8GB (rated 6/12). A new DDS-4 tape drive and the necessary cassettes was more expensive than their budget could handle.
They want to maintain six months of backup data, and be able to access the old files on a daily basis for a week, a weekly basis for a month, then monthly for six months. In addition, offsite capability was not needed (well perhaps it really is, but it was never used). Their daily changes amount to about 300MB on the average, or about 2GB per week.
As a consequence, the total volume of data they need to keep to meet their needs is about 100GB (15GB x 6 + 2GB x 5 + 0.3 x 7) = 102.1GB.
The chosen solution was to buy a 120GB hard disk for next to nothing -- far less than 1/10th the price of a tape drive and the cassettes to handle the same amount of data, and to have Bacula write to disk files.
The rest of this chapter will explain how to setup Bacula so that it would automatically manage a set of disk files with the minimum sysadmin intervention. The system has been running since 22 January 2004 until today (23 June 2007) with no intervention, with the exception of adding a second 120GB hard disk after a year because their needs grew over that time to more than the 120GB (168GB to be exact). The only other intervention I have made is a periodic (about once a year) Bacula upgrade.
Getting Bacula to write to disk rather than tape in the simplest case is rather easy, and is documented in the previous chapter. In addition, all the directives discussed here are explained in that chapter. We'll leave it to you to look at the details there. If you haven't read it and are not familiar with Pools, you probably should at least read it once quickly for the ideas before continuing here.
One needs to consider about what happens if we have only a single large Bacula Volume defined on our hard disk. Everything works fine until the Volume fills, then Bacula will ask you to mount a new Volume. This same problem applies to the use of tape Volumes if your tape fills. Being a hard disk and the only one you have, this will be a bit of a problem. It should be obvious that it is better to use a number of smaller Volumes and arrange for Bacula to automatically recycle them so that the disk storage space can be reused. The other problem with a single Volume, is that until version 2.0.0, Bacula did not seek within a disk Volume, so restoring a single file can take more time than one would expect.
As mentioned, the solution is to have multiple Volumes, or files on the disk. To do so, we need to limit the use and thus the size of a single Volume, by time, by number of jobs, or by size. Any of these would work, but we chose to limit the use of a single Volume by putting a single job in each Volume with the exception of Volumes containing Incremental backup where there will be 6 jobs (a week's worth of data) per volume. The details of this will be discussed shortly. This is a single client backup, so if you have multiple clients you will need to multiply those numbers by the number of clients, or use a different system for switching volumes, such as limiting the volume size.
The next problem to resolve is recycling of Volumes. As you noted from above, the requirements are to be able to restore monthly for 6 months, weekly for a month, and daily for a week. So to simplify things, why not do a Full save once a month, a Differential save once a week, and Incremental saves daily. Now since each of these different kinds of saves needs to remain valid for differing periods, the simplest way to do this (and possibly the only) is to have a separate Pool for each backup type.
The decision was to use three Pools: one for Full saves, one for Differential saves, and one for Incremental saves, and each would have a different number of volumes and a different Retention period to accomplish the requirements.
Putting a single Full backup on each Volume, will require six Full save Volumes, and a retention period of six months. The Pool needed to do that is:
Pool {
Name = Full-Pool
Pool Type = Backup
Recycle = yes
AutoPrune = yes
Volume Retention = 6 months
Maximum Volume Jobs = 1
Label Format = Full-
Maximum Volumes = 9
}
Since these are disk Volumes, no space is lost by having separate Volumes for each backup (done once a month in this case). The items to note are the retention period of six months (i.e. they are recycled after six months), that there is one job per volume (Maximum Volume Jobs = 1), the volumes will be labeled Full-0001, ... Full-0006 automatically. One could have labeled these manually from the start, but why not use the features of Bacula.
Six months after the first volume is used, it will be subject to pruning and thus recycling, so with a maximum of 9 volumes, there should always be 3 volumes available (note, they may all be marked used, but they will be marked purged and recycled as needed).
If you have two clients, you would want to set Maximum Volume Jobs to 2 instead of one, or set a limit on the size of the Volumes, and possibly increase the maximum number of Volumes.
For the Differential backup Pool, we choose a retention period of a bit longer than a month and ensure that there is at least one Volume for each of the maximum of five weeks in a month. So the following works:
Pool {
Name = Diff-Pool
Pool Type = Backup
Recycle = yes
AutoPrune = yes
Volume Retention = 40 days
Maximum Volume Jobs = 1
Label Format = Diff-
Maximum Volumes = 10
}
As you can see, the Differential Pool can grow to a maximum of 9 volumes, and the Volumes are retained 40 days and thereafter they can be recycled. Finally there is one job per volume. This, of course, could be tightened up a lot, but the expense here is a few GB which is not too serious.
If a new volume is used every week, after 40 days, one will have used 7 volumes, and there should then always be 3 volumes that can be purged and recycled.
See the discussion above concering the Full pool for how to handle multiple clients.
Finally, here is the resource for the Incremental Pool:
Pool {
Name = Inc-Pool
Pool Type = Backup
Recycle = yes
AutoPrune = yes
Volume Retention = 20 days
Maximum Volume Jobs = 6
Label Format = Inc-
Maximum Volumes = 7
}
We keep the data for 20 days rather than just a week as the needs require. To reduce the proliferation of volume names, we keep a week's worth of data (6 incremental backups) in each Volume. In practice, the retention period should be set to just a bit more than a week and keep only two or three volumes instead of five. Again, the lost is very little and as the system reaches the full steady state, we can adjust these values so that the total disk usage doesn't exceed the disk capacity.
If you have two clients, the simplest thing to do is to increase the maximum volume jobs from 6 to 12. As mentioned above, it is also possible limit the size of the volumes. However, in that case, you will need to have a better idea of the volume or add sufficient volumes to the pool so that you will be assured that in the next cycle (after 20 days) there is at least one volume that is pruned and can be recycled.
The following example shows you the actual files used, with only a few minor modifications to simplify things.
The Director's configuration file is as follows:
Director { # define myself
Name = bacula-dir
DIRport = 9101
QueryFile = "/home/bacula/bin/query.sql"
WorkingDirectory = "/home/bacula/working"
PidDirectory = "/home/bacula/working"
Maximum Concurrent Jobs = 1
Password = " *** CHANGE ME ***"
Messages = Standard
}
# By default, this job will back up to disk in /tmp
Job {
Name = client
Type = Backup
Client = client-fd
FileSet = "Full Set"
Schedule = "WeeklyCycle"
Storage = File
Messages = Standard
Pool = Default
Full Backup Pool = Full-Pool
Incremental Backup Pool = Inc-Pool
Differential Backup Pool = Diff-Pool
Write Bootstrap = "/home/bacula/working/client.bsr"
Priority = 10
}
# Backup the catalog database (after the nightly save)
Job {
Name = "BackupCatalog"
Type = Backup
Client = client-fd
FileSet="Catalog"
Schedule = "WeeklyCycleAfterBackup"
Storage = File
Messages = Standard
Pool = Default
# This creates an ASCII copy of the catalog
# WARNING!!! Passing the password via the command line is insecure.
# see comments in make_catalog_backup for details.
RunBeforeJob = "/home/bacula/bin/make_catalog_backup bacula bacula"
# This deletes the copy of the catalog
RunAfterJob = "/home/bacula/bin/delete_catalog_backup"
Write Bootstrap = "/home/bacula/working/BackupCatalog.bsr"
Priority = 11 # run after main backup
}
# Standard Restore template, to be changed by Console program
Job {
Name = "RestoreFiles"
Type = Restore
Client = havana-fd
FileSet="Full Set"
Storage = File
Messages = Standard
Pool = Default
Where = /tmp/bacula-restores
}
# List of files to be backed up
FileSet {
Name = "Full Set"
Include = { Options { signature=SHA1; compression=GZIP9 }
File = /
File = /usr
File = /home
File = /boot
File = /var
File = /opt
}
Exclude = {
File = /proc
File = /tmp
File = /.journal
File = /.fsck
...
}
}
Schedule {
Name = "WeeklyCycle"
Run = Level=Full 1st sun at 2:05
Run = Level=Differential 2nd-5th sun at 2:05
Run = Level=Incremental mon-sat at 2:05
}
# This schedule does the catalog. It starts after the WeeklyCycle
Schedule {
Name = "WeeklyCycleAfterBackup"
Run = Level=Full sun-sat at 2:10
}
# This is the backup of the catalog
FileSet {
Name = "Catalog"
Include { Options { signature=MD5 }
File = /home/bacula/working/bacula.sql
}
}
Client {
Name = client-fd
Address = client
FDPort = 9102
Catalog = MyCatalog
Password = " *** CHANGE ME ***"
AutoPrune = yes # Prune expired Jobs/Files
Job Retention = 6 months
File Retention = 60 days
}
Storage {
Name = File
Address = localhost
SDPort = 9103
Password = " *** CHANGE ME ***"
Device = FileStorage
Media Type = File
}
Catalog {
Name = MyCatalog
dbname = bacula; user = bacula; password = ""
}
Pool {
Name = Full-Pool
Pool Type = Backup
Recycle = yes # automatically recycle Volumes
AutoPrune = yes # Prune expired volumes
Volume Retention = 6 months
Maximum Volume Jobs = 1
Label Format = Full-
Maximum Volumes = 9
}
Pool {
Name = Inc-Pool
Pool Type = Backup
Recycle = yes # automatically recycle Volumes
AutoPrune = yes # Prune expired volumes
Volume Retention = 20 days
Maximum Volume Jobs = 6
Label Format = Inc-
Maximum Volumes = 7
}
Pool {
Name = Diff-Pool
Pool Type = Backup
Recycle = yes
AutoPrune = yes
Volume Retention = 40 days
Maximum Volume Jobs = 1
Label Format = Diff-
Maximum Volumes = 10
}
Messages {
Name = Standard
mailcommand = "bsmtp -h mail.domain.com -f \"\(Bacula\) %r\"
-s \"Bacula: %t %e of %c %l\" %r"
operatorcommand = "bsmtp -h mail.domain.com -f \"\(Bacula\) %r\"
-s \"Bacula: Intervention needed for %j\" %r"
mail = root@domain.com = all, !skipped
operator = root@domain.com = mount
console = all, !skipped, !saved
append = "/home/bacula/bin/log" = all, !skipped
}
and the Storage daemon's configuration file is:
Storage { # definition of myself
Name = bacula-sd
SDPort = 9103 # Director's port
WorkingDirectory = "/home/bacula/working"
Pid Directory = "/home/bacula/working"
}
Director {
Name = bacula-dir
Password = " *** CHANGE ME ***"
}
Device {
Name = FileStorage
Media Type = File
Archive Device = /files/bacula
LabelMedia = yes; # lets Bacula label unlabeled media
Random Access = Yes;
AutomaticMount = yes; # when device opened, read it
RemovableMedia = no;
AlwaysOpen = no;
}
Messages {
Name = Standard
director = bacula-dir = all
}
The term Migration, as used in the context of Bacula, means moving data from one Volume to another. In particular it refers to a Job (similar to a backup job) that reads data that was previously backed up to a Volume and writes it to another Volume. As part of this process, the File catalog records associated with the first backup job are purged. In other words, Migration moves Bacula Job data from one Volume to another by reading the Job data from the Volume it is stored on, writing it to a different Volume in a different Pool, and then purging the database records for the first Job.
The section process for which Job or Jobs are migrated can be based on quite a number of different criteria such as:
The details of these selection criteria will be defined below.
To run a Migration job, you must first define a Job resource very similar to a Backup Job but with Type = Migrate instead of Type = Backup. One of the key points to remember is that the Pool that is specified for the migration job is the only pool from which jobs will be migrated, with one exception noted below. In addition, the Pool to which the selected Job or Jobs will be migrated is defined by the Next Pool = ... in the Pool resource specified for the Migration Job.
Bacula permits pools to contain Volumes with different Media Types. However, when doing migration, this is a very undesirable condition. For migration to work properly, you should use pools containing only Volumes of the same Media Type for all migration jobs.
The migration job normally is either manually started or starts from a Schedule much like a backup job. It searches for a previous backup Job or Jobs that match the parameters you have specified in the migration Job resource, primarily a Selection Type (detailed a bit later). Then for each previous backup JobId found, the Migration Job will run a new Job which copies the old Job data from the previous Volume to a new Volume in the Migration Pool. It is possible that no prior Jobs are found for migration, in which case, the Migration job will simply terminate having done nothing, but normally at a minimum, three jobs are involved during a migration:
If the Migration control job finds a number of JobIds to migrate (e.g. it is asked to migrate one or more Volumes), it will start one new migration backup job for each JobId found on the specified Volumes. Please note that Migration doesn't scale too well since Migrations are done on a Job by Job basis. This if you select a very large volume or a number of volumes for migration, you may have a large number of Jobs that start. Because each job must read the same Volume, they will run consecutively (not simultaneously).
The following directives can appear in a Director's Job resource, and they are used to define a Migration job.
For the OldestVolume and SmallestVolume, this Selection pattern is not used (ignored).
For the Client, Volume, and Job keywords, this pattern must be a valid regular expression that will filter the appropriate item names found in the Pool.
For the SQLQuery keyword, this pattern must be a valid SELECT SQL statement that returns JobIds.
The following directives can appear in a Director's Pool resource, and they are used to define a Migration job.
When you specify a Migration Job, you must specify all the standard directives as for a Job. However, certain such as the Level, Client, and FileSet, though they must be defined, are ignored by the Migration job because the values from the original job used instead.
As an example, suppose you have the following Job that you run every night. To note: there is no Storage directive in the Job resource; there is a Storage directive in each of the Pool resources; the Pool to be migrated (File) contains a Next Pool directive that defines the output Pool (where the data is written by the migration job).
# Define the backup Job
Job {
Name = "NightlySave"
Type = Backup
Level = Incremental # default
Client=rufus-fd
FileSet="Full Set"
Schedule = "WeeklyCycle"
Messages = Standard
Pool = Default
}
# Default pool definition
Pool {
Name = Default
Pool Type = Backup
AutoPrune = yes
Recycle = yes
Next Pool = Tape
Storage = File
LabelFormat = "File"
}
# Tape pool definition
Pool {
Name = Tape
Pool Type = Backup
AutoPrune = yes
Recycle = yes
Storage = DLTDrive
}
# Definition of File storage device
Storage {
Name = File
Address = rufus
Password = "ccV3lVTsQRsdIUGyab0N4sMDavui2hOBkmpBU0aQKOr9"
Device = "File" # same as Device in Storage daemon
Media Type = File # same as MediaType in Storage daemon
}
# Definition of DLT tape storage device
Storage {
Name = DLTDrive
Address = rufus
Password = "ccV3lVTsQRsdIUGyab0N4sMDavui2hOBkmpBU0aQKOr9"
Device = "HP DLT 80" # same as Device in Storage daemon
Media Type = DLT8000 # same as MediaType in Storage daemon
}
Where we have included only the essential information -- i.e. the Director, FileSet, Catalog, Client, Schedule, and Messages resources are omitted.
As you can see, by running the NightlySave Job, the data will be backed up to File storage using the Default pool to specify the Storage as File.
Now, if we add the following Job resource to this conf file.
Job {
Name = "migrate-volume"
Type = Migrate
Level = Full
Client = rufus-fd
FileSet = "Full Set"
Messages = Standard
Pool = Default
Maximum Concurrent Jobs = 4
Selection Type = Volume
Selection Pattern = "File"
}
and then run the job named migrate-volume, all volumes in the Pool named Default (as specified in the migrate-volume Job that match the regular expression pattern File will be migrated to tape storage DLTDrive because the Next Pool in the Default Pool specifies that Migrations should go to the pool named Tape, which uses Storage DLTDrive.
If instead, we use a Job resource as follows:
Job {
Name = "migrate"
Type = Migrate
Level = Full
Client = rufus-fd
FileSet="Full Set"
Messages = Standard
Pool = Default
Maximum Concurrent Jobs = 4
Selection Type = Job
Selection Pattern = ".*Save"
}
All jobs ending with the name Save will be migrated from the File Default to the Tape Pool, or from File storage to Tape storage.
Although Recycling and Backing Up to Disk Volume have been discussed in previous chapters, this chapter is meant to give you an overall view of possible backup strategies and to explain their advantages and disadvantages.
Probably the simplest strategy is to back everything up to a single tape and insert a new (or recycled) tape when it fills and Bacula requests a new one.
This system is very simple. When the tape fills and Bacula requests a new tape, you unmount the tape from the Console program, insert a new tape and label it. In most cases after the label, Bacula will automatically mount the tape and resume the backup. Otherwise, you simply mount the tape.
Using this strategy, one typically does a Full backup once a week followed by daily Incremental backups. To minimize the amount of data written to the tape, one can do a Full backup once a month on the first Sunday of the month, a Differential backup on the 2nd-5th Sunday of the month, and incremental backups the rest of the week.
If you use the strategy presented above, Bacula will ask you to change the tape, and you will unmount it and then remount it when you have inserted the new tape.
If you do not wish to interact with Bacula to change each tape, there are several ways to get Bacula to release the tape:
#!/bin/sh
/full-path/bconsole -c /full-path/bconsole.conf <<END_OF_DATA
release storage=your-storage-name
END_OF_DATA
In this example, you would have AlwaysOpen=yes, but the release command would tell Bacula to rewind the tape and on the next job assume the tape has changed. This strategy may not work on some systems, or on autochangers because Bacula will still keep the drive open.
#!/bin/sh
/full-path/bconsole -c /full-path/bconsole.conf <\<END_OF_DATA
unmount storage=your-storage-name
END_OF_DATA
# the following is a shell command
mt eject
/full-path/bconsole -c /full-path/bconsole.conf <<END_OF_DATA
mount storage=your-storage-name
END_OF_DATA
This scheme is quite different from the one mentioned above in that a Full backup is done to a different tape every day of the week. Generally, the backup will cycle continuously through five or six tapes each week. Variations are to use a different tape each Friday, and possibly at the beginning of the month. Thus if backups are done Monday through Friday only, you need only five tapes, and by having two Friday tapes, you need a total of six tapes. Many sites run this way, or using modifications of it based on two week cycles or longer.
The simplest way to "force" Bacula to use a different tape each day is to define a different Pool for each day of the the week a backup is done. In addition, you will need to specify appropriate Job and File retention periods so that Bacula will relabel and overwrite the tape each week rather than appending to it. Nic Bellamy has supplied an actual working model of this which we include here.
What is important is to create a different Pool for each day of the week, and on the run statement in the Schedule, to specify which Pool is to be used. He has one Schedule that accomplishes this, and a second Schedule that does the same thing for the Catalog backup run each day after the main backup (Priorities were not available when this script was written). In addition, he uses a Max Start Delay of 22 hours so that if the wrong tape is premounted by the operator, the job will be automatically canceled, and the backup cycle will re-synchronize the next day. He has named his Friday Pool WeeklyPool because in that Pool, he wishes to have several tapes to be able to restore to a time older than one week.
And finally, in his Storage daemon's Device resource, he has Automatic Mount = yes and Always Open = No. This is necessary for the tape ejection to work in his end_of_backup.sh script below.
For example, his bacula-dir.conf file looks like the following:
# /etc/bacula/bacula-dir.conf
#
# Bacula Director Configuration file
#
Director {
Name = ServerName
DIRport = 9101
QueryFile = "/etc/bacula/query.sql"
WorkingDirectory = "/var/lib/bacula"
PidDirectory = "/var/run"
SubSysDirectory = "/var/lock/subsys"
Maximum Concurrent Jobs = 1
Password = "console-pass"
Messages = Standard
}
#
# Define the main nightly save backup job
#
Job {
Name = "NightlySave"
Type = Backup
Client = ServerName
FileSet = "Full Set"
Schedule = "WeeklyCycle"
Storage = Tape
Messages = Standard
Pool = Default
Write Bootstrap = "/var/lib/bacula/NightlySave.bsr"
Max Start Delay = 22h
}
# Backup the catalog database (after the nightly save)
Job {
Name = "BackupCatalog"
Type = Backup
Client = ServerName
FileSet = "Catalog"
Schedule = "WeeklyCycleAfterBackup"
Storage = Tape
Messages = Standard
Pool = Default
# This creates an ASCII copy of the catalog
# WARNING!!! Passing the password via the command line is insecure.
# see comments in make_catalog_backup for details.
RunBeforeJob = "/usr/lib/bacula/make_catalog_backup -u bacula"
# This deletes the copy of the catalog, and ejects the tape
RunAfterJob = "/etc/bacula/end_of_backup.sh"
Write Bootstrap = "/var/lib/bacula/BackupCatalog.bsr"
Max Start Delay = 22h
}
# Standard Restore template, changed by Console program
Job {
Name = "RestoreFiles"
Type = Restore
Client = ServerName
FileSet = "Full Set"
Storage = Tape
Messages = Standard
Pool = Default
Where = /tmp/bacula-restores
}
# List of files to be backed up
FileSet {
Name = "Full Set"
Include = signature=MD5 {
/
/data
}
Exclude = { /proc /tmp /.journal }
}
#
# When to do the backups
#
Schedule {
Name = "WeeklyCycle"
Run = Level=Full Pool=MondayPool Monday at 8:00pm
Run = Level=Full Pool=TuesdayPool Tuesday at 8:00pm
Run = Level=Full Pool=WednesdayPool Wednesday at 8:00pm
Run = Level=Full Pool=ThursdayPool Thursday at 8:00pm
Run = Level=Full Pool=WeeklyPool Friday at 8:00pm
}
# This does the catalog. It starts after the WeeklyCycle
Schedule {
Name = "WeeklyCycleAfterBackup"
Run = Level=Full Pool=MondayPool Monday at 8:15pm
Run = Level=Full Pool=TuesdayPool Tuesday at 8:15pm
Run = Level=Full Pool=WednesdayPool Wednesday at 8:15pm
Run = Level=Full Pool=ThursdayPool Thursday at 8:15pm
Run = Level=Full Pool=WeeklyPool Friday at 8:15pm
}
# This is the backup of the catalog
FileSet {
Name = "Catalog"
Include = signature=MD5 {
/var/lib/bacula/bacula.sql
}
}
# Client (File Services) to backup
Client {
Name = ServerName
Address = dionysus
FDPort = 9102
Catalog = MyCatalog
Password = "client-pass"
File Retention = 30d
Job Retention = 30d
AutoPrune = yes
}
# Definition of file storage device
Storage {
Name = Tape
Address = dionysus
SDPort = 9103
Password = "storage-pass"
Device = Tandberg
Media Type = MLR1
}
# Generic catalog service
Catalog {
Name = MyCatalog
dbname = bacula; user = bacula; password = ""
}
# Reasonable message delivery -- send almost all to email address
# and to the console
Messages {
Name = Standard
mailcommand = "/usr/sbin/bsmtp -h localhost -f \"\(Bacula\) %r\"
-s \"Bacula: %t %e of %c %l\" %r"
operatorcommand = "/usr/sbin/bsmtp -h localhost -f \"\(Bacula\) %r\"
-s \"Bacula: Intervention needed for %j\" %r"
mail = root@localhost = all, !skipped
operator = root@localhost = mount
console = all, !skipped, !saved
append = "/var/lib/bacula/log" = all, !skipped
}
# Pool definitions
#
# Default Pool for jobs, but will hold no actual volumes
Pool {
Name = Default
Pool Type = Backup
}
Pool {
Name = MondayPool
Pool Type = Backup
Recycle = yes
AutoPrune = yes
Volume Retention = 6d
Maximum Volume Jobs = 2
}
Pool {
Name = TuesdayPool
Pool Type = Backup
Recycle = yes
AutoPrune = yes
Volume Retention = 6d
Maximum Volume Jobs = 2
}
Pool {
Name = WednesdayPool
Pool Type = Backup
Recycle = yes
AutoPrune = yes
Volume Retention = 6d
Maximum Volume Jobs = 2
}
Pool {
Name = ThursdayPool
Pool Type = Backup
Recycle = yes
AutoPrune = yes
Volume Retention = 6d
Maximum Volume Jobs = 2
}
Pool {
Name = WeeklyPool
Pool Type = Backup
Recycle = yes
AutoPrune = yes
Volume Retention = 12d
Maximum Volume Jobs = 2
}
# EOF
Note, the mailcommand and operatorcommand should be on a single line each. They were split to preserve the proper page width. In order to get Bacula to release the tape after the nightly backup, he uses a RunAfterJob script that deletes the ASCII copy of the database back and then rewinds and ejects the tape. The following is a copy of end_of_backup.sh
#! /bin/sh /usr/lib/bacula/delete_catalog_backup mt rewind mt eject exit 0
Finally, if you list his Volumes, you get something like the following:
*list media Using default Catalog name=MyCatalog DB=bacula Pool: WeeklyPool +-----+-----------+-------+--------+-----------+-----------------+-------+------+ | MeId| VolumeName| MedTyp| VolStat| VolBytes | LastWritten | VolRet| Recyc| +-----+-----------+-------+--------+-----------+-----------------+-------+------+ | 5 | Friday_1 | MLR1 | Used | 2157171998| 2003-07-11 20:20| 103680| 1 | | 6 | Friday_2 | MLR1 | Append | 0 | 0 | 103680| 1 | +-----+-----------+-------+--------+-----------+-----------------+-------+------+ Pool: MondayPool +-----+-----------+-------+--------+-----------+-----------------+-------+------+ | MeId| VolumeName| MedTyp| VolStat| VolBytes | LastWritten | VolRet| Recyc| +-----+-----------+-------+--------+-----------+-----------------+-------+------+ | 2 | Monday | MLR1 | Used | 2260942092| 2003-07-14 20:20| 518400| 1 | +-----+-----------+-------+--------+-----------+-----------------+-------+------+ Pool: TuesdayPool +-----+-----------+-------+--------+-----------+-----------------+-------+------+ | MeId| VolumeName| MedTyp| VolStat| VolBytes | LastWritten | VolRet| Recyc| +-----+-----------+-------+--------+-----------+-----------------+-------+------+ | 3 | Tuesday | MLR1 | Used | 2268180300| 2003-07-15 20:20| 518400| 1 | +-----+-----------+-------+--------+-----------+-----------------+-------+------+ Pool: WednesdayPool +-----+-----------+-------+--------+-----------+-----------------+-------+------+ | MeId| VolumeName| MedTyp| VolStat| VolBytes | LastWritten | VolRet| Recyc| +-----+-----------+-------+--------+-----------+-----------------+-------+------+ | 4 | Wednesday | MLR1 | Used | 2138871127| 2003-07-09 20:2 | 518400| 1 | +-----+-----------+-------+--------+-----------+-----------------+-------+------+ Pool: ThursdayPool +-----+-----------+-------+--------+-----------+-----------------+-------+------+ | MeId| VolumeName| MedTyp| VolStat| VolBytes | LastWritten | VolRet| Recyc| +-----+-----------+-------+--------+-----------+-----------------+-------+------+ | 1 | Thursday | MLR1 | Used | 2146276461| 2003-07-10 20:50| 518400| 1 | +-----+-----------+-------+--------+-----------+-----------------+-------+------+ Pool: Default No results to list.
Note, I have truncated a number of the columns so that the information fits on the width of a page.
Bacula provides autochanger support for reading and writing tapes. In order to work with an autochanger, Bacula requires a number of things, each of which is explained in more detail after this list:
In version 1.37 and later, there is a new Autochanger resource that permits you to group Device resources thus creating a multi-drive autochanger. If you have an autochanger, you must use this new resource.
Bacula uses its own mtx-changer script to interface with a program that actually does the tape changing. Thus in principle, mtx-changer can be adapted to function with any autochanger program, or you can call any other script or program. The current version of mtx-changer works with the mtx program. However, FreeBSD users have provided a script in the examples/autochangers directory that allows Bacula to use the chio program.
Bacula also supports autochangers with barcode readers. This support includes two Console commands: label barcodes and update slots. For more details on these commands, see the "Barcode Support" section below.
Current Bacula autochanger support does not include cleaning, stackers, or silos. Stackers and silos are not supported because Bacula expects to be able to access the Slots randomly. However, if you are very careful to setup Bacula to access the Volumes in the autochanger sequentially, you may be able to make Bacula work with stackers (gravity feed and such).
Support for multi-drive autochangers requires the Autochanger resource introduced in version 1.37. This resource is also recommended for single drive autochangers.
In principle, if mtx will operate your changer correctly, then it is just a question of adapting the mtx-changer script (or selecting one already adapted) for proper interfacing. You can find a list of autochangers supported by mtx at the following link: http://mtx.opensource-sw.net/compatibility.php. The home page for the mtx project can be found at: http://mtx.opensource-sw.net/.
Note, we have feedback from some users that there are certain incompatibilities between the Linux kernel and mtx. For example between kernel 2.6.18-8.1.8.el5 of CentOS and RedHat and version 1.3.10 and 1.3.11 of mtx. This was fixed by upgrading to a version 2.6.22 kernel.
In addition, apparently certain versions of mtx, for example, version 1.3.11 limit the number of slots to a maximum of 64. The solution was to use version 1.3.10.
If you are having troubles, please use the auto command in the btape program to test the functioning of your autochanger with Bacula. When Bacula is running, please remember that for many distributions (e.g. FreeBSD, Debian, ...) the Storage daemon runs as bacula.tape rather than root.root, so you will need to ensure that the Storage daemon has sufficient permissions to access the autochanger.
Some users have reported that the the Storage daemon blocks under certain circumstances in trying to mount a volume on a drive that has a different volume loaded. As best we can determine, this is simply a matter of waiting a bit. The drive was previously in use writing a Volume, and sometimes the drive will remain BLOCKED for a good deal of time (up to 7 minutes on a slow drive) waiting for the cassette to rewind and to unload before the drive can be used with a different Volume.
Under Linux, you can
cat /proc/scsi/scsi
to see what SCSI devices you have available. You can also:
cat /proc/scsi/sg/device_hdr /proc/scsi/sg/devices
to find out how to specify their control address (/dev/sg0 for the first, /dev/sg1 for the second, ...) on the Changer Device = Bacula directive.
For more detailed information on what SCSI devices you have please see the Linux SCSI Tricks section of the Tape Testing chapter of this manual.
Under FreeBSD, you can use:
camcontrol devlist
To list the SCSI devices as well as the /dev/passn that you will use on the Bacula Changer Device = directive.
Please check that your Storage daemon has permission to access this device.
The following tip for FreeBSD users comes from Danny Butroyd: on reboot Bacula will NOT have permission to control the device /dev/pass0 (assuming this is your changer device). To get around this just edit the /etc/devfs.conf file and add the following to the bottom:
own pass0 root:bacula perm pass0 0666 own nsa0.0 root:bacula perm nsa0.0 0666
This gives the bacula group permission to write to the nsa0.0 device too just to be on the safe side. To bring these changes into effect just run:-
/etc/rc.d/devfs restart
Basically this will stop you having to manually change permissions on these devices to make Bacula work when operating the AutoChanger after a reboot.
Please read the sections below so that you understand how autochangers work with Bacula. Although we supply a default mtx-changer script, your autochanger may require some additional changes. If you want to see examples of configuration files and scripts, please look in the <bacula-src>/examples/devices directory where you will find an example HP-autoloader.conf Bacula Device resource, and several mtx-changer scripts that have been modified to work with different autochangers.
To properly address autochangers, Bacula must know which Volume is in each slot of the autochanger. Slots are where the changer cartridges reside when not loaded into the drive. Bacula numbers these slots from one to the number of cartridges contained in the autochanger.
Bacula will not automatically use a Volume in your autochanger unless it is labeled and the slot number is stored in the catalog and the Volume is marked as InChanger. This is because it must know where each volume is (slot) to be able to load the volume. For each Volume in your changer, you will, using the Console program, assign a slot. This information is kept in Bacula's catalog database along with the other data for the volume. If no slot is given, or the slot is set to zero, Bacula will not attempt to use the autochanger even if all the necessary configuration records are present. When doing a mount command on an autochanger, you must specify which slot you want mounted. If the drive is loaded with a tape from another slot, it will unload it and load the correct tape, but normally, no tape will be loaded because an unmount command causes Bacula to unload the tape in the drive.
You can check if the Slot number and InChanger flag are set by doing a:
list Volumes
in the Console program.
Some autochangers have more than one read/write device (drive). The new Autochanger resource introduced in version 1.37 permits you to group Device resources, where each device represents a drive. The Director may still reference the Devices (drives) directly, but doing so, bypasses the proper functioning of the drives together. Instead, the Director (in the Storage resource) should reference the Autochanger resource name. Doing so permits the Storage daemon to ensure that only one drive uses the mtx-changer script at a time, and also that two drives don't reference the same Volume.
Multi-drive requires the use of the Drive Index directive in the Device resource of the Storage daemon's configuration file. Drive numbers or the Device Index are numbered beginning at zero, which is the default. To use the second Drive in an autochanger, you need to define a second Device resource and set the Drive Index to 1 for that device. In general, the second device will have the same Changer Device (control channel) as the first drive, but a different Archive Device.
As a default, Bacula jobs will prefer to write to a Volume that is already mounted. If you have a multiple drive autochanger and you want Bacula to write to more than one Volume in the same Pool at the same time, you will need to set Prefer Mounted Volumes in the Directors Job resource to no. This will cause the Storage daemon to maximize the use of drives.
Configuration of autochangers within Bacula is done in the Device resource of the Storage daemon. Four records: Autochanger, Changer Device, Changer Command, and Maximum Changer Wait control how Bacula uses the autochanger.
These four records, permitted in Device resources, are described in detail below. Note, however, that the Changer Device and the Changer Command directives are not needed in the Device resource if they are present in the Autochanger resource.
On FreeBSD systems, the changer device will typically be on /dev/pass0 through /dev/passn.
On Solaris, the changer device will typically be some file under /dev/rdsk.
Please ensure that your Storage daemon has permission to access this device.
%% = %
%a = archive device name
%c = changer device name
%d = changer drive index base 0
%f = Client's name
%j = Job name
%o = command (loaded, load, or unload)
%s = Slot base 0
%S = Slot base 1
%v = Volume name
An actual example for using mtx with the mtx-changer script (part of the Bacula distribution) is:
Changer Command = "/etc/bacula/mtx-changer %c %o %S %a %d"
Where you will need to adapt the /etc/bacula to be the actual path on your system where the mtx-changer script resides. Details of the three commands currently used by Bacula (loaded, load, unload) as well as the output expected by Bacula are give in the Bacula Autochanger Interface section below.
If the autoloader program fails to respond in this time, it will be killed and Bacula will request operator intervention.
Device Index = 1
To use the second drive, you need a second Device resource definition in the Bacula configuration file. See the Multiple Drive section above in this chapter for more information.
In addition, for proper functioning of the Autochanger, you must define an Autochanger resource.
The Autochanger resource supports single or multiple drive autochangers by grouping one or more Device resources into one unit called an autochanger in Bacula (often referred to as a "tape library" by autochanger manufacturers).
If you have an Autochanger, and you want it to function correctly, you must have an Autochanger resource in your Storage conf file, and your Director's Storage directives that want to use an Autochanger must refer to the Autochanger resource name. In previous versions of Bacula, the Director's Storage directives referred directly to Device resources that were autochangers. In version 1.38.0 and later, referring directly to Device resources will not work for Autochangers.
The following is an example of a valid Autochanger resource definition:
Autochanger {
Name = "DDS-4-changer"
Device = DDS-4-1, DDS-4-2, DDS-4-3
Changer Device = /dev/sg0
Changer Command = "/etc/bacula/mtx-changer %c %o %S %a %d"
}
Device {
Name = "DDS-4-1"
Drive Index = 0
Autochanger = yes
...
}
Device {
Name = "DDS-4-2"
Drive Index = 1
Autochanger = yes
...
Device {
Name = "DDS-4-3"
Drive Index = 2
Autochanger = yes
Autoselect = no
...
}
Please note that it is important to include the Autochanger = yes directive in each Device definition that belongs to an Autochanger. A device definition should not belong to more than one Autochanger resource. Also, your Device directive in the Storage resource of the Director's conf file should have the Autochanger's resource name rather than a name of one of the Devices.
If you have a drive that physically belongs to an Autochanger but you don't want to have it automatically used when Bacula references the Autochanger for backups, for example, you want to reserve it for restores, you can add the directive:
Autoselect = no
to the Device resource for that drive. In that case, Bacula will not automatically select that drive when accessing the Autochanger. You can, still use the drive by referencing it by the Device name directly rather than the Autochanger name. An example of such a definition is shown above for the Device DDS-4-3, which will not be selected when the name DDS-4-changer is used in a Storage definition, but will be used if DDS-4-3 is used.
The following two resources implement an autochanger:
Autochanger {
Name = "Autochanger"
Device = DDS-4
Changer Device = /dev/sg0
Changer Command = "/etc/bacula/mtx-changer %c %o %S %a %d"
}
Device {
Name = DDS-4
Media Type = DDS-4
Archive Device = /dev/nst0 # Normal archive device
Autochanger = yes
LabelMedia = no;
AutomaticMount = yes;
AlwaysOpen = yes;
}
where you will adapt the Archive Device, the Changer Device, and the path to the Changer Command to correspond to the values used on your system.
The following resources implement a multi-drive autochanger:
Autochanger {
Name = "Autochanger"
Device = Drive-1, Drive-2
Changer Device = /dev/sg0
Changer Command = "/etc/bacula/mtx-changer %c %o %S %a %d"
}
Device {
Name = Drive-1
Drive Index = 0
Media Type = DDS-4
Archive Device = /dev/nst0 # Normal archive device
Autochanger = yes
LabelMedia = no;
AutomaticMount = yes;
AlwaysOpen = yes;
}
Device {
Name = Drive-2
Drive Index = 1
Media Type = DDS-4
Archive Device = /dev/nst1 # Normal archive device
Autochanger = yes
LabelMedia = no;
AutomaticMount = yes;
AlwaysOpen = yes;
}
where you will adapt the Archive Device, the Changer Device, and the path to the Changer Command to correspond to the values used on your system.
If you add an Autochanger = yes record to the Storage resource in your Director's configuration file, the Bacula Console will automatically prompt you for the slot number when the Volume is in the changer when you add or label tapes for that Storage device. If your mtx-changer script is properly installed, Bacula will automatically load the correct tape during the label command.
You must also set Autochanger = yes in the Storage daemon's Device resource as we have described above in order for the autochanger to be used. Please see the Storage Resource in the Director's chapter and the Device Resource in the Storage daemon chapter for more details on these records.
Thus all stages of dealing with tapes can be totally automated. It is also possible to set or change the Slot using the update command in the Console and selecting Volume Parameters to update.
Even though all the above configuration statements are specified and correct, Bacula will attempt to access the autochanger only if a slot is non-zero in the catalog Volume record (with the Volume name).
If your autochanger has barcode labels, you can label all the Volumes in your autochanger one after another by using the label barcodes command. For each tape in the changer containing a barcode, Bacula will mount the tape and then label it with the same name as the barcode. An appropriate Media record will also be created in the catalog. Any barcode that begins with the same characters as specified on the "CleaningPrefix=xxx" command, will be treated as a cleaning tape, and will not be labeled. For example with:
Please note that Volumes must be pre-labeled to be automatically used in the autochanger during a backup. If you do not have a barcode reader, this is done manually (or via a script).
Pool {
Name ...
Cleaning Prefix = "CLN"
}
Any slot containing a barcode of CLNxxxx will be treated as a cleaning tape and will not be mounted.
unmount (change cartridges and/or run mtx) mount
If you do not do the unmount before making such a change, Bacula will become completely confused about what is in the autochanger and may stop function because it expects to have exclusive use of the autochanger while it has the drive mounted.
If you have several magazines or if you insert or remove cartridges from a magazine, you should notify Bacula of this. By doing so, Bacula will as a preference, use Volumes that it knows to be in the autochanger before accessing Volumes that are not in the autochanger. This prevents unneeded operator intervention.
If your autochanger has barcodes (machine readable tape labels), the task of informing Bacula is simple. Every time, you change a magazine, or add or remove a cartridge from the magazine, simply do
unmount (remove magazine) (insert new magazine) update slots mount
in the Console program. This will cause Bacula to request the autochanger to return the current Volume names in the magazine. This will be done without actually accessing or reading the Volumes because the barcode reader does this during inventory when the autochanger is first turned on. Bacula will ensure that any Volumes that are currently marked as being in the magazine are marked as no longer in the magazine, and the new list of Volumes will be marked as being in the magazine. In addition, the Slot numbers of the Volumes will be corrected in Bacula's catalog if they are incorrect (added or moved).
If you do not have a barcode reader on your autochanger, you have several alternatives.
update slots scan
command that will cause Bacula to read the label on each of the cartridges in the magazine in turn and update the information (Slot, InChanger flag) in the catalog. This is quite effective but does take time to load each cartridge into the drive in turn and read the Volume label.
You can simulate barcodes in your autochanger by making the mtx-changer script return the same information that an autochanger with barcodes would do. This is done by commenting out the one and only line in the list) case, which is:
${MTX} -f $ctl status | grep " *Storage Element [0-9]*:.*Full" | awk "{print \$3 \$4}" | sed "s/Full *\(:VolumeTag=\)*//"
at approximately line 99 by putting a # in column one of that line, or by simply deleting it. Then in its place add a new line that prints the contents of a file. For example:
cat /etc/bacula/changer.volumes
Be sure to include a full path to the file, which can have any name. The contents of the file must be of the following format:
1:Volume1 2:Volume2 3:Volume3 ...
Where the 1, 2, 3 are the slot numbers and Volume1, Volume2, ... are the Volume names in those slots. You can have multiple files that represent the Volumes in different magazines, and when you change magazines, simply copy the contents of the correct file into your /etc/bacula/changer.volumes file. There is no need to stop and start Bacula when you change magazines, simply put the correct data in the file, then run the update slots command, and your autochanger will appear to Bacula to be an autochanger with barcodes.
If you change only one cartridge in the magazine, you may not want to scan all Volumes, so the update slots command (as well as the update slots scan command) has the additional form:
update slots=n1,n2,n3-n4, ...
where the keyword scan can be appended or not. The n1,n2, ... represent Slot numbers to be updated and the form n3-n4 represents a range of Slot numbers to be updated (e.g. 4-7 will update Slots 4,5,6, and 7).
This form is particularly useful if you want to do a scan (time expensive) and restrict the update to one or two slots.
For example, the command:
update slots=1,6 scan
will cause Bacula to load the Volume in Slot 1, read its Volume label and update the Catalog. It will do the same for the Volume in Slot 6. The command:
update slots=1-3,6
will read the barcoded Volume names for slots 1,2,3 and 6 and make the appropriate updates in the Catalog. If you don't have a barcode reader or have not modified the mtx-changer script as described above, the above command will not find any Volume names so will do nothing.
If you are having problems on FreeBSD when Bacula tries to select a tape, and the message is Device not configured, this is because FreeBSD has made the tape device /dev/nsa1 disappear when there is no tape mounted in the autochanger slot. As a consequence, Bacula is unable to open the device. The solution to the problem is to make sure that some tape is loaded into the tape drive before starting Bacula. This problem is corrected in Bacula versions 1.32f-5 and later.
Please see the Tape Testing chapter of this manual for important information concerning your tape drive before doing the autochanger testing.
Before attempting to use the autochanger with Bacula, it is preferable to "hand-test" that the changer works. To do so, we suggest you do the following commands (assuming that the mtx-changer script is installed in /etc/bacula/mtx-changer):
This command should print:
1: 2: 3: ...
or one number per line for each slot that is occupied in your changer, and the number should be terminated by a colon (:). If your changer has barcodes, the barcode will follow the colon. If an error message is printed, you must resolve the problem (e.g. try a different SCSI control device name if /dev/sg0 is incorrect). For example, on FreeBSD systems, the autochanger SCSI control device is generally /dev/pass2.
This command should return the number of slots in your autochanger.
If a tape is loaded from slot 1, this should cause it to be unloaded.
Assuming you have a tape in slot 3, it will be loaded into drive (0).
It should print "3" Note, we have used an "illegal" slot number 0. In this case, it is simply ignored because the slot number is not used. However, it must be specified because the drive parameter at the end of the command is needed to select the correct drive.
will unload the tape into slot 3.
Once all the above commands work correctly, assuming that you have the right Changer Command in your configuration, Bacula should be able to operate the changer. The only remaining area of problems will be if your autoloader needs some time to get the tape loaded after issuing the command. After the mtx-changer script returns, Bacula will immediately rewind and read the tape. If Bacula gets rewind I/O errors after a tape change, you will probably need to insert a sleep 20 after the mtx command, but be careful to exit the script with a zero status by adding exit 0 after any additional commands you add to the script. This is because Bacula checks the return status of the script, which should be zero if all went well.
You can test whether or not you need a sleep by putting the following commands into a file and running it as a script:
#!/bin/sh /etc/bacula/mtx-changer /dev/sg0 unload 1 /dev/nst0 0 /etc/bacula/mtx-changer /dev/sg0 load 3 /dev/nst0 0 mt -f /dev/st0 rewind mt -f /dev/st0 weof
If the above script runs, you probably have no timing problems. If it does not run, start by putting a sleep 30 or possibly a sleep 60 in the script just after the mtx-changer load command. If that works, then you should move the sleep into the actual mtx-changer script so that it will be effective when Bacula runs.
A second problem that comes up with a small number of autochangers is that they need to have the cartridge ejected before it can be removed. If this is the case, the load 3 will never succeed regardless of how long you wait. If this seems to be your problem, you can insert an eject just after the unload so that the script looks like:
#!/bin/sh /etc/bacula/mtx-changer /dev/sg0 unload 1 /dev/nst0 0 mt -f /dev/st0 offline /etc/bacula/mtx-changer /dev/sg0 load 3 /dev/nst0 0 mt -f /dev/st0 rewind mt -f /dev/st0 weof
Obviously, if you need the offline command, you should move it into the mtx-changer script ensuring that you save the status of the mtx command or always force an exit 0 from the script, because Bacula checks the return status of the script.
As noted earlier, there are several scripts in <bacula-source>/examples/devices that implement the above features, so they may be a help to you in getting your script to work.
If Bacula complains "Rewind error on /dev/nst0. ERR=Input/output error." you most likely need more sleep time in your mtx-changer before returning to Bacula after a load command has been completed.
Let's assume that you have properly defined the necessary Storage daemon Device records, and you have added the Autochanger = yes record to the Storage resource in your Director's configuration file.
Now you fill your autochanger with say six blank tapes.
What do you do to make Bacula access those tapes?
One strategy is to prelabel each of the tapes. Do so by starting Bacula, then with the Console program, enter the label command:
./bconsole Connecting to Director rufus:8101 1000 OK: rufus-dir Version: 1.26 (4 October 2002) *label
it will then print something like:
Using default Catalog name=BackupDB DB=bacula
The defined Storage resources are:
1: Autochanger
2: File
Select Storage resource (1-2): 1
I select the autochanger (1), and it prints:
Enter new Volume name: TestVolume1 Enter slot (0 for none): 1
where I entered TestVolume1 for the tape name, and slot 1 for the slot. It then asks:
Defined Pools:
1: Default
2: File
Select the Pool (1-2): 1
I select the Default pool. This will be automatically done if you only have a single pool, then Bacula will proceed to unload any loaded volume, load the volume in slot 1 and label it. In this example, nothing was in the drive, so it printed:
Connecting to Storage daemon Autochanger at localhost:9103 ... Sending label command ... 3903 Issuing autochanger "load slot 1" command. 3000 OK label. Volume=TestVolume1 Device=/dev/nst0 Media record for Volume=TestVolume1 successfully created. Requesting mount Autochanger ... 3001 Device /dev/nst0 is mounted with Volume TestVolume1 You have messages. *
You may then proceed to label the other volumes. The messages will change slightly because Bacula will unload the volume (just labeled TestVolume1) before loading the next volume to be labeled.
Once all your Volumes are labeled, Bacula will automatically load them as they are needed.
To "see" how you have labeled your Volumes, simply enter the list volumes command from the Console program, which should print something like the following:
*{\bf list volumes}
Using default Catalog name=BackupDB DB=bacula
Defined Pools:
1: Default
2: File
Select the Pool (1-2): 1
+-------+----------+--------+---------+-------+--------+----------+-------+------+
| MedId | VolName | MedTyp | VolStat | Bites | LstWrt | VolReten | Recyc | Slot |
+-------+----------+--------+---------+-------+--------+----------+-------+------+
| 1 | TestVol1 | DDS-4 | Append | 0 | 0 | 30672000 | 0 | 1 |
| 2 | TestVol2 | DDS-4 | Append | 0 | 0 | 30672000 | 0 | 2 |
| 3 | TestVol3 | DDS-4 | Append | 0 | 0 | 30672000 | 0 | 3 |
| ... |
+-------+----------+--------+---------+-------+--------+----------+-------+------+
Bacula provides barcode support with two Console commands, label barcodes and update slots.
The label barcodes will cause Bacula to read the barcodes of all the cassettes that are currently installed in the magazine (cassette holder) using the mtx-changer list command. Each cassette is mounted in turn and labeled with the same Volume name as the barcode.
The update slots command will first obtain the list of cassettes and their barcodes from mtx-changer. Then it will find each volume in turn in the catalog database corresponding to the barcodes and set its Slot to correspond to the value just read. If the Volume is not in the catalog, then nothing will be done. This command is useful for synchronizing Bacula with the current magazine in case you have changed magazines or in case you have moved cassettes from one slot to another.
The Cleaning Prefix statement can be used in the Pool resource to define a Volume name prefix, which if it matches that of the Volume (barcode) will cause that Volume to be marked with a VolStatus of Cleaning. This will prevent Bacula from attempting to write on the Volume.
Bacula calls the autochanger script that you specify on the Changer Command statement. Normally this script will be the mtx-changer script that we provide, but it can in fact be any program. The only requirement for the script is that it must understand the commands that Bacula uses, which are loaded, load, unload, list, and slots. In addition, each of those commands must return the information in the precise format as specified below:
- Currently the changer commands used are:
loaded -- returns number of the slot that is loaded, base 1,
in the drive or 0 if the drive is empty.
load -- loads a specified slot (note, some autochangers
require a 30 second pause after this command) into
the drive.
unload -- unloads the device (returns cassette to its slot).
list -- returns one line for each cassette in the autochanger
in the format <slot>:<barcode>. Where
the {\bf slot} is the non-zero integer representing
the slot number, and {\bf barcode} is the barcode
associated with the cassette if it exists and if you
autoloader supports barcodes. Otherwise the barcode
field is blank.
slots -- returns total number of slots in the autochanger.
Bacula checks the exit status of the program called, and if it is zero, the data is accepted. If the exit status is non-zero, Bacula will print an error message and request the tape be manually mounted on the drive.
I hesitate to call these "supported" autochangers because the only autochangers that I have in my possession and am able to test are the HP SureStore DAT40X6 and the Overland PowerLoader LTO-2. All the other autochangers have been reported to work by Bacula users. Note, in the Capacity/Slot column below, I quote the Compressed capacity per tape (or Slot).
Since on most systems (other than FreeBSD), Bacula uses mtx through the mtx-changer script, in principle, if mtx will operate your changer correctly, then it is just a question of adapting the mtx-changer script (or selecting one already adapted) for proper interfacing. You can find a list of autochangers supported by mtx at the following link: http://mtx.opensource-sw.net/compatibility.php. The home page for the mtx project can be found at: http://mtx.opensource-sw.net/.
| OS | Man. | Media | Model | Slots | Cap/Slot |
| Linux | Adic | DDS-3 | Adic 1200G | 12 | - |
| Linux | Adic | DLT | FastStore 4000 | 7 | 20GB |
| Linux | Adic | LTO-1/2, SDLT 320 | Adic Scalar 24 | 24 | 100GB |
| Linux | Adic | LTO-2 | Adic FastStor 2, Sun Storedge L8 | 8 | 200GB |
| Linux | BDT | AIT | BDT ThinStor | ? | 200GB |
| - | CA-VM | ?? | Tape | ?? | ?? |
| Linux | Dell | DLT VI,LTO-2,LTO3 | PowerVault 122T/132T/136T | - | 100GB |
| Linux | Dell | LTO-2 | PowerVault 124T | - | 200GB |
| - | DFSMS | ?? | VM RMM | - | ?? |
| Linux | Exabyte | VXA2 | VXA PacketLoader 1x10 2U | 10 | 80/160GB |
| - | Exabyte | LTO | Magnum 1x7 LTO Tape Auotloader | 7 | 200/400GB |
| Linux | Exabyte | AIT-2 | 215A | 15 (2 drives) | 50GB |
| Linux | HP | DDS-4 | SureStore DAT-40X6 | 6 | 40GB |
| Linux | HP | Ultrium-2/LTO | MSL 6000/ 60030/ 5052 | 28 | 200/400GB |
| - | HP | DLT | A4853 DLT | 30 | 40/70GB |
| Linux | HP (Compaq) | DLT VI | Compaq TL-895 | 96+4 import export | 35/70GB |
| z/VM | IBM | ?? | IBM Tape Manager | - | ?? |
| z/VM | IBM | ?? | native tape | - | ?? |
| Linux | IBM | LTO | IBM 3581 Ultrium Tape Loader | 7 | 200/400GB |
| FreeBSD 5.4 | IBM | DLT | IBM 3502-R14 -- rebranded ATL L-500 | 14 | 35/70GB |
| Linux | IBM | ??? | IBM TotalStorage 3582L23 | ?? | ?? |
| Debian | Overland | LTO | Overland LoaderXpress LTO/DLT8000 | 10-19 | 40-100GB |
| Fedora | Overland | LTO | Overland PowerLoader LTO-2 | 10-19 | 200/400GB |
| FreeBSD 5.4-Stable | Overland | LTO-2 | Overland Powerloader tape | 17 | 100GB |
| - | Overland | LTO | Overland Neo2000 LTO | 26-30 | 100GB |
| Linux | Quantum | DLT-S4 | Superloader 3 | 16 | 800/1600GB |
| Linux | Quantum | LTO-2 | Superloader 3 | 16 | 200/400GB |
| Linux | Quantum | LTO-3 | PX502 | ?? | ?? |
| FreeBSD 4.9 | QUALSTAR TLS-4210 (Qualstar) | AIT1: 36GB, AIT2: 50GB all uncomp | QUALSTAR TLS-4210 | 12 | AIT1: 36GB, AIT2: 50GB all uncomp |
| Linux | Skydata | DLT | ATL-L200 | 8 | 40/80 |
| - | Sony | DDS-4 | TSL-11000 | 8 | 40GB |
| Linux | Sony | AIT-2 | LIB-304(SDX-500C) | ? | 200GB |
| Linux | Sony | AIT-3 | LIB-D81) | ? | 200GB |
| FreeBSD 4.9-STABLE | Sony | AIT-1 | TSL-SA300C | 4 | 45/70GB |
| - | Storagetek | DLT | Timberwolf DLT | 6 | 40/70 |
| - | Storagetek | ?? | ACSLS | ?? | ?? |
| Solaris | Sun | 4mm DLT | Sun Desktop Archive Python 29279 | 4 | 20GB |
| Linux | Tandberg | DLT VI | VS 640 | 8? | 35/70GB |
| Linux 2.6.x | Tandberg Data | SLR100 | SLR100 Autoloader | 8 | 50/100GB |
Bacula allows you to specify that you want the Storage daemon to initially write your data to disk and then subsequently to tape. This serves several important purposes.
Data spooling is exactly that "spooling". It is not a way to first write a "backup" to a disk file and then to a tape. When the backup has only been spooled to disk, it is not complete yet and cannot be restored until it is written to tape.
Bacula version 1.39.x and later supports writing a backup to disk then later Migrating or moving it to a tape (or any other medium). For details on this, please see the Migration chapter of this manual for more details.
The remainder of this chapter explains the various directives that you can use in the spooling process.
The following directives can be used to control data spooling.
SpoolData = yes|no
SpoolData = yes|no
Maximum Spool Size = size Where size is a the maximum spool size for all jobs specified in bytes.
Maximum Job Spool Size = size Where size is the maximum spool file size for a single job specified in bytes.
Spool Directory = directory
Please be very careful to exclude the spool directory from any backup, otherwise, your job will write enormous amounts of data to the Volume, and most probably terminate in error. This is because in attempting to backup the spool file, the backup data will be written a second time to the spool file, and so on ad infinitum.
Another advice is to always specify the maximum spool size so that your disk doesn't completely fill up. In principle, data spooling will properly detect a full disk, and despool data allowing the job to continue. However, attribute spooling is not so kind to the user. If the disk on which attributes are being spooled fills, the job will be canceled. In addition, if your working directory is on the same partition as the spool directory, then Bacula jobs will fail possibly in bizarre ways when the spool fills.
You may be asking what Python is and why a scripting language is needed in Bacula. The answer to the first question is that Python is an Object Oriented scripting language with features similar to those found in Perl, but the syntax of the language is much cleaner and simpler. The answer to why have scripting in Bacula is to give the user more control over the whole backup process. Probably the simplest example is when Bacula needs a new Volume name, with a scripting language such as Python, you can generate any name you want, based on the current state of Bacula.
Python must be enabled during the configuration process by adding
a --with-python, and possibly specifying an alternate
directory if your Python is not installed in a standard system
location. If you are using RPMs you will need the python-devel package
installed.
When Python is configured, it becomes an integral part of Bacula and runs in Bacula's address space, so even though it is an interpreted language, it is very efficient.
When the Director starts, it looks to see if you have a Scripts Directory Directive defined (normal default /etc/bacula/scripts, if so, it looks in that directory for a file named DirStartUp.py. If it is found, Bacula will pass this file to Python for execution. The Scripts Directory is a new directive that you add to the Director resource of your bacula-dir.conf file.
Note: Bacula does not install Python scripts by default because these scripts are for you to program. This means that with a default installation with Python enabled, Bacula will print the following error message:
09-Jun 15:14 bacula-dir: ERROR in pythonlib.c:131 Could not import Python script /etc/bacula/scripts/DirStartUp. Python disabled.
The source code directory examples/python contains sample scripts for DirStartUp.py, SDStartUp.py, and FDStartUp.py that you might want to use as a starting point. Normally, your scripts directory (at least where you store the Python scripts) should be writable by Bacula, because Python will attempt to write a compiled version of the scripts (e.g. DirStartUp.pyc) back to that directory.
When starting with the sample scripts, you can delete any part that you will not need, but you should keep all the Bacula Event and Job Event definitions. If you do not want a particular event, simply replace the existing code with a noop = 1.
There are four Python objects that you will need to work with:
The first thing the startup script must do is to define what global Bacula events (daemon events), it wants to see. This is done by creating a Bacula Events class, instantiating it, then passing it to the set_events method. There are three possible events.
Access to the Bacula variables and methods is done with:
import bacula
The following are the read-only attributes provided by the bacula object.
A simple definition of the Bacula Events Class might be the following:
import sys, bacula
class BaculaEvents:
def JobStart(self, job):
...
Then to instantiate the class and pass it to Bacula, you would do:
bacula.set_events(BaculaEvents()) # register Bacula Events wanted
And at that point, each time a Job is started, your BaculaEvents JobStart method will be called.
Now to actually do anything with a Job, you must define which Job events you want to see, and this is done by defining a JobEvents class containing the methods you want called. Each method name corresponds to one of the Job Events that Bacula will generate.
A simple Job Events class might look like the following:
class JobEvents:
def NewVolume(self, job):
...
Here, your JobEvents class method NewVolume will be called each time the Job needs a new Volume name. To actually register the events defined in your class with the Job, you must instantiate the JobEvents class and set it in the Job set_events variable. Note, this is a bit different from how you registered the Bacula events. The registration process must be done in the Bacula JobStart event (your method). So, you would modify Bacula Events (not the Job events) as follows:
import sys, bacula
class BaculaEvents:
def JobStart(self, job):
events = JobEvents() # create instance of Job class
job.set_events(events) # register Job events desired
...
When a job event is triggered, the appropriate event definition is called in the JobEvents class. This is the means by which your Python script or code gets control. Once it has control, it may read job attributes, or set them. See below for a list of read-only attributes, and those that are writable.
In addition, the Bacula job object in the Director has a number of methods (subroutines) that can be called. They are:
The following attributes are read/write within the Director for the job object.
The following read-only attributes are available within the Director for the job object.
The following write-only attributes are available within the Director:
There is a new Console command named python. It takes a single argument restart. Example:
python restart
This command restarts the Python interpreter in the Director. This can be useful when you are modifying the DirStartUp script, because normally Python will cache it, and thus the script will be read one time.
If you are having problems loading DirStartUp.py, you will probably not get any error messages because Bacula can only print Python error messages after the Python interpreter is started. However, you may be able to see the error messages by starting Bacula in a shell window with the -d1 option on the command line. That should cause the Python error messages to be printed in the shell window.
If you are getting error messages such as the following when loading DirStartUp.py:
Traceback (most recent call last):
File "/etc/bacula/scripts/DirStartUp.py", line 6, in ?
import time, sys, bacula
ImportError: /usr/lib/python2.3/lib-dynload/timemodule.so: undefined
symbol: PyInt_FromLong
bacula-dir: pythonlib.c:134 Python Import error.
It is because the DirStartUp script is calling a dynamically loaded module (timemodule.so in the above case) that then tries to use Python functions exported from the Python interpreter (in this case PyInt_FromLong). The way Bacula is currently linked with Python does not permit this. The solution to the problem is to put such functions (in this case the import of time into a separate Python script, which will do your calculations and return the values you want. Then call (not import) this script from the Bacula DirStartUp.py script, and it all should work as you expect.
An example script for the Director startup file is provided in examples/python/DirStartup.py as follows:
#
# Bacula Python interface script for the Director
#
# You must import both sys and bacula
import sys, bacula
# This is the list of Bacula daemon events that you
# can receive.
class BaculaEvents(object):
def __init__(self):
# Called here when a new Bacula Events class is
# is created. Normally not used
noop = 1
def JobStart(self, job):
"""
Called here when a new job is started. If you want
to do anything with the Job, you must register
events you want to receive.
"""
events = JobEvents() # create instance of Job class
events.job = job # save Bacula's job pointer
job.set_events(events) # register events desired
sys.stderr = events # send error output to Bacula
sys.stdout = events # send stdout to Bacula
jobid = job.JobId; client = job.Client
numvols = job.NumVols
job.JobReport="Python Dir JobStart: JobId=%d Client=%s NumVols=%d\n" % (jobid,client,numvols)
# Bacula Job is going to terminate
def JobEnd(self, job):
jobid = job.JobId
client = job.Client
job.JobReport="Python Dir JobEnd output: JobId=%d Client=%s.\n" % (jobid, client)
# Called here when the Bacula daemon is going to exit
def Exit(self, job):
print "Daemon exiting."
bacula.set_events(BaculaEvents()) # register daemon events desired
"""
These are the Job events that you can receive.
"""
class JobEvents(object):
def __init__(self):
# Called here when you instantiate the Job. Not
# normally used
noop = 1
def JobInit(self, job):
# Called when the job is first scheduled
noop = 1
def JobRun(self, job):
# Called just before running the job after initializing
# This is the point to change most Job parameters.
# It is equivalent to the JobRunBefore point.
noop = 1
def NewVolume(self, job):
# Called when Bacula wants a new Volume name. The Volume
# name returned, if any, must be stored in job.VolumeName
jobid = job.JobId
client = job.Client
numvol = job.NumVols;
print job.CatalogRes
job.JobReport = "JobId=%d Client=%s NumVols=%d" % (jobid, client, numvol)
job.JobReport="Python before New Volume set for Job.\n"
Vol = "TestA-%d" % numvol
job.JobReport = "Exists=%d TestA-%d" % (job.DoesVolumeExist(Vol), numvol)
job.VolumeName="TestA-%d" % numvol
job.JobReport="Python after New Volume set for Job.\n"
return 1
def VolumePurged(self, job):
# Called when a Volume is purged. The Volume name can be referenced
# with job.VolumeName
noop = 1
Bacula supports ANSI or IBM tape labels as long as you enable it. In fact, with the proper configuration, you can force Bacula to require ANSI or IBM labels.
Bacula can create an ANSI or IBM label, but if Check Labels is enabled (see below), Bacula will look for an existing label, and if it is found, it will keep the label. Consequently, you can label the tapes with programs other than Bacula, and Bacula will recognize and support them.
Even though Bacula will recognize and write ANSI and IBM labels, it always writes its own tape labels as well.
When using ANSI or IBM tape labeling, you must restrict your Volume names to a maximum of six characters.
If you have labeled your Volumes outside of Bacula, then the ANSI/IBM label will be recognized by Bacula only if you have created the HDR1 label with BACULA.DATA in the Filename field (starting with character 5). If Bacula writes the labels, it will use this information to recognize the tape as a Bacula tape. This allows ANSI/IBM labeled tapes to be used at sites with multiple machines and multiple backup programs.
These are questions that have been submitted over time by the Bacula users. The following FAQ is very useful, but it is not always up to date with newer information, so after reading it, if you don't find what you want, you might try the Bacula wiki maintained by Frank Sweetser, which contains more than just a FAQ: http://wiki.bacula.org or go directly to the FAQ at: http://wiki.bacula.org/doku.php?id=faq.
Please also see the bugs section of this document for a list of known bugs and solutions.
Bacula has been my only backup tool for over seven years backing up 8 machines nightly (6 Linux boxes running SuSE, previously Red Hat and Fedora, a WinXP machine, and a WinNT machine).
There are a number of reasons for this stability.
During the authorization process, the Storage daemon and File daemon also require that the Director authenticates itself, so both ends require the other to have the correct name and password.
If you have edited the conf files and modified any name or any password, and you are getting authentication errors, then your best bet is to go back to the original conf files generated by the Bacula installation process. Make only the absolutely necessary modifications to these files -- e.g. add the correct email address. Then follow the instructions in the Running Bacula chapter of this manual. You will run a backup to disk and a restore. Only when that works, should you begin customization of the conf files.
Another reason that you can get authentication errors is if you are running Multiple Concurrent Jobs in the Director, but you have not set them in the File daemon or the Storage daemon. Once you reach their limit, they will reject the connection producing authentication (or connection) errors.
If you are having problems connecting to a Windows machine that previously worked, you might try restarting the Bacula service since Windows frequently encounters networking connection problems.
Some users report that authentication fails if there is not a proper reverse DNS lookup entry for the machine. This seems to be a requirement of gethostbyname(), which is what Bacula uses to translate names into IP addresses. If you cannot add a reverse DNS entry, or you don't know how to do so, you can avoid the problem by specifying an IP address rather than a machine name in the appropriate Bacula conf file.
Here is a picture that indicates what names/passwords in which files/Resources must match up:
In the left column, you will find the Director, Storage, and Client resources, with their names and passwords -- these are all in bacula-dir.conf. The right column is where the corresponding values should be found in the Console, Storage daemon (SD), and File daemon (FD) configuration files.
Another thing to check is to ensure that the Bacula component you are trying to access has Maximum Concurrent Jobs set large enough to handle each of the Jobs and the Console that want to connect simultaneously. Once the maximum connections has been reached, each Bacula component will reject all new connections.
Finally, make sure you have no hosts.allow or hosts.deny file that is not permitting access to the site trying to connect.
cd <bacula-source>/src/cats ./drop_mysql_tables ./make_mysql_tables
If you are using SQLite, do the following:
Delete bacula.db from your working directory. cd <bacula-source>/src/cats ./drop_sqlite_tables ./make_sqlite_tables
Then write an EOF on each tape you used with Bacula using:
mt -f /dev/st0 rewind mt -f /dev/st0 weof
where you need to adjust the device name for your system.
If you have previously done an unmount command, all Storage daemon sessions (jobs) will be completely blocked from using the drive unmounted, so be sure to do a mount after your unmount. If in doubt, do a second mount, it won't cause any harm.
For the first problem, see the next FAQ question. For the second problem, please review the Windows Installation instructions in this manual.
To see what is going on when the File daemon starts on Windows, do the following:
Start a DOS shell Window.
cd c:\bacula\bin
bacula-fd -d100 -c c:\bacula\bin\bacula-fd.conf
This will cause the FD to write a file bacula.trace in the current directory, which you can examine and thereby determine the problem.
[When I Start the Console, the Error Messages Fly By. How can I see them? ] Either use a shell window with a scroll bar, or use the gnome-console. In any case, you probably should be logging all output to a file, and then you can simply view the file using an editor or the less program. To log all output, I have the following in my Director's Message resource definition:
append = "/home/kern/bacula/bin/log" = all, !skipped
Obviously you will want to change the filename to be appropriate for your system.
Mail = yourname@yourdomain = all, !skipped
in your Director's message resource. You should then receive one email for each Job that ran. When you are comfortable with what is going on (it took me 9 months), you might change that to:
MailOnError = yourname@yourdomain = all, !skipped
then you only get email messages when a Job errors as is the case for your Windows machine.
You should also be logging the Director's messages, please see the previous FAQ for how to do so.
Device {
Name = NULL
Media Type = NULL
Device Type = Fifo
Archive Device = /dev/null
LabelMedia = yes
Random Access = no
AutomaticMount = no
RemovableMedia = no
MaximumOpenWait = 60
AlwaysOpen = no
}
If you want to read a document that pertains only to a specific version, please use the one distributed in the source code. The web site also has online versions of both the released manual and the current development manual.
Another reason why Bacula may not find a suitable Full backup is that every time you change the FileSet, Bacula will require a new Full backup. This is necessary to ensure that all files are properly backed up in the case where you have added more files to the FileSet. Beginning with version 1.31, the FileSets are also dated when they are created, and this date is displayed with the name when you are listing or selecting a FileSet. For more on backup levels see below.
See also Ignore FileSet Changes in the FileSet Resource definition in the Director chapter of this document.
Note that due to limitations Win32 path and filenames cannot exceed 260 characters. By using Win32 Unicode functions, we will remove this restriction in later versions of Bacula.
The second feature, which gives a lot of power and flexibility to Bacula is the Bootstrap record definition.
The third unique feature, which is currently (1.30) unimplemented, and thus can be called vaporware :-), is Base level saves. When implemented, this will enormously reduce tape usage.
When Bacula creates a Media record (Volume), it uses many default values from the Pool record. If you subsequently change the Pool record, the new values will be used as a default for the next Volume that is created, but if you want the new values to apply to existing Volumes, you must manually update the Volume Catalog entry using the update volume command in the Console program.
Bacula also has software compression code in the File daemons, which you normally need to enable only when backing up to file Volumes. There are two conditions necessary to enable the Bacula software compression.
If the library is found by Bacula during the ./configure it will be mentioned in the config.out line by:
ZLIB support: yes
[Bacula is Asking for a New Tape After 2 GB of Data but My Tape holds 33 GB. Why?] There are several reasons why Bacula will request a new tape.
If after reading the above mentioned section, you believe that Bacula is not correctly handling the level (Differential/Incremental), please send us the following information for analysis:
The above information can allow us to analyze what happened, without it, there is not much we can do.
There are several things you can do to improve the situation.
SD Connect Timeout = 5 min
in the FileDaemon resource.
bacula-dir -c bacula-dir.conf ... >/dev/null 0>&1 2>\&1
and likewise for the other daemons.
For example, I keep a 30 day retention period for my Files to keep my catalog from getting too big, but I keep my tapes for a minimum of one year, just in case.
llist Volume=xxx
If it doesn't have the right value, you can use:
update Volume=xxx
to change it.
If it is neither of the above, please submit a bug report at bugs.bacula.org.
Another solution might be to run the daemon with the debug option by:
Start a DOS shell Window.
cd c:\bacula\bin
bacula-fd -d100 -c c:\bacula\bin\bacula-fd.conf
This will cause the FD to write a file bacula.trace in the current directory, which you can examine to determine the problem.
In at least one case, the problem has been a bad driver for a Win32 NVidia NForce 3 ethernet card with driver (4.4.2 17/05/2004). In this case, a good driver is (4.8.2.0 06/04/2005). Moral of the story, make sure you have the latest ethernet drivers loaded, or use the following workaround as suggested by Thomas Simmons for Win32 machines:
Browse to: Start > Control Panel > Network Connections
Right click the connection for the nvidia adapter and select properties. Under the General tab, click "Configure...". Under the Advanced tab set "Checksum Offload" to disabled and click OK to save the change.
Lack of communications, or communications that get interrupted can also be caused by Linux firewalls where you have a rule that throttles connections or traffic. For example, if you have:
iptables -t filter -A INPUT -m limit --limit 3/second --limit-burst 3 -j DROP
you will want to add the following rules before the above rule:
iptables -t filter -A INPUT --dport 9101 -j ACCEPT iptables -t filter -A INPUT --dport 9102 -j ACCEPT iptables -t filter -A INPUT --dport 9103 -j ACCEPTThis will ensure that any Bacula traffic will not get terminated because of high usage rates.
In fact, you do not tell Bacula what tapes to use. It is the inverse. Bacula tells you want tapes it wants. You put tapes at its disposition and it chooses.
Now, if you *really* want to be tricky and try to tell Bacula what to do, it will be reasonable if for example you mount a valid tape that it can use on a drive, it will most likely go ahead and use it. It also has a documented algorithm for choosing tapes -- but you are asking for problems ...
So, the trick is to invert your concept of things and put Bacula in charge of handling the tapes. Once you do that, you will be fine. If you want to anticipate what it is going to do, you can generally figure it out correctly and get what you want.
If you start with the idea that you are going to force or tell Bacula to use particular tapes or you insist on trying to run in that kind of mode, you will probably not be too happy.
I don't want to worry about what tape has what data. That is what Bacula is designed for.
If you have an application where you *really* need to remove a tape each day and insert a new one, it can be done the directives exist to accomplish that. In such a case, one little "trick" to knowing what tape Bacula will want at 2am while you are asleep is to run a tiny job at 4pm while you are still at work that backs up say one directory, or even one file. You will quickly find out what tape it wants, and you can mount it before you go home ...
Each daemon needs a password. This password occurs in the configuration file for that daemon and in the bacula-dir.conf file. These passwords are plain text. There is no special generation procedure. Most people just use random text.
Passwords are never sent over the wire in plain text. They are always encrypted.
Security surrounding these passwords is best left security to your operating system. Passwords are not encrypted within Bacula configuration files.
There are a number of example scripts for various things that can be found in the example subdirectory and its subdirectories of the Bacula source distribution.
For additional tips, please see the Bacula wiki.
The first thing to do before upgrading from one version to another is to ensure that you don't overwrite or delete your production (current) version of Bacula until you have tested that the new version works.
If you have installed Bacula into a single directory, this is simple: simply make a copy of your Bacula directory.
If you have done a more typical Unix installation where the binaries are placed in one directory and the configuration files are placed in another, then the simplest way is to configure your new Bacula to go into a single file. Alternatively, make copies of all your binaries and especially your conf files.
Whatever your situation may be (one of the two just described), you should probably start with the defaultconf script that can be found in the examples subdirectory. Copy this script to the main Bacula directory, modify it as necessary (there should not need to be many modifications), configure Bacula, build it, install it, then stop your production Bacula, copy all the *.conf files from your production Bacula directory to the test Bacula directory, start the test version, and run a few test backups. If all seems good, then you can proceed to install the new Bacula in place of or possibly over the old Bacula.
When installing a new Bacula you need not worry about losing the changes you made to your configuration files as the installation process will not overwrite them providing that you do not do a make uninstall.
If the new version of Bacula requires an upgrade to the database, you can upgrade it with the script update_bacula_tables, which will be installed in your scripts directory (default /etc/bacula), or alternatively, you can find it in the <bacula-source>/src/cats directory.
One of the first things you should do is to ensure that you are being properly notified of the status of each Job run by Bacula, or at a minimum of each Job that terminates with an error.
Until you are completely comfortable with Bacula, we recommend that you send an email to yourself for each Job that is run. This is most easily accomplished by adding an email notification address in the Messages resource of your Director's configuration file. An email is automatically configured in the default configuration files, but you must ensure that the default root address is replaced by your email address.
For additional examples of how to configure a Bacula, please take a look at the .conf files found in the examples sub-directory. We recommend the following configuration (where you change the paths and email address to correspond to your setup). Note, the mailcommand and operatorcommand should be on a single line. They were split here for presentation:
Messages {
Name = Standard
mailcommand = "/home/bacula/bin/bsmtp -h localhost
-f \"\(Bacula\) %r\"
-s \"Bacula: %t %e of %c %l\" %r"
operatorcommand = "/home/bacula/bin/bsmtp -h localhost
-f \"\(Bacula\) %r\"
-s \"Bacula: Intervention needed for %j\" %r"
Mail = your-email-address = all, !skipped, !terminate
append = "/home/bacula/bin/log" = all, !skipped, !terminate
operator = your-email-address = mount
console = all, !skipped, !saved
}
You will need to ensure that the /home/bacula/bin path on the mailcommand and the operatorcommand lines point to your Bacula binary directory where the bsmtp program will be installed. You will also want to ensure that the your-email-address is replaced by your email address, and finally, you will also need to ensure that the /home/bacula/bin/log points to the file where you want to log all messages.
With the above Messages resource, you will be notified by email of every Job that ran, all the output will be appended to the log file you specify, all output will be directed to the console program, and all mount messages will be emailed to you. Note, some messages will be sent to multiple destinations.
The form of the mailcommand is a bit complicated, but it allows you to distinguish whether the Job terminated in error or terminated normally. Please see the Mail Command section of the Messages Resource chapter of this manual for the details of the substitution characters used above.
Once you are totally comfortable with Bacula as I am, or if you have a large number of nightly Jobs as I do (eight), you will probably want to change the Mail command to Mail On Error which will generate an email message only if the Job terminates in error. If the Job terminates normally, no email message will be sent, but the output will still be appended to the log file as well as sent to the Console program.
The section above describes how to get email notification of job status. Occasionally, however, users have problems receiving any email at all. In that case, the things to check are the following:
director = director-name = all
mailcommand = "mail -s test your@domain.com"
mailcommand = "/home/bacula/bin/bsmtp -f \"root@localhost\" %r"
If like me, you have setup Bacula so that email is sent only when a Job has errors, as described in the previous section of this chapter, inevitably, one day, something will go wrong and Bacula can stall. This could be because Bacula crashes, which is vary rare, or more likely the network has caused Bacula to hang for some unknown reason.
To avoid this, you can use the RunAfterJob command in the Job resource to schedule a Job nightly, or weekly that simply emails you a message saying that Bacula is still running. For example, I have setup the following Job in my Director's configuration file:
Schedule {
Name = "Watchdog"
Run = Level=Full sun-sat at 6:05
}
Job {
Name = "Watchdog"
Type = Admin
Client=Watchdog
FileSet="Verify Set"
Messages = Standard
Storage = DLTDrive
Pool = Default
Schedule = "Watchdog"
RunAfterJob = "/home/kern/bacula/bin/watchdog %c %d"
}
Client {
Name = Watchdog
Address = rufus
FDPort = 9102
Catalog = Verify
Password = ""
File Retention = 1day
Job Retention = 1 month
AutoPrune = yes
}
Where I established a schedule to run the Job nightly. The Job itself is type Admin which means that it doesn't actually do anything, and I've defined a FileSet, Pool, Storage, and Client, all of which are not really used (and probably don't need to be specified). The key aspect of this Job is the command:
RunAfterJob = "/home/kern/bacula/bin/watchdog %c %d"
which runs my "watchdog" script. As an example, I have added the Job codes %c and %d which will cause the Client name and the Director's name to be passed to the script. For example, if the Client's name is Watchdog and the Director's name is main-dir then referencing $1 in the script would get Watchdog and referencing $2 would get main-dir. In this case, having the script know the Client and Director's name is not really useful, but in other situations it may be.
You can put anything in the watchdog script. In my case, I like to monitor the size of my catalog to be sure that Bacula is really pruning it. The following is my watchdog script:
#!/bin/sh cd /home/kern/mysql/var/bacula du . * | /home/kern/bacula/bin/bsmtp \ -f "\(Bacula\) abuse@whitehouse.com" -h mail.yyyy.com \ -s "Bacula running" abuse@whitehouse.com
If you just wish to send yourself a message, you can do it with:
#!/bin/sh cd /home/kern/mysql/var/bacula /home/kern/bacula/bin/bsmtp \ -f "\(Bacula\) abuse@whitehouse.com" -h mail.yyyy.com \ -s "Bacula running" abuse@whitehouse.com <<END-OF-DATA Bacula is still running!!! END-OF-DATA
By using a WriteBootstrap record in each of your Director's Job resources, you can constantly maintain a bootstrap file that will enable you to recover the state of your system as of the last backup without having the Bacula catalog. This permits you to more easily recover from a disaster that destroys your Bacula catalog.
When a Job resource has a WriteBootstrap record, Bacula will maintain the designated file (normally on another system but mounted by NSF) with up to date information necessary to restore your system. For example, in my Director's configuration file, I have the following record:
Write Bootstrap = "/mnt/deuter/files/backup/client-name.bsr"
where I replace client-name by the actual name of the client that is being backed up. Thus, Bacula automatically maintains one file for each of my clients. The necessary bootstrap information is appended to this file during each Incremental backup, and the file is totally rewritten during each Full backup.
Note, one disadvantage of writing to an NFS mounted volume as I do is that if the other machine goes down, the OS will wait forever on the fopen() call that Bacula makes. As a consequence, Bacula will completely stall until the machine exporting the NFS mounts comes back up. A possible solution to this problem was provided by Andrew Hilborne, and consists of using the soft option instead of the hard option when mounting the NFS volume, which is typically done in /etc/fstab/. The NFS documentation explains these options in detail. However, I found that with the soft option NFS disconnected frequently causing even more problems.
If you are starting off in the middle of a cycle (i.e. with Incremental backups) rather than at the beginning (with a Full backup), the bootstrap file will not be immediately valid as it must always have the information from a Full backup as the first record. If you wish to synchronize your bootstrap file immediately, you can do so by running a restore command for the client and selecting a full restore, but when the restore command asks for confirmation to run the restore Job, you simply reply no, then copy the bootstrap file that was written to the location specified on the Write Bootstrap record. The restore bootstrap file can be found in restore.bsr in the working directory that you defined. In the example given below for the client rufus, my input is shown in bold. Note, the JobId output has been partially truncated to fit on the page here:
(in the Console program)
*restore
First you select one or more JobIds that contain files
to be restored. You will then be presented several methods
of specifying the JobIds. Then you will be allowed to
select which files from those JobIds are to be restored.
To select the JobIds, you have the following choices:
1: List last 20 Jobs run
2: List Jobs where a given File is saved
3: Enter list of JobIds to select
4: Enter SQL list command
5: Select the most recent backup for a client
6: Cancel
Select item: (1-6): 5
The defined Client resources are:
1: Minimatou
2: Rufus
3: Timmy
Select Client (File daemon) resource (1-3): 2
The defined FileSet resources are:
1: Other Files
Item 1 selected automatically.
+-------+------+-------+---------+---------+------+-------+------------+
| JobId | Levl | Files | StrtTim | VolName | File | SesId | VolSesTime |
+-------+------+-------+---------+---------+------+-------+------------+
| 2 | F | 84 | ... | test1 | 0 | 1 | 1035645259 |
+-------+------+-------+---------+---------+------+-------+------------+
You have selected the following JobId: 2
Building directory tree for JobId 2 ...
The defined Storage resources are:
1: File
Item 1 selected automatically.
You are now entering file selection mode where you add and
remove files to be restored. All files are initially added.
Enter "done" to leave this mode.
cwd is: /
$ done
84 files selected to restore.
Run Restore job
JobName: kernsrestore
Bootstrap: /home/kern/bacula/working/restore.bsr
Where: /tmp/bacula-restores
FileSet: Other Files
Client: Rufus
Storage: File
JobId: *None*
OK to run? (yes/mod/no): no
quit
(in a shell window)
cp ../working/restore.bsr /mnt/deuter/files/backup/rufus.bsr
Bacula keeps a count of the number of files on each Volume in its Catalog database so that before appending to a tape, it can verify that the number of files are correct, and thus prevent overwriting valid data. If the Director or the Storage daemon crashes before the job has completed, the tape will contain one more file than is noted in the Catalog, and the next time you attempt to use the same Volume, Bacula will reject it due to a mismatch between the physical tape (Volume) and the catalog.
The easiest solution to this problem is to label a new tape and start fresh. If you wish to continue appending to the current tape, you can do so by using the update command in the console program to change the Volume Files entry in the catalog. A typical sequence of events would go like the following:
- Bacula crashes - You restart Bacula
Bacula then prints:
17-Jan-2003 16:45 rufus-dir: Start Backup JobId 13,
Job=kernsave.2003-01-17_16.45.46
17-Jan-2003 16:45 rufus-sd: Volume test01 previously written,
moving to end of data.
17-Jan-2003 16:46 rufus-sd: kernsave.2003-01-17_16.45.46 Error:
I cannot write on this volume because:
The number of files mismatch! Volume=11 Catalog=10
17-Jan-2003 16:46 rufus-sd: Job kernsave.2003-01-17_16.45.46 waiting.
Cannot find any appendable volumes.
Please use the "label" command to create a new Volume for:
Storage: SDT-10000
Media type: DDS-4
Pool: Default
(note, lines wrapped for presentation) The key here is the line that reads:
The number of files mismatch! Volume=11 Catalog=10
It says that Bacula found eleven files on the volume, but that the catalog says there should be ten. When you see this, you can be reasonably sure that the SD was interrupted while writing before it had a chance to update the catalog. As a consequence, you can just modify the catalog count to eleven, and even if the catalog contains references to files saved in file 11, everything will be OK and nothing will be lost. Note that if the SD had written several file marks to the volume, the difference between the Volume count and the Catalog count could be larger than one, but this is unusual.
If on the other hand the catalog is marked as having more files than Bacula found on the tape, you need to consider the possible negative consequences of modifying the catalog. Please see below for a more complete discussion of this.
Continuing with the example of Volume = 11 Catalog = 10, to enable to Bacula to append to the tape, you do the following:
update
Update choice:
1: Volume parameters
2: Pool from resource
3: Slots from autochanger
Choose catalog item to update (1-3): 1
Defined Pools:
1: Default
2: File
Select the Pool (1-2):
+-------+---------+--------+---------+-----------+------+----------+------+-----+
| MedId | VolName | MedTyp | VolStat | VolBytes | Last | VolReten | Recy | Slt |
+-------+---------+--------+---------+-----------+------+----------+------+-----+
| 1 | test01 | DDS-4 | Error | 352427156 | ... | 31536000 | 1 | 0 |
+-------+---------+--------+---------+-----------+------+----------+------+-----+
Enter MediaId or Volume name: 1
(note table output truncated for presentation) First, you chose to update the Volume parameters by entering a 1. In the volume listing that follows, notice how the VolStatus is Error. We will correct that after changing the Volume Files. Continuing, you respond 1,
Updating Volume "test01"
Parameters to modify:
1: Volume Status
2: Volume Retention Period
3: Volume Use Duration
4: Maximum Volume Jobs
5: Maximum Volume Files
6: Maximum Volume Bytes
7: Recycle Flag
8: Slot
9: Volume Files
10: Pool
11: Done
Select parameter to modify (1-11): 9
Warning changing Volume Files can result
in loss of data on your Volume
Current Volume Files is: 10
Enter new number of Files for Volume: 11
New Volume Files is: 11
Updating Volume "test01"
Parameters to modify:
1: Volume Status
2: Volume Retention Period
3: Volume Use Duration
4: Maximum Volume Jobs
5: Maximum Volume Files
6: Maximum Volume Bytes
7: Recycle Flag
8: Slot
9: Volume Files
10: Pool
11: Done
Select parameter to modify (1-10): 1
Here, you have selected 9 in order to update the Volume Files, then you changed it from 10 to 11, and you now answer 1 to change the Volume Status.
Current Volume status is: Error
Possible Values are:
1: Append
2: Archive
3: Disabled
4: Full
5: Used
6: Read-Only
Choose new Volume Status (1-6): 1
New Volume status is: Append
Updating Volume "test01"
Parameters to modify:
1: Volume Status
2: Volume Retention Period
3: Volume Use Duration
4: Maximum Volume Jobs
5: Maximum Volume Files
6: Maximum Volume Bytes
7: Recycle Flag
8: Slot
9: Volume Files
10: Pool
11: Done
Select parameter to modify (1-11): 11
Selection done.
At this point, you have changed the Volume Files from 10 to 11 to account for the last file that was written but not updated in the database, and you changed the Volume Status back to Append.
This was a lot of words to describe something quite simple.
The Volume Files option exists only in version 1.29 and later, and you should be careful using it. Generally, if you set the value to that which Bacula said is on the tape, you will be OK, especially if the value is one more than what is in the catalog.
Now lets consider the case:
The number of files mismatch! Volume=10 Catalog=12
Here the Bacula found fewer files on the volume than what is marked in the catalog. Now, in this case, you should hesitate a lot before modifying the count in the catalog, because if you force the catalog from 12 to 10, Bacula will start writing after the file 10 on the tape, possibly overwriting valid data, and if you ever try to restore any of the files that the catalog has marked as saved on Files 11 and 12, all chaos will break out. In this case, you will probably be better off using a new tape. In fact, you might want to see what files the catalog claims are actually stored on that Volume, and back them up to another tape and recycle this tape.
Only the File daemon needs to run with root permission (so that it can access all files). As a consequence, you may run your Director, Storage daemon, and MySQL or PostgreSQL database server as non-root processes. Version 1.30 has the -u and the -g options that allow you to specify a userid and groupid on the command line to be used after Bacula starts.
As of version 1.33, thanks to Dan Langille, it is easier to configure the Bacula Director and Storage daemon to run as non-root.
You should protect the Bacula port addresses (normally 9101, 9102, and 9103) from outside access by a firewall or other means of protection to prevent unauthorized use of your daemons.
You should ensure that the configuration files are not world readable since they contain passwords that allow access to the daemons. Anyone who can access the Director using a console program can restore any file from a backup Volume.
You should protect your Catalog database. If you are using SQLite, make sure
that the working directory is readable only by root (or your Bacula userid),
and ensure that bacula.db has permissions -rw-r--r-- (i.e. 640) or
more strict. If you are using MySQL or PostgreSQL, please note that the Bacula
setup procedure leaves the database open to anyone. At a minimum, you should
assign the user bacula a userid and add it to your Director's
configuration file in the appropriate Catalog resource.
If you use the make_catalog_backup script provided by Bacula, remember that you should take care when supplying passwords on the command line. Read the Backing Up Your Bacula Database - Security Considerations section for more information.
If you normally change tapes every day or at least every Friday, but Thursday is a holiday, you can use a trick proposed by Lutz Kittler to ensure that no job runs on Thursday so that you can insert Friday's tape and be sure it will be used on Friday. To do so, define a RunJobBefore script that normally returns zero, so that the Bacula job will normally continue. You can then modify the script to return non-zero on any day when you do not want Bacula to run the job.
If you have an autochanger but it does not support barcodes, using a "trick" you can make Bacula automatically label all the volumes in your autochanger's magazine.
First create a file containing one line for each slot in your autochanger that has a tape to be labeled. The line will contain the slot number a colon (:) then the Volume name you want to use. For example, create a file named volume-list, which contains:
1:Volume001 2:TestVolume02 5:LastVolume
The records do not need to be in any order and you don't need to mention all the slots. Normally, you will have a consistent set of Volume names and a sequential set of numbers for each slot you want labeled. In the example above, I've left out slots 3 and 4 just as an example. Now, modify your mtx-changer script and comment out all the lines in the list) case by putting a # in column 1. Then add the following two lines:
cat <absolute-path>/volume-list exit 0
so that the whole case looks like:
list) # # commented out lines cat <absolute-path>/volume-list exit 0 ;;
where you replace <absolute-path> with the full path to the volume-list file. Then using the console, you enter the following command:
label barcodes
and Bacula will proceed to mount the autochanger Volumes in the list and label them with the Volume names you have supplied. Bacula will think that the list was provided by the autochanger barcodes, but in reality, it was you who supplied the <barcodes>.
If it seems to work, when it finishes, enter:
list volumes
and you should see all the volumes nicely created.
You may want to backup laptops or portables that are not always connected to the network. If you are using DHCP to assign an IP address to those machines when they connect, you will need to use the Dynamic Update capability of DNS to assign a name to those machines that can be used in the Address field of the Client resource in the Director's conf file.
At some point, you may want to be absent for a week or two and you want to make sure Bacula has enough tape left so that the backups will complete. You start by doing a list volumes in the Console program:
list volumes Using default Catalog name=BackupDB DB=bacula Pool: Default +---------+---------------+-----------+-----------+----------------+- | MediaId | VolumeName | MediaType | VolStatus | VolBytes | +---------+---------------+-----------+-----------+----------------+- | 23 | DLT-30Nov02 | DLT8000 | Full | 54,739,278,128 | | 24 | DLT-21Dec02 | DLT8000 | Full | 56,331,524,629 | | 25 | DLT-11Jan03 | DLT8000 | Full | 67,863,514,895 | | 26 | DLT-02Feb03 | DLT8000 | Full | 63,439,314,216 | | 27 | DLT-03Mar03 | DLT8000 | Full | 66,022,754,598 | | 28 | DLT-04Apr03 | DLT8000 | Full | 60,792,559,924 | | 29 | DLT-28Apr03 | DLT8000 | Full | 62,072,494,063 | | 30 | DLT-17May03 | DLT8000 | Full | 65,901,767,839 | | 31 | DLT-07Jun03 | DLT8000 | Used | 56,558,490,015 | | 32 | DLT-28Jun03 | DLT8000 | Full | 64,274,871,265 | | 33 | DLT-19Jul03 | DLT8000 | Full | 64,648,749,480 | | 34 | DLT-08Aug03 | DLT8000 | Full | 64,293,941,255 | | 35 | DLT-24Aug03 | DLT8000 | Append | 9,999,216,782 | +---------+---------------+-----------+-----------+----------------+
Note, I have truncated the output for presentation purposes. What is significant, is that I can see that my current tape has almost 10 Gbytes of data, and that the average amount of data I get on my tapes is about 60 Gbytes. So if I go on vacation now, I don't need to worry about tape capacity (at least not for short absences).
Equally significant is the fact that I did go on vacation the 28th of June 2003, and when I did the list volumes command, my current tape at that time, DLT-07Jun03 MediaId 31, had 56.5 Gbytes written. I could see that the tape would fill shortly. Consequently, I manually marked it as Used and replaced it with a fresh tape that I labeled as DLT-28Jun03, thus assuring myself that the backups would all complete without my intervention.
This tip was submitted by Marc Brueckner who wasn't sure of the case of some of his files on Win32, which is case insensitive. The problem is that Bacula thinks that /UNIMPORTANT FILES is different from /Unimportant Files. Marc was aware that the file exclusion permits wild-cards. So, he specified:
"/[Uu][Nn][Ii][Mm][Pp][Oo][Rr][Tt][Aa][Nn][Tt] [Ff][Ii][Ll][Ee][Ss]"
As a consequence, the above exclude works for files of any case.
Please note that this works only in Bacula Exclude statement and not in Include.
This tip also comes from Marc Brueckner. (Note, this tip is probably outdated by the addition of ClientRunBeforJob and ClientRunAfterJob Job records, but the technique still could be useful.) First I thought the "Run Before Job" statement in the Job-resource is for executing a script on the remote machine (the machine to be backed up). (Note, this is possible as mentioned above by using ClientRunBeforJob and ClientRunAfterJob). It could be useful to execute scripts on the remote machine e.g. for stopping databases or other services while doing the backup. (Of course I have to start the services again when the backup has finished) I found the following solution: Bacula could execute scripts on the remote machine by using ssh. The authentication is done automatically using a private key. First you have to generate a keypair. I've done this by:
ssh-keygen -b 4096 -t dsa -f Bacula_key
This statement may take a little time to run. It creates a public/private key pair with no passphrase. You could save the keys in /etc/bacula. Now you have two new files : Bacula_key which contains the private key and Bacula_key.pub which contains the public key.
Now you have to append the Bacula_key.pub file to the file authorized_keys in the \root\.ssh directory of the remote machine. Then you have to add (or uncomment) the line
AuthorizedKeysFile %h/.ssh/authorized_keys
to the sshd_config file on the remote machine. Where the %h stands for the home-directory of the user (root in this case).
Assuming that your sshd is already running on the remote machine, you can now enter the following on the machine where Bacula runs:
ssh -i Bacula_key -l root <machine-name-or-ip-address> "ls -la"
This should execute the "ls -la" command on the remote machine.
Now you could add lines like the following to your Director's conf file:
...
Run Before Job = ssh -i /etc/bacula/Bacula_key 192.168.1.1 \
"/etc/init.d/database stop"
Run After Job = ssh -i /etc/bacula/Bacula_key 192.168.1.1 \
"/etc/init.d/database start"
...
Even though Bacula version 1.32 and later has a ClientRunBeforeJob, the ssh method still could be useful for updating all the Bacula clients on several remote machines in a single script.
This tip comes from Phil Stracchino.
If you decide to blow away your catalog and start over, the simplest way to re-add all your prelabeled tapes with a minimum of fuss (provided you don't care about the data on the tapes) is to add the tape labels using the console add command, then go into the catalog and manually set the VolStatus of every tape to Recycle.
The SQL command to do this is very simple, either use your vendor's command line interface (mysql, postgres, sqlite, ...) or use the sql command in the Bacula console:
update Media set VolStatus='Recycle';
Bacula will then ignore the data already stored on the tapes and just re-use each tape without further objection.
This tip comes from Volker Sauer.
Note, this tip was given prior to implementation of ACLs in Bacula (version 1.34.5). It is left here because dumping/displaying ACLs can still be useful in testing/verifying that Bacula is backing up and restoring your ACLs properly. Please see the aclsupport FileSet option in the configuration chapter of this manual.
For example, you could dump the ACLs to a file with a script similar to the following:
#!/bin/sh
BACKUP_DIRS="/foo /bar"
STORE_ACL=/root/acl-backup
umask 077
for i in $BACKUP_DIRS; do
cd $i /usr/bin/getfacl -R --skip-base .>$STORE_ACL/${i//\//_}
done
Then use Bacula to backup /root/acl-backup.
The ACLs could be restored using Bacula to the /root/acl-backup file, then restored to your system using:
setfacl --restore/root/acl-backup
This tip was provided by Alexander Kuehn.
Bacula is a really nice backup program except that the manual tape changing requires user interaction with the bacula console.
Fortunately I can fix this. NOTE!!! This suggestion applies for people who do *NOT* have tape autochangers and must change tapes manually.!!!!!
Bacula supports a variety of tape changers through the use of mtx-changer scripts/programs. This highly flexible approach allowed me to create this shell script which does the following: Whenever a new tape is required it sends a mail to the operator to insert the new tape. Then it waits until a tape has been inserted, sends a mail again to say thank you and let's bacula continue its backup. So you can schedule and run backups without ever having to log on or see the console. To make the whole thing work you need to create a Device resource which looks something like this ("Archive Device", "Maximum Changer Wait", "Media Type" and "Label media" may have different values):
Device {
Name=DDS3
Archive Device = # use yours not mine! ;)/dev/nsa0
Changer Device = # not really required/dev/nsa0
Changer Command = "# use this (maybe change the path)!
/usr/local/bin/mtx-changer %o %a %S"
Maximum Changer Wait = 3d # 3 days in seconds
AutomaticMount = yes; # mount on start
AlwaysOpen = yes; # keep device locked
Media Type = DDS3 # it's just a name
RemovableMedia = yes; #
Offline On Unmount = Yes; # keep this too
Label media = Yes; #
}
As the script has to emulate the complete wisdom of a mtx-changer it has an internal "database" containing where which tape is stored, you can see this on the following line:
labels="VOL-0001 VOL-0002 VOL-0003 VOL-0004 VOL-0005 VOL-0006 VOL-0007 VOL-0008 VOL-0009 VOL-0010 VOL-0011 VOL-0012"
The above should be all on one line, and it effectively tells Bacula that volume "VOL-0001" is located in slot 1 (which is our lowest slot), that volume "VOL-0002" is located in slot 2 and so on.. The script also maintains a logfile (/var/log/mtx.log) where you can monitor its operation.
Bacula can run multiple concurrent jobs, but the default configuration files do not enable it. Using the Maximum Concurrent Jobs directive, you can configure how many and which jobs can be run simultaneously. The Director's default value for Maximum Concurrent Jobs is "1".
To initially setup concurrent jobs you need to define Maximum Concurrent Jobs in the Director's configuration file (bacula-dir.conf) in the Director, Job, Client, and Storage resources.
Additionally the File daemon, and the Storage daemon each have their own Maximum Concurrent Jobs directive that sets the overall maximum number of concurrent jobs the daemon will run. The default for both the File daemon and the Storage daemon is "20".
For example, if you want two different jobs to run simultaneously backing up the same Client to the same Storage device, they will run concurrently only if you have set Maximum Concurrent Jobs greater than one in the Director resource, the Client resource, and the Storage resource in bacula-dir.conf.
We recommend that you read the Data Spooling of this manual first, then test your multiple concurrent backup including restore testing before you put it into production.
Below is a super stripped down bacula-dir.conf file showing you the four places where the the file must be modified to allow the same job NightlySave to run up to four times concurrently. The change to the Job resource is not necessary if you want different Jobs to run at the same time, which is the normal case.
#
# Bacula Director Configuration file -- bacula-dir.conf
#
Director {
Name = rufus-dir
Maximum Concurrent Jobs = 4
...
}
Job {
Name = "NightlySave"
Maximum Concurrent Jobs = 4
Client = rufus-fd
Storage = File
...
}
Client {
Name = rufus-fd
Maximum Concurrent Jobs = 4
...
}
Storage {
Name = File
Maximum Concurrent Jobs = 4
...
}
This document describes the utility programs written to aid Bacula users and developers in dealing with Volumes external to Bacula.
Starting with version 1.27, each of the following programs requires a valid Storage daemon configuration file (actually, the only part of the configuration file that these programs need is the Device resource definitions). This permits the programs to find the configuration parameters for your archive device (generally a tape drive). By default, they read bacula-sd.conf in the current directory, but you may specify a different configuration file using the -c option.
Each of these programs require a device-name where the Volume can be found. In the case of a tape, this is the physical device name such as /dev/nst0 or /dev/rmt/0ubn depending on your system. For the program to work, it must find the identical name in the Device resource of the configuration file. See below for specifying Volume names.
Please note that if you have Bacula running and you ant to use one of these programs, you will either need to stop the Storage daemon, or unmount any tape drive you want to use, otherwise the drive will busy because Bacula is using it.
If you are attempting to read or write an archive file rather than a tape, the device-name should be the full path to the archive location including the filename. The filename (last part of the specification) will be stripped and used as the Volume name, and the path (first part before the filename) must have the same entry in the configuration file. So, the path is equivalent to the archive device name, and the filename is equivalent to the volume name.
In general, you must specify the Volume name to each of the programs below (with the exception of btape). The best method to do so is to specify a bootstrap file on the command line with the -b option. As part of the bootstrap file, you will then specify the Volume name or Volume names if more than one volume is needed. For example, suppose you want to read tapes tape1 and tape2. First construct a bootstrap file named say, list.bsr which contains:
Volume=test1|test2
where each Volume is separated by a vertical bar. Then simply use:
./bls -b list.bsr /dev/nst0
In the case of Bacula Volumes that are on files, you may simply append volumes as follows:
./bls /tmp/test1\|test2
where the backslash (\) was necessary as a shell escape to permit entering the vertical bar (|).
And finally, if you feel that specifying a Volume name is a bit complicated with a bootstrap file, you can use the -V option (on all programs except bcopy) to specify one or more Volume names separated by the vertical bar (|). For example,
./bls -V Vol001 /dev/nst0
You may also specify an asterisk (*) to indicate that the program should accept any volume. For example:
./bls -V* /dev/nst0
bls can be used to do an ls type listing of a Bacula tape or file. It is called:
Usage: bls [options] <device-name>
-b <file> specify a bootstrap file
-c <file> specify a config file
-d <level> specify debug level
-e <file> exclude list
-i <file> include list
-j list jobs
-k list blocks
(no j or k option) list saved files
-L dump label
-p proceed inspite of errors
-v be verbose
-V specify Volume names (separated by |)
-? print this message
For example, to list the contents of a tape:
./bls -V Volume-name /dev/nst0
Or to list the contents of a file:
./bls /tmp/Volume-name or ./bls -V Volume-name /tmp
Note that, in the case of a file, the Volume name becomes the filename, so in the above example, you will replace the xxx with the name of the volume (file) you wrote.
Normally if no options are specified, bls will produce the equivalent output to the ls -l command for each file on the tape. Using other options listed above, it is possible to display only the Job records, only the tape blocks, etc. For example:
./bls /tmp/File002 bls: butil.c:148 Using device: /tmp drwxrwxr-x 3 k k 4096 02-10-19 21:08 /home/kern/bacula/k/src/dird/ drwxrwxr-x 2 k k 4096 02-10-10 18:59 /home/kern/bacula/k/src/dird/CVS/ -rw-rw-r-- 1 k k 54 02-07-06 18:02 /home/kern/bacula/k/src/dird/CVS/Root -rw-rw-r-- 1 k k 16 02-07-06 18:02 /home/kern/bacula/k/src/dird/CVS/Repository -rw-rw-r-- 1 k k 1783 02-10-10 18:59 /home/kern/bacula/k/src/dird/CVS/Entries -rw-rw-r-- 1 k k 97506 02-10-18 21:07 /home/kern/bacula/k/src/dird/Makefile -rw-r--r-- 1 k k 3513 02-10-18 21:02 /home/kern/bacula/k/src/dird/Makefile.in -rw-rw-r-- 1 k k 4669 02-07-06 18:02 /home/kern/bacula/k/src/dird/README-config -rw-r--r-- 1 k k 4391 02-09-14 16:51 /home/kern/bacula/k/src/dird/authenticate.c -rw-r--r-- 1 k k 3609 02-07-07 16:41 /home/kern/bacula/k/src/dird/autoprune.c -rw-rw-r-- 1 k k 4418 02-10-18 21:03 /home/kern/bacula/k/src/dird/bacula-dir.conf ... -rw-rw-r-- 1 k k 83 02-08-31 19:19 /home/kern/bacula/k/src/dird/.cvsignore bls: Got EOF on device /tmp 84 files found.
If you are listing a Volume to determine what Jobs to restore, normally the -j option provides you with most of what you will need as long as you don't have multiple clients. For example,
./bls -j -V Test1 -c stored.conf DDS-4 bls: butil.c:258 Using device: "DDS-4" for reading. 11-Jul 11:54 bls: Ready to read from volume "Test1" on device "DDS-4" (/dev/nst0). Volume Record: File:blk=0:1 SessId=4 SessTime=1121074625 JobId=0 DataLen=165 Begin Job Session Record: File:blk=0:2 SessId=4 SessTime=1121074625 JobId=1 Level=F Type=B Begin Job Session Record: File:blk=0:3 SessId=5 SessTime=1121074625 JobId=5 Level=F Type=B Begin Job Session Record: File:blk=0:6 SessId=3 SessTime=1121074625 JobId=2 Level=F Type=B Begin Job Session Record: File:blk=0:13 SessId=2 SessTime=1121074625 JobId=4 Level=F Type=B End Job Session Record: File:blk=0:99 SessId=3 SessTime=1121074625 JobId=2 Level=F Type=B Files=168 Bytes=1,732,978 Errors=0 Status=T End Job Session Record: File:blk=0:101 SessId=2 SessTime=1121074625 JobId=4 Level=F Type=B Files=168 Bytes=1,732,978 Errors=0 Status=T End Job Session Record: File:blk=0:108 SessId=5 SessTime=1121074625 JobId=5 Level=F Type=B Files=168 Bytes=1,732,978 Errors=0 Status=T End Job Session Record: File:blk=0:109 SessId=4 SessTime=1121074625 JobId=1 Level=F Type=B Files=168 Bytes=1,732,978 Errors=0 Status=T 11-Jul 11:54 bls: End of Volume at file 1 on device "DDS-4" (/dev/nst0), Volume "Test1" 11-Jul 11:54 bls: End of all volumes.
shows a full save followed by two incremental saves.
Adding the -v option will display virtually all information that is available for each record:
Normally, except for debugging purposes, you will not need to list Bacula blocks (the "primitive" unit of Bacula data on the Volume). However, you can do so with:
./bls -k /tmp/File002 bls: butil.c:148 Using device: /tmp Block: 1 size=64512 Block: 2 size=64512 ... Block: 65 size=64512 Block: 66 size=19195 bls: Got EOF on device /tmp End of File on device
By adding the -v option, you can get more information, which can be useful in knowing what sessions were written to the volume:
./bls -k -v /tmp/File002 Volume Label: Id : Bacula 0.9 mortal VerNo : 10 VolName : File002 PrevVolName : VolFile : 0 LabelType : VOL_LABEL LabelSize : 147 PoolName : Default MediaType : File PoolType : Backup HostName : Date label written: 2002-10-19 at 21:16 Block: 1 blen=64512 First rec FI=VOL_LABEL SessId=1 SessTim=1035062102 Strm=0 rlen=147 Block: 2 blen=64512 First rec FI=6 SessId=1 SessTim=1035062102 Strm=DATA rlen=4087 Block: 3 blen=64512 First rec FI=12 SessId=1 SessTim=1035062102 Strm=DATA rlen=5902 Block: 4 blen=64512 First rec FI=19 SessId=1 SessTim=1035062102 Strm=DATA rlen=28382 ... Block: 65 blen=64512 First rec FI=83 SessId=1 SessTim=1035062102 Strm=DATA rlen=1873 Block: 66 blen=19195 First rec FI=83 SessId=1 SessTim=1035062102 Strm=DATA rlen=2973 bls: Got EOF on device /tmp End of File on device
Armed with the SessionId and the SessionTime, you can extract just about anything.
If you want to know even more, add a second -v to the command line to get a dump of every record in every block.
./bls -k -v -v /tmp/File002
bls: block.c:79 Dump block 80f8ad0: size=64512 BlkNum=1
Hdrcksum=b1bdfd6d cksum=b1bdfd6d
bls: block.c:92 Rec: VId=1 VT=1035062102 FI=VOL_LABEL Strm=0 len=147 p=80f8b40
bls: block.c:92 Rec: VId=1 VT=1035062102 FI=SOS_LABEL Strm=-7 len=122 p=80f8be7
bls: block.c:92 Rec: VId=1 VT=1035062102 FI=1 Strm=UATTR len=86 p=80f8c75
bls: block.c:92 Rec: VId=1 VT=1035062102 FI=2 Strm=UATTR len=90 p=80f8cdf
bls: block.c:92 Rec: VId=1 VT=1035062102 FI=3 Strm=UATTR len=92 p=80f8d4d
bls: block.c:92 Rec: VId=1 VT=1035062102 FI=3 Strm=DATA len=54 p=80f8dbd
bls: block.c:92 Rec: VId=1 VT=1035062102 FI=3 Strm=MD5 len=16 p=80f8e07
bls: block.c:92 Rec: VId=1 VT=1035062102 FI=4 Strm=UATTR len=98 p=80f8e2b
bls: block.c:92 Rec: VId=1 VT=1035062102 FI=4 Strm=DATA len=16 p=80f8ea1
bls: block.c:92 Rec: VId=1 VT=1035062102 FI=4 Strm=MD5 len=16 p=80f8ec5
bls: block.c:92 Rec: VId=1 VT=1035062102 FI=5 Strm=UATTR len=96 p=80f8ee9
bls: block.c:92 Rec: VId=1 VT=1035062102 FI=5 Strm=DATA len=1783 p=80f8f5d
bls: block.c:92 Rec: VId=1 VT=1035062102 FI=5 Strm=MD5 len=16 p=80f9668
bls: block.c:92 Rec: VId=1 VT=1035062102 FI=6 Strm=UATTR len=95 p=80f968c
bls: block.c:92 Rec: VId=1 VT=1035062102 FI=6 Strm=DATA len=32768 p=80f96ff
bls: block.c:92 Rec: VId=1 VT=1035062102 FI=6 Strm=DATA len=32768 p=8101713
bls: block.c:79 Dump block 80f8ad0: size=64512 BlkNum=2
Hdrcksum=9acc1e7f cksum=9acc1e7f
bls: block.c:92 Rec: VId=1 VT=1035062102 FI=6 Strm=contDATA len=4087 p=80f8b40
bls: block.c:92 Rec: VId=1 VT=1035062102 FI=6 Strm=DATA len=31970 p=80f9b4b
bls: block.c:92 Rec: VId=1 VT=1035062102 FI=6 Strm=MD5 len=16 p=8101841
...
If you find yourself using bextract, you probably have done something wrong. For example, if you are trying to recover a file but are having problems, please see the Restoring When Things Go Wrong section of the Restore chapter of this manual.
Normally, you will restore files by running a Restore Job from the Console program. However, bextract can be used to extract a single file or a list of files from a Bacula tape or file. In fact, bextract can be a useful tool to restore files to an empty system assuming you are able to boot, you have statically linked bextract and you have an appropriate bootstrap file.
Please note that some of the current limitations of bextract are:
It is called:
Usage: bextract [-d debug_level] <device-name> <directory-to-store-files>
-b <file> specify a bootstrap file
-dnn set debug level to nn
-e <file> exclude list
-i <file> include list
-p proceed inspite of I/O errors
-V specify Volume names (separated by |)
-? print this message
where device-name is the Archive Device (raw device name or full filename) of the device to be read, and directory-to-store-files is a path prefix to prepend to all the files restored.
NOTE: On Windows systems, if you specify a prefix of say d:/tmp, any file that would have been restored to c:/My Documents will be restored to d:/tmp/My Documents. That is, the original drive specification will be stripped. If no prefix is specified, the file will be restored to the original drive.
Using the -e option, you can specify a file containing a list of files to be excluded. Wildcards can be used in the exclusion list. This option will normally be used in conjunction with the -i option (see below). Both the -e and the -i options may be specified at the same time as the -b option. The bootstrap filters will be applied first, then the include list, then the exclude list.
Likewise, and probably more importantly, with the -i option, you can specify a file that contains a list (one file per line) of files and directories to include to be restored. The list must contain the full filename with the path. If you specify a path name only, all files and subdirectories of that path will be restored. If you specify a line containing only the filename (e.g. my-file.txt) it probably will not be extracted because you have not specified the full path.
For example, if the file include-list contains:
/home/kern/bacula /usr/local/bin
Then the command:
./bextract -i include-list -V Volume /dev/nst0 /tmp
will restore from the Bacula archive /dev/nst0 all files and directories in the backup from /home/kern/bacula and from /usr/local/bin. The restored files will be placed in a file of the original name under the directory /tmp (i.e. /tmp/home/kern/bacula/... and /tmp/usr/local/bin/...).
The -b option is used to specify a bootstrap file containing the information needed to restore precisely the files you want. Specifying a bootstrap file is optional but recommended because it gives you the most control over which files will be restored. For more details on the bootstrap file, please see Restoring Files with the Bootstrap File chapter of this document. Note, you may also use a bootstrap file produced by the restore command. For example:
./bextract -b bootstrap-file /dev/nst0 /tmp
The bootstrap file allows detailed specification of what files you want restored (extracted). You may specify a bootstrap file and include and/or exclude files at the same time. The bootstrap conditions will first be applied, and then each file record seen will be compared to the include and exclude lists.
If you wish to extract files that span several Volumes, you can specify the Volume names in the bootstrap file or you may specify the Volume names on the command line by separating them with a vertical bar. See the section above under the bls program entitled Listing Multiple Volumes for more information. The same techniques apply equally well to the bextract program or read the Bootstrap chapter of this document.
If you find yourself using this program, you have probably done something wrong. For example, the best way to recover a lost or damaged Bacula database is to reload the database by using the bootstrap file that was written when you saved it (default bacula-dir.conf file).
The bscan program can be used to re-create a database (catalog) records from the backup information written to one or more Volumes. This is normally needed only if one or more Volumes have been pruned or purged from your catalog so that the records on the Volume are no longer in the catalog, or for Volumes that you have archived.
With some care, it can also be used to synchronize your existing catalog with a Volume. Although we have never seen a case of bscan damaging a catalog, since bscan modifies your catalog, we recommend that you do a simple ASCII backup of your database before running bscan just to be sure. See Compacting Your Database for the details of making a copy of your database.
bscan can also be useful in a disaster recovery situation, after the loss of a hard disk, if you do not have a valid bootstrap file for reloading your system, or if a Volume has been recycled but not overwritten, you can use bscan to re-create your database, which can then be used to restore your system or a file to its previous state.
It is called:
Usage: bscan [options] <bacula-archive>
-b bootstrap specify a bootstrap file
-c <file> specify configuration file
-d <nn> set debug level to nn
-m update media info in database
-n <name> specify the database name (default bacula)
-u <user> specify database user name (default bacula)
-P <password> specify database password (default none)
-h <host> specify database host (default NULL)
-p proceed inspite of I/O errors
-r list records
-s synchronize or store in database
-v verbose
-V <Volumes> specify Volume names (separated by |)
-w <dir> specify working directory (default from conf file)
-? print this message
If you are using MySQL or PostgreSQL, there is no need to supply a working directory since in that case, bscan knows where the databases are. However, if you have provided security on your database, you may need to supply either the database name (-b option), the user name (-u option), and/or the password (-p) options.
NOTE: before bscan can work, it needs at least a bare bones valid database. If your database exists but some records are missing because they were pruned, then you are all set. If your database was lost or destroyed, then you must first ensure that you have the SQL program running (MySQL or PostgreSQL), then you must create the Bacula database (normally named bacula), and you must create the Bacula tables using the scripts in the cats directory. This is explained in the Installation chapter of the manual. Finally, before scanning into an empty database, you must start and stop the Director with the appropriate bacula-dir.conf file so that it can create the Client and Storage records which are not stored on the Volumes. Without these records, scanning is unable to connect the Job records to the proper client.
Forgetting for the moment the extra complications of a full rebuild of your catalog, let's suppose that you did a backup to Volumes "Vol001" and "Vol002", then sometime later all records of one or both those Volumes were pruned or purged from the database. By using bscan you can recreate the catalog entries for those Volumes and then use the restore command in the Console to restore whatever you want. A command something like:
bscan -c bacula-sd.conf -v -V Vol001\|Vol002 /dev/nst0
will give you an idea of what is going to happen without changing your catalog. Of course, you may need to change the path to the Storage daemon's conf file, the Volume name, and your tape (or disk) device name. This command must read the entire tape, so if it has a lot of data, it may take a long time, and thus you might want to immediately use the command listed below. Note, if you are writing to a disk file, replace the device name with the path to the directory that contains the Volumes. This must correspond to the Archive Device in the conf file.
Then to actually write or store the records in the catalog, add the -s option as follows:
bscan -s -m -c bacula-sd.conf -v -V Vol001\|Vol002 /dev/nst0
When writing to the database, if bscan finds existing records, it will generally either update them if something is wrong or leave them alone. Thus if the Volumes you are scanning are all or partially in the catalog already, no harm will be done to that existing data. Any missing data will simply be added.
If you have multiple tapes, you should scan them with:
bscan -s -m -c bacula-sd.conf -v -V Vol001\|Vol002\|Vol003 /dev/nst0
Since there is a limit on the command line length (511 bytes) accepted by bscan, if you have too many Volumes, you will need to manually create a bootstrap file. See the Bootstrap chapter of this manual for more details, in particular the section entitled Bootstrap for bscan.
You should, always try to specify the tapes in the order they are written. However, bscan can handle scanning tapes that are not sequential. Any incomplete records at the end of the tape will simply be ignored in that case. If you are simply repairing an existing catalog, this may be OK, but if you are creating a new catalog from scratch, it will leave your database in an incorrect state. If you do not specify all necessary Volumes on a single bscan command, bscan will not be able to correctly restore the records that span two volumes. In other words, it is much better to specify two or three volumes on a single bscan command rather than run bscan two or three times, each with a single volume.
Note, the restoration process using bscan is not identical to the original creation of the catalog data. This is because certain data such as Client records and other non-essential data such as volume reads, volume mounts, etc is not stored on the Volume, and thus is not restored by bscan. The results of bscanning are, however, perfectly valid, and will permit restoration of any or all the files in the catalog using the normal Bacula console commands. If you are starting with an empty catalog and expecting bscan to reconstruct it, you may be a bit disappointed, but at a minimum, you must ensure that your bacula-dir.conf file is the same as what it previously was -- that is, it must contain all the appropriate Client resources so that they will be recreated in your new database before running bscan. Normally when the Director starts, it will recreate any missing Client records in the catalog. Another problem you will have is that even if the Volumes (Media records) are recreated in the database, they will not have their autochanger status and slots properly set. As a result, you will need to repair that by using the update slots command. There may be other considerations as well. Rather than bscanning, you should always attempt to recover you previous catalog backup.
If you wish to compare the contents of a Volume to an existing catalog without changing the catalog, you can safely do so if and only if you do not specify either the -m or the -s options. However, at this time (Bacula version 1.26), the comparison routines are not as good or as thorough as they should be, so we don't particularly recommend this mode other than for testing.
This is the mode for which bscan is most useful. You can either bscan into a freshly created catalog, or directly into your existing catalog (after having made an ASCII copy as described above). Normally, you should start with a freshly created catalog that contains no data.
Starting with a single Volume named TestVolume1, you run a command such as:
./bscan -V TestVolume1 -v -s -m -c bacula-sd.conf /dev/nst0
If there is more than one volume, simply append it to the first one separating it with a vertical bar. You may need to precede the vertical bar with a forward slash escape the shell -- e.g. TestVolume1\|TestVolume2. The -v option was added for verbose output (this can be omitted if desired). The -s option that tells bscan to store information in the database. The physical device name /dev/nst0 is specified after all the options.
For example, after having done a full backup of a directory, then two incrementals, I reinitialized the SQLite database as described above, and using the bootstrap.bsr file noted above, I entered the following command:
./bscan -b bootstrap.bsr -v -s -c bacula-sd.conf /dev/nst0
which produced the following output:
bscan: bscan.c:182 Using Database: bacula, User: bacula bscan: bscan.c:673 Created Pool record for Pool: Default bscan: bscan.c:271 Pool type "Backup" is OK. bscan: bscan.c:632 Created Media record for Volume: TestVolume1 bscan: bscan.c:298 Media type "DDS-4" is OK. bscan: bscan.c:307 VOL_LABEL: OK for Volume: TestVolume1 bscan: bscan.c:693 Created Client record for Client: Rufus bscan: bscan.c:769 Created new JobId=1 record for original JobId=2 bscan: bscan.c:717 Created FileSet record "Kerns Files" bscan: bscan.c:819 Updated Job termination record for new JobId=1 bscan: bscan.c:905 Created JobMedia record JobId 1, MediaId 1 bscan: Got EOF on device /dev/nst0 bscan: bscan.c:693 Created Client record for Client: Rufus bscan: bscan.c:769 Created new JobId=2 record for original JobId=3 bscan: bscan.c:708 Fileset "Kerns Files" already exists. bscan: bscan.c:819 Updated Job termination record for new JobId=2 bscan: bscan.c:905 Created JobMedia record JobId 2, MediaId 1 bscan: Got EOF on device /dev/nst0 bscan: bscan.c:693 Created Client record for Client: Rufus bscan: bscan.c:769 Created new JobId=3 record for original JobId=4 bscan: bscan.c:708 Fileset "Kerns Files" already exists. bscan: bscan.c:819 Updated Job termination record for new JobId=3 bscan: bscan.c:905 Created JobMedia record JobId 3, MediaId 1 bscan: Got EOF on device /dev/nst0 bscan: bscan.c:652 Updated Media record at end of Volume: TestVolume1 bscan: bscan.c:428 End of Volume. VolFiles=3 VolBlocks=57 VolBytes=10,027,437
The key points to note are that bscan prints a line when each major record is created. Due to the volume of output, it does not print a line for each file record unless you supply the -v option twice or more on the command line.
In the case of a Job record, the new JobId will not normally be the same as the original Jobid. For example, for the first JobId above, the new JobId is 1, but the original JobId is 2. This is nothing to be concerned about as it is the normal nature of databases. bscan will keep everything straight.
Although bscan claims that it created a Client record for Client: Rufus three times, it was actually only created the first time. This is normal.
You will also notice that it read an end of file after each Job (Got EOF on device ...). Finally the last line gives the total statistics for the bscan.
If you had added a second -v option to the command line, Bacula would have been even more verbose, dumping virtually all the details of each Job record it encountered.
Now if you start Bacula and enter a list jobs command to the console program, you will get:
+-------+----------+------------------+------+-----+----------+----------+---------+ | JobId | Name | StartTime | Type | Lvl | JobFiles | JobBytes | JobStat | +-------+----------+------------------+------+-----+----------+----------+---------+ | 1 | kernsave | 2002-10-07 14:59 | B | F | 84 | 4180207 | T | | 2 | kernsave | 2002-10-07 15:00 | B | I | 15 | 2170314 | T | | 3 | kernsave | 2002-10-07 15:01 | B | I | 33 | 3662184 | T | +-------+----------+------------------+------+-----+----------+----------+---------+
which corresponds virtually identically with what the database contained before it was re-initialized and restored with bscan. All the Jobs and Files found on the tape are restored including most of the Media record. The Volume (Media) records restored will be marked as Full so that they cannot be rewritten without operator intervention.
It should be noted that bscan cannot restore a database to the exact condition it was in previously because a lot of the less important information contained in the database is not saved to the tape. Nevertheless, the reconstruction is sufficiently complete, that you can run restore against it and get valid results.
An interesting aspect of restoring a catalog backup using bscan is that the backup was made while Bacula was running and writing to a tape. At the point the backup of the catalog is made, the tape Bacula is writing to will have say 10 files on it, but after the catalog backup is made, there will be 11 files on the tape Bacula is writing. This there is a difference between what is contained in the backed up catalog and what is actually on the tape. If after restoring a catalog, you attempt to write on the same tape that was used to backup the catalog, Bacula will detect the difference in the number of files registered in the catalog compared to what is on the tape, and will mark the tape in error.
There are two solutions to this problem. The first is possibly the simplest and is to mark the volume as Used before doing any backups. The second is to manually correct the number of files listed in the Media record of the catalog. This procedure is documented elsewhere in the manual and involves using the update volume command in bconsole.
If the Storage daemon crashes during a backup Job, the catalog will not be properly updated for the Volume being used at the time of the crash. This means that the Storage daemon will have written say 20 files on the tape, but the catalog record for the Volume indicates only 19 files.
Bacula refuses to write on a tape that contains a different number of files from what is in the catalog. To correct this situation, you may run a bscan with the -m option (but without the -s option) to update only the final Media record for the Volumes read.
If you use bscan to enter the contents of the Volume into an existing catalog, you should be aware that the records you entered may be immediately pruned during the next job, particularly if the Volume is very old or had been previously purged. To avoid this, after running bscan, you can manually set the volume status (VolStatus) to Read-Only by using the update command in the catalog. This will allow you to restore from the volume without having it immediately purged. When you have restored and backed up the data, you can reset the VolStatus to Used and the Volume will be purged from the catalog.
The bcopy program can be used to copy one Bacula archive file to another. For example, you may copy a tape to a file, a file to a tape, a file to a file, or a tape to a tape. For tape to tape, you will need two tape drives. (a later version is planned that will buffer it to disk). In the process of making the copy, no record of the information written to the new Volume is stored in the catalog. This means that the new Volume, though it contains valid backup data, cannot be accessed directly from existing catalog entries. If you wish to be able to use the Volume with the Console restore command, for example, you must first bscan the new Volume into the catalog.
Usage: bcopy [-d debug_level] <input-archive> <output-archive>
-b bootstrap specify a bootstrap file
-c <file> specify configuration file
-dnn set debug level to nn
-i specify input Volume names (separated by |)
-o specify output Volume names (separated by |)
-p proceed inspite of I/O errors
-v verbose
-w dir specify working directory (default /tmp)
-? print this message
By using a bootstrap file, you can copy parts of a Bacula archive file to another archive.
One of the objectives of this program is to be able to recover as much data as possible from a damaged tape. However, the current version does not yet have this feature.
As this is a new program, any feedback on its use would be appreciated. In addition, I only have a single tape drive, so I have never been able to test this program with two tape drives.
This program permits a number of elementary tape operations via a tty command interface. It works only with tapes and not with other kinds of Bacula storage media (DVD, File, ...). The test command, described below, can be very useful for testing older tape drive compatibility problems. Aside from initial testing of tape drive compatibility with Bacula, btape will be mostly used by developers writing new tape drivers.
btape can be dangerous to use with existing Bacula tapes because it will relabel a tape or write on the tape if so requested regardless that the tape may contain valuable data, so please be careful and use it only on blank tapes.
To work properly, btape needs to read the Storage daemon's configuration file. As a default, it will look for bacula-sd.conf in the current directory. If your configuration file is elsewhere, please use the -c option to specify where.
The physical device name must be specified on the command line, and this same device name must be present in the Storage daemon's configuration file read by btape
Usage: btape <options> <device_name>
-b <file> specify bootstrap file
-c <file> set configuration file to file
-d <nn> set debug level to nn
-p proceed inspite of I/O errors
-s turn off signals
-v be verbose
-? print this message.
An important reason for this program is to ensure that a Storage daemon configuration file is defined so that Bacula will correctly read and write tapes.
It is highly recommended that you run the test command before running your first Bacula job to ensure that the parameters you have defined for your storage device (tape drive) will permit Bacula to function properly. You only need to mount a blank tape, enter the command, and the output should be reasonably self explanatory. Please see the Tape Testing Chapter of this manual for the details.
The full list of commands are:
Command Description ======= =========== autochanger test autochanger bsf backspace file bsr backspace record cap list device capabilities clear clear tape errors eod go to end of Bacula data for append eom go to the physical end of medium fill fill tape, write onto second volume unfill read filled tape fsf forward space a file fsr forward space a record help print this command label write a Bacula label to the tape load load a tape quit quit btape rawfill use write() to fill tape readlabel read and print the Bacula tape label rectest test record handling functions rewind rewind the tape scan read() tape block by block to EOT and report scanblocks Bacula read block by block to EOT and report status print tape status test General test Bacula tape functions weof write an EOF on the tape wr write a single Bacula block rr read a single record qfill quick fill command
The most useful commands are:
The readlabel command can be used to display the details of a Bacula tape label. This can be useful if the physical tape label was lost or damaged.
In the event that you want to relabel a Bacula, you can simply use the label command which will write over any existing label. However, please note for labeling tapes, we recommend that you use the label command in the Console program since it will never overwrite a valid Bacula tape.
The following programs are general utility programs and in general do not need a configuration file nor a device name.
bsmtp is a simple mail transport program that permits more flexibility than the standard mail programs typically found on Unix systems. It can even be used on Windows machines.
It is called:
Usage: bsmtp [-f from] [-h mailhost] [-s subject] [-c copy] [recipient ...]
-c set the Cc: field
-dnn set debug level to nn
-f set the From: field
-h use mailhost:port as the bsmtp server
-l limit the lines accepted to nn
-s set the Subject: field
-? print this message.
If the -f option is not specified, bsmtp will use your userid. If the option -h is not specified bsmtp will use the value in the environment variable bsmtpSERVER or if there is none localhost. By default port 25 is used.
If a line count limit is set with the -l option, bsmtp will not send an email with a body text exceeding that number of lines. This is especially useful for large restore job reports where the list of files restored might produce very long mails your mail-server would refuse or crash. However, be aware that you will probably suppress the job report and any error messages unless you check the log file written by the Director (see the messages resource in this manual for details).
recipients is a space separated list of email recipients.
The body of the email message is read from standard input.
An example of the use of bsmtp would be to put the following statement in the Messages resource of your bacula-dir.conf file. Note, these commands should appear on a single line each.
mailcommand = "/home/bacula/bin/bsmtp -h mail.domain.com -f \"\(Bacula\) %r\"
-s \"Bacula: %t %e of %c %l\" %r"
operatorcommand = "/home/bacula/bin/bsmtp -h mail.domain.com -f \"\(Bacula\) %r\"
-s \"Bacula: Intervention needed for %j\" %r"
Where you replace /home/bacula/bin with the path to your Bacula binary directory, and you replace mail.domain.com with the fully qualified name of your bsmtp (email) server, which normally listens on port 25. For more details on the substitution characters (e.g. %r) used in the above line, please see the documentation of the MailCommand in the Messages Resource chapter of this manual.
It is HIGHLY recommended that you test one or two cases by hand to make sure that the mailhost that you specified is correct and that it will accept your email requests. Since bsmtp always uses a TCP connection rather than writing in the spool file, you may find that your from address is being rejected because it does not contain a valid domain, or because your message is caught in your spam filtering rules. Generally, you should specify a fully qualified domain name in the from field, and depending on whether your bsmtp gateway is Exim or Sendmail, you may need to modify the syntax of the from part of the message. Please test.
When running bsmtp by hand, you will need to terminate the message by entering a ctl-d in column 1 of the last line.
If you are getting incorrect dates (e.g. 1970) and you are running with a non-English language setting, you might try adding a LANG=''en_US'' immediately before the bsmtp call.
The dbcheck program can be found in the <bacula-source>/src/tools directory of the source distribution. Though it is built with the make process, it is not normally "installed".
It is called:
Usage: dbcheck [-c config] [-C catalog name] [-d debug_level]
<working-directory> <bacula-database> <user> <password> [<dbhost>]
-b batch mode
-C catalog name in the director conf file
-c director conf filename
-dnn set debug level to nn
-f fix inconsistencies
-v verbose
-? print this message
If the -c option is given with the Director's conf file, there is no need to enter any of the command line arguments, in particular the working directory as dbcheck will read them from the file.
If the -f option is specified, dbcheck will repair (fix) the inconsistencies it finds. Otherwise, it will report only.
If the -b option is specified, dbcheck will run in batch mode, and it will proceed to examine and fix (if -f is set) all programmed inconsistency checks. If the -b option is not specified, dbcheck will enter interactive mode and prompt with the following:
Hello, this is the database check/correct program.
Please select the function you want to perform.
1) Toggle modify database flag
2) Toggle verbose flag
3) Repair bad Filename records
4) Repair bad Path records
5) Eliminate duplicate Filename records
6) Eliminate duplicate Path records
7) Eliminate orphaned Jobmedia records
8) Eliminate orphaned File records
9) Eliminate orphaned Path records
10) Eliminate orphaned Filename records
11) Eliminate orphaned FileSet records
12) Eliminate orphaned Client records
13) Eliminate orphaned Job records
14) Eliminate all Admin records
15) Eliminate all Restore records
16) All (3-15)
17) Quit
Select function number:
By entering 1 or 2, you can toggle the modify database flag (-f option) and the verbose flag (-v). It can be helpful and reassuring to turn off the modify database flag, then select one or more of the consistency checks (items 3 through 9) to see what will be done, then toggle the modify flag on and re-run the check.
The inconsistencies examined are the following:
During standard purging (or pruning) of Job records, Bacula does not check for orphaned Filename records. As a consequence, over a period of time, old unused Filename records will accumulate and use space in your database. This check will eliminate them. It is strongly recommended that you run this check at least once a year, and for large database (more than 200 Megabytes), it is probably better to run this once every 6 months.
By the way, I personally run dbcheck only where I have messed up my database due to a bug in developing Bacula code, so normally you should never need to run dbcheck in spite of the recommendations given above, which are given so that users don't waste their time running dbcheck too often.
bregex is a simple program that will allow you to test regular expressions against a file of data. This can be useful because the regex libraries on most systems differ, and in addition, regex expressions can be complicated.
bregex is found in the src/tools directory and it is normally installed with your system binaries. To run it, use:
Usage: bregex [-d debug_level] -f <data-file>
-f specify file of data to be matched
-l suppress line numbers
-n print lines that do not match
-? print this message.
The <data-file> is a filename that contains lines of data to be matched (or not) against one or more patterns. When the program is run, it will prompt you for a regular expression pattern, then apply it one line at a time against the data in the file. Each line that matches will be printed preceded by its line number. You will then be prompted again for another pattern.
Enter an empty line for a pattern to terminate the program. You can print only lines that do not match by using the -n option, and you can suppress printing of line numbers with the -l option.
This program can be useful for testing regex expressions to be applied against a list of filenames.
bwild is a simple program that will allow you to test wild-card expressions against a file of data.
bwild is found in the src/tools directory and it is normally installed with your system binaries. To run it, use:
Usage: bwild [-d debug_level] -f <data-file>
-f specify file of data to be matched
-l suppress line numbers
-n print lines that do not match
-? print this message.
The <data-file> is a filename that contains lines of data to be matched (or not) against one or more patterns. When the program is run, it will prompt you for a wild-card pattern, then apply it one line at a time against the data in the file. Each line that matches will be printed preceded by its line number. You will then be prompted again for another pattern.
Enter an empty line for a pattern to terminate the program. You can print only lines that do not match by using the -n option, and you can suppress printing of line numbers with the -l option.
This program can be useful for testing wild expressions to be applied against a list of filenames.
testfind permits listing of files using the same search engine that is used for the Include resource in Job resources. Note, much of the functionality of this program (listing of files to be included) is present in the estimate command in the Console program.
The original use of testfind was to ensure that Bacula's file search engine was correct and to print some statistics on file name and path length. However, you may find it useful to see what bacula would do with a given Include resource. The testfind program can be found in the <bacula-source>/src/tools directory of the source distribution. Though it is built with the make process, it is not normally "installed".
It is called:
Usage: testfind [-d debug_level] [-] [pattern1 ...]
-a print extended attributes (Win32 debug)
-dnn set debug level to nn
- read pattern(s) from stdin
-? print this message.
Patterns are used for file inclusion -- normally directories.
Debug level>= 1 prints each file found.
Debug level>= 10 prints path/file for catalog.
Errors are always printed.
Files/paths truncated is a number with len> 255.
Truncation is only in the catalog.
Where a pattern is any filename specification that is valid within an Include resource definition. If none is specified, / (the root directory) is assumed. For example:
./testfind /bin
Would print the following:
Dir: /bin Reg: /bin/bash Lnk: /bin/bash2 -> bash Lnk: /bin/sh -> bash Reg: /bin/cpio Reg: /bin/ed Lnk: /bin/red -> ed Reg: /bin/chgrp ... Reg: /bin/ipcalc Reg: /bin/usleep Reg: /bin/aumix-minimal Reg: /bin/mt Lnka: /bin/gawk-3.1.0 -> /bin/gawk Reg: /bin/pgawk Total files : 85 Max file length: 13 Max path length: 5 Files truncated: 0 Paths truncated: 0
Even though testfind uses the same search engine as Bacula, each directory to be listed, must be entered as a separate command line entry or entered one line at a time to standard input if the - option was specified.
Specifying a debug level of one (i.e. -d1) on the command line will cause testfind to print the raw filenames without showing the Bacula internal file type, or the link (if any). Debug levels of 10 or greater cause the filename and the path to be separated using the same algorithm that is used when putting filenames into the Catalog database.
This chapter is concerned with testing and configuring your tape drive to make sure that it will work properly with Bacula using the btape program.
In general, you should follow the following steps to get your tape drive to work with Bacula. Start with a tape mounted in your drive. If you have an autochanger, load a tape into the drive. We use /dev/nst0 as the tape drive name, you will need to adapt it according to your system.
Do not proceed to the next item until you have succeeded with the previous one.
mt -f /dev/nst0 rewind tar cvf /dev/nst0 . mt -f /dev/nst0 rewind tar tvf /dev/nst0
./btape -c bacula-sd.conf /dev/nst0 test
It isn't necessary to run the autochanger part of the test at this time, but do not go past this point until the basic test succeeds. If you do have an autochanger, please be sure to read the Autochanger chapter of this manual.
restore select all done yes
Do a diff on the restored directory to ensure it is identical to the original directory. If you are going to backup multiple different systems (Linux, Windows, Mac, Solaris, FreeBSD, ...), be sure you test the restore on each system type.
./btape -c bacula-sd.conf /dev/nst0
auto
Adjust your autochanger as necessary to ensure that it works correctly. See the Autochanger chapter of this manual for a complete discussion of testing your autochanger.
Feb 14 17:29:55 epohost kernel: (scsi0:A:2:0): No or incomplete CDB sent to device. Feb 14 17:29:55 epohost kernel: scsi0: Issued Channel A Bus Reset. 1 SCBs aborted
If you have reached this point, you stand a good chance of having everything work. If you get into trouble at any point, carefully read the documentation given below. If you cannot get past some point, ask the bacula-users email list, but specify which of the steps you have successfully completed. In particular, you may want to look at the Tips for Resolving Problems section below.
With version 2.6 of the Linux kernel, if there is no tape in the drive, the OS will wait two minutes (default) and then return a failure, and consequently, Bacula version 1.36 and below will fail the job. This is important to keep in mind, because if you use an option such as Offline on Unmount = yes, there will be a point when there is no tape in the drive, and if another job starts or if Bacula asks the operator to mount a tape, when Bacula attempts to open the drive (about a 20 minute delay), it will fail and Bacula will fail the job.
In version 1.38.x, the Bacula code partially gets around this problem -- at least in the initial open of the drive. However, functions like Polling the drive do not work correctly if there is no tape in the drive. Providing you do not use Offline on Unmount = yes, you should not experience job failures as mentioned above. If you do experience such failures, you can also increase the Maximum Open Wait time interval, which will give you more time to mount the next tape before the job is failed.
Starting with version 1.27, each of the tape utility programs including the btape program requires a valid Storage daemon configuration file (actually, the only part of the configuration file that btape needs is the Device resource definitions). This permits btape to find the configuration parameters for your archive device (generally a tape drive). Without those parameters, the testing and utility programs do not know how to properly read and write your drive. By default, they use bacula-sd.conf in the current directory, but you may specify a different configuration file using the -c option.
btape device-name where the Volume can be found. In the case of a tape, this is the physical device name such as /dev/nst0 or /dev/rmt/0ubn depending on your system that you specify on the Archive Device directive. For the program to work, it must find the identical name in the Device resource of the configuration file. If the name is not found in the list of physical names, the utility program will compare the name you entered to the Device names (rather than the Archive device names).
When specifying a tape device, it is preferable that the "non-rewind" variant of the device file name be given. In addition, on systems such as Sun, which have multiple tape access methods, you must be sure to specify to use Berkeley I/O conventions with the device. The b in the Solaris (Sun) archive specification /dev/rmt/0mbn is what is needed in this case. Bacula does not support SysV tape drive behavior.
See below for specifying Volume names.
If you are attempting to read or write an archive file rather than a tape, the device-name should be the full path to the archive location including the filename. The filename (last part of the specification) will be stripped and used as the Volume name, and the path (first part before the filename) must have the same entry in the configuration file. So, the path is equivalent to the archive device name, and the filename is equivalent to the volume name.
This program permits a number of elementary tape operations via a tty command interface. The test command, described below, can be very useful for testing tape drive compatibility problems. Aside from initial testing of tape drive compatibility with Bacula, btape will be mostly used by developers writing new tape drivers.
btape can be dangerous to use with existing Bacula tapes because it will relabel a tape or write on the tape if so requested regardless of whether or not the tape contains valuable data, so please be careful and use it only on blank tapes.
To work properly, btape needs to read the Storage daemon's configuration file. As a default, it will look for bacula-sd.conf in the current directory. If your configuration file is elsewhere, please use the -c option to specify where.
The physical device name or the Device resource name must be specified on the command line, and this same device name must be present in the Storage daemon's configuration file read by btape
Usage: btape [options] device_name
-b <file> specify bootstrap file
-c <file> set configuration file to file
-d <nn> set debug level to nn
-p proceed inspite of I/O errors
-s turn off signals
-v be verbose
-? print this message.
An important reason for this program is to ensure that a Storage daemon configuration file is defined so that Bacula will correctly read and write tapes.
It is highly recommended that you run the test command before running your first Bacula job to ensure that the parameters you have defined for your storage device (tape drive) will permit Bacula to function properly. You only need to mount a blank tape, enter the command, and the output should be reasonably self explanatory. For example:
(ensure that Bacula is not running) ./btape -c /usr/bin/bacula/bacula-sd.conf /dev/nst0
The output will be:
Tape block granularity is 1024 bytes. btape: btape.c:376 Using device: /dev/nst0 *
Enter the test command:
test
The output produced should be something similar to the following: I've cut the listing short because it is frequently updated to have new tests.
=== Append files test ===
This test is essential to Bacula.
I'm going to write one record in file 0,
two records in file 1,
and three records in file 2
btape: btape.c:387 Rewound /dev/nst0
btape: btape.c:855 Wrote one record of 64412 bytes.
btape: btape.c:857 Wrote block to device.
btape: btape.c:410 Wrote EOF to /dev/nst0
btape: btape.c:855 Wrote one record of 64412 bytes.
btape: btape.c:857 Wrote block to device.
btape: btape.c:855 Wrote one record of 64412 bytes.
btape: btape.c:857 Wrote block to device.
btape: btape.c:410 Wrote EOF to /dev/nst0
btape: btape.c:855 Wrote one record of 64412 bytes.
btape: btape.c:857 Wrote block to device.
btape: btape.c:855 Wrote one record of 64412 bytes.
btape: btape.c:857 Wrote block to device.
btape: btape.c:855 Wrote one record of 64412 bytes.
btape: btape.c:857 Wrote block to device.
btape: btape.c:410 Wrote EOF to /dev/nst0
btape: btape.c:387 Rewound /dev/nst0
btape: btape.c:693 Now moving to end of media.
btape: btape.c:427 Moved to end of media
We should be in file 3. I am at file 3. This is correct!
Now the important part, I am going to attempt to append to the tape.
...
=== End Append files test ===
If you do not successfully complete the above test, please resolve the problem(s) before attempting to use Bacula. Depending on your tape drive, the test may recommend that you add certain records to your configuration. We strongly recommend that you do so and then re-run the above test to insure it works the first time.
Some of the suggestions it provides for resolving the problems may or may not be useful. If at all possible avoid using fixed blocking. If the test suddenly starts to print a long series of:
Got EOF on tape. Got EOF on tape. ...
then almost certainly, you are running your drive in fixed block mode rather than variable block mode. See below for more help of resolving fix versus variable block problems.
It is also possible that you have your drive set in SysV tape drive mode. The drive must use BSD tape conventions. See the section above on setting your Archive device correctly.
For FreeBSD users, please see the notes below for doing further testing of your tape drive.
You can find out what SCSI devices you have by doing:
lsscsi
Typical output is:
[0:0:0:0] disk ATA ST3160812AS 3.AD /dev/sda [2:0:4:0] tape HP Ultrium 2-SCSI F6CH /dev/st0 [2:0:5:0] tape HP Ultrium 2-SCSI F6CH /dev/st1 [2:0:6:0] mediumx OVERLAND LXB 0107 - [2:0:9:0] tape HP Ultrium 1-SCSI E50H /dev/st2 [2:0:10:0] mediumx OVERLAND LXB 0107 -
There are two drives in one autochanger: /dev/st0 and /dev/st1 and a third tape drive at /dev/st2. For using them with Bacula, one would normally reference them as /dev/nst0 ... /dev/nst2. Not also, there are two different autochangers identified as "mediumx OVERLAND LXB". They can be addressed via their /dev/sgN designation, which can be obtained by counting from the beginning as 0 to each changer. In the above case, the two changers are located on /dev/sg3 and /dev/sg5. The one at /dev/sg3, controls drives /dev/nst0 and /dev/nst1; and the one at /dev/sg5 controles drive /dev/nst2.
If you do not have the lsscsi command, you can obtain the same information as follows:
cat /proc/scsi/scsi
For the above example with the three drives and two autochangers, I get:
Attached devices: Host: scsi0 Channel: 00 Id: 00 Lun: 00 Vendor: ATA Model: ST3160812AS Rev: 3.AD Type: Direct-Access ANSI SCSI revision: 05 Host: scsi2 Channel: 00 Id: 04 Lun: 00 Vendor: HP Model: Ultrium 2-SCSI Rev: F6CH Type: Sequential-Access ANSI SCSI revision: 03 Host: scsi2 Channel: 00 Id: 05 Lun: 00 Vendor: HP Model: Ultrium 2-SCSI Rev: F6CH Type: Sequential-Access ANSI SCSI revision: 03 Host: scsi2 Channel: 00 Id: 06 Lun: 00 Vendor: OVERLAND Model: LXB Rev: 0107 Type: Medium Changer ANSI SCSI revision: 02 Host: scsi2 Channel: 00 Id: 09 Lun: 00 Vendor: HP Model: Ultrium 1-SCSI Rev: E50H Type: Sequential-Access ANSI SCSI revision: 03 Host: scsi2 Channel: 00 Id: 10 Lun: 00 Vendor: OVERLAND Model: LXB Rev: 0107 Type: Medium Changer ANSI SCSI revision: 02
As an additional example, I get the following (on a different machine from the above example):
Attached devices: Host: scsi2 Channel: 00 Id: 01 Lun: 00 Vendor: HP Model: C5713A Rev: H107 Type: Sequential-Access ANSI SCSI revision: 02 Host: scsi2 Channel: 00 Id: 04 Lun: 00 Vendor: SONY Model: SDT-10000 Rev: 0110 Type: Sequential-Access ANSI SCSI revision: 02
The above represents first an autochanger and second a simple tape drive. The HP changer (the first entry) uses the same SCSI channel for data and for control, so in Bacula, you would use:
Archive Device = /dev/nst0 Changer Device = /dev/sg0
If you want to remove the SDT-10000 device, you can do so as root with:
echo "scsi remove-single-device 2 0 4 0">/proc/scsi/scsi
and you can put add it back with:
echo "scsi add-single-device 2 0 4 0">/proc/scsi/scsi
where the 2 0 4 0 are the Host, Channel, Id, and Lun as seen on the output from cat /proc/scsi/scsi. Note, the Channel must be specified as numeric.
Below is a slightly more complicated output, which is a single autochanger with two drives, and which operates the changer on a different channel from from the drives:
Attached devices: Host: scsi0 Channel: 00 Id: 00 Lun: 00 Vendor: ATA Model: WDC WD1600JD-75H Rev: 08.0 Type: Direct-Access ANSI SCSI revision: 05 Host: scsi2 Channel: 00 Id: 04 Lun: 00 Vendor: HP Model: Ultrium 2-SCSI Rev: F6CH Type: Sequential-Access ANSI SCSI revision: 03 Host: scsi2 Channel: 00 Id: 05 Lun: 00 Vendor: HP Model: Ultrium 2-SCSI Rev: F6CH Type: Sequential-Access ANSI SCSI revision: 03 Host: scsi2 Channel: 00 Id: 06 Lun: 00 Vendor: OVERLAND Model: LXB Rev: 0106 Type: Medium Changer ANSI SCSI revision: 02
The above tape drives are accessed on /dev/nst0 and /dev/nst1, while the control channel for those two drives is /dev/sg3.
If you are getting error messages such as:
Volume data error at 0:1! Wanted block-id: "BB02", got "". Buffer discarded
It is very likely that Bacula has tried to do block positioning and ended up at an invalid block. This can happen if your tape drive is in fixed block mode while Bacula's default is variable blocks. Note that in such cases, Bacula is perfectly able to write to your Volumes (tapes), but cannot position to read them.
There are two possible solutions.
mt -f /dev/nst0 defblksize 0
or whatever is appropriate on your system. Note, if you are running a Linux system, and the above command does not work, it is most likely because you have not loaded the appropriate mt package, which is often called mt_st, but may differ according to your distribution.
Block Positioning = no
to the Device resource. This is not the recommended procedure because it can enormously slow down recovery of files, but it may help where all else fails. This directive is available in version 1.35.5 or later (and not yet tested).
If you are getting error messages such as:
Volume data error at 0:0! Block checksum mismatch in block=0 len=32625 calc=345678 blk=123456
You are getting tape read errors, and this is most likely due to one of the following things:
If you get an error message such as:
dev open failed: dev.c:265 stored: unable to open device /dev/nst0:> ERR=No such device or address
the first time you run a job, it is most likely due to the fact that you specified the incorrect device name on your Archive Device.
If Bacula works fine with your drive, then all off a sudden you get error messages similar to the one shown above, it is quite possible that your driver module is being removed because the kernel deems it idle. This is done via crontab with the use of rmmod -a. To fix the problem, you can remove this entry from crontab, or you can manually modprob your driver module (or add it to the local startup script). Thanks to Alan Brown for this tip.
When Bacula moves to the end of the medium, it normally uses the ioctl(MTEOM) function. Then Bacula uses the ioctl(MTIOCGET) function to retrieve the current file position from the mt_fileno field. Some SCSI tape drivers will use a fast means of seeking to the end of the medium and in doing so, they will not know the current file position and hence return a -1. As a consequence, if you get "This is NOT correct!" in the positioning tests, this may be the cause. You must correct this condition in order for Bacula to work.
There are two possible solutions to the above problem of incorrect file number:
Hardware End of File = no
This will cause Bacula to use the MTFSF request to seek to the end of the medium, and Bacula will keep track of the file number itself.
Bacula's preferred method of working with tape drives (sequential devices) is to run in variable block mode, and this is what is set by default. You should first ensure that your tape drive is set for variable block mode (see below).
If your tape drive is in fixed block mode and you have told Bacula to use different fixed block sizes or variable block sizes (default), you will get errors when Bacula attempts to forward space to the correct block (the kernel driver's idea of tape blocks will not correspond to Bacula's).
All modern tape drives support variable tape blocks, but some older drives (in particular the QIC drives) as well as the ATAPI ide-scsi driver run only in fixed block mode. The Travan tape drives also apparently must run in fixed block mode (to be confirmed).
Even in variable block mode, with the exception of the first record on the second or subsequent volume of a multi-volume backup, Bacula will write blocks of a fixed size. However, in reading a tape, Bacula will assume that for each read request, exactly one block from the tape will be transferred. This the most common way that tape drives work and is well supported by Bacula.
Drives that run in fixed block mode can cause serious problems for Bacula if the drive's block size does not correspond exactly to Bacula's block size. In fixed block size mode, drivers may transmit a partial block or multiple blocks for a single read request. From Bacula's point of view, this destroys the concept of tape blocks. It is much better to run in variable block mode, and almost all modern drives (the OnStream is an exception) run in variable block mode. In order for Bacula to run in fixed block mode, you must include the following records in the Storage daemon's Device resource definition:
Minimum Block Size = nnn Maximum Block Size = nnn
where nnn must be the same for both records and must be identical to the driver's fixed block size.
We recommend that you avoid this configuration if at all possible by using variable block sizes.
If you must run with fixed size blocks, make sure they are not 512 bytes. This is too small and the overhead that Bacula has with each record will become excessive. If at all possible set any fixed block size to something like 64,512 bytes or possibly 32,768 if 64,512 is too large for your drive. See below for the details on checking and setting the default drive block size.
To recover files from tapes written in fixed block mode, see below.
If you have a modern SCSI tape drive and you are having problems with the test command as noted above, it may be that some program has set one or more of your SCSI driver's options to non-default values. For example, if your driver is set to work in SysV manner, Bacula will not work correctly because it expects BSD behavior. To reset your tape drive to the default values, you can try the following, but ONLY if you have a SCSI tape drive on a Linux system:
become super user mt -f /dev/nst0 rewind mt -f /dev/nst0 stoptions buffer-writes async-writes read-ahead
The above commands will clear all options and then set those specified. None of the specified options are required by Bacula, but a number of other options such as SysV behavior must not be set. Bacula does not support SysV tape behavior. On systems other than Linux, you will need to consult your mt man pages or documentation to figure out how to do the same thing. This should not really be necessary though -- for example, on both Linux and Solaris systems, the default tape driver options are compatible with Bacula. On Solaris systems, you must take care to specify the correct device name on the Archive device directive. See above for more details.
You may also want to ensure that no prior program has set the default block size, as happened to one user, by explicitly turning it off with:
mt -f /dev/nst0 defblksize 0
If you are running a Linux system, and the above command does not work, it is most likely because you have not loaded the appropriate mt package, which is often called mt_st, but may differ according to your distribution.
If you would like to know what options you have set before making any of the changes noted above, you can now view them on Linux systems, thanks to a tip provided by Willem Riede. Do the following:
become super user mt -f /dev/nst0 stsetoptions 0 grep st0 /var/log/messages
and you will get output that looks something like the following:
kernel: st0: Mode 0 options: buffer writes: 1, async writes: 1, read ahead: 1 kernel: st0: can bsr: 0, two FMs: 0, fast mteom: 0, auto lock: 0, kernel: st0: defs for wr: 0, no block limits: 0, partitions: 0, s2 log: 0 kernel: st0: sysv: 0 nowait: 0
Note, I have chopped off the beginning of the line with the date and machine name for presentation purposes.
Some people find that the above settings only last until the next reboot, so please check this otherwise you may have unexpected problems.
Beginning with Bacula version 1.35.8, if Bacula detects that you are running in variable block mode, it will attempt to set your drive appropriately. All OSes permit setting variable block mode, but some OSes do not permit setting the other modes that Bacula needs to function properly.
As far as I can tell, there is no way with the mt program to check if your tape hardware compression is turned on or off. You can, however, turn it on by using (on Linux):
become super user mt -f /dev/nst0 defcompression 1
and of course, if you use a zero instead of the one at the end, you will turn it off.
If you have built the mtx program in the depkgs package, you can use tapeinfo to get quite a bit of information about your tape drive even if it is not an autochanger. This program is called using the SCSI control device. On Linux for tape drive /dev/nst0, this is usually /dev/sg0, while on FreeBSD for /dev/nsa0, the control device is often /dev/pass2. For example on my DDS-4 drive (/dev/nst0), I get the following:
tapeinfo -f /dev/sg0 Product Type: Tape Drive Vendor ID: 'HP ' Product ID: 'C5713A ' Revision: 'H107' Attached Changer: No MinBlock:1 MaxBlock:16777215 SCSI ID: 5 SCSI LUN: 0 Ready: yes BufferedMode: yes Medium Type: Not Loaded Density Code: 0x26 BlockSize: 0
where the DataCompEnabled: yes means that tape hardware compression is turned on. You can turn it on and off (yes|no) by using the mt commands given above. Also, this output will tell you if the BlockSize is non-zero and hence set for a particular block size. Bacula is not likely to work in such a situation because it will normally attempt to write blocks of 64,512 bytes, except the last block of the job which will generally be shorter. The first thing to try is setting the default block size to zero using the mt -f /dev/nst0 defblksize 0 command as shown above. On FreeBSD, this would be something like: mt -f /dev/nsa0 blocksize 0.
On some operating systems with some tape drives, the amount of data that can be written to the tape and whether or not compression is enabled is determined by the density usually the mt -f /dev/nst0 setdensity xxx command. Often mt -f /dev/nst0 status will print out the current density code that is used with the drive. Most systems, but unfortunately not all, set the density to the maximum by default. On some systems, you can also get a list of all available density codes with: mt -f /dev/nst0 densities or a similar mt command. Note, for DLT and SDLT devices, no-compression versus compression is very often controlled by the density code. On FreeBSD systems, the compression mode is set using mt -f /dev/nsa0 comp xxx where xxx is the mode you want. In general, see man mt for the options available on your system.
Note, some of the above mt commands may not be persistent depending on your system configuration. That is they may be reset if a program other than Bacula uses the drive or, as is frequently the case, on reboot of your system.
If your tape drive requires fixed block sizes (very unusual), you can use the following records:
Minimum Block Size = nnn Maximum Block Size = nnn
in your Storage daemon's Device resource to force Bacula to write fixed size blocks (where you sent nnn to be the same for both of the above records). This should be done only if your drive does not support variable block sizes, or you have some other strong reasons for using fixed block sizes. As mentioned above, a small fixed block size of 512 or 1024 bytes will be very inefficient. Try to set any fixed block size to something like 64,512 bytes or larger if your drive will support it.
Also, note that the Medium Type field of the output of tapeinfo reports Not Loaded, which is not correct. As a consequence, you should ignore that field as well as the Attached Changer field.
To recover files from tapes written in fixed block mode, see below.
On most FreeBSD systems such as 4.9 and most tape drives, Bacula should run with:
mt -f /dev/nsa0 seteotmodel 2 mt -f /dev/nsa0 blocksize 0 mt -f /dev/nsa0 comp enable
You might want to put those commands in a startup script to make sure your tape driver is properly initialized before running Bacula, because depending on your system configuration, these modes may be reset if a program other than Bacula uses the drive or when your system is rebooted.
Then according to what the btape test command returns, you will probably need to set the following (see below for an alternative):
Hardware End of Medium = no BSF at EOM = yes Backward Space Record = no Backward Space File = no Fast Forward Space File = no TWO EOF = yes
Then be sure to run some append tests with Bacula where you start and stop Bacula between appending to the tape, or use btape version 1.35.1 or greater, which includes simulation of stopping/restarting Bacula.
Please see the file platforms/freebsd/pthreads-fix.txt in the main Bacula directory concerning important information concerning compatibility of Bacula and your system. A much more optimal Device configuration is shown below, but does not work with all tape drives. Please test carefully before putting either into production.
Note, for FreeBSD 4.10-RELEASE, using a Sony TSL11000 L100 DDS4 with an autochanger set to variable block size and DCLZ compression, Brian McDonald reports that to get Bacula to append correctly between Bacula executions, the correct values to use are:
mt -f /dev/nsa0 seteotmodel 1 mt -f /dev/nsa0 blocksize 0 mt -f /dev/nsa0 comp enable
and
Hardware End of Medium = no BSF at EOM = no Backward Space Record = no Backward Space File = no Fast Forward Space File = yes TWO EOF = no
This has been confirmed by several other people using different hardware. This configuration is the preferred one because it uses one EOF and no backspacing at the end of the tape, which works much more efficiently and reliably with modern tape drives.
Finally, here is a Device configuration that Danny Butroyd reports to work correctly with the Overland Powerloader tape library using LT0-2 and FreeBSD 5.4-Stable:
# Overland Powerloader LT02 - 17 slots single drive
Device {
Name = Powerloader
Media Type = LT0-2
Archive Device = /dev/nsa0
AutomaticMount = yes;
AlwaysOpen = yes;
RemovableMedia = yes;
RandomAccess = no;
Changer Command = "/usr/local/sbin/mtx-changer %c %o %S %a %d"
Changer Device = /dev/pass2
AutoChanger = yes
Alert Command = "sh -c 'tapeinfo -f %c |grep TapeAlert|cat'"
# FreeBSD Specific Settings
Offline On Unmount = no
Hardware End of Medium = no
BSF at EOM = yes
Backward Space Record = no
Fast Forward Space File = no
TWO EOF = yes
}
The following Device resource works fine with Dell PowerVault 110T and
120T devices on both FreeBSD 5.3 and on NetBSD 3.0. It also works
with Sony AIT-2 drives on FreeBSD.
\footnotesize
\begin{verbatim}
Device {
...
# FreeBSD/NetBSD Specific Settings
Hardware End of Medium = no
BSF at EOM = yes
Backward Space Record = no
Fast Forward Space File = yes
TWO EOF = yes
}
On FreeBSD version 6.0, it is reported that you can even set Backward Space Record = yes.
On FreeBSD, you can do a camcontrol devlist as root to determine what drives and autochangers you have. For example,
undef# camcontrol devlist
at scbus0 target 2 lun 0 (pass0,sa0)
at scbus0 target 4 lun 0 (pass1,sa1)
at scbus0 target 4 lun 1 (pass2)
from the above, you can determine that there is a tape drive on /dev/sa0 and another on /dev/sa1 in addition since there is a second line for the drive on /dev/sa1, you know can assume that it is the control device for the autochanger (i.e. /dev/pass2). It is also the control device name to use when invoking the tapeinfo program. E.g.
tapeinfo -f /dev/pass2
Bacula version 1.33 (not 1.32x) is now working and ready for testing with the OnStream kernel osst driver version 0.9.14 or above. Osst is available from: http://sourceforge.net/projects/osst/.
To make Bacula work you must first load the new driver then, as root, do:
mt -f /dev/nosst0 defblksize 32768
Also you must add the following to your Device resource in your Storage daemon's conf file:
Minimum Block Size = 32768 Maximum Block Size = 32768
Here is a Device specification provided by Michel Meyers that is known to work:
Device {
Name = "Onstream DI-30"
Media Type = "ADR-30"
Archive Device = /dev/nosst0
Minimum Block Size = 32768
Maximum Block Size = 32768
Hardware End of Medium = yes
BSF at EOM = no
Backward Space File = yes
Fast Forward Space File = yes
Two EOF = no
AutomaticMount = yes
AlwaysOpen = yes
Removable Media = yes
}
To active, check, or disable the hardware compression feature on an EXB-8900, use the exabyte MammothTool. You can get it here: http://www.exabyte.com/support/online/downloads/index.cfm. There is a Solaris version of this tool. With option -C 0 or 1 you can disable or activate compression. Start this tool without any options for a small reference.
Because there are often problems with certain tape drives or systems when end of tape conditions occur, btape has a special command fill that causes it to write random data to a tape until the tape fills. It then writes at least one more Bacula block to a second tape. Finally, it reads back both tapes to ensure that the data has been written in a way that Bacula can recover it. Note, there is also a single tape option as noted below, which you should use rather than the two tape test. See below for more details.
This can be an extremely time consuming process (here it is about 6 hours) to fill a full tape. Note, that btape writes random data to the tape when it is filling it. This has two consequences: 1. it takes a bit longer to generate the data, especially on slow CPUs. 2. the total amount of data is approximately the real physical capacity of your tape, regardless of whether or not the tape drive compression is on or off. This is because random data does not compress very much.
To begin this test, you enter the fill command and follow the instructions. There are two options: the simple single tape option and the multiple tape option. Please use only the simple single tape option because the multiple tape option still doesn't work totally correctly. If the single tape option does not succeed, you should correct the problem before using Bacula.
If you have been previously running your tape drive in fixed block mode (default 512) and Bacula with variable blocks (default), then in version 1.32f-x and 1.34 and above, Bacula will fail to recover files because it does block spacing, and because the block sizes don't agree between your tape drive and Bacula it will not work.
The long term solution is to run your drive in variable block mode as described above. However, if you have written tapes using fixed block sizes, this can be a bit of a pain. The solution to the problem is: while you are doing a restore command using a tape written in fixed block size, ensure that your drive is set to the fixed block size used while the tape was written. Then when doing the restore command in the Console program, do not answer the prompt yes/mod/no. Instead, edit the bootstrap file (the location is listed in the prompt) using any ASCII editor. Remove all VolBlock lines in the file. When the file is re-written, answer the question, and Bacula will run without using block positioning, and it should recover your files.
SCSI tapes may either be written in variable or fixed block sizes. Newer drives support both modes, but some drives such as the QIC devices always use fixed block sizes. Bacula attempts to fill and write complete blocks (default 65K), so that in normal mode (variable block size), Bacula will always write blocks of the same size except the last block of a Job. If Bacula is configured to write fixed block sizes, it will pad the last block of the Job to the correct size. Bacula expects variable tape block size drives to behave as follows: Each write to the drive results in a single record being written to the tape. Each read returns a single record. If you request less bytes than are in the record, only those number of bytes will be returned, but the entire logical record will have been read (the next read will retrieve the next record). Thus data from a single write is always returned in a single read, and sequentially written records are returned by sequential reads.
Bacula expects fixed block size tape drives to behave as follows: If a write length is greater than the physical block size of the drive, the write will be written as two blocks each of the fixed physical size. This single write may become multiple physical records on the tape. (This is not a good situation). According to the documentation, one may never write an amount of data that is not the exact multiple of the blocksize (it is not specified if an error occurs or if the the last record is padded). When reading, it is my understanding that each read request reads one physical record from the tape. Due to the complications of fixed block size tape drives, you should avoid them if possible with Bacula, or you must be ABSOLUTELY certain that you use fixed block sizes within Bacula that correspond to the physical block size of the tape drive. This will ensure that Bacula has a one to one correspondence between what it writes and the physical record on the tape.
Please note that Bacula will not function correctly if it writes a block and that block is split into two or more physical records on the tape. Bacula assumes that each write causes a single record to be written, and that it can sequentially recover each of the blocks it has written by using the same number of sequential reads as it had written.
Linux does support both SCSI SPACE Filemarks and End-of-data: When MTEOM is called in MT_ST_FAST_MTEOM mode, SCSI SPACE End-of-data is used. In the other case, SCSI SPACE Filemarks with count = 8388607 is used. There is no real slow mode like in Solaris - I just expect, that for older tape drives Filemarks may be slower than End-of-data, but not so much as in Solaris slow mode. File number is tracked for MTEOM just without MT_ST_FAST_MTEOM - when MT_ST_FAST_MTEOM is used, it is not.
FreeBSD does support both SCSI SPACE Filemarks and End-of-data, but when MTEOD (MTEOM) is called, SCSI SPACE End-of-data is always used. FreeBSD never use SCSI SPACE Filemarks for MTEOD. File number is never tracked for MTEOD.
If I use Yes, OS must not use SCSI SPACE End-of-data, because Bacula expects, that there is tracked file number, which is not supported by SCSI specification. Instead, the OS have to use SCSI SPACE Filemarks.
If I use No, an action depends on Fast Forward Space File.
When I set Hardware End of Medium = no and Fast Forward Space File = no file positioning was very slow on my LTO-3 (about ten to 100 minutes), but
with Hardware End of Medium = no and Fast Forward Space File = yes, the time is ten to 100 times faster (about one to two minutes).
If you are getting errors such as:
3992 Bad autochanger "load slot 1, drive 1": ERR=Child exited with code 1.
and you are running your Storage daemon as non-root, then most likely you are having permissions problems with the control channel. Running as root, set permissions on /dev/sgX so that the userid and group of your Storage daemon can access the device. You need to ensure that you all access to the proper control device, and if you don't have any SCSI disk drives (including SATA drives), you might want to change the permissions on /dev/sg*.
If you are getting errors such as:
: kernel: st0: MTSETDRVBUFFER only allowed for root
you are most likely running your Storage daemon as non-root, and Bacula is attempting to set the correct OS buffering to correspond to your Device resource. Most OSes allow only root to issue this ioctl command. In general, the message can be ignored providing you are sure that your OS parameters are properly configured as described earlier in this manual. If you are running your Storage daemon as root, you should not be getting these system log messages, and if you are, something is probably wrong.
If you are running on a Linux system, and you have a set of working configuration files, it is very unlikely that Bacula will crash. As with all software, however, it is inevitable that someday, it may crash, particularly if you are running on another operating system or using a new or unusual feature.
This chapter explains what you should do if one of the three Bacula daemons (Director, File, Storage) crashes. When we speak of crashing, we mean that the daemon terminates abnormally because of an error. There are many cases where Bacula detects errors (such as PIPE errors) and will fail a job. These are not considered crashes. In addition, under certain conditions, Bacula will detect a fatal in the configuration, such as lack of permission to read/write the working directory. In that case, Bacula will force itself to crash with a SEGFAULT. However, before crashing, Bacula will normally display a message indicating why. For more details, please read on.
Each of the three Bacula daemons has a built-in exception handler which, in case of an error, will attempt to produce a traceback. If successful the traceback will be emailed to you.
For this to work, you need to ensure that a few things are setup correctly on your system:
If all the above conditions are met, the daemon that crashes will produce a traceback report and email it to you. If the above conditions are not true, you can either run the debugger by hand as described below, or you may be able to correct the problems by editing the btraceback file. I recommend not spending too much time on trying to get the traceback to work as it can be very difficult.
The changes that might be needed are to add a correct path to the gdb program, correct the path to the btraceback.gdb file, change the mail program or its path, or change your email address. The key line in the btraceback file is:
gdb -quiet -batch -x /home/kern/bacula/bin/btraceback.gdb \
$1 $2 2>\&1 | bsmtp -s "Bacula traceback" your-address@xxx.com
Since each daemon has the same traceback code, a single btraceback file is sufficient if you are running more than one daemon on a machine.
To "manually" test the traceback feature, you simply start Bacula then obtain the PID of the main daemon thread (there are multiple threads). The output produced here will look different depending on what OS and what version of the kernel you are running. Unfortunately, the output had to be split to fit on this page:
[kern@rufus kern]$ ps fax --columns 132 | grep bacula-dir
2103 ? S 0:00 /home/kern/bacula/k/src/dird/bacula-dir -c
/home/kern/bacula/k/src/dird/dird.conf
2104 ? S 0:00 \_ /home/kern/bacula/k/src/dird/bacula-dir -c
/home/kern/bacula/k/src/dird/dird.conf
2106 ? S 0:00 \_ /home/kern/bacula/k/src/dird/bacula-dir -c
/home/kern/bacula/k/src/dird/dird.conf
2105 ? S 0:00 \_ /home/kern/bacula/k/src/dird/bacula-dir -c
/home/kern/bacula/k/src/dird/dird.conf
which in this case is 2103. Then while Bacula is running, you call the program giving it the path to the Bacula executable and the PID. In this case, it is:
./btraceback /home/kern/bacula/k/src/dird 2103
It should produce an email showing you the current state of the daemon (in this case the Director), and then exit leaving Bacula running as if nothing happened. If this is not the case, you will need to correct the problem by modifying the btraceback script.
Typical problems might be that gdb or dbx for Solaris is not on the default path. Fix this by specifying the full path to it in the btraceback file. Another common problem is that you haven't modified the script so that the bsmtp program has an appropriate smtp server or the proper syntax for your smtp server. If you use the mail program and it is not on the default path, it will also fail. On some systems, it is preferable to use Mail rather than mail.
It should be possible to produce a similar traceback on systems other than Linux, either using gdb or some other debugger. Solaris with dbx loaded works quite fine. On other systems, you will need to modify the btraceback program to invoke the correct debugger, and possibly correct the btraceback.gdb script to have appropriate commands for your debugger. If anyone succeeds in making this work with another debugger, please send us a copy of what you modified. Please keep in mind that for any debugger to work, it will most likely need to run as root, so you may need to modify the btraceback script accordingly.
If for some reason you cannot get the automatic traceback, or if you want to interactively examine the variable contents after a crash, you can run Bacula under the debugger. Assuming you want to run the Storage daemon under the debugger (the technique is the same for the other daemons, only the name changes), you would do the following:
kill -15 PID
where you replace PID by the actual value.
gdb ./bacula-sd
run -s -f -c ./bacula-sd.conf
You may replace the ./bacula-sd.conf with the full path to the Storage daemon's configuration file.
thread apply all bt
After that you can issue any debugging command.
The second way of getting debug output is to dynamically turn it on using the Console using the setdebug command. The full syntax of the command is:
setdebug level=nnn client=client-name storage=storage-name dir
If none of the options are given, the command will prompt you. You can selectively turn on/off debugging in any or all the daemons (i.e. it is not necessary to specify all the components of the above command).
At the current time only the File daemon or Client program has been thouroughly tested on Windows and is suitable for a production environment. As a consequence, when we speak of the Windows version of Bacula below, we are referring to the File daemon (client) only.
As of Bacula version 1.39.20 or greater, the installer is capable of installing not just the Client program, but also the Director and the Storage daemon and all the other programs that were previously available only on Unix systems. These additional programs, notably the Director and Storage daemon, have been partially tested, are reported to have some bugs, and still need to be documented. They are not yet supported, and we cannot currently accept or fix bug reports on them. Consequently, please test them carefully before putting them into a critical production environment.
The Windows version of the Bacula File daemon has been tested on Win98, WinMe, WinNT, WinXP, Win2000, and Windows 2003 systems. We have coded to support Win95, but no longer have a system for testing. The Windows version of Bacula is a native Win32 port, but there are very few source code changes to the Unix code, which means that the Windows version is for the most part running code that has long proved stable on Unix systems. When running, it is perfectly integrated with Windows and displays its icon in the system icon tray, and provides a system tray menu to obtain additional information on how Bacula is running (status and events dialog boxes). If so desired, it can also be stopped by using the system tray menu, though this should normally never be necessary.
Once installed Bacula normally runs as a system service. This means that it is immediately started by the operating system when the system is booted, and runs in the background even if there is no user logged into the system.
Normally, you will install the Windows version of Bacula from the binaries. This install is standard Windows .exe that runs an install wizard using the NSIS Free Software installer, so if you have already installed Windows software, it should be very familiar to you.
If you have a previous version Bacula (1.39.20 or lower) installed, you should stop the service, uninstall it, and remove the Bacula installation directory possibly saving your bacula-fd.conf, bconsole.conf, and bwx-console.conf files for use with the new version you will install. The Uninstall program is normally found in c:\bacula\Uninstall.exe. We also recommend that you completely remove the directory c:\bacula, because the current installer uses a different directory structure (see below).
Providing you do not already have Bacula installed, the new installer (1.39.22 and later) installs the binaries and dlls in c:\Program Files\Bacula\bin and the configuration files in c:\Documents and Settings\All Users\Application Data\Bacula In addition, the Start>All Programs>Bacula menu item will be created during the installation, and on that menu, you will find items for editing the configuration files, displaying the document, and starting bwx-console or bconsole.
Finally, proceed with the installation.
winbacula-1.xx.0.exe
If you are upgrading an existing installation, the following will not be displayed.
That should complete the installation process. When the Bacula File Server is
ready to serve files, an icon 
representing a
cassette (or tape) will appear in the system tray
; right click on it and a menu will appear.
The Events item is currently unimplemented, by selecting the Status item, you can verify whether any jobs are running or not.
When the Bacula File Server begins saving files, the color of the holes in the
cassette icon will change from white to green 
,
and if there is an error, the holes in the cassette icon will change to red
.
If you are using remote desktop connections between your Windows boxes, be warned that that tray icon does not always appear. It will always be visible when you log into the console, but the remote desktop may not display it.
After installing Bacula and before running it, you should check the contents of the configuration files to ensure that they correspond to your installation. You can get to them by using: the Start>All Programs>Bacula menu item.
Finally, but pulling up the Task Manager (ctl-alt-del), verify that Bacula is running as a process (not an Application) with User Name SYSTEM. If this is not the case, you probably have not installed Bacula while running as Administrator, and hence it will be unlikely that Bacula can access all the system files.
Once Bacula has been installed, it can be uninstalled using the standard Windows Add/Remove Programs dialog found on the Control panel.
Sometimes Win32 machines the File daemon may have very slow backup transfer rates compared to other machines. To you might try setting the Maximum Network Buffer Size to 32,768 in both the File daemon and in the Storage daemon. The default size is larger, and apparently some Windows ethernet controllers do not deal with a larger network buffer size.
Many Windows ethernet drivers have a tendency to either run slowly due to old broken firmware, or because they are running in half-duplex mode. Please check with the ethernet card manufacturer for the latest firmware and use whatever techniques are necessary to ensure that the card is running in duplex.
If you are not using the portable option, and you have VSS (Volume Shadow Copy) enabled in the Director, and you experience problems with Bacula not being able to open files, it is most likely that you are running an antivirus program that blocks Bacula from doing certain operations. In this case, disable the antivirus program and try another backup. If it succeeds, either get a different (better) antivirus program or use something like RunClientJobBefore/After to turn off the antivirus program while the backup is running.
If turning off anti-virus software does not resolve your VSS problems, you might have to turn on VSS debugging. The following link describes how to do this: http://support.microsoft.com/kb/887013/en-us.
In Microsoft Windows Small Business Server 2003 the VSS Writer for Exchange is turned off by default. To turn it on, please see the following link: http://support.microsoft.com/default.aspx?scid=kb;EN-US;Q838183
The most likely source of problems is authentication when the Director attempts to connect to the File daemon that you installed. This can occur if the names and the passwords defined in the File daemon's configuration file bacula-fd.conf file on the Windows machine do not match with the names and the passwords in the Director's configuration file bacula-dir.conf located on your Unix/Linux server.
More specifically, the password found in the Client resource in the Director's configuration file must be the same as the password in the Director resource of the File daemon's configuration file. In addition, the name of the Director resource in the File daemon's configuration file must be the same as the name in the Director resource of the Director's configuration file.
It is a bit hard to explain in words, but if you understand that a Director normally has multiple Clients and a Client (or File daemon) may permit access by multiple Directors, you can see that the names and the passwords on both sides must match for proper authentication.
One user had serious problems with the configuration file until he realized that the Unix end of line conventions were used and Bacula wanted them in Windows format. This has not been confirmed though, and Bacula version 2.0.0 and above should now accept all end of line conventions (Win32, Unix, Mac).
Running Unix like programs on Windows machines is a bit frustrating because the Windows command line shell (DOS Window) is rather primitive. As a consequence, it is not generally possible to see the debug information and certain error messages that Bacula prints. With a bit of work, however, it is possible. When everything else fails and you want to see what is going on, try the following:
Start a DOS shell Window. c:\Program Files\bacula\bin\bacula-fd -t >out type out
The precise path to bacula-fd depends on where it is installed. The example above is the default used in 1.39.22 and later. The -t option will cause Bacula to read the configuration file, print any error messages and then exit. the > redirects the output to the file named out, which you can list with the type command.
If something is going wrong later, or you want to run Bacula with a debug option, you might try starting it as:
c:\Program Files\bacula\bin\bacula-fd -d 100 >out
In this case, Bacula will run until you explicitly stop it, which will give you a chance to connect to it from your Unix/Linux server. In later versions of Bacula (1.34 on, I think), when you start the File daemon in debug mode it can write the output to a trace file bacula.trace in the current directory. To enable this, before running a job, use the console, and enter:
trace on
then run the job, and once you have terminated the File daemon, you will find the debug output in the bacula.trace file, which will probably be located in the same directory as bacula-fd.exe.
In addition, you should look in the System Applications log on the Control Panel to find any Windows errors that Bacula got during the startup process.
Finally, due to the above problems, when you turn on debugging, and specify trace=1 on a setdebug command in the Console, Bacula will write the debug information to the file bacula.trace in the directory from which Bacula is executing.
If you are having problems with ClientRunBeforeJob scripts randomly dying, it is possible that you have run into an Oracle bug. See bug number 622 in the bugs.bacula.org database. The following information has been provided by a user on this issue:
The information in this document applies to: Oracle HTTP Server - Version: 9.0.4 Microsoft Windows Server 2003 Symptoms When starting an OC4J instance, the System Clock runs faster, about 7 seconds per minute. Cause + This is caused by the Sun JVM bug 4500388, which states that "Calling Thread.sleep() with a small argument affects the system clock". Although this is reported as fixed in JDK 1.4.0_02, several reports contradict this (see the bug in http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=4500388). + Also reported by Microsoft as "The system clock may run fast when you use the ACPI power management timer as a high-resolution counter on Windows 2000-based computers" (See http://support.microsoft.com/?id=821893)
You may wish to start the daemon with debug mode on rather than doing it using bconsole. To do so, edit the following registry key:
HKEY_LOCAL_MACHINE\HARDWARE\SYSTEM\CurrentControlSet\Services\Bacula-dir
using regedit, then add -dnn after the /service option, where nn represents the debug level you want.
If you are not using the VSS (Volume Shadow Copy) option described in the next section of this chapter, and if any applications are running during the backup and they have files opened exclusively, Bacula will not be able to backup those files, so be sure you close your applications (or tell your users to close their applications) before the backup. Fortunately, most Microsoft applications do not open files exclusively so that they can be backed up. However, you will need to experiment. In any case, if Bacula cannot open the file, it will print an error message, so you will always know which files were not backed up. For version 1.37.25 and greater, see the section below on Volume Shadow Copy Service that permits backing up any file.
During backup, Bacula doesn't know about the system registry, so you will either need to write it out to an ASCII file using regedit /e or use a program specifically designed to make a copy or backup the registry.
In Bacula version 1.31 and later, we use Windows backup API calls by default. Typical of Windows, programming these special BackupRead and BackupWrite calls is a real nightmare of complications. The end result gives some distinct advantages and some disadvantages.
First, the advantages are that on WinNT/2K/XP systems, the security and ownership information is now backed up. In addition, with the exception of files in exclusive use by another program, Bacula can now access all system files. This means that when you restore files, the security and ownership information will be restored on WinNT/2K/XP along with the data.
The disadvantage of the Windows backup API calls is that it produces non-portable backups. That is files and their data that are backed up on WinNT using the native API calls (BackupRead/BackupWrite) cannot be restored on Win95/98/Me or Unix systems. In principle, a file backed up on WinNT can be restored on WinXP, but this remains to be seen in practice (not yet tested). In addition, the stand-alone tools such as bls and bextract cannot be used to retrieve the data for those files because those tools are not available on Windows. All restores must use the Bacula restore command. As of Bacula 1.39.x, thanks to Thorsten Engel, this restriction is removed, and Bacula should be able to read non-portable backups on any system and restore the data appropriately. However, on a system that does not have the BackupRead/BackupWrite calls (older Windows versions and all Unix/Linux machines), though the file data can be restored, the Windows security and access control data will not be restored. This means that a standard set of access permissions will be set for such restored files.
As a default, Bacula backs up Windows systems using the Windows API calls. If you want to backup data on a WinNT/2K/XP system and restore it on a Unix/Win95/98/Me system, we have provided a special portable option that backs up the data in a portable fashion by using portable API calls. See the portable option on the Include statement in a FileSet resource in the Director's configuration chapter for the details on setting this option. However, using the portable option means you may have permissions problems accessing files, and none of the security and ownership information will be backed up or restored. The file data can, however, be restored on any system.
You should always be able to restore any file backed up on Unix or Win95/98/Me to any other system. On some systems, such as WinNT/2K/XP, you may have to reset the ownership of such restored files. Any file backed up on WinNT/2K/XP should in principle be able to be restored to a similar system (i.e. WinNT/2K/XP), however, I am unsure of the consequences if the owner information and accounts are not identical on both systems. Bacula will not let you restore files backed up on WinNT/2K/XP to any other system (i.e. Unix Win95/98/Me) if you have used the defaults.
Finally, if you specify the portable=yes option on the files you back up. Bacula will be able to restore them on any other system. However, any WinNT/2K/XP specific security and ownership information will be lost.
The following matrix will give you an idea of what you can expect. Thanks to Marc Brueckner for doing the tests:
| Backup OS | Restore OS | Results |
| WinMe | WinMe | Works |
| WinMe | WinNT | Works (SYSTEM permissions) |
| WinMe | WinXP | Works (SYSTEM permissions) |
| WinMe | Linux | Works (SYSTEM permissions) |
| WinXP | WinXP | Works |
| WinXP | WinNT | Works (all files OK, but got "The data is invalid" message) |
| WinXP | WinMe | Error: Win32 data stream not supported. |
| WinXP | WinMe | Works if Portable=yes specified during backup. |
| WinXP | Linux | Error: Win32 data stream not supported. |
| WinXP | Linux | Works if Portable=yes specified during backup. |
| WinNT | WinNT | Works |
| WinNT | WinXP | Works |
| WinNT | WinMe | Error: Win32 data stream not supported. |
| WinNT | WinMe | Works if Portable=yes specified during backup. |
| WinNT | Linux | Error: Win32 data stream not supported. |
| WinNT | Linux | Works if Portable=yes specified during backup. |
| Linux | Linux | Works |
| Linux | WinNT | Works (SYSTEM permissions) |
| Linux | WinMe | Works |
| Linux | WinXP | Works (SYSTEM permissions) |
Note: with Bacula versions 1.39.x and later, non-portable Windows data can be restore to any machine.
Microsoft added VSS to Windows XP and Windows 2003. From the perspective of a backup-solution for Windows, this is an extremely important step. VSS allows Bacula to backup open files and even to interact with applications like RDBMS to produce consistent file copies. VSS aware applications are called VSS Writers, they register with the OS so that when Bacula wants to do a Snapshot, the OS will notify the register Writer programs, which may then create a consistent state in their application, which will be backed up. Examples for these writers are "MSDE" (Microsoft database engine), "Event Log Writer", "Registry Writer" plus 3rd party-writers. If you have a non-vss aware application (e.g. SQL Anywhere or probably MySQL), a shadow copy is still generated and the open files can be backed up, but there is no guarantee that the file is consistent.
Bacula produces a message from each of the registered writer programs when it is doing a VSS backup so you know which ones are correctly backed up.
Bacula supports VSS on both Windows 2003 and Windows XP. Technically Bacula creates a shadow copy as soon as the backup process starts. It does then backup all files from the shadow copy and destroys the shadow copy after the backup process. Please have in mind, that VSS creates a snapshot and thus backs up the system at the state it had when starting the backup. It will disregard file changes which occur during the backup process.
VSS can be turned on by placing an
Enable VSS = yes
in your FileSet resource.
The VSS aware File daemon has the letters VSS on the signon line that it produces when contacted by the console. For example:
Tibs-fd Version: 1.37.32 (22 July 2005) VSS Windows XP MVS NT 5.1.2600the VSS is shown in the line above. This only means that the File daemon is capable of doing VSS not that VSS is turned on for a particular backup. There are two ways of telling if VSS is actually turned on during a backup. The first is to look at the status output for a job, e.g.:
Running Jobs:
JobId 1 Job NightlySave.2005-07-23_13.25.45 is running.
VSS Backup Job started: 23-Jul-05 13:25
Files=70,113 Bytes=3,987,180,650 Bytes/sec=3,244,247
Files Examined=75,021
Processing file: c:/Documents and Settings/kern/My Documents/My Pictures/Misc1/Sans titre - 39.pdd
SDReadSeqNo=5 fd=352
Here, you see under Running Jobs that JobId 1 is "VSS Backup Job started ..."
This means that VSS is enabled for that job. If VSS is not enabled, it will
simply show "Backup Job started ..." without the letters VSS.
The second way to know that the job was backed up with VSS is to look at the Job Report, which will look something like the following:
23-Jul 13:25 rufus-dir: Start Backup JobId 1, Job=NightlySave.2005-07-23_13.25.45 23-Jul 13:26 rufus-sd: Wrote label to prelabeled Volume "TestVolume001" on device "DDS-4" (/dev/nst0) 23-Jul 13:26 rufus-sd: Spooling data ... 23-Jul 13:26 Tibs: Generate VSS snapshots. Driver="VSS WinXP", Drive(s)="C" 23-Jul 13:26 Tibs: VSS Writer: "MSDEWriter", State: 1 (VSS_WS_STABLE) 23-Jul 13:26 Tibs: VSS Writer: "Microsoft Writer (Bootable State)", State: 1 (VSS_WS_STABLE) 23-Jul 13:26 Tibs: VSS Writer: "WMI Writer", State: 1 (VSS_WS_STABLE) 23-Jul 13:26 Tibs: VSS Writer: "Microsoft Writer (Service State)", State: 1 (VSS_WS_STABLE)In the above Job Report listing, you see that the VSS snapshot was generated for drive C (if other drives are backed up, they will be listed on the Drive(s)="C" You also see the reports from each of the writer program. Here they all report VSS_WS_STABLE, which means that you will get a consistent snapshot of the data handled by that writer.
If you are experiencing problems such as VSS hanging on MSDE, first try running vssadmin to check for problems, then try running ntbackup which also uses VSS to see if it has similar problems. If so, you know that the problem is in your Windows machine and not with Bacula.
The FD hang problems were reported with MSDEwriter when:
If you turn on the firewalling feature on Windows (default in WinXP SP2), you are likely to find that the Bacula ports are blocked and you cannot communicate to the other daemons. This can be deactivated through the Security Notification dialog, which is apparently somewhere in the Security Center. I don't have this on my computer, so I cannot give the exact details.
The command:
netsh firewall set opmode disable
is purported to disable the firewall, but this command is not accepted on my WinXP Home machine.
If you want to see if the File daemon has properly opened the port and is listening, you can enter the following command in a shell window:
netstat -an | findstr 910[123]
TopView is another program that has been recommend, but it is not a standard Win32 program, so you must find and download it from the Internet.
We don't currently have a good solution for disaster recovery on Windows as we do on Linux. The main piece lacking is a Windows boot floppy or a Windows boot CD. Microsoft releases a Windows Pre-installation Environment (WinPE) that could possibly work, but we have not investigated it. This means that until someone figures out the correct procedure, you must restore the OS from the installation disks, then you can load a Bacula client and restore files. Please don't count on using bextract to extract files from your backup tapes during a disaster recovery unless you have backed up those files using the portable option. bextract does not run on Windows, and the normal way Bacula saves files using the Windows API prevents the files from being restored on a Unix machine. Once you have an operational Windows OS loaded, you can run the File daemon and restore your user files.
Please see Disaster Recovery of Win32 Systems for the latest suggestion, which looks very promising.
It looks like Bart PE Builder, which creates a Windows PE (Pre-installation Environment) Boot-CD, may be just what is needed to build a complete disaster recovery system for Win32. This distribution can be found at http://www.nu2.nu/pebuilder/.
sectionWindows Backup Problems If during a Backup, you get the message: ERR=Access is denied and you are using the portable option, you should try both adding both the non-portable (backup API) and the Volume Shadow Copy options to your Director's conf file.
In the Options resource:
portable = no
In the FileSet resource:
enablevss = yes
In general, specifying these two options should allow you to backup any file on a Windows system. However, in some cases, if users have allowed to have full control of their folders, even system programs such a Bacula can be locked out. In this case, you must identify which folders or files are creating the problem and do the following:
Thanks to Georger Araujo for the above information.
If you restore files backed up from WinNT/XP/2K to an alternate directory, Bacula may need to create some higher level directories that were not saved (or restored). In this case, the File daemon will create them under the SYSTEM account because that is the account that Bacula runs under as a service. As of version 1.32f-3, Bacula creates these files with full access permission. However, there may be cases where you have problems accessing those files even if you run as administrator. In principle, Microsoft supplies you with the way to cease the ownership of those files and thus change the permissions. However, a much better solution to working with and changing Win32 permissions is the program SetACL, which can be found at http://setacl.sourceforge.net/.
If you have not installed Bacula while running as Administrator and if Bacula is not running as a Process with the userid (User Name) SYSTEM, then it is very unlikely that it will have sufficient permission to access all your files.
Some users have experienced problems restoring files that participate in the Active Directory. They also report that changing the userid under which Bacula (bacula-fd.exe) runs, from SYSTEM to a Domain Admin userid, resolves the problem.
The following solution was provided by Dan Langille <dan at langille in the dot org domain>. The steps are performed using Windows 2000 Server but they should apply to most Win32 platforms. The procedure outlines how to deal with a problem which arises when a restore creates a top-level new directory. In this example, "top-level" means something like c:\src, not c:\tmp\src where c:\tmp already exists. If a restore job specifies / as the Where: value, this problem will arise.
The problem appears as a directory which cannot be browsed with Windows Explorer. The symptoms include the following message when you try to click on that directory:
If you encounter this message, the following steps will change the permissions to allow full access.
You should see something like this:
With the above procedure, you should now have full control over your restored directory.
In addition to the above methods of changing permissions, there is a Microsoft program named cacls that can perform similar functions.
A suggestion by Damian Coutts using Microsoft's NTBackup utility in conjunction with Bacula should permit a full restore of any damaged system files on Win2K/XP. His suggestion is to do an NTBackup of the critical system state prior to running a Bacula backup with the following command:
ntbackup backup systemstate /F c:\systemstate.bkf
The backup is the command, the systemstate says to backup only the system state and not all the user files, and the /F c:\systemstate.bkf specifies where to write the state file. this file must then be saved and restored by Bacula.
To restore the system state, you first reload a base operating system if the OS is damaged, otherwise, this is not necessary, then you would use Bacula to restore all the damaged or lost user's files and to recover the c:\systemstate.bkf file. Finally if there are any damaged or missing system files or registry problems, you run NTBackup and catalogue the system statefile, and then select it for restore. The documentation says you can't run a command line restore of the systemstate.
To the best of my knowledge, this has not yet been tested. If you test it, please report your results to the Bacula email list.
Please see the Director's Configuration chapter of this manual for important considerations on how to specify Windows paths in Bacula FileSet Include and Exclude directives.
Bacula versions prior to 1.37.28 do not support Windows Unicode filenames. As of that version, both bconsole and bwx-console support Windows Unicode filenames. There may still be some problems with multiple byte characters (e.g. Chinese, ...) where it is a two byte character but the displayed character is not two characters wide.
Path/filenames longer than 260 characters (up to 32,000) are supported beginning with Bacula version 1.39.20. Older Bacula versions support only 260 character path/filenames.
These options are not normally seen or used by the user, and are documented here only for information purposes. At the current time, to change the default options, you must either manually run Bacula or you must manually edit the system registry and modify the appropriate entries.
In order to avoid option clashes between the options necessary for Bacula to run on Windows and the standard Bacula options, all Windows
specific options are signaled with a forward slash character (/), while as
usual, the standard Bacula options are signaled with a minus (-), or a minus
minus (--). All the standard Bacula options can be used on the Windows
version. In addition, the following Windows only options are implemented:
It is important to note that under normal circumstances the user should never need to use these options as they are normally handled by the system automatically once Bacula is installed. However, you may note these options in some of the .bat files that have been created for your use.
Some users like to shutdown their Windows machines after a backup using a Client Run After Job directive. If you want to do something similar, you might take the shutdown program from the apcupsd project or one from the Sysinternals project.
When disaster strikes, you must have a plan, and you must have prepared in advance otherwise the work of recovering your system and your files will be considerably greater. For example, if you have not previously saved the partitioning information for your hard disk, how can you properly rebuild it if the disk must be replaced?
Unfortunately, many of the steps one must take before and immediately after a disaster are very operating system dependent. As a consequence, this chapter will discuss in detail disaster recovery (also called Bare Metal Recovery) for Linux and Solaris. For Solaris, the procedures are still quite manual. For FreeBSD the same procedures may be used but they are not yet developed. For Win32, a number of Bacula users have reported success using BartPE.
Here are a few important considerations concerning disaster recovery that you should take into account before a disaster strikes.
As an alternative to creating a Bacula Rescue CD, please see the section below entitled Bare Metal Recovery using a LiveCD.
The remainder of this section concerns recovering a Linux client computer (i.e. one running just the Bacula File daemon). The Solaris procedures can be found below under the Solaris Bare Metal Recovery section of this chapter.
Previously Bacula supported a floppy rescue disk. This code has been removed in 1.37.40 and later.
A so called "Bare Metal" recovery is one where you start with an empty hard disk and you restore your machine. There are also cases where you may lose a file or a directory and want it restored. Please see the previous chapter for more details for those cases.
The primary goals of the Bacula rescue CD are:
One of the main of the advantages of a Bacula Rescue CDROM is that it contains a bootable copy of your system, so you should be familiar with it.
Bare Metal Recovery assumes that you have the following items for your system:
In addition, to the above assumptions, the following conditions or restrictions apply:
To build the Bacula Rescue CDROM, you must get a copy of the rescue files. In version 1.37 and later, they are separate from the Bacula source. The rescue files are distributed as a compressed tar file on the Source Forge Bacula release area with the name bacula-rescue-xx.yy.zz.tar.gz. They are also automatically installed in /etc/bacula/rescue when installing by rpms. Another place you can find the rescue files is in the Source Forge Bacula SVN module named rescue.
Please read the README file in the main directory of the Rescue source code. Before using it, you must run configure and specify the location of the Bacula source code (not necessary if installed from rpms). This permits the rescue build scripts to automatically create a statically linked Bacula File daemon.
You will find the necessary scripts in linux/cdrom subdirectory of the rescue source code. If you installed the bacula rpm package the scripts will be found in the /etc/bacula/rescue/linux/cdrom directory.
Before you can do a Bare Metal recovery, you must create a Bacula Rescue CDROM, which will contain everything you need to begin recovery. This assumes that you will have your Director and Storage daemon running on a different machine. If you want to recover a machine where the Director and/or the database were previously running, things will be much more complicated.
You should probably make a new rescue CDROM each time you upgrade a major version of Bacula and whenever you modify your disk partitioning.
To build the rescue CDROM from source, you must first configure the rescue package, which is distributed separately from the source. The simplest procedure is for you to pre-build a static-bacula-fd taking care to use a minimum configuration such as:
cd <bacula-source> ./configure \ --prefix=/usr \ --sbindir=/usr/sbin \ --sysconfdir=/etc/bacula \ --with-scriptdir=/etc/bacula \ --enable-smartalloc \ --enable-client-only \ --enable-static-fd make
Then to copy the src/filed/static-bacula-fd, and a valid working copy of your bacula-fd.conf file to some specific directory. You can then proceed to configure the rescue package with:
cd <bacula-rescue> ./configure \ --with-static-fd=<directory-containing-static-bacula-fd> \ --with-bacula-scripts=<directory-containing-bacula-fd.conf> cd linux/cdrom su (enter root password) make
The above instructions were for building the rescue CDROM from a bacula-rescue release. The advantage of the above procedure is that you have explicitly built your static-bacula-fd and you will supply the configuration with a working copy of bacula-fd.conf containing the correct Director name and password.
Alternatively when you configure the rescue package, you could supply it with the path to your Bacula source code, and when building the rescue disk, it will attepmpt to build a static-bacula-fd for you. We suggest you manually build your static Bacula File daemon and use the --with-static-fd option rather than letting the script attempt to build it (as shown below) because by manually building it, you can ensure that there are no errors, and you can execute it prior to putting it on the CD (e.g. ./bacula-fd -t).
To have the rescue scripts automatically build a static File daemon for you, use:
cd <bacula-rescue> ./configure \ --with-bacula=<bacula-source-directory> cd linux/cdrom su (enter root password) make
If you have multiple kernels installed on your system, you can specify which one using the following configuration option:
cd <bacula-rescue> ./configure \ --with-kernel=<kernel-version> \ ...
For example a kernel-version might be 2.6.14-1.1653.
One additional option that can be useful is to specify the device name of your CDROM on the ./configure. To do so use:
cd <bacula-rescue> ./configure \ --with-dev=<device> \ ...
Where <device> is typically replaced with something like /dev/hdc. This option is needed only if you have a recent OS that used device specifications rather than rather than ATA addresses, and you want to use the Bacula script make burn to automatically burn your ISO onto a CDROM.
For users of the bacula-rescue rpm the static bacula-fd has already been built and placed in /etc/bacula/rescue/linux/cdrom/bin/ along with a symbolic link to your /etc/bacula/bacula-fd.conf file. Rpm users only need to do the second step:
cd /etc/bacula/rescue/linux/cdrom su (become root) make
At this point, if the scripts are successful, they should have done the following things:
Once this is accomplished, you need only burn it into a CDROM. This can be done directly from the makefile with:
make burn
However, you may need to modify the Makefile to properly specify your CD burner as the detection process is complicated especially if you have two CDROMs or do not have cdrecord loaded on your system. Users of the rescue rpm package should definitely examine the Makefile since it was configured on the host used to produce the rpm package. If you find that the make burn does not work for you, try doing a:
make scan
and use the output of that to modify the Makefile accordingly.
The "make" that you did above actually does the equivalent to the following:
make kernel make binaries make bacula make iso
If you wish, you can modify what you put on the CDROM and redo any part of the make that you wish. For example, if you want to add a new directory, you might do the first three makes, then add a new directory to the CDROM, and finally do a "make iso". Please see the README file in the rescue/linux/cdrom or /etc/bacula/rescue/linux/cdromdirectory for instructions on changing the contents of the CDROM.
At the current time, the size of the CDROM is about 100MB (compressed to about 20MB), so there is quite a bit more room for additional programs. Keep in mind that when this CDROM is booted, *everything* is in memory, so the total size cannot exceed your memory size, and even then you will need some reserve memory for running programs, ...
Finally, if you want to be completely responsible for getting your own FD binary on the disk, you can do the following:
cd linux/cdrom touch rpm_release make kernel make binaries make bacula (add your own Bacula FD to the bacula/bin directory) make iso rm -f rpm_release
The rpm_release file prevents the make bacula from attempting to build or copy a File daemon, so that you can do it before the "make iso" step. Once "make iso" is run, you can no longer add anything to the in-memory part of the image. You can still add files to the cdtree directory, and when you do a "make burn" they will be written to the CDROM. However, to access them, you must be able to mount the CDROM after booting it, then copy them into memory.
You can put multiple systems on the same rescue CD if you wish. This is because the information that is specific to your OS will be stored in the /bacula-hostname directory, where hostname is the name of the host on which you are building the CD. Suppose for example, you have two systems. One named client1 and one named client2. Assume also that your CD burner is on client1, and that is the machine we start on, and that we can ssh into client2 and also client2's disks are mounted on client1.
ssh client2 cd <bacula-source> ./configure --with-static-fd (our options) make cd <bacula-rescue-source> ./configure --with-bacula=<path-to-bacula-source> cd linux/cdrom su (become root) make bacula exit
Again, for rpm package users the above command set would be:
ssh client2 cd /etc/bacula/rescue/linux/cdrom su (enter root password) make bacula exit
Thus we have just built a Bacula rescue directory on client2. Now, on client1, we copy the appropriate directory to two places (explained below), then build an ISO and burn it:
cd <bacula-source> ./configure (your options) make cd <bacula-rescue-source> ./configure --with-bacula=<path-to-bacula-source> cd linux/cdrom su (become root) c=/mnt/client2/home/user/bacula/rescue/linux/cdrom cp -a $c/roottree/bacula-client2 cdtree make make burn exit
And with the rpm package:
cd /etc/bacula/rescue/linux/cdrom su (enter root password) c=/mnt/client2/etc/bacula/rescue/linux/cdrom cp -a $c/roottree/bacula-client2 cdtree make make burn exit
In summary, with the above commands, we first build a Bacula directory on client2 in roottree/bacula-client2, then we copied the bacula-client2 directory into the client1's cdtree so it will also be on the CD as a separate directory and thus can be read without booting the CDROM. Then we made and burned the CDROM for client1, which of course, contains the client2 data.
Now, let's assume that your hard disk has just died and that you have replaced it with an new identical drive. In addition, we assume that you have:
This is a relatively simple case, and later in this chapter, as time permits, we will discuss how you might recover from a situation where the machine that crashes is your main Bacula server (i.e. has the Director, the Catalog, and the Storage daemon).
You will take the following steps to get your system back up and running:
Now for the details ...
When the CDROM boots, you will be presented with a script that looks like:
Welcome to the Bacula Rescue Disk 2.0.0
To proceed, press the <ENTER> key or type "linux <runlevel>"
linux 1 -> shell
linux 2 -> login (default if ENTER pressed)
linux 3 -> network started and login (network not working yet)
linux debug -> print debug during boot then login
Normally, at this point, you simply press ENTER. However, you may supply options for the boot if you wish.
Once it has booted, you will be requested to login something like:
bash-3.1#
You will be in the root directory, and you can proceed to examine your system.
The complete Bacula rescue part of the CD will be in the directory: /bacula-hostname, where hostname is replaced by the name of the host machine on which you did the build for the CDROM. This naming procedure allows you to put multiple restore environments for each of your machines on a single CDROM if you so wish to do. Please see the README document in the rescue/linux/cdrom directory for more information on adding to the CDROM.
At this point, you should bring up your network. Normally, this is quite simple and requires just a few commands. Please cd into the /bacula-hostname directory before continuing. To simplify your task, we have created a script that should work in most cases by typing:
cd /bacula-hostname ./start_network
You can test it by pinging another machine, or pinging your broken machine machine from another machine. Do not proceed until your network is up.
Assuming that your hard disk crashed and needs repartitioning, proceed with:
./partition.hda
If you have multiple disks, do the same for each of them. For SCSI disks, the repartition script will be named: partition.sda. If the script complains about the disk being in use, simply go back and redo the df command and umount commands until you no longer have your hard disk mounted. Note, in many cases, if your hard disk was seriously damaged or a new one installed, it will not automatically be mounted. If it is mounted, it is because the emergency kernel found one or more possibly valid partitions.
If for some reason this procedure does not work, you can use the information in partition.hda to re-partition your disks by hand using fdisk.
If you have repartitioned your hard disk, you must format it appropriately. The formatting script will put back swap partitions, normal Unix partitions (ext2) and journaled partitions (ext3) as well as Reiser partitions (rei). Do so by entering for each disk:
./format.hda
The format script will ask you if you want a block check done. We recommend to answer yes, but realize that for very large disks this can take hours.
Once the disks are partitioned and formatted, you can remount them with the mount_drives script. All your drives must be mounted for Bacula to be able to access them. Run the script as follows:
./mount_drives df
The df command will tell you if the drives are mounted. If not, re-run the script again. It isn't always easy to figure out and create the mount points and the mounts in the proper order, so repeating the ./mount_drives command will not cause any harm and will most likely work the second time. If not, correct it by hand before continuing.
Before starting the File Daemon, you must bring up the network so that it can communicate with the Director and Storage daemon. Generally you can do so by running:
./start_network
If you have booted with a Bacula Rescue CDROM, your statically linked Bacula File daemon and the bacula-fd.conf file will be in the /bacula-hostname/bin directory. Make sure bacula-fd and bacula-fd.conf are both there.
If you did not already install a correct conf file, please edit the Bacula configuration file, create the working/pid/subsys directory if you haven't already done so above, and start Bacula. Before starting Bacula, you will need to move it and bacula-fd.conf from /bacula-hostname/bin, to the /mnt/disk/tmp directory so that it will be on your hard disk. Then start it with the following command:
chroot /mnt/disk /tmp/bacula-fd -c /tmp/bacula-fd.conf
The above command starts the Bacula File daemon with the proper root disk location (i.e. /mnt/disk/tmp. If Bacula does not start, correct the problem and start it. You can check if it is running by entering:
ps fax
You can kill Bacula by entering:
kill -TERM <pid>
where pid is the first number printed in front of the first occurrence of bacula-fd in the ps fax command.
Now, you should be able to use another computer with Bacula installed to check the status by entering:
status client=xxxx
into the Console program, where xxxx is the name of the client you are restoring.
One common problem is that your bacula-dir.conf may contain machine addresses that are not properly resolved on the stripped down system to be restored because it is not running DNS. This is particularly true for the address in the Storage resource of the Director, which may be very well resolved on the Director's machine, but not on the machine being restored and running the File daemon. In that case, be prepared to edit bacula-dir.conf to replace the name of the Storage daemon's domain name with its IP address.
On the computer that is running the Director, you now run a restore command and select the files to be restored (normally everything), but before starting the restore, there is one final change you must make using the mod option. You must change the Where directory to be the root by using the mod option just before running the job and selecting Where. Set it to:
/
then run the restore.
You might be tempted to avoid using chroot and running Bacula directly and then using a Where to specify a destination of /mnt/disk. This is possible, however, the current version of Bacula always restores files to the new location, and thus any soft links that have been specified with absolute paths will end up with /mnt/disk prefixed to them. In general this is not fatal to getting your system running, but be aware that you will have to fix these links if you do not use chroot.
At this point, the restore should have finished with no errors, and all your files will be restored. One last task remains and that is to write a new boot sector so that your machine will boot. For lilo, you enter the following command:
./run_lilo
If you are using grub instead of lilo, you must enter the following:
./run_grub
Note, I've had quite a number of problems with grub because it is rather complicated and not designed to install easily under a simplified system. In fact, the ./run_grub script is not going to work on most Linux 2.6 kernels with the latest grub, because grub-install references /usr/share/grub/... and it uses /dev/pts, which will not be in /dev if you are using udev (as do many 2.6 kernels).
So, if you experience errors or end up unexpectedly in a chroot shell, simply exit back to the normal shell and type in the appropriate commands from the run_grub script by hand until you get it to install. When you run the run_grub script, it will print the commands that you should manually enter if that is necessary.
In my more recent tests on FC4 running a 2.6.14 kernel and udev, I see that because of the above mentioned problems with grub, you will need version 1.8.2 rescue disk or later, and you may be more successful in getting grub to run by running it directly from the command line while logged into the rescue kernel using:
/sbin/grub-install --root-directory=/mnt/disk /dev/hda
Note, in this case, you omit the chroot command, and you must replace /dev/hda with your boot device. If you don't know what your boot device is, run the ./run_grub script once and it will tell you.
Finally, I've even run into a case where grub-install was unable to rewrite the boot block. In my case, it produced the following error message:
/dev/hdx does not have any corresponding BIOS drive.
The solution is to insure that all your disks are properly mounted on /mnt/disk, then do the following:
chroot /mnt/disk mount /dev/pts
Then edit the file /boot/grub/grub.conf and uncomment the line that reads:
#boot=/dev/hda
So that it reads:
boot=/dev/hda
Note, the /dev/hda may be /dev/sda or possibly some other drive depending on your configuration, but in any case, it is the same as the one that you previously tried with grub-install.
Then, enter the following commands:
grub --batch --device-map=/boot/grub/device.map \ --config-file=/boot/grub/grub.conf --no-floppy root (hd0,0) setup (hd0) quit
If the grub call worked, you will get a prompt of grub> before the root, setup, and quit commands, and after entering the setup command, it should indicate that it successfully wrote the MBR (master boot record).
First unmount all your hard disks, otherwise they will not be cleanly shutdown, then reboot your machine by entering exit until you get to the main prompt then enter Ctrl-d. Once back to the main CDROM prompt, you will need to turn the power off, then back on to your machine to get it to reboot.
If everything went well, you should now be back up and running. If not, re-insert the emergency boot CDROM, boot, and figure out what is wrong.
Above, we considered how to recover a client machine where a valid Bacula server was running on another machine. However, what happens if your server goes down and you no longer have a running Director, Catalog, or Storage daemon? There are several solutions:
The first option, is very difficult because it requires you to have created a static version of the Director and the Storage daemon as well as the Catalog. If the Catalog uses MySQL or PostgreSQL, this may or may not be possible. In addition, to loading all these programs on a bare system (quite possible), you will need to make sure you have a valid driver for your tape drive.
The second suggestion is probably a much simpler solution, and one I have done myself. To do so, you might want to consider the following steps:
For additional details of restoring your database, please see the Restoring When Things Go Wrong section of the Console Restore Command chapter of this manual.
Since every flavor and every release of Linux is different, there are likely to be some small difficulties with the scripts, so please be prepared to edit them in a minimal environment. A rudimentary knowledge of vi is very useful. Also, these scripts do not do everything. You will need to reformat Windows partitions by hand, for example.
Getting the boot loader back can be a problem if you are using grub because it is so complicated. If all else fails, reboot your system from your floppy but using the restored disk image, then proceed to a reinstallation of grub (looking at the run-grub script can help). By contrast, lilo is a piece of cake.
Rather than building a full Bacula Rescue CDROM, you can use any system rescue or LiveCD to recover your system. The big problem with most rescue or LiveCDs is that they are not designed to capture the current state of your system, so when you boot them on a damaged system, you might be somewhat lost -- e.g. how many of you remember your exact hard disk partitioning.
This lack can be easily corrected by running the part of the Bacula Rescue code that creates a directory containing a static-bacula-fd, a snapshot of your current system disk configuration, and scripts that help restoring it.
The procedure is similar to creating and your Bacula Rescue CDROM described above, but with the following differences:
Before a disaster strikes:
Then when disaster strikes, do the following:
In order to create the Bacula recovery directory, you need a copy of the Bacula Rescue code as described above, and you must first configure that directory (and possibly your Bacula source) as described above in the section entitled Creating a Bacula Rescue CDROM.
Once the configuration is done, you can do the following to create the Bacula recovery directory:
cd <bacula-rescue-source>/linux/cdrom su (become root) make bacula
The directory you want to save will be created in the current directory with the name bacula. You need only save that directory either as a directory or possibly as a compressed tar file. If you run this procedure on multiple machines, you will probably want to rename this directory to something like bacula-hostname.
The same basic techniques described above also apply to FreeBSD. Although we don't yet have a fully automated procedure, Alex Torres Molina has provided us with the following instructions with a few additions from Jesse Guardiani and Dan Langille:
The same basic techniques described above apply to Solaris:
However, during the recovery phase, the boot and disk preparation procedures are different:
Once the disk is partitioned, formatted and mounted, you can continue with bringing up the network and reloading Bacula.
As mentioned above, before a disaster strikes, you should prepare the information needed in the case of problems. To do so, in the rescue/solaris subdirectory enter:
su ./getdiskinfo ./make_rescue_disk
The getdiskinfo script will, as in the case of Linux described above, create a subdirectory diskinfo containing the output from several system utilities. In addition, it will contain the output from the SysAudit program as described in Curtis Preston's book. This file diskinfo/sysaudit.bsi will contain the disk partitioning information that will allow you to manually follow the procedures in the "Unix Backup & Recovery" book to repartition and format your hard disk. In addition, the getdiskinfo script will create a start_network script.
Once you have your disks repartitioned and formatted, do the following:
When a pre-1.30 version of Bacula restores a directory, it first must create the directory, then it populates the directory with its files and subdirectories. The act of creating the files and subdirectories updates both the modification and access times associated with the directory itself. As a consequence, all modification and access times of all directories will be updated to the time of the restore.
This has been corrected in Bacula version 1.30 and later. The directory modification and access times are reset to the value saved in the backup after all the files and subdirectories have been restored. This has been tested and verified on normal restore operations, but not verified during a bare metal recovery.
If any of you look closely at the bootstrap file that is produced and used for the restore (I sure do), you will probably notice that the FileIndex item does not include all the files saved to the tape. This is because in some instances there are duplicates (especially in the case of an Incremental save), and in such circumstances, Bacula restores only the last of multiple copies of a file or directory.
Due to open system files, and registry problems, Bacula cannot save and restore a complete Win2K/XP/NT environment.
A suggestion by Damian Coutts using Microsoft's NTBackup utility in conjunction with Bacula should permit a Full bare metal restore of Win2K/XP (and possibly NT systems). His suggestion is to do an NTBackup of the critical system state prior to running a Bacula backup with the following command:
ntbackup backup systemstate /F c:\systemstate.bkf
The backup is the command, the systemstate says to backup only the system state and not all the user files, and the /F c:\systemstate.bkf specifies where to write the state file. this file must then be saved and restored by Bacula. This command can be put in a Client Run Before Job directive so that it is automatically run during each backup, and thus saved to a Bacula Volume.
To restore the system state, you first reload a base operating system, then you would use Bacula to restore all the users files and to recover the c:\systemstate.bkf file, and finally, run NTBackup and catalogue the system statefile, and then select it for restore. The documentation says you can't run a command line restore of the systemstate.
This procedure has been confirmed to work by Ludovic Strappazon -- many thanks!
A new tool is provided in the form of a bacula plugin for the BartPE rescue CD. BartPE is a self-contained WindowsXP boot CD which you can make using the PeBuilder tools available at http://www.nu2.nu/pebuilder/ and a valid Windows XP SP1 CDROM. The plugin is provided as a zip archive. Unzip the file and copy the bacula directory into the plugin directory of your BartPE installation. Edit the configuration files to suit your installation and build your CD according to the instructions at Bart's site. This will permit you to boot from the cd, configure and start networking, start the bacula file client and access your director with the console program. The programs menu on the booted CD contains entries to install the file client service, start the file client service, and start the WX-Console. You can also open a command line window and CD Programs\Bacula and run the command line console bconsole.
Bacula versions after 1.31 should properly restore ownership and permissions on all WinNT/XP/2K systems. If you do experience problems, generally in restores to alternate directories because higher level directories were not backed up by Bacula, you can correct any problems with the SetACL available under the GPL license at: http://sourceforge.net/projects/setacl/.
Ludovic Strappazon has suggested an interesting way to backup and restore complete Win32 partitions. Simply boot your Win32 system with a Linux Rescue disk as described above for Linux, install a statically linked Bacula, and backup any of the raw partitions you want. Then to restore the system, you simply restore the raw partition or partitions. Here is the email that Ludovic recently sent on that subject:
I've just finished testing my brand new cd LFS/Bacula with a raw Bacula backup and restore of my portable. I can't resist sending you the results: look at the rates !!! hunt-dir: Start Backup JobId 100, Job=HuntBackup.2003-04-17_12.58.26 hunt-dir: Bacula 1.30 (14Apr03): 17-Apr-2003 13:14 JobId: 100 Job: HuntBackup.2003-04-17_12.58.26 FileSet: RawPartition Backup Level: Full Client: sauvegarde-fd Start time: 17-Apr-2003 12:58 End time: 17-Apr-2003 13:14 Files Written: 1 Bytes Written: 10,058,586,272 Rate: 10734.9 KB/s Software Compression: None Volume names(s): 000103 Volume Session Id: 2 Volume Session Time: 1050576790 Last Volume Bytes: 10,080,883,520 FD termination status: OK SD termination status: OK Termination: Backup OK hunt-dir: Begin pruning Jobs. hunt-dir: No Jobs found to prune. hunt-dir: Begin pruning Files. hunt-dir: No Files found to prune. hunt-dir: End auto prune. hunt-dir: Start Restore Job RestoreFilesHunt.2003-04-17_13.21.44 hunt-sd: Forward spacing to file 1. hunt-dir: Bacula 1.30 (14Apr03): 17-Apr-2003 13:54 JobId: 101 Job: RestoreFilesHunt.2003-04-17_13.21.44 Client: sauvegarde-fd Start time: 17-Apr-2003 13:21 End time: 17-Apr-2003 13:54 Files Restored: 1 Bytes Restored: 10,056,130,560 Rate: 5073.7 KB/s FD termination status: OK Termination: Restore OK hunt-dir: Begin pruning Jobs. hunt-dir: No Jobs found to prune. hunt-dir: Begin pruning Files. hunt-dir: No Files found to prune. hunt-dir: End auto prune.
If for some reason you want to do a Full restore to a system that has a working kernel (not recommended), you will need to take care not to overwrite the following files:
/etc/grub.conf /etc/X11/Conf /etc/fstab /etc/mtab /lib/modules /usr/modules /usr/X11R6 /etc/modules.conf
Many thanks to Charles Curley who wrote Linux Complete Backup and Recovery HOWTO for the The Linux Documentation Project. This is an excellent document on how to do Bare Metal Recovery on Linux systems, and it was this document that made me realize that Bacula could do the same thing.
You can find quite a few additional resources, both commercial and free at Storage Mountain, formerly known as Backup Central.
And finally, the O'Reilly book, "Unix Backup & Recovery" by W. Curtis Preston covers virtually every backup and recovery topic including bare metal recovery for a large range of Unix systems.
Bacula TLS (Transport Layer Security) is built-in network encryption code to provide secure network transport similar to that offered by stunnel or ssh. The data written to Volumes by the Storage daemon is not encrypted by this code. For data encryption, please see the Data Encryption Chapter of this manual.
The Bacula encryption implementations were written by Landon Fuller.
Supported features of this code include:
This document will refer to both "server" and "client" contexts. These terms refer to the accepting and initiating peer, respectively.
Diffie-Hellman anonymous ciphers are not supported by this code. The use of DH anonymous ciphers increases the code complexity and places explicit trust upon the two-way CRAM-MD5 implementation. CRAM-MD5 is subject to known plaintext attacks, and it should be considered considerably less secure than PKI certificate-based authentication.
Appropriate autoconf macros have been added to detect and use OpenSSL
if enabled on the ./configure line with --with-openssl
To generate the parameter file, you may use openssl:
openssl dhparam -out dh1024.pem -5 1024
You may create a self-signed certificate for use with the Bacula TLS that will permit you to make it function, but will not allow certificate validation. The .pem file containing both the certificate and the key valid for ten years can be made with the following:
openssl req -new -x509 -nodes -out bacula.pem -keyout bacula.pem -days 3650
The above script will ask you a number of questions. You may simply answer each of them by entering a return, or if you wish you may enter your own data.
Note, however, that self-signed certificates will only work for the outgoing end of connections. For example, in the case of the Director making a connection to a File Daemon, the File Daemon may be configured to allow self-signed certificates, but the certificate used by the Director must be signed by a certificate that is explicitly trusted on the File Daemon end.
This is necessary to prevent ``man in the middle'' attacks from tools such as ettercap. Essentially, if the Director does not verify that it is talking to a trusted remote endpoint, it can be tricked into talking to a malicious 3rd party who is relaying and capturing all traffic by presenting its own certificates to the Director and File Daemons. The only way to prevent this is by using trusted certificates, so that the man in the middle is incapable of spoofing the connection using his own.
To get a trusted certificate (CA or Certificate Authority signed certificate), you will either need to purchase certificates signed by a commercial CA or find a friend that has setup his own CA or become a CA yourself, and thus you can sign all your own certificates. The book OpenSSL by John Viega, Matt Mesier & Pravir Chandra from O'Reilly explains how to do it, or you can read the documentation provided in the Open-source PKI Book project at Source Forge: http://ospkibook.sourceforge.net/docs/OSPKI-2.4.7/OSPKI-html/ospki-book.htm. Note, this link may change.
The program TinyCA has a very nice Graphical User Interface that allows you to easily setup and maintain your own CA. TinyCA can be found at http://tinyca.sm-zone.net/.
The process of getting a certificate that is signed by a CA is quite a bit more complicated. You can purchase one from quite a number of PKI vendors, but that is not at all necessary for use with Bacula. To get a CA signed certificate, you will either need to find a friend that has setup his own CA or to become a CA yourself, and thus you can sign all your own certificates. The book OpenSSL by John Viega, Matt Mesier & Pravir Chandra from O'Reilly explains how to do it, or you can read the documentation provided in the Open-source PKI Book project at Source Forge: http://ospkibook.sourceforge.net/docs/OSPKI-2.4.7/OSPKI-html/ospki-book.htm. Note, this link may change.
Landon has supplied us with the TLS portions of his configuration files, which should help you setting up your own. Note, this example shows the directives necessary for a Director to Storage daemon session. The technique is the same between the Director and the Client and for bconsole to the Director.
bacula-dir.conf
Director { # define myself
Name = backup1-dir
...
TLS Enable = yes
TLS Require = yes
TLS Verify Peer = yes
TLS Allowed CN = "bacula@backup1.example.com"
TLS Allowed CN = "administrator@example.com"
TLS CA Certificate File = /usr/local/etc/ssl/ca.pem
# This is a server certificate, used for incoming
# console connections.
TLS Certificate = /usr/local/etc/ssl/backup1/cert.pem
TLS Key = /usr/local/etc/ssl/backup1/key.pem
}
Storage {
Name = File
Address = backup1.example.com
...
TLS Require = yes
TLS CA Certificate File = /usr/local/etc/ssl/ca.pem
# This is a client certificate, used by the director to
# connect to the storage daemon
TLS Certificate = /usr/local/etc/ssl/bacula@backup1/cert.pem
TLS Key = /usr/local/etc/ssl/bacula@backup1/key.pem
}
Client {
Name = backup1-fd
Address = server1.example.com
...
TLS Enable = yes
TLS Require = yes
TLS CA Certificate File = /usr/local/etc/ssl/ca.pem
}
bacula-fd.conf
Director {
Name = backup1-dir
...
TLS Enable = yes
TLS Require = yes
TLS Verify Peer = yes
# Allow only the Director to connect
TLS Allowed CN = "bacula@backup1.example.com"
TLS CA Certificate File = /usr/local/etc/ssl/ca.pem
# This is a server certificate. It is used by connecting
# directors to verify the authenticity of this file daemon
TLS Certificate = /usr/local/etc/ssl/server1/cert.pem
TLS Key = /usr/local/etc/ssl/server1/key.pem
}
FileDaemon {
Name = backup1-fd
...
# you need these TLS entries so the SD and FD can
# communicate
TLS Enable = yes
TLS Require = yes
TLS CA Certificate File = /usr/local/etc/ssl/ca.pem
TLS Certificate = /usr/local/etc/ssl/server1/cert.pem
TLS Key = /usr/local/etc/ssl/server1/key.pem
}
bacula-sd.conf
Storage { # definition of myself
Name = backup1-sd
...
# These TLS configuration options are used for incoming
# file daemon connections. Director TLS settings are handled
# below.
TLS Enable = yes
TLS Require = yes
# Peer certificate is not required/requested -- peer validity
# is verified by the storage connection cookie provided to the
# File Daemon by the director.
TLS Verify Peer = no
TLS CA Certificate File = /usr/local/etc/ssl/ca.pem
# This is a server certificate. It is used by connecting
# file daemons to verify the authenticity of this storage daemon
TLS Certificate = /usr/local/etc/ssl/backup1/cert.pem
TLS Key = /usr/local/etc/ssl/backup1/key.pem
}
#
# List Directors who are permitted to contact Storage daemon
#
Director {
Name = backup1-dir
...
TLS Enable = yes
TLS Require = yes
# Require the connecting director to provide a certificate
# with the matching CN.
TLS Verify Peer = yes
TLS Allowed CN = "bacula@backup1.example.com"
TLS CA Certificate File = /usr/local/etc/ssl/ca.pem
# This is a server certificate. It is used by the connecting
# director to verify the authenticity of this storage daemon
TLS Certificate = /usr/local/etc/ssl/backup1/cert.pem
TLS Key = /usr/local/etc/ssl/backup1/key.pem
}
Bacula permits file data encryption and signing within the File Daemon (or Client) prior to sending data to the Storage Daemon. Upon restoration, file signatures are validated and any mismatches are reported. At no time does the Director or the Storage Daemon have access to unencrypted file contents.
It is very important to specify what this implementation does NOT do:
Encryption and signing are implemented using RSA private keys coupled with self-signed x509 public certificates. This is also sometimes known as PKI or Public Key Infrastructure.
Each File Daemon should be given its own unique private/public key pair. In addition to this key pair, any number of "Master Keys" may be specified -- these are key pairs that may be used to decrypt any backups should the File Daemon key be lost. Only the Master Key's public certificate should be made available to the File Daemon. Under no circumstances should the Master Private Key be shared or stored on the Client machine.
The Master Keys should be backed up to a secure location, such as a CD placed in a in a fire-proof safe or bank safety deposit box. The Master Keys should never be kept on the same machine as the Storage Daemon or Director if you are worried about an unauthorized party compromising either machine and accessing your encrypted backups.
While less critical than the Master Keys, File Daemon Keys are also a prime candidate for off-site backups; burn the key pair to a CD and send the CD home with the owner of the machine.
NOTE!!! If you lose your encryption keys, backups will be unrecoverable. ALWAYS store a copy of your master keys in a secure, off-site location.
The basic algorithm used for each backup session (Job) is:
The configuration option for enabling OpenSSL encryption support has not changed since Bacula 1.38. To build Bacula with encryption support, you will need the OpenSSL libraries and headers installed. When configuring Bacula, use:
./configure --with-openssl ...
The implementation uses 128bit AES-CBC, with RSA encrypted symmetric session keys. The RSA key is user supplied. If you are running OpenSSL 0.9.8 or later, the signed file hash uses SHA-256 -- otherwise, SHA-1 is used.
End-user configuration settings for the algorithms are not currently exposed -- only the algorithms listed above are used. However, the data written to Volume supports arbitrary symmetric, asymmetric, and digest algorithms for future extensibility, and the back-end implementation currently supports:
Symmetric Encryption:
- 128, 192, and 256-bit AES-CBC
- Blowfish-CBC
Asymmetric Encryption (used to encrypt symmetric session keys):
- RSA
Digest Algorithms:
- MD5
- SHA1
- SHA256
- SHA512
The various algorithms are exposed via an entirely re-usable, OpenSSL-agnostic API (ie, it is possible to drop in a new encryption backend). The Volume format is DER-encoded ASN.1, modeled after the Cryptographic Message Syntax from RFC 3852. Unfortunately, using CMS directly was not possible, as at the time of coding a free software streaming DER decoder/encoder was not available.
It is preferable to retain a secure, non-encrypted copy of the client's own encryption keypair. However, should you lose the client's keypair, recovery with the master keypair is possible.
You must:
PKI Keypair = master.keypair
Generate a Master Key Pair with:
openssl genrsa -out master.key 2048 openssl req -new -key master.key -x509 -out master.cert
Generate a File Daemon Key Pair for each FD:
openssl genrsa -out fd-example.key 2048 openssl req -new -key fd-example.key -x509 -out fd-example.cert cat fd-example.key fd-example.cert >fd-example.pem
Note, there seems to be a lot of confusion around the file extensions given to these keys. For example, a .pem file can contain all the following: private keys (RSA and DSA), public keys (RSA and DSA) and (x509) certificates. It is the default format for OpenSSL. It stores data Base64 encoded DER format, surrounded by ASCII headers, so is suitable for text mode transfers between systems. A .pem file may contain any number of keys either public or private. We use it in cases where there is both a public and a private key.
Typically, above we have used the .cert extension to refer to X509 certificate encoding that contains only a single public key.
bacula-fd.conf
FileDaemon {
Name = example-fd
FDport = 9102 # where we listen for the director
WorkingDirectory = /var/bacula/working
Pid Directory = /var/run
Maximum Concurrent Jobs = 20
PKI Signatures = Yes # Enable Data Signing
PKI Encryption = Yes # Enable Data Encryption
PKI Keypair = "/etc/bacula/fd-example.pem" # Public and Private Keys
PKI Master Key = "/etc/bacula/master.cert" # ONLY the Public Key
}
See also Backing Up Your Bacula Database - Security Considerations for more information.
Since the very beginning of Bacula (January 2000) until today (December 2005), there have been two major Bacula tape formats. The second format was introduced in version 1.27 in November of 2002, and it has not changed since then. In principle, Bacula can still read the original format, but I haven't tried it lately so who knows ...
Though the tape format is fixed, the kinds of data that we can put on the tapes are extensible, and that is how we added new features such as ACLs, Win32 data, encrypted data, ... Obviously, an older version of Bacula would not know how to read these newer data streams, but each newer version of Bacula should know how to read all the older streams.
If you want to be 100should:
1. Try reading old tapes from time to time -- e.g. at least once a year.
2. Keep statically linked copies of every version of Bacula that you use in production then if for some reason, we botch up old tape compatibility, you can always pull out an old copy of Bacula ...
The second point is probably overkill but if you want to be sure, it may save you someday.
TCP Wrappers are implemented if you turn them on when configuring
(./configure --with-tcp-wrappers).
With this code enabled, you may control who may access your
daemons. This control is done by modifying the file: /etc/hosts.allow. The program name that Bacula uses when
applying these access restrictions is the name you specify in the
daemon configuration file (see below for examples).
You must not use the twist option in your /etc/hosts.allow or it will terminate the Bacula daemon when a
connection is refused.
The exact name of the package you need loaded to build with TCP wrappers depends on the system. For example, on SuSE, the TCP wrappers libraries needed to link Bacula are contained in the tcpd-devel package. On Red Hat, the package is named tcp_wrappers.
Dan Langille has provided the following information on configuring and testing TCP wrappers with Bacula.
If you read hosts_options(5), you will see an option called twist. This option replaces the current process by an instance of the specified shell command. Typically, something like this is used:
ALL : ALL \ : severity auth.info \ : twist /bin/echo "You are not welcome to use %d from %h."
The libwrap code tries to avoid twist if it runs in a resident process, but that test will not protect the first hosts_access() call. This will result in the process (e.g. bacula-fd, bacula-sd, bacula-dir) being terminated if the first connection to their port results in the twist option being invoked. The potential, and I stress potential, exists for an attacker to prevent the daemons from running. This situation is eliminated if your /etc/hosts.allow file contains an appropriate rule set. The following example is sufficient:
undef-fd : localhost : allow undef-sd : localhost : allow undef-dir : localhost : allow undef-fd : ALL : deny undef-sd : ALL : deny undef-dir : ALL : deny
You must adjust the names to be the same as the Name directives found in each of the daemon configuration files. They are, in general, not the same as the binary daemon names. It is not possible to use the daemon names because multiple daemons may be running on the same machine but with different configurations.
In these examples, the Director is undef-dir, the Storage Daemon is undef-sd, and the File Daemon is undef-fd. Adjust to suit your situation. The above example rules assume that the SD, FD, and DIR all reside on the same box. If you have a remote FD client, then the following rule set on the remote client will suffice:
undef-fd : director.example.org : allow undef-fd : ALL : deny
where director.example.org is the host which will be contacting the client (ie. the box on which the Bacula Director daemon runs). The use of "ALL : deny" ensures that the twist option (if present) is not invoked. To properly test your configuration, start the daemon(s), then attempt to connect from an IP address which should be able to connect. You should see something like this:
$ telnet undef 9103 Trying 192.168.0.56... Connected to undef.example.org. Escape character is '^]'. Connection closed by foreign host. $
This is the correct response. If you see this:
$ telnet undef 9103 Trying 192.168.0.56... Connected to undef.example.org. Escape character is '^]'. You are not welcome to use undef-sd from xeon.example.org. Connection closed by foreign host. $
then twist has been invoked and your configuration is not correct and you need to add the deny statement. It is important to note that your testing must include restarting the daemons after each connection attempt. You can also tcpdchk(8) and tcpdmatch(8) to validate your /etc/hosts.allow rules. Here is a simple test using tcpdmatch:
$ tcpdmatch undef-dir xeon.example.org warning: undef-dir: no such process name in /etc/inetd.conf client: hostname xeon.example.org client: address 192.168.0.18 server: process undef-dir matched: /etc/hosts.allow line 40 option: allow access: granted
If you are running Bacula as a standalone daemon, the warning above can be safely ignored. Here is an example which indicates that your rules are missing a deny statement and the twist option has been invoked.
$ tcpdmatch undef-dir 10.0.0.1 warning: undef-dir: no such process name in /etc/inetd.conf client: address 10.0.0.1 server: process undef-dir matched: /etc/hosts.allow line 91 option: severity auth.info option: twist /bin/echo "You are not welcome to use undef-dir from 10.0.0.1." access: delegated
Security advice from Dan Langille:
It is a good idea to run daemons with the lowest possible privileges. In other words, if you can, don't run applications as root which do not have to be root. The Storage Daemon and the Director Daemon do not need to be root. The File Daemon needs to be root in order to access all files on your system. In order to run as non-root, you need to create a user and a group. Choosing bacula as both the user name and the group name sounds like a good idea to me.
The FreeBSD port creates this user and group for you. Here is what those entries looked like on my FreeBSD laptop:
bacula:*:1002:1002::0:0:Bacula Daemon:/var/db/bacula:/sbin/nologin
I used vipw to create this entry. I selected a User ID and Group ID of 1002 as they were unused on my system.
I also created a group in /etc/group:
bacula:*:1002:
The bacula user (as opposed to the Bacula daemon) will have a home directory of /var/db/bacula which is the default location for the Bacula database.
Now that you have both a bacula user and a bacula group, you can secure the bacula home directory by issuing this command:
chown -R bacula:bacula /var/db/bacula/
This ensures that only the bacula user can access this directory. It also means that if we run the Director and the Storage daemon as bacula, those daemons also have restricted access. This would not be the case if they were running as root.
It is important to note that the storage daemon actually needs to be in the operator group for normal access to tape drives etc (at least on a FreeBSD system, that's how things are set up by default) Such devices are normally chown root:operator. It is easier and less error prone to make Bacula a member of that group than it is to play around with system permissions.
Starting the Bacula daemons
To start the bacula daemons on a FreeBSD system, issue the following command:
/usr/local/etc/rc.d/bacula-dir start /usr/local/etc/rc.d/bacula-sd start /usr/local/etc/rc.d/bacula-fd start
To confirm they are all running:
$ ps auwx | grep bacula
root 63418 0.0 0.3 1856 1036 ?? Ss 4:09PM 0:00.00
/usr/local/sbin/bacula-fd -v -c /usr/local/etc/bacula-fd.conf
bacula 63416 0.0 0.3 2040 1172 ?? Ss 4:09PM 0:00.01
/usr/local/sbin/bacula-sd -v -c /usr/local/etc/bacula-sd.conf
bacula 63422 0.0 0.4 2360 1440 ?? Ss 4:09PM 0:00.00
/usr/local/sbin/bacula-dir -v -c /usr/local/etc/bacula-dir.conf
If you have a firewall or a DMZ installed on your computer, you may experience difficulties contacting one or more of the Clients to back them up. This is especially true if you are trying to backup a Client across the Internet.
If you are attempting to do this, the sequence of network events in Bacula to do a backup are the following:
Console -> DIR:9101 DIR -> SD:9103 DIR -> FD:9102 FD -> SD:9103
Where hopefully it is obvious that DIR represents the Director, FD the File daemon or client, and SD the Storage daemon. The numbers that follow those names are the standard ports used by Bacula, and the -> represents the left side making a connection to the right side (i.e. the right side is the "server" or is listening on the specified port), and the left side is the "client" that initiates the conversation.
Note, port 9103 serves both the Director and the File daemon, each having its own independent connection.
If you are running iptables, you might add something like:
-A FW-1-INPUT -m state --state NEW -m tcp -p tcp --dport 9101:9103 -j ACCEPT
on your server, and
-A FW-1-INPUT -m state --state NEW -m tcp -p tcp --dport 9102 -j ACCEPT
on your client. In both cases, I assume that the machine is allowed to initiate connections on any port. If not, you will need to allow outgoing connections on ports 9102 and 9103 on your server and 9103 on your client. Thanks to Raymond Norton for this tip.
The following discussion was originally written by Jesse Guardiani because he has 'internal' and 'external' requiring the Director and the Client to use different IP addresses. His original solution was to define two different Storage resources in the Director's conf file each pointing to the same Storage daemon but with different IP addresses. In Bacula 1.38.x this no longer works, because Bacula makes a one-to-one association between a Storage daemon resource and a Device (such as an Autochanger). As a consequence, I have modified his original text to a method that I believe will work, but is as of yet untested (KES - July 2006).
My bacula server is on the 192.168.1.0/24 network at IP address 192.168.1.52. For the sake of discussion we will refer to this network as the 'internal' network because it connects to the internet through a NAT'd firewall. We will call the network on the public (internet) side of the NAT'd firewall the 'external' network. Also, for the sake of discussion we will call my bacula server:
server.int.mydomain.tld
when a fully qualified domain name is required, or simply:
server
if a hostname is adequate. We will call the various bacula daemons running on the server.int.mydomain.tld machine:
server-fd
server-sd
server-dir
In addition, I have two clients that I want to back up with Bacula. The first client is on the internal network. Its fully qualified domain name is:
private1.int.mydomain.tld
And its hostname is:
private1
This machine is a client and therefore runs just one bacula daemon:
private1-fd
The second client is on the external network. Its fully qualified domain name is:
public1.mydomain.tld
And its hostname is:
public1
This machine also runs just one bacula daemon:
public1-fd
Finally, I have a NAT firewall/gateway with two network interfaces. The first interface is on the internal network and serves as a gateway to the internet for all the machines attached to the internal network (For example, server.int.mydomain.tld and private1.int.mydomain.tld). The second interface is on the external (internet) network. The external interface has been assigned the name:
firewall.mydomain.tld
Remember:
*.int.mydomain.tld = internal network
*.mydomain.tld = external network
server-sd manages a 4 tape AIT autoloader. All of my backups are written to server-sd. I have just *one* Device resource in my server-sd.conf file:
Autochanger {
Name = "autochanger1";\
Device = Drive0
Changer Device = /dev/ch0;
Changer Command = "/usr/local/sbin/chio-bacula %c %o %S %a";
}
Device {
Name = Drive0
DriveIndex = 0
Media Type = AIT-1;
Archive Device = /dev/nrsa1;
Label Media = yes;
AutoChanger = yes;
AutomaticMount = yes; # when device opened, read it
AlwaysOpen = yes;
Hardware End of Medium = No
Fast Forward Space File = No
BSF at EOM = yes
}
(note, please see the Tape Testing chapter of this manual for important FreeBSD information.) However, unlike previously, there is only one Storage definition in my server-dir.conf file:
Storage {
Name = "autochanger1" # Storage device for backing up
Address = Storage-server
SDPort = 9103
Password = "mysecretpassword"
Device = "autochanger1"
Media Type = AIT-1
Autochanger = yes
}
Note that the Storage resource uses neither of the two addresses to the Storage daemon -- neither server.int.mydomain.tld nor firewall.mydomain.tld, but instead uses the address Storage-server.
What is key is that in the internal net, Storage-server is resolved to server.int.mydomain.tld, either with an entry in /etc/hosts, or by creating and appropriate DNS entry, and on the external net (the Client machine), Storage-server is resolved to firewall.mydomain.tld.
In addition to the above, I have two Client resources defined in server-dir.conf:
Client {
Name = private1-fd
Address = private1.int.mydomain.tld
FDPort = 9102
Catalog = MyCatalog
Password = "mysecretpassword" # password for FileDaemon
}
Client {
Name = public1-fd
Address = public1.mydomain.tld
FDPort = 9102
Catalog = MyCatalog
Password = "mysecretpassword" # password for FileDaemon
}
And finally, to tie it all together, I have two Job resources defined in server-dir.conf:
Job {
Name = "Private1-Backup"
Type = Backup
Client = private1-fd
FileSet = "Private1"
Schedule = "WeeklyCycle"
Storage = "autochanger1-int"
Messages = Standard
Pool = "Weekly"
Write Bootstrap = "/var/db/bacula/Private1-Backup.bsr"
Priority = 12
}
Job {
Name = "Public1-Backup"
Type = Backup
Client = public1-fd
FileSet = "Public1"
Schedule = "WeeklyCycle"
Storage = "autochanger1-ext"
Messages = Standard
Pool = "Weekly"
Write Bootstrap = "/var/db/bacula/Public1-Backup.bsr"
Priority = 13
}
It is important to notice that because the 'Private1-Backup' Job is intended to back up a machine on the internal network so it resolves Storage-server to contact the Storage daemon via the internal net. On the other hand, the 'Public1-Backup' Job is intended to back up a machine on the external network, so it resolves Storage-server to contact the Storage daemon via the external net.
I have left the Pool, Catalog, Messages, FileSet, Schedule, and Director resources out of the above server-dir.conf examples because they are not pertinent to the discussion.
If I want to run a backup of private1.int.mydomain.tld and store that backup using server-sd then my understanding of the order of events is this:
Alternatively, if I want to run a backup of public1.mydomain.tld and store that backup using server-sd then my understanding of the order of events is this:
In order for the above 'Public1-Backup' Job to succeed, firewall.mydomain.tld:9103 MUST be forwarded using the firewall's configuration software to server.int.mydomain.tld:9103. Some firewalls call this 'Server Publication'. Others may call it 'Port Forwarding'.
Also, if you have denial of service rate limiting in your firewall, this too can cause Bacula disconnects since Bacula can at times use very high access rates. To avoid this, you should implement default accept rules for the Bacula ports involved before the rate limiting rules.
Finally, if you have a Windows machine, it will most likely by default disallow connections to the Bacula Windows File daemon. See the Windows chapter of this manual for additional details.
Since Bacula maintains a catalog of files, their attributes, and either SHA1 or MD5 signatures, it can be an ideal tool for improving computer security. This is done by making a snapshot of your system files with a Verify Job and then checking the current state of your system against the snapshot, on a regular basis (e.g. nightly).
The first step is to set up a Verify Job and to run it with:
Level = InitCatalog
The InitCatalog level tells Bacula simply to get the information on the specified files and to put it into the catalog. That is your database is initialized and no comparison is done. The InitCatalog is normally run one time manually.
Thereafter, you will run a Verify Job on a daily (or whatever) basis with:
Level = Catalog
The Level = Catalog level tells Bacula to compare the current state of the files on the Client to the last InitCatalog that is stored in the catalog and to report any differences. See the example below for the format of the output.
You decide what files you want to form your "snapshot" by specifying them in a FileSet resource, and normally, they will be system files that do not change, or that only certain features change.
Then you decide what attributes of each file you want compared by specifying comparison options on the Include statements that you use in the FileSet resource of your Catalog Jobs.
In the discussion that follows, we will make reference to the Verify Configuration Example that is included below in the A Verify Configuration Example section. You might want to look it over now to get an idea of what it does.
The main elements consist of adding a schedule, which will normally be run daily, or perhaps more often. This is provided by the VerifyCycle Schedule, which runs at 5:05 in the morning every day.
Then you must define a Job, much as is done below. We recommend that the Job name contain the name of your machine as well as the word Verify or Check. In our example, we named it MatouVerify. This will permit you to easily identify your job when running it from the Console.
You will notice that most records of the Job are quite standard, but that the FileSet resource contains verify=pins1 option in addition to the standard signature=SHA1 option. If you don't want SHA1 signature comparison, and we cannot imagine why not, you can drop the signature=SHA1 and none will be computed nor stored in the catalog. Or alternatively, you can use verify=pins5 and signature=MD5, which will use the MD5 hash algorithm. The MD5 hash computes faster than SHA1, but is cryptographically less secure.
The verify=pins1 is ignored during the InitCatalog Job, but is used during the subsequent Catalog Jobs to specify what attributes of the files should be compared to those found in the catalog. pins1 is a reasonable set to begin with, but you may want to look at the details of these and other options. They can be found in the FileSet Resource section of this manual. Briefly, however, the p of the pins1 tells Verify to compare the permissions bits, the i is to compare inodes, the n causes comparison of the number of links, the s compares the file size, and the 1 compares the SHA1 checksums (this requires the signature=SHA1 option to have been set also).
You must also specify the Client and the Catalog resources for your Verify job, but you probably already have them created for your client and do not need to recreate them, they are included in the example below for completeness.
As mentioned above, you will need to have a FileSet resource for the Verify job, which will have the additional verify=pins1 option. You will want to take some care in defining the list of files to be included in your FileSet. Basically, you will want to include all system (or other) files that should not change on your system. If you select files, such as log files or mail files, which are constantly changing, your automatic Verify job will be constantly finding differences. The objective in forming the FileSet is to choose all unchanging important system files. Then if any of those files has changed, you will be notified, and you can determine if it changed because you loaded a new package, or because someone has broken into your computer and modified your files. The example below shows a list of files that I use on my Red Hat 7.3 system. Since I didn't spend a lot of time working on it, it probably is missing a few important files (if you find one, please send it to me). On the other hand, as long as I don't load any new packages, none of these files change during normal operation of the system.
The first thing you will want to do is to run an InitCatalog level Verify Job. This will initialize the catalog to contain the file information that will later be used as a basis for comparisons with the actual file system, thus allowing you to detect any changes (and possible intrusions into your system).
The easiest way to run the InitCatalog is manually with the console program by simply entering run. You will be presented with a list of Jobs that can be run, and you will choose the one that corresponds to your Verify Job, MatouVerify in this example.
The defined Job resources are:
1: MatouVerify
2: kernsrestore
3: Filetest
4: kernsave
Select Job resource (1-4): 1
Next, the console program will show you the basic parameters of the Job and ask you:
Run Verify job JobName: MatouVerify FileSet: Verify Set Level: Catalog Client: MatouVerify Storage: DLTDrive OK to run? (yes/mod/no): mod
Here, you want to respond mod to modify the parameters because the Level is by default set to Catalog and we want to run an InitCatalog Job. After responding mod, the console will ask:
Parameters to modify:
1: Job
2: Level
3: FileSet
4: Client
5: Storage
Select parameter to modify (1-5): 2
you should select number 2 to modify the Level, and it will display:
Levels:
1: Initialize Catalog
2: Verify from Catalog
3: Verify Volume
4: Verify Volume Data
Select level (1-4): 1
Choose item 1, and you will see the final display:
Run Verify job JobName: MatouVerify FileSet: Verify Set Level: Initcatalog Client: MatouVerify Storage: DLTDrive OK to run? (yes/mod/no): yes
at which point you respond yes, and the Job will begin.
Thereafter the Job will automatically start according to the schedule you have defined. If you wish to immediately verify it, you can simply run a Verify Catalog which will be the default. No differences should be found.
If you have setup your messages correctly, you should be notified if there are any differences and exactly what they are. For example, below is the email received after doing an update of OpenSSH:
HeadMan: Start Verify JobId 83 Job=RufusVerify.2002-06-25.21:41:05 HeadMan: Verifying against Init JobId 70 run 2002-06-21 18:58:51 HeadMan: File: /etc/pam.d/sshd HeadMan: st_ino differ. Cat: 4674b File: 46765 HeadMan: File: /etc/rc.d/init.d/sshd HeadMan: st_ino differ. Cat: 56230 File: 56231 HeadMan: File: /etc/ssh/ssh_config HeadMan: st_ino differ. Cat: 81317 File: 8131b HeadMan: st_size differ. Cat: 1202 File: 1297 HeadMan: SHA1 differs. HeadMan: File: /etc/ssh/sshd_config HeadMan: st_ino differ. Cat: 81398 File: 81325 HeadMan: st_size differ. Cat: 1182 File: 1579 HeadMan: SHA1 differs. HeadMan: File: /etc/ssh/ssh_config.rpmnew HeadMan: st_ino differ. Cat: 812dd File: 812b3 HeadMan: st_size differ. Cat: 1167 File: 1114 HeadMan: SHA1 differs. HeadMan: File: /etc/ssh/sshd_config.rpmnew HeadMan: st_ino differ. Cat: 81397 File: 812dd HeadMan: st_size differ. Cat: 2528 File: 2407 HeadMan: SHA1 differs. HeadMan: File: /etc/ssh/moduli HeadMan: st_ino differ. Cat: 812b3 File: 812ab HeadMan: File: /usr/bin/scp HeadMan: st_ino differ. Cat: 5e07e File: 5e343 HeadMan: st_size differ. Cat: 26728 File: 26952 HeadMan: SHA1 differs. HeadMan: File: /usr/bin/ssh-keygen HeadMan: st_ino differ. Cat: 5df1d File: 5e07e HeadMan: st_size differ. Cat: 80488 File: 84648 HeadMan: SHA1 differs. HeadMan: File: /usr/bin/sftp HeadMan: st_ino differ. Cat: 5e2e8 File: 5df1d HeadMan: st_size differ. Cat: 46952 File: 46984 HeadMan: SHA1 differs. HeadMan: File: /usr/bin/slogin HeadMan: st_ino differ. Cat: 5e359 File: 5e2e8 HeadMan: File: /usr/bin/ssh HeadMan: st_mode differ. Cat: 89ed File: 81ed HeadMan: st_ino differ. Cat: 5e35a File: 5e359 HeadMan: st_size differ. Cat: 219932 File: 234440 HeadMan: SHA1 differs. HeadMan: File: /usr/bin/ssh-add HeadMan: st_ino differ. Cat: 5e35b File: 5e35a HeadMan: st_size differ. Cat: 76328 File: 81448 HeadMan: SHA1 differs. HeadMan: File: /usr/bin/ssh-agent HeadMan: st_ino differ. Cat: 5e35c File: 5e35b HeadMan: st_size differ. Cat: 43208 File: 47368 HeadMan: SHA1 differs. HeadMan: File: /usr/bin/ssh-keyscan HeadMan: st_ino differ. Cat: 5e35d File: 5e96a HeadMan: st_size differ. Cat: 139272 File: 151560 HeadMan: SHA1 differs. HeadMan: 25-Jun-2002 21:41 JobId: 83 Job: RufusVerify.2002-06-25.21:41:05 FileSet: Verify Set Verify Level: Catalog Client: RufusVerify Start time: 25-Jun-2002 21:41 End time: 25-Jun-2002 21:41 Files Examined: 4,258 Termination: Verify Differences
At this point, it was obvious that these files were modified during installation of the RPMs. If you want to be super safe, you should run a Verify Level=Catalog immediately before installing new software to verify that there are no differences, then run a Verify Level=InitCatalog immediately after the installation.
To keep the above email from being sent every night when the Verify Job runs, we simply re-run the Verify Job setting the level to InitCatalog (as we did above in the very beginning). This will re-establish the current state of the system as your new basis for future comparisons. Take care that you don't do an InitCatalog after someone has placed a Trojan horse on your system!
If you have included in your FileSet a file that is changed by the normal operation of your system, you will get false matches, and you will need to modify the FileSet to exclude that file (or not to Include it), and then re-run the InitCatalog.
The FileSet that is shown below is what I use on my Red Hat 7.3 system. With a bit more thought, you can probably add quite a number of additional files that should be monitored.
Schedule {
Name = "VerifyCycle"
Run = Level=Catalog sun-sat at 5:05
}
Job {
Name = "MatouVerify"
Type = Verify
Level = Catalog # default level
Client = MatouVerify
FileSet = "Verify Set"
Messages = Standard
Storage = DLTDrive
Pool = Default
Schedule = "VerifyCycle"
}
#
# The list of files in this FileSet should be carefully
# chosen. This is a good starting point.
#
FileSet {
Name = "Verify Set"
Include {
Options {
verify=pins1
signature=SHA1
}
File = /boot
File = /bin
File = /sbin
File = /usr/bin
File = /lib
File = /root/.ssh
File = /home/kern/.ssh
File = /var/named
File = /etc/sysconfig
File = /etc/ssh
File = /etc/security
File = /etc/exports
File = /etc/rc.d/init.d
File = /etc/sendmail.cf
File = /etc/sysctl.conf
File = /etc/services
File = /etc/xinetd.d
File = /etc/hosts.allow
File = /etc/hosts.deny
File = /etc/hosts
File = /etc/modules.conf
File = /etc/named.conf
File = /etc/pam.d
File = /etc/resolv.conf
}
Exclude = { }
P
Client {
Name = MatouVerify
Address = lmatou
Catalog = Bacula
Password = ""
File Retention = 80d # 80 days
Job Retention = 1y # one year
AutoPrune = yes # Prune expired Jobs/Files
}
Catalog {
Name = Bacula
dbname = verify; user = bacula; password = ""
}
%define rh7 0
and edit it to read
%define rh7 1
Alternately you may pass the define on the command line when calling rpmbuild:
rpmbuild -ba --define "build_rh7 1" bacula.spec
rpmbuild --rebuild --define build_rh7 1" bacula-x.x.x-x.src.rpm
%define mysql 0
OR
%define mysql4 0
OR
%define mysql5 0
to
%define mysql 1
OR
%define mysql4 1
OR
%define mysql5 1
in the spec file directly or pass it to rpmbuild on the command line:
rpmbuild -ba --define "build_rh7 1" --define "build_mysql 1" bacula.spec
rpmbuild -ba --define "build_rh7 1" --define "build_mysql4 1" bacula.spec
rpmbuild -ba --define "build_rh7 1" --define "build_mysql5 1" bacula.spec
chmod -R 777 /usr/src/redhat
chmod -R 777 /usr/src/RPM
chmod -R 777 /usr/src/packages
If you are working on a shared system where you can not use the method above then you need to recreate the appropriate above directory tree with all of its subdirectories inside your home directory. Then create a file named
.rpmmacros
in your home directory (or edit the file if it already exists) and add the following line:
%_topdir /home/myuser/redhat
Another handy directive for the .rpmmacros file if you wish to suppress the creation of debug rpm packages is:
%debug_package %{nil}
chown bacula.bacula /var/bacula/*
chown root.bacula /var/bacula/bacula-fd.9102.state
chown bacula.disk /var/bacula/bacula-sd.9103.state
Further, if you are using File storage volumes rather than tapes those files will also need to have ownership set to user bacula and group bacula.
Build with one of these 3 commands:
rpmbuild --rebuild \
--define "build_rhel4 1" \
--define "build_sqlite 1" \
bacula-1.38.3-1.src.rpm
rpmbuild --rebuild \
--define "build_rhel4 1" \
--define "build_postgresql 1" \
bacula-1.38.3-1.src.rpm
rpmbuild --rebuild \
--define "build_rhel4 1" \
--define "build_mysql4 1" \
bacula-1.38.3-1.src.rpm
For CentOS substitute '--define "build_centos4 1"' in place of rhel4.
For Scientific Linux substitute '--define "build_sl4 1"' in place of rhel4.
For 64 bit support add '--define "build_x86_64 1"'
Red Hat builds --define "build_rh7 1" --define "build_rh8 1" --define "build_rh9 1" Fedora Core build --define "build_fc1 1" --define "build_fc3 1" --define "build_fc4 1" --define "build_fc5 1" --define "build_fc6 1" --define "build_fc7 1" --define "build_fc8 1" --define "build_fc9 1" Whitebox Enterprise build --define "build_wb3 1" Red Hat Enterprise builds --define "build_rhel3 1" --define "build_rhel4 1" --define "build_rhel5 1" CentOS build --define "build_centos3 1" --define "build_centos4 1" --define "build_centos5 1" Scientific Linux build --define "build_sl3 1" --define "build_sl4 1" --define "build_sl5 1" SuSE build --define "build_su9 1" --define "build_su10 1" --define "build_su102 1" --define "build_su103 1" --define "build_su110 1" Mandrake 10.x build --define "build_mdk 1" Mandriva build --define "build_mdv 1" MySQL support: for mysql 3.23.x support define this --define "build_mysql 1" if using mysql 4.x define this, currently: Mandrake 10.x, Mandriva 2006.0, SuSE 9.x & 10.0, FC4 & RHEL4 --define "build_mysql4 1" if using mysql 5.x define this, currently: SuSE 10.1 & FC5 --define "build_mysql5 1" PostgreSQL support: --define "build_postgresql 1" Sqlite support: --define "build_sqlite 1" Build the client rpm only in place of one of the above database full builds: --define "build_client_only 1" X86-64 support: --define "build_x86_64 1" Supress build of bgnome-console: --define "nobuild_gconsole 1" Build the WXWindows console: requires wxGTK >= 2.6 --define "build_wxconsole 1" Build the Bacula Administration Tool: requires QT >= 4.2 --define "build_bat 1" Build python scripting support: --define "build_python 1" Modify the Packager tag for third party packages: --define "contrib_packager Your Name <youremail@site.org>"
chown bacula:bacula /var/baculaNote: as of 1.38.8 /var/bacula is installed root:bacula with permissions 770.
The information in this chapter is provided so that you may either create your own bootstrap files, or so that you can edit a bootstrap file produced by Bacula. However, normally the bootstrap file will be automatically created for you during the restore_command command in the Console program, or by using a Write Bootstrap record in your Backup Jobs, and thus you will never need to know the details of this file.
The bootstrap file contains ASCII information that permits precise specification of what files should be restored, what volume they are on, and where they are on the volume. It is a relatively compact form of specifying the information, is human readable, and can be edited with any text editor.
The general format of a bootstrap file is:
<keyword>= <value>
Where each keyword and the value specify which files to restore. More precisely the keyword and their values serve to limit which files will be restored and thus act as a filter. The absence of a keyword means that all records will be accepted.
Blank lines and lines beginning with a pound sign (#) in the bootstrap file are ignored.
There are keywords which permit filtering by Volume, Client, Job, FileIndex, Session Id, Session Time, ...
The more keywords that are specified, the more selective the specification of which files to restore will be. In fact, each keyword is ANDed with other keywords that may be present.
For example,
Volume = Test-001 VolSessionId = 1 VolSessionTime = 108927638
directs the Storage daemon (or the bextract program) to restore only those files on Volume Test-001 AND having VolumeSessionId equal to one AND having VolumeSession time equal to 108927638.
The full set of permitted keywords presented in the order in which they are matched against the Volume records are:
This for a given Volume, the triple VolSessionId, VolSessionTime, and FileIndex uniquely identifies a file stored on the Volume. Multiple copies of the same file may be stored on the same Volume, but for each file, the triple VolSessionId, VolSessionTime, and FileIndex will be unique. This triple is stored in the Catalog database for each file.
To restore a particular file, this value (or a range of FileIndexes) is required.
The Volume record is a bit special in that it must be the first record. The other keyword records may appear in any order and any number following a Volume record.
Multiple Volume records may be specified in the same bootstrap file, but each one starts a new set of filter criteria for the Volume.
In processing the bootstrap file within the current Volume, each filter specified by a keyword is ANDed with the next. Thus,
Volume = Test-01 Client = "My machine" FileIndex = 1
will match records on Volume Test-01 AND Client records for My machine AND FileIndex equal to one.
Multiple occurrences of the same record are ORed together. Thus,
Volume = Test-01 Client = "My machine" Client = "Backup machine" FileIndex = 1
will match records on Volume Test-01 AND (Client records for My machine OR Backup machine) AND FileIndex equal to one.
For integer values, you may supply a range or a list, and for all other values except Volumes, you may specify a list. A list is equivalent to multiple records of the same keyword. For example,
Volume = Test-01 Client = "My machine", "Backup machine" FileIndex = 1-20, 35
will match records on Volume Test-01 AND (Client records for My machine OR Backup machine) AND (FileIndex 1 OR 2 OR 3 ... OR 20 OR 35).
As previously mentioned above, there may be multiple Volume records in the same bootstrap file. Each new Volume definition begins a new set of filter conditions that apply to that Volume and will be ORed with any other Volume definitions.
As an example, suppose we query for the current set of tapes to restore all files on Client Rufus using the query command in the console program:
Using default Catalog name=MySQL DB=bacula
*query
Available queries:
1: List Job totals:
2: List where a file is saved:
3: List where the most recent copies of a file are saved:
4: List total files/bytes by Job:
5: List total files/bytes by Volume:
6: List last 10 Full Backups for a Client:
7: List Volumes used by selected JobId:
8: List Volumes to Restore All Files:
Choose a query (1-8): 8
Enter Client Name: Rufus
+-------+------------------+------------+-----------+----------+------------+
| JobId | StartTime | VolumeName | StartFile | VolSesId | VolSesTime |
+-------+------------------+------------+-----------+----------+------------+
| 154 | 2002-05-30 12:08 | test-02 | 0 | 1 | 1022753312 |
| 202 | 2002-06-15 10:16 | test-02 | 0 | 2 | 1024128917 |
| 203 | 2002-06-15 11:12 | test-02 | 3 | 1 | 1024132350 |
| 204 | 2002-06-18 08:11 | test-02 | 4 | 1 | 1024380678 |
+-------+------------------+------------+-----------+----------+------------+
The output shows us that there are four Jobs that must be restored. The first one is a Full backup, and the following three are all Incremental backups.
The following bootstrap file will restore those files:
Volume=test-02 VolSessionId=1 VolSessionTime=1022753312 Volume=test-02 VolSessionId=2 VolSessionTime=1024128917 Volume=test-02 VolSessionId=1 VolSessionTime=1024132350 Volume=test-02 VolSessionId=1 VolSessionTime=1024380678
As a final example, assume that the initial Full save spanned two Volumes. The output from query might look like:
+-------+------------------+------------+-----------+----------+------------+ | JobId | StartTime | VolumeName | StartFile | VolSesId | VolSesTime | +-------+------------------+------------+-----------+----------+------------+ | 242 | 2002-06-25 16:50 | File0003 | 0 | 1 | 1025016612 | | 242 | 2002-06-25 16:50 | File0004 | 0 | 1 | 1025016612 | | 243 | 2002-06-25 16:52 | File0005 | 0 | 2 | 1025016612 | | 246 | 2002-06-25 19:19 | File0006 | 0 | 2 | 1025025494 | +-------+------------------+------------+-----------+----------+------------+
and the following bootstrap file would restore those files:
Volume=File0003 VolSessionId=1 VolSessionTime=1025016612 Volume=File0004 VolSessionId=1 VolSessionTime=1025016612 Volume=File0005 VolSessionId=2 VolSessionTime=1025016612 Volume=File0006 VolSessionId=2 VolSessionTime=1025025494
One thing that is probably worth knowing: the bootstrap files that are generated automatically at the end of the job are not as optimized as those generated by the restore command. This is because during Incremental and Differential jobs, the records pertaining to the files written for the Job are appended to the end of the bootstrap file. As consequence, all the files saved to an Incremental or Differential job will be restored first by the Full save, then by any Incremental or Differential saves.
When the bootstrap file is generated for the restore command, only one copy (the most recent) of each file is restored.
So if you have spare cycles on your machine, you could optimize the bootstrap files by doing the following:
./bconsole restore client=xxx select all done no quit Backup bootstrap file.
The above will not work if you have multiple FileSets because that will be an extra prompt. However, the restore client=xxx select all builds the in-memory tree, selecting everything and creates the bootstrap file.
The no answers the Do you want to run this (yes/mod/no) question.
Volume="Vol001" Volume="Vol002" Volume="Vol003" Volume="Vol004" Volume="Vol005"
If you want to extract or copy a single Job, you can do it by selecting by JobId (code not tested) or better yet, if you know the VolSessionTime and the VolSessionId (printed on Job report and in Catalog), specifying this is by far the best. Using the VolSessionTime and VolSessionId is the way Bacula does restores. A bsr file might look like the following:
Volume="Vol001" VolSessionId=10 VolSessionTime=1080847820
If you know how many files are backed up (on the job report), you can enormously speed up the selection by adding (let's assume there are 157 files):
FileIndex=1-157 Count=157
Finally, if you know the File number where the Job starts, you can also cause bcopy to forward space to the right file without reading every record:
VolFile=20
There is nothing magic or complicated about a BSR file. Parsing it and properly applying it within Bacula *is* magic, but you don't need to worry about that.
If you want to see a *real* bsr file, simply fire up the restore command in the console program, select something, then answer no when it prompts to run the job. Then look at the file restore.bsr in your working directory.
If you use the ./configure --with-mysql=mysql-directory statement for
configuring Bacula, you will need MySQL version 4.1 or later installed
in the mysql-directory. If you are using one of the new modes such as
ANSI/ISO compatibility, you may experience problems.
If MySQL is installed in the standard system location, you need only enter
--with-mysql since the configure program will search all the
standard locations. If you install MySQL in your home directory or some
other non-standard directory, you will need to provide the full path to it.
Installing and Configuring MySQL is not difficult but can be confusing the first time. As a consequence, below, we list the steps that we used to install it on our machines. Please note that our configuration leaves MySQL without any user passwords. This may be an undesirable situation if you have other users on your system.
The notes below describe how to build MySQL from the source tar files. If you have a pre-installed MySQL, you can return to complete the installation of Bacula, then come back to Phase II of the MySQL installation. If you wish to install MySQL from rpms, you will probably need to install the following:
mysql-<version>.rpm mysql-server-<version>.rpm mysql-devel-<version>.rpmThe names of the packages may vary from distribution to distribution. It is important to have the devel package loaded as it contains the libraries and header files necessary to build Bacula. There may be additional packages that are required to install the above, for example, zlib and openssl.
Once these packages are installed, you will be able to build Bacula (using the files installed with the mysql package, then run MySQL using the files installed with mysql-server. If you have installed MySQL by rpms, please skip Phase I below, and return to complete the installation of Bacula, then come back to Phase II of the MySQL installation when indicated to do so.
Beginning with Bacula version 1.31, the thread safe version of the
MySQL client library is used, and hence you should add the --enable-thread-safe-client option to the ./configure as shown below:
tar xvfz mysql-filename
Note, the above command requires GNU tar. If you do not have GNU tar, a command such as:
zcat mysql-filename | tar xvf -
will probably accomplish the same thing.
where you replace mysql-source-directory with the directory name where you put the MySQL source code.
--enable-thread-safe-client --prefix=mysql-directory
where you replace mysql-directory with the directory name where you want to install mysql. Normally for system wide use this is /usr/local/mysql. In my case, I use ~kern/mysql.
This takes a bit of time.
This will put all the necessary binaries, libraries and support files into the mysql-directory that you specified above.
This will create the necessary MySQL databases for controlling user access. Note, this script can also be found in the bin directory in the installation directory
The MySQL client library mysqlclient requires the gzip compression library libz.a or libz.so. If you are using rpm packages, these libraries are in the libz-devel package. On Debian systems, you will need to load the zlib1g-dev package. If you are not using rpms or debs, you will need to find the appropriate package for your system.
At this point, you should return to completing the installation of Bacula. Later after Bacula is installed, come back to this chapter to complete the installation. Please note, the installation files used in the second phase of the MySQL installation are created during the Bacula Installation.
At this point, you should have built and installed MySQL, or already have a running MySQL, and you should have configured, built and installed Bacula. If not, please complete these items before proceeding.
Please note that the ./configure used to build Bacula will need to
include --with-mysql=mysql-directory, where mysql-directory is the
directory name that you specified on the ./configure command for configuring
MySQL. This is needed so that Bacula can find the necessary include headers
and library files for interfacing to MySQL.
Bacula will install scripts for manipulating the database (create, delete, make tables etc) into the main installation directory. These files will be of the form *_bacula_* (e.g. create_bacula_database). These files are also available in the <bacula-src>/src/cats directory after running ./configure. If you inspect create_bacula_database, you will see that it calls create_mysql_database. The *_bacula_* files are provided for convenience. It doesn't matter what database you have chosen; create_bacula_database will always create your database.
Now you will create the Bacula MySQL database and the tables that Bacula uses.
--prefix option. This can be important to
know if you want to make a special backup of the Bacula database or to
check its size.
Each of the three scripts (grant_mysql_privileges, create_mysql_database and make_mysql_tables) allows the addition of a command line argument. This can be useful for specifying the user and or password. For example, you might need to add -u root to the command line to have sufficient privilege to create the Bacula tables.
To take a closer look at the access privileges that you have setup with the above, you can do:
mysql-directory/bin/mysql -u root mysql select * from user;
After you have done some initial testing with Bacula, you will probably want to re-initialize the catalog database and throw away all the test Jobs that you ran. To do so, you can do the following:
cd <install-directory> ./drop_mysql_tables ./make_mysql_tables
Please note that all information in the database will be lost and you will be starting from scratch. If you have written on any Volumes, you must write an end of file mark on the volume so that Bacula can reuse it. Do so with:
(stop Bacula or unmount the drive) mt -f /dev/nst0 rewind mt -f /dev/nst0 weof
Where you should replace /dev/nst0 with the appropriate tape drive device name for your machine.
After configuring Bacula with
./configure --enable-thread-safe-client --prefix=<mysql-directory>
where <mysql-directory> is in my case /home/kern/mysql, you may
have to configure the loader so that it can find the MySQL shared libraries.
If you have previously followed this procedure and later add the --enable-thread-safe-client options, you will need to rerun the ldconfig program shown below. If you put MySQL in a standard place such as
/usr/lib or /usr/local/lib this will not be necessary, but in my
case it is. The description that follows is Linux specific. For other
operating systems, please consult your manuals on how to do the same thing:
First edit: /etc/ld.so.conf and add a new line to the end of the file with the name of the mysql-directory. In my case, it is:
/home/kern/mysql/lib/mysql then rebuild the loader's cache with:
/sbin/ldconfig If you upgrade to a new version of MySQL, the shared library names will probably change, and you must re-run the /sbin/ldconfig command so that the runtime loader can find them.
Alternatively, your system my have a loader environment variable that can be set. For example, on a Solaris system where I do not have root permission, I use:
LD_LIBRARY_PATH=/home/kern/mysql/lib/mysql
Finally, if you have encryption enabled in MySQL, you may need to add -lssl -lcrypto to the link. In that case, you can either export the appropriate LDFLAGS definition, or alternatively, you can include them directly on the ./configure line as in:
LDFLAGS="-lssl -lcyrpto" \
./configure \
<your-options>
mysql mysql-devel
This will be the same with most other package managers too.
If you are considering using PostreSQL, you should be aware of their philosophy of upgrades, which could be destabilizing for a production shop. Basically at every major version upgrade, you are required to dump your database in an ASCII format, do the upgrade, and then reload your database (or databases). This is because they frequently update the "data format" from version to version, and they supply no tools to automatically do the conversion. If you forget to do the ASCII dump, your database may become totally useless because none of the new tools can access it due to the format change, and the PostgreSQL server will not be able to start.
If you are building PostgreSQL from source, please be sure to add
the --enable-thread-safety option when doing the ./configure
for PostgreSQL.
If you use the ./configure --with-postgresql=PostgreSQL-Directory
statement for configuring Bacula, you will need PostgreSQL version 7.4
or later installed. NOTE! PostgreSQL versions earlier than 7.4 do not work
with Bacula. If PostgreSQL is installed in the standard system location, you
need only enter --with-postgresql since the configure program will
search all the standard locations. If you install PostgreSQL in your home
directory or some other non-standard directory, you will need to provide the
full path with the --with-postgresql option.
Installing and configuring PostgreSQL is not difficult but can be confusing the first time. If you prefer, you may want to use a package provided by your chosen operating system. Binary packages are available on most PostgreSQL mirrors.
If you prefer to install from source, we recommend following the instructions found in the PostgreSQL documentation.
If you are using FreeBSD, this FreeBSD Diary article will be useful. Even if you are not using FreeBSD, the article will contain useful configuration and setup information.
If you configure the Batch Insert code in Bacula (attribute inserts are
10 times faster), you must be using a PostgreSQL that was built with
the --enable-thread-safety option, otherwise you will get
data corruption. Most major Linux distros have thread safety turned on, but
it is better to check. One way is to see if the PostgreSQL library that
Bacula will be linked against references pthreads. This can be done
with a command such as:
nm /usr/lib/libpq.a | grep pthread_mutex_lock
The above command should print a line that looks like:
U pthread_mutex_lock
if does, then everything is OK. If it prints nothing, do not enable batch inserts when building Bacula.
After installing PostgreSQL, you should return to completing the installation of Bacula. Later, after Bacula is installed, come back to this chapter to complete the installation. Please note, the installation files used in the second phase of the PostgreSQL installation are created during the Bacula Installation. You must still come back to complete the second phase of the PostgreSQL installation even if you installed binaries (e.g. rpm, deb, ...).
At this point, you should have built and installed PostgreSQL, or already have a running PostgreSQL, and you should have configured, built and installed Bacula. If not, please complete these items before proceeding.
Please note that the ./configure used to build Bacula will need to
include --with-postgresql=PostgreSQL-directory, where PostgreSQL-directory is the directory name that you specified on the
./configure command for configuring PostgreSQL (if you didn't specify a
directory or PostgreSQL is installed in a default location, you do not need to
specify the directory). This is needed so that Bacula can find the necessary
include headers and library files for interfacing to PostgreSQL.
Bacula will install scripts for manipulating the database (create, delete, make tables etc) into the main installation directory. These files will be of the form *_bacula_* (e.g. create_bacula_database). These files are also available in the <bacula-src>/src/cats directory after running ./configure. If you inspect create_bacula_database, you will see that it calls create_postgresql_database. The *_bacula_* files are provided for convenience. It doesn't matter what database you have chosen; create_bacula_database will always create your database.
Now you will create the Bacula PostgreSQL database and the tables that Bacula uses. These instructions assume that you already have PostgreSQL running. You will need to perform these steps as a user that is able to create new databases. This can be the PostgreSQL user (on most systems, this is the pgsql user).
This directory contains the Bacula catalog interface routines.
This script creates the PostgreSQL bacula database. Before running this command, you should carefully think about what encoding sequence you want for the text fields (paths, files, ...). Ideally, the encoding should be set to UTF8. However, many Unix systems have filenames that are not encoded in UTF8, either because you have not set UTF8 as your default character set or because you have imported files from elsewhere (e.g. MacOS X). For this reason, Bacula uses SQL_ASCII as the default encoding. If you want to change this, please modify the script before running it, but be forewarned that Bacula backups will fail if PostgreSQL finds any non-UTF8 sequences.
If running the script fails, it is probably because the database is owned by a user other than yourself. On many systems, the database owner is pgsql and on others such as Red Hat and Fedora it is postgres. You can find out which it is by examining your /etc/passwd file. To create a new user under either your name or with say the name bacula, you can do the following:
su
(enter root password)
su pgsql (or postgres)
createuser kern (or perhaps bacula)
Shall the new user be allowed to create databases? (y/n) y
Shall the new user be allowed to create more new users? (y/n) (choose
what you want)
exit
At this point, you should be able to execute the ./create_bacula_database command.
This script creates the PostgreSQL tables used by Bacula.
This script creates the database user bacula with restricted access rights. You may want to modify it to suit your situation. Please note that this database is not password protected.
Each of the three scripts (create_bacula_database, make_bacula_tables, and grant_bacula_privileges) allows the addition of a command line argument. This can be useful for specifying the user name. For example, you might need to add -h hostname to the command line to specify a remote database server.
To take a closer look at the access privileges that you have setup with the above, you can do:
PostgreSQL-directory/bin/psql --command \\dp bacula
Also, I had an authorization problem with the password. In the end, I had to modify my pg_hba.conf file (in /var/lib/pgsql/data on my machine) from:
local all all ident sameuser to local all all trust
This solved the problem for me, but it is not always a good thing to do from a security standpoint. However, it allowed me to run my regression scripts without having a password.
A more secure way to perform database authentication is with md5 password hashes. Begin by editing the pg_hba.conf file, and just prior the the existing ``local'' and ``host'' lines, add the line:
local bacula bacula md5
and restart the Postgres database server (frequently, this can be done using "/etc/init.d/postgresql restart" or "service postgresql restart") to put this new authentication rule into effect.
Next, become the Postgres administrator, postgres, either by logging on as the postgres user, or by using su to become root and then using su - postgres to become postgres. Add a password to the bacula database for the bacula user using:
\$ psql bacula bacula=# alter user bacula with password 'secret'; ALTER USER bacula=# \\q
You'll have to add this password to two locations in the bacula-dir.conf file: once to the Catalog resource and once to the RunBeforeJob entry in the BackupCatalog Job resource. With the password in place, these two lines should look something like:
dbname = bacula; user = bacula; password = "secret"
... and ...
# WARNING!!! Passing the password via the command line is insecure.
# see comments in make_catalog_backup for details.
RunBeforeJob = "/etc/make_catalog_backup bacula bacula secret"
Naturally, you should choose your own significantly more random password, and ensure that the bacula-dir.conf file containing this password is readable only by the root.
Even with the files containing the database password properly restricted, there is still a security problem with this approach: on some platforms, the environment variable that is used to supply the password to Postgres is available to all users of the local system. To eliminate this problem, the Postgres team have deprecated the use of the environment variable password-passing mechanism and recommend the use of a .pgpass file instead. To use this mechanism, create a file named .pgpass containing the single line:
localhost:5432:bacula:bacula:secret
This file should be copied into the home directory of all accounts that will need to gain access to the database: typically, root, bacula, and any users who will make use of any of the console programs. The files must then have the owner and group set to match the user (so root:root for the copy in root, and so on), and the mode set to 600, limiting access to the owner of the file.
After you have done some initial testing with Bacula, you will probably want to re-initialize the catalog database and throw away all the test Jobs that you ran. To do so, you can do the following:
cd <install-directory> ./drop_bacula_tables ./make_bacula_tables ./grant_bacula_privileges
Please note that all information in the database will be lost and you will be starting from scratch. If you have written on any Volumes, you must write an end of file mark on the volume so that Bacula can reuse it. Do so with:
(stop Bacula or unmount the drive) mt -f /dev/nst0 rewind mt -f /dev/nst0 weof
Where you should replace /dev/nst0 with the appropriate tape drive device name for your machine.
postgresql postgresql-devel postgresql-server postgresql-libs
These will be similar with most other package managers too. After installing from rpms, you will still need to run the scripts that set up the database and create the tables as described above.
The conversion procedure presented here was worked out by Norm Dressler <ndressler at dinmar dot com>
This process was tested using the following software versions:
WARNING: Always as a precaution, take a complete backup of your databases before proceeding with this process!
mysqldump -f -t -n >bacula-backup.dmp
local all all trust
host all all 127.0.0.1 255.255.255.255 trust
NOTE: you should restart your postgres server if you
made changes
./create_postgresql_database
./make_postgresql_tables
./grant_postgresql_privileges
psql -Ubacula bacula
You should not get any errors.
psql -Ubacula bacula <bacula-backup.dmp>
psql -Ubacula bacula
SELECT SETVAL('basefiles_baseid_seq', (SELECT
MAX(baseid) FROM basefiles));
SELECT SETVAL('client_clientid_seq', (SELECT
MAX(clientid) FROM client));
SELECT SETVAL('file_fileid_seq', (SELECT MAX(fileid)
FROM file));
SELECT SETVAL('filename_filenameid_seq', (SELECT
MAX(filenameid) FROM filename));
SELECT SETVAL('fileset_filesetid_seq', (SELECT
MAX(filesetid) FROM fileset));
SELECT SETVAL('job_jobid_seq', (SELECT MAX(jobid) FROM job));
SELECT SETVAL('jobmedia_jobmediaid_seq', (SELECT
MAX(jobmediaid) FROM jobmedia));
SELECT SETVAL('media_mediaid_seq', (SELECT MAX(mediaid) FROM media));
SELECT SETVAL('path_pathid_seq', (SELECT MAX(pathid) FROM path));
SELECT SETVAL('pool_poolid_seq', (SELECT MAX(poolid) FROM pool));
Please note that SQLite both versions 2 and 3 are not network enabled, which means that they must be linked into the Director rather than accessed by the network as MySQL and PostgreSQL are. This has two consequences:
If you use the ./configure --with-sqlite statement for configuring Bacula, you will need SQLite version 2.8.16 or later installed. Our standard
location (for the moment) for SQLite is in the dependency package depkgs/sqlite-2.8.16. Please note that the version will be updated as new
versions are available and tested.
Installing and Configuring is quite easy.
tar xvfz depkgs.tar.gz
Note, the above command requires GNU tar. If you do not have GNU tar, a command such as:
zcat depkgs.tar.gz | tar xvf -
will probably accomplish the same thing.
Please note that the ./configure used to build Bacula will need to
include --with-sqlite or --with-sqlite3 depending
one which version of SQLite you are using. You should not use the --enable-batch-insert configuration parameter for Bacula if you
are using SQLite version 2 as it is probably not thread safe. If you
are using SQLite version 3, you may use the --enable-batch-insert
configuration option with Bacula, but when building SQLite3 you MUST
configure it with --enable-threadsafe and
--enable-cross-thread-connections.
By default, SQLite3 is now run with PRAGMA synchronous=OFF this increases the speed by more than 30 time, but it also increases the possibility of a corrupted database if your server crashes (power failure or kernel bug). If you want more security, you can change the PRAGMA that is used in the file src/version.h.
At this point, you should return to completing the installation of Bacula.
This phase is done after you have run the ./configure command to configure Bacula.
Bacula will install scripts for manipulating the database (create, delete, make tables etc) into the main installation directory. These files will be of the form *_bacula_* (e.g. create_bacula_database). These files are also available in the <bacula-src>/src/cats directory after running ./configure. If you inspect create_bacula_database, you will see that it calls create_sqlite_database. The *_bacula_* files are provided for convenience. It doesn't matter what database you have chosen; create_bacula_database will always create your database.
At this point, you can create the SQLite database and tables:
This directory contains the Bacula catalog interface routines.
This script creates the SQLite database as well as the tables used by Bacula. This script will be automatically setup by the ./configure program to create a database named bacula.db in Bacula's working directory.
If you have followed the above steps, this will all happen automatically and the SQLite libraries will be linked into Bacula.
We have much less "production" experience using SQLite than using MySQL. SQLite has performed flawlessly for us in all our testing. However, several users have reported corrupted databases while using SQLite. For that reason, we do not recommend it for production use.
If Bacula crashes with the following type of error when it is started:
Using default Catalog name=MyCatalog DB=bacula Could not open database "bacula". sqlite.c:151 Unable to open Database=/var/lib/bacula/bacula.db. ERR=malformed database schema - unable to open a temporary database file for storing temporary tables
this is most likely caused by the fact that some versions of SQLite attempt to create a temporary file in the current directory. If that fails, because Bacula does not have write permission on the current directory, then you may get this errr. The solution is to start Bacula in a current directory where it has write permission.
After you have done some initial testing with Bacula, you will probably want to re-initialize the catalog database and throw away all the test Jobs that you ran. To do so, you can do the following:
cd <install-directory> ./drop_sqlite_tables ./make_sqlite_tables
Please note that all information in the database will be lost and you will be starting from scratch. If you have written on any Volumes, you must write an end of file mark on the volume so that Bacula can reuse it. Do so with:
(stop Bacula or unmount the drive) mt -f /dev/nst0 rewind mt -f /dev/nst0 weof
Where you should replace /dev/nst0 with the appropriate tape drive device name for your machine.
Previously it was intended to be used primarily by Bacula developers for testing; although SQLite is also a good choice for this. We do not recommend its use in general.
This database is simplistic in that it consists entirely of Bacula's internal structures appended sequentially to a file. Consequently, it is in most cases inappropriate for sites with many clients or systems with large numbers of files, or long-term production environments.
Below, you will find a table comparing the features available with SQLite and MySQL and with the internal Bacula database. At the current time, you cannot dynamically switch from one to the other, but must rebuild the Bacula source code. If you wish to experiment with both, it is possible to build both versions of Bacula and install them into separate directories.
| Feature | SQLite or MySQL | Bacula |
| Job Record | Yes | Yes |
| Media Record | Yes | Yes |
| FileName Record | Yes | No |
| File Record | Yes | No |
| FileSet Record | Yes | Yes |
| Pool Record | Yes | Yes |
| Client Record | Yes | Yes |
| JobMedia Record | Yes | Yes |
| List Job Records | Yes | Yes |
| List Media Records | Yes | Yes |
| List Pool Records | Yes | Yes |
| List JobMedia Records | Yes | Yes |
| Delete Pool Record | Yes | Yes |
| Delete Media Record | Yes | Yes |
| Update Pool Record | Yes | Yes |
| Implement Verify | Yes | No |
| MD5 Signatures | Yes | No |
In addition, since there is no SQL available, the Console commands: sqlquery, query, retention, and any other command that directly uses SQL are not available with the Internal database.
There are a number of different licenses that are used in Bacula. If you have a printed copy of this manual, the details of each of the licenses referred to in this chapter can be found in the online version of the manual at http://www.bacula.org.
The GNU Free Documentation License (FDL) is used for this manual, which is a free and open license. This means that you may freely reproduce it and even make changes to it. However, rather than distribute your own version of this manual, we would much prefer if you would send any corrections or changes to the Bacula project.
The most recent version of the manual can always be found online at http://www.bacula.org.
The vast bulk of the source code is released under the GNU General Public License version 2..
Most of this code is copyrighted: Copyright ©2000-2007 Free Software Foundation Europe e.V.
Portions may be copyrighted by other people (ATT, the Free Software Foundation, ...). These files are released under the GPL license.
Some of the Bacula library source code is released under the GNU Lesser General Public License. This permits third parties to use these parts of our code in their proprietary programs to interface to Bacula.
Some of the Bacula code, or code that Bacula references, has been released to the public domain. E.g. md5.c, SQLite.
Bacula® is a registered trademark of Kern Sibbald.
We have trademarked the Bacula name to ensure that any program using the name Bacula will be exactly compatible with the program that we have released. The use of the name Bacula is restricted to software systems that agree exactly with the program presented here.
http://www.bacula.org/en/FLA-bacula.en.pdf
and should be filled out then sent to:
Free Software Foundation Europe
Freedom Task Force
Sumatrastrasse 25
8006 Zürich
Switzerland
Please note that the above address is different from the officially registered office mentioned in the document. When you send in such a complete document, please notify me: kern at sibbald dot com.
NO WARRANTY
BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
The purpose of this License is to make a manual, textbook, or other functional and useful document "free" in the sense of freedom: to assure everyone the effective freedom to copy and redistribute it, with or without modifying it, either commercially or noncommercially. Secondarily, this License preserves for the author and publisher a way to get credit for their work, while not being considered responsible for modifications made by others.
This License is a kind of "copyleft", which means that derivative works of the document must themselves be free in the same sense. It complements the GNU General Public License, which is a copyleft license designed for free software.
We have designed this License in order to use it for manuals for free software, because free software needs free documentation: a free program should come with manuals providing the same freedoms that the software does. But this License is not limited to software manuals; it can be used for any textual work, regardless of subject matter or whether it is published as a printed book. We recommend this License principally for works whose purpose is instruction or reference.
This License applies to any manual or other work, in any medium, that contains a notice placed by the copyright holder saying it can be distributed under the terms of this License. Such a notice grants a world-wide, royalty-free license, unlimited in duration, to use that work under the conditions stated herein. The "Document", below, refers to any such manual or work. Any member of the public is a licensee, and is addressed as "you". You accept the license if you copy, modify or distribute the work in a way requiring permission under copyright law.
A "Modified Version" of the Document means any work containing the Document or a portion of it, either copied verbatim, or with modifications and/or translated into another language.
A "Secondary Section" is a named appendix or a front-matter section of the Document that deals exclusively with the relationship of the publishers or authors of the Document to the Document's overall subject (or to related matters) and contains nothing that could fall directly within that overall subject. (Thus, if the Document is in part a textbook of mathematics, a Secondary Section may not explain any mathematics.) The relationship could be a matter of historical connection with the subject or with related matters, or of legal, commercial, philosophical, ethical or political position regarding them.
The "Invariant Sections" are certain Secondary Sections whose titles are designated, as being those of Invariant Sections, in the notice that says that the Document is released under this License. If a section does not fit the above definition of Secondary then it is not allowed to be designated as Invariant. The Document may contain zero Invariant Sections. If the Document does not identify any Invariant Sections then there are none.
The "Cover Texts" are certain short passages of text that are listed, as Front-Cover Texts or Back-Cover Texts, in the notice that says that the Document is released under this License. A Front-Cover Text may be at most 5 words, and a Back-Cover Text may be at most 25 words.
A "Transparent" copy of the Document means a machine-readable copy, represented in a format whose specification is available to the general public, that is suitable for revising the document straightforwardly with generic text editors or (for images composed of pixels) generic paint programs or (for drawings) some widely available drawing editor, and that is suitable for input to text formatters or for automatic translation to a variety of formats suitable for input to text formatters. A copy made in an otherwise Transparent file format whose markup, or absence of markup, has been arranged to thwart or discourage subsequent modification by readers is not Transparent. An image format is not Transparent if used for any substantial amount of text. A copy that is not "Transparent" is called "Opaque".
Examples of suitable formats for Transparent copies include plain ASCII without markup, Texinfo input format, LaTeX input format, SGML or XML using a publicly available DTD, and standard-conforming simple HTML, PostScript or PDF designed for human modification. Examples of transparent image formats include PNG, XCF and JPG. Opaque formats include proprietary formats that can be read and edited only by proprietary word processors, SGML or XML for which the DTD and/or processing tools are not generally available, and the machine-generated HTML, PostScript or PDF produced by some word processors for output purposes only.
The "Title Page" means, for a printed book, the title page itself, plus such following pages as are needed to hold, legibly, the material this License requires to appear in the title page. For works in formats which do not have any title page as such, "Title Page" means the text near the most prominent appearance of the work's title, preceding the beginning of the body of the text.
A section "Entitled XYZ" means a named subunit of the Document whose title either is precisely XYZ or contains XYZ in parentheses following text that translates XYZ in another language. (Here XYZ stands for a specific section name mentioned below, such as "Acknowledgements", "Dedications", "Endorsements", or "History".) To "Preserve the Title" of such a section when you modify the Document means that it remains a section "Entitled XYZ" according to this definition.
The Document may include Warranty Disclaimers next to the notice which states that this License applies to the Document. These Warranty Disclaimers are considered to be included by reference in this License, but only as regards disclaiming warranties: any other implication that these Warranty Disclaimers may have is void and has no effect on the meaning of this License.
You may copy and distribute the Document in any medium, either commercially or noncommercially, provided that this License, the copyright notices, and the license notice saying this License applies to the Document are reproduced in all copies, and that you add no other conditions whatsoever to those of this License. You may not use technical measures to obstruct or control the reading or further copying of the copies you make or distribute. However, you may accept compensation in exchange for copies. If you distribute a large enough number of copies you must also follow the conditions in section 3.
You may also lend copies, under the same conditions stated above, and you may publicly display copies.
If you publish printed copies (or copies in media that commonly have printed covers) of the Document, numbering more than 100, and the Document's license notice requires Cover Texts, you must enclose the copies in covers that carry, clearly and legibly, all these Cover Texts: Front-Cover Texts on the front cover, and Back-Cover Texts on the back cover. Both covers must also clearly and legibly identify you as the publisher of these copies. The front cover must present the full title with all words of the title equally prominent and visible. You may add other material on the covers in addition. Copying with changes limited to the covers, as long as they preserve the title of the Document and satisfy these conditions, can be treated as verbatim copying in other respects.
If the required texts for either cover are too voluminous to fit legibly, you should put the first ones listed (as many as fit reasonably) on the actual cover, and continue the rest onto adjacent pages.
If you publish or distribute Opaque copies of the Document numbering more than 100, you must either include a machine-readable Transparent copy along with each Opaque copy, or state in or with each Opaque copy a computer-network location from which the general network-using public has access to download using public-standard network protocols a complete Transparent copy of the Document, free of added material. If you use the latter option, you must take reasonably prudent steps, when you begin distribution of Opaque copies in quantity, to ensure that this Transparent copy will remain thus accessible at the stated location until at least one year after the last time you distribute an Opaque copy (directly or through your agents or retailers) of that edition to the public.
It is requested, but not required, that you contact the authors of the Document well before redistributing any large number of copies, to give them a chance to provide you with an updated version of the Document.
You may copy and distribute a Modified Version of the Document under the conditions of sections 2 and 3 above, provided that you release the Modified Version under precisely this License, with the Modified Version filling the role of the Document, thus licensing distribution and modification of the Modified Version to whoever possesses a copy of it. In addition, you must do these things in the Modified Version:
If the Modified Version includes new front-matter sections or appendices that qualify as Secondary Sections and contain no material copied from the Document, you may at your option designate some or all of these sections as invariant. To do this, add their titles to the list of Invariant Sections in the Modified Version's license notice. These titles must be distinct from any other section titles.
You may add a section Entitled "Endorsements", provided it contains nothing but endorsements of your Modified Version by various parties--for example, statements of peer review or that the text has been approved by an organization as the authoritative definition of a standard.
You may add a passage of up to five words as a Front-Cover Text, and a passage of up to 25 words as a Back-Cover Text, to the end of the list of Cover Texts in the Modified Version. Only one passage of Front-Cover Text and one of Back-Cover Text may be added by (or through arrangements made by) any one entity. If the Document already includes a cover text for the same cover, previously added by you or by arrangement made by the same entity you are acting on behalf of, you may not add another; but you may replace the old one, on explicit permission from the previous publisher that added the old one.
The author(s) and publisher(s) of the Document do not by this License give permission to use their names for publicity for or to assert or imply endorsement of any Modified Version.
You may combine the Document with other documents released under this License, under the terms defined in section 4 above for modified versions, provided that you include in the combination all of the Invariant Sections of all of the original documents, unmodified, and list them all as Invariant Sections of your combined work in its license notice, and that you preserve all their Warranty Disclaimers.
The combined work need only contain one copy of this License, and multiple identical Invariant Sections may be replaced with a single copy. If there are multiple Invariant Sections with the same name but different contents, make the title of each such section unique by adding at the end of it, in parentheses, the name of the original author or publisher of that section if known, or else a unique number. Make the same adjustment to the section titles in the list of Invariant Sections in the license notice of the combined work.
In the combination, you must combine any sections Entitled "History" in the various original documents, forming one section Entitled "History"; likewise combine any sections Entitled "Acknowledgements", and any sections Entitled "Dedications". You must delete all sections Entitled "Endorsements".
You may make a collection consisting of the Document and other documents released under this License, and replace the individual copies of this License in the various documents with a single copy that is included in the collection, provided that you follow the rules of this License for verbatim copying of each of the documents in all other respects.
You may extract a single document from such a collection, and distribute it individually under this License, provided you insert a copy of this License into the extracted document, and follow this License in all other respects regarding verbatim copying of that document.
A compilation of the Document or its derivatives with other separate and independent documents or works, in or on a volume of a storage or distribution medium, is called an "aggregate" if the copyright resulting from the compilation is not used to limit the legal rights of the compilation's users beyond what the individual works permit. When the Document is included in an aggregate, this License does not apply to the other works in the aggregate which are not themselves derivative works of the Document.
If the Cover Text requirement of section 3 is applicable to these copies of the Document, then if the Document is less than one half of the entire aggregate, the Document's Cover Texts may be placed on covers that bracket the Document within the aggregate, or the electronic equivalent of covers if the Document is in electronic form. Otherwise they must appear on printed covers that bracket the whole aggregate.
Translation is considered a kind of modification, so you may distribute translations of the Document under the terms of section 4. Replacing Invariant Sections with translations requires special permission from their copyright holders, but you may include translations of some or all Invariant Sections in addition to the original versions of these Invariant Sections. You may include a translation of this License, and all the license notices in the Document, and any Warranty Disclaimers, provided that you also include the original English version of this License and the original versions of those notices and disclaimers. In case of a disagreement between the translation and the original version of this License or a notice or disclaimer, the original version will prevail.
If a section in the Document is Entitled "Acknowledgements", "Dedications", or "History", the requirement (section 4) to Preserve its Title (section 1) will typically require changing the actual title.
You may not copy, modify, sublicense, or distribute the Document except as expressly provided for under this License. Any other attempt to copy, modify, sublicense or distribute the Document is void, and will automatically terminate your rights under this License. However, parties who have received copies, or rights, from you under this License will not have their licenses terminated so long as such parties remain in full compliance.
The Free Software Foundation may publish new, revised versions of the GNU Free Documentation License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns. See http://www.gnu.org/copyleft/.
Each version of the License is given a distinguishing version number. If the Document specifies that a particular numbered version of this License "or any later version" applies to it, you have the option of following the terms and conditions either of that specified version or of any later version that has been published (not as a draft) by the Free Software Foundation. If the Document does not specify a version number of this License, you may choose any version ever published (not as a draft) by the Free Software Foundation.
To use this License in a document you have written, include a copy of the License in the document and put the following copyright and license notices just after the title page:
Copyright ©YEAR YOUR NAME. Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or any later version published by the Free Software Foundation; with no Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts. A copy of the license is included in the section entitled "GNU Free Documentation License".
If you have Invariant Sections, Front-Cover Texts and Back-Cover Texts, replace the "with...Texts." line with this:
with the Invariant Sections being LIST THEIR TITLES, with the Front-Cover Texts being LIST, and with the Back-Cover Texts being LIST.
If you have Invariant Sections without Cover Texts, or some other combination of the three, merge those two alternatives to suit the situation.
If your document contains nontrivial examples of program code, we recommend releasing these examples in parallel under your choice of free software license, such as the GNU General Public License, to permit their use in free software.
Version 2, June 1991
Copyright (C) 1989, 1991 Free Software Foundation, Inc. 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed.
The licenses for most software are designed to take away your freedom to share
and change it. By contrast, the GNU General Public License is intended to
guarantee your freedom to share and change free software--to make sure the
software is free for all its users. This General Public License applies to
most of the Free Software Foundation's software and to any other program whose
authors commit to using it. (Some other Free Software Foundation software is
covered by the GNU Library General Public License instead.) You can apply it
to your programs, too.
When we speak of free software, we are referring to freedom, not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for this service if you wish), that you receive source code or can get it if you want it, that you can change the software or use pieces of it in new free programs; and that you know you can do these things.
To protect your rights, we need to make restrictions that forbid anyone to deny you these rights or to ask you to surrender the rights. These restrictions translate to certain responsibilities for you if you distribute copies of the software, or if you modify it.
For example, if you distribute copies of such a program, whether gratis or for a fee, you must give the recipients all the rights that you have. You must make sure that they, too, receive or can get the source code. And you must show them these terms so they know their rights.
We protect your rights with two steps: (1) copyright the software, and (2) offer you this license which gives you legal permission to copy, distribute and/or modify the software.
Also, for each author's protection and ours, we want to make certain that everyone understands that there is no warranty for this free software. If the software is modified by someone else and passed on, we want its recipients to know that what they have is not the original, so that any problems introduced by others will not reflect on the original authors' reputations.
Finally, any free program is threatened constantly by software patents. We wish to avoid the danger that redistributors of a free program will individually obtain patent licenses, in effect making the program proprietary. To prevent this, we have made it clear that any patent must be licensed for everyone's free use or not licensed at all.
The precise terms and conditions for copying, distribution and modification follow.
TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
0. This License applies to any program or other work which contains a notice placed by the copyright holder saying it may be distributed under the terms of this General Public License. The "Program", below, refers to any such program or work, and a "work based on the Program" means either the Program or any derivative work under copyright law: that is to say, a work containing the Program or a portion of it, either verbatim or with modifications and/or translated into another language. (Hereinafter, translation is included without limitation in the term "modification".) Each licensee is addressed as "you".
Activities other than copying, distribution and modification are not covered by this License; they are outside its scope. The act of running the Program is not restricted, and the output from the Program is covered only if its contents constitute a work based on the Program (independent of having been made by running the Program). Whether that is true depends on what the Program does.
1. You may copy and distribute verbatim copies of the Program's source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice and disclaimer of warranty; keep intact all the notices that refer to this License and to the absence of any warranty; and give any other recipients of the Program a copy of this License along with the Program.
You may charge a fee for the physical act of transferring a copy, and you may at your option offer warranty protection in exchange for a fee.
2. You may modify your copy or copies of the Program or any portion of it, thus forming a work based on the Program, and copy and distribute such modifications or work under the terms of Section 1 above, provided that you also meet all of these conditions:
These requirements apply to the modified work as a whole. If identifiable sections of that work are not derived from the Program, and can be reasonably considered independent and separate works in themselves, then this License, and its terms, do not apply to those sections when you distribute them as separate works. But when you distribute the same sections as part of a whole which is a work based on the Program, the distribution of the whole must be on the terms of this License, whose permissions for other licensees extend to the entire whole, and thus to each and every part regardless of who wrote it.
Thus, it is not the intent of this section to claim rights or contest your rights to work written entirely by you; rather, the intent is to exercise the right to control the distribution of derivative or collective works based on the Program.
In addition, mere aggregation of another work not based on the Program with the Program (or with a work based on the Program) on a volume of a storage or distribution medium does not bring the other work under the scope of this License.
3. You may copy and distribute the Program (or a work based on it, under Section 2) in object code or executable form under the terms of Sections 1 and 2 above provided that you also do one of the following:
The source code for a work means the preferred form of the work for making modifications to it. For an executable work, complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the executable. However, as a special exception, the source code distributed need not include anything that is normally distributed (in either source or binary form) with the major components (compiler, kernel, and so on) of the operating system on which the executable runs, unless that component itself accompanies the executable.
If distribution of executable or object code is made by offering access to copy from a designated place, then offering equivalent access to copy the source code from the same place counts as distribution of the source code, even though third parties are not compelled to copy the source along with the object code.
4. You may not copy, modify, sublicense, or distribute the Program except as expressly provided under this License. Any attempt otherwise to copy, modify, sublicense or distribute the Program is void, and will automatically terminate your rights under this License. However, parties who have received copies, or rights, from you under this License will not have their licenses terminated so long as such parties remain in full compliance.
5. You are not required to accept this License, since you have not signed it. However, nothing else grants you permission to modify or distribute the Program or its derivative works. These actions are prohibited by law if you do not accept this License. Therefore, by modifying or distributing the Program (or any work based on the Program), you indicate your acceptance of this License to do so, and all its terms and conditions for copying, distributing or modifying the Program or works based on it.
6. Each time you redistribute the Program (or any work based on the Program), the recipient automatically receives a license from the original licensor to copy, distribute or modify the Program subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. You are not responsible for enforcing compliance by third parties to this License.
7. If, as a consequence of a court judgment or allegation of patent infringement or for any other reason (not limited to patent issues), conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not distribute the Program at all. For example, if a patent license would not permit royalty-free redistribution of the Program by all those who receive copies directly or indirectly through you, then the only way you could satisfy both it and this License would be to refrain entirely from distribution of the Program.
If any portion of this section is held invalid or unenforceable under any particular circumstance, the balance of the section is intended to apply and the section as a whole is intended to apply in other circumstances.
It is not the purpose of this section to induce you to infringe any patents or other property right claims or to contest validity of any such claims; this section has the sole purpose of protecting the integrity of the free software distribution system, which is implemented by public license practices. Many people have made generous contributions to the wide range of software distributed through that system in reliance on consistent application of that system; it is up to the author/donor to decide if he or she is willing to distribute software through any other system and a licensee cannot impose that choice.
This section is intended to make thoroughly clear what is believed to be a consequence of the rest of this License.
8. If the distribution and/or use of the Program is restricted in certain countries either by patents or by copyrighted interfaces, the original copyright holder who places the Program under this License may add an explicit geographical distribution limitation excluding those countries, so that distribution is permitted only in or among countries not thus excluded. In such case, this License incorporates the limitation as if written in the body of this License.
9. The Free Software Foundation may publish revised and/or new versions of the General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns.
Each version is given a distinguishing version number. If the Program specifies a version number of this License which applies to it and "any later version", you have the option of following the terms and conditions either of that version or of any later version published by the Free Software Foundation. If the Program does not specify a version number of this License, you may choose any version ever published by the Free Software Foundation.
10. If you wish to incorporate parts of the Program into other free programs whose distribution conditions are different, write to the author to ask for permission. For software which is copyrighted by the Free Software Foundation, write to the Free Software Foundation; we sometimes make exceptions for this. Our decision will be guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally.
NO WARRANTY
11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
END OF TERMS AND CONDITIONS
If you develop a new program, and you want it to be of the greatest possible use to the public, the best way to achieve this is to make it free software which everyone can redistribute and change under these terms.
To do so, attach the following notices to the program. It is safest to attach them to the start of each source file to most effectively convey the exclusion of warranty; and each file should have at least the "copyright" line and a pointer to where the full notice is found.
{\em one line to give the program's name and an idea of what it does.}
Copyright (C) {\em yyyy} {\em name of author}
This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License
as published by the Free Software Foundation; either version 2
of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
02110-1301 USA
Also add information on how to contact you by electronic and paper mail.
If the program is interactive, make it output a short notice like this when it starts in an interactive mode:
Gnomovision version 69, Copyright (C) {\em year} {\em name of author}
Gnomovision comes with ABSOLUTELY NO WARRANTY; for details
type `show w'. This is free software, and you are welcome
to redistribute it under certain conditions; type `show c'
for details.
The hypothetical commands `show w' and `show c' should show the
appropriate parts of the General Public License. Of course, the commands you
use may be called something other than `show w' and `show c'; they
could even be mouse-clicks or menu items--whatever suits your program.
You should also get your employer (if you work as a programmer) or your school, if any, to sign a "copyright disclaimer" for the program, if necessary. Here is a sample; alter the names:
Yoyodyne, Inc., hereby disclaims all copyright
interest in the program `Gnomovision'
(which makes passes at compilers) written
by James Hacker.
{\em signature of Ty Coon}, 1 April 1989
Ty Coon, President of Vice
This General Public License does not permit incorporating your program into proprietary programs. If your program is a subroutine library, you may consider it more useful to permit linking proprietary applications with the library. If this is what you want to do, use the GNU Library General Public License instead of this License. Return to GNU's home page.
FSF & GNU inquiries & questions to gnu@gnu.org. Other ways to contact the FSF.
Comments on these web pages to webmasters@www.gnu.org, send other questions to gnu@gnu.org.
Copyright notice above. Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
Updated: 3 Jan 2000 rms
image of a Philosophical GNU [ English | Japanese ]
This GNU Lesser General Public License counts as the successor of the GNU Library General Public License. For an explanation of why this change was necessary, read the Why you shouldn't use the Lesser GPL for your next library article.
Version 2.1, February 1999
Copyright (C) 1991, 1999 Free Software Foundation, Inc. 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. [This is the first released version of the Lesser GPL. It also counts as the successor of the GNU Library Public License, version 2, hence the version number 2.1.]
The licenses for most software are designed to take away your freedom to share
and change it. By contrast, the GNU General Public Licenses are intended to
guarantee your freedom to share and change free software--to make sure the
software is free for all its users.
This license, the Lesser General Public License, applies to some specially
designated software packages--typically libraries--of the Free Software
Foundation and other authors who decide to use it. You can use it too, but we
suggest you first think carefully about whether this license or the ordinary
General Public License is the better strategy to use in any particular case,
based on the explanations below.
When we speak of free software, we are referring to freedom of use, not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for this service if you wish); that you receive source code or can get it if you want it; that you can change the software and use pieces of it in new free programs; and that you are informed that you can do these things.
To protect your rights, we need to make restrictions that forbid distributors to deny you these rights or to ask you to surrender these rights. These restrictions translate to certain responsibilities for you if you distribute copies of the library or if you modify it.
For example, if you distribute copies of the library, whether gratis or for a fee, you must give the recipients all the rights that we gave you. You must make sure that they, too, receive or can get the source code. If you link other code with the library, you must provide complete object files to the recipients, so that they can relink them with the library after making changes to the library and recompiling it. And you must show them these terms so they know their rights.
We protect your rights with a two-step method: (1) we copyright the library, and (2) we offer you this license, which gives you legal permission to copy, distribute and/or modify the library.
To protect each distributor, we want to make it very clear that there is no warranty for the free library. Also, if the library is modified by someone else and passed on, the recipients should know that what they have is not the original version, so that the original author's reputation will not be affected by problems that might be introduced by others.
Finally, software patents pose a constant threat to the existence of any free program. We wish to make sure that a company cannot effectively restrict the users of a free program by obtaining a restrictive license from a patent holder. Therefore, we insist that any patent license obtained for a version of the library must be consistent with the full freedom of use specified in this license.
Most GNU software, including some libraries, is covered by the ordinary GNU General Public License. This license, the GNU Lesser General Public License, applies to certain designated libraries, and is quite different from the ordinary General Public License. We use this license for certain libraries in order to permit linking those libraries into non-free programs.
When a program is linked with a library, whether statically or using a shared library, the combination of the two is legally speaking a combined work, a derivative of the original library. The ordinary General Public License therefore permits such linking only if the entire combination fits its criteria of freedom. The Lesser General Public License permits more lax criteria for linking other code with the library.
We call this license the "Lesser" General Public License because it does Less to protect the user's freedom than the ordinary General Public License. It also provides other free software developers Less of an advantage over competing non-free programs. These disadvantages are the reason we use the ordinary General Public License for many libraries. However, the Lesser license provides advantages in certain special circumstances.
For example, on rare occasions, there may be a special need to encourage the widest possible use of a certain library, so that it becomes a de-facto standard. To achieve this, non-free programs must be allowed to use the library. A more frequent case is that a free library does the same job as widely used non-free libraries. In this case, there is little to gain by limiting the free library to free software only, so we use the Lesser General Public License.
In other cases, permission to use a particular library in non-free programs enables a greater number of people to use a large body of free software. For example, permission to use the GNU C Library in non-free programs enables many more people to use the whole GNU operating system, as well as its variant, the GNU/Linux operating system.
Although the Lesser General Public License is Less protective of the users' freedom, it does ensure that the user of a program that is linked with the Library has the freedom and the wherewithal to run that program using a modified version of the Library.
The precise terms and conditions for copying, distribution and modification follow. Pay close attention to the difference between a "work based on the library" and a "work that uses the library". The former contains code derived from the library, whereas the latter must be combined with the library in order to run.
TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
0. This License Agreement applies to any software library or other program which contains a notice placed by the copyright holder or other authorized party saying it may be distributed under the terms of this Lesser General Public License (also called "this License"). Each licensee is addressed as "you".
A "library" means a collection of software functions and/or data prepared so as to be conveniently linked with application programs (which use some of those functions and data) to form executables.
The "Library", below, refers to any such software library or work which has been distributed under these terms. A "work based on the Library" means either the Library or any derivative work under copyright law: that is to say, a work containing the Library or a portion of it, either verbatim or with modifications and/or translated straightforwardly into another language. (Hereinafter, translation is included without limitation in the term "modification".)
"Source code" for a work means the preferred form of the work for making modifications to it. For a library, complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the library.
Activities other than copying, distribution and modification are not covered by this License; they are outside its scope. The act of running a program using the Library is not restricted, and output from such a program is covered only if its contents constitute a work based on the Library (independent of the use of the Library in a tool for writing it). Whether that is true depends on what the Library does and what the program that uses the Library does.
1. You may copy and distribute verbatim copies of the Library's complete source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice and disclaimer of warranty; keep intact all the notices that refer to this License and to the absence of any warranty; and distribute a copy of this License along with the Library.
You may charge a fee for the physical act of transferring a copy, and you may at your option offer warranty protection in exchange for a fee.
2. You may modify your copy or copies of the Library or any portion of it, thus forming a work based on the Library, and copy and distribute such modifications or work under the terms of Section 1 above, provided that you also meet all of these conditions:
(For example, a function in a library to compute square roots has a purpose that is entirely well-defined independent of the application. Therefore, Subsection 2d requires that any application-supplied function or table used by this function must be optional: if the application does not supply it, the square root function must still compute square roots.)
These requirements apply to the modified work as a whole. If identifiable sections of that work are not derived from the Library, and can be reasonably considered independent and separate works in themselves, then this License, and its terms, do not apply to those sections when you distribute them as separate works. But when you distribute the same sections as part of a whole which is a work based on the Library, the distribution of the whole must be on the terms of this License, whose permissions for other licensees extend to the entire whole, and thus to each and every part regardless of who wrote it.
Thus, it is not the intent of this section to claim rights or contest your rights to work written entirely by you; rather, the intent is to exercise the right to control the distribution of derivative or collective works based on the Library.
In addition, mere aggregation of another work not based on the Library with the Library (or with a work based on the Library) on a volume of a storage or distribution medium does not bring the other work under the scope of this License.
3. You may opt to apply the terms of the ordinary GNU General Public License instead of this License to a given copy of the Library. To do this, you must alter all the notices that refer to this License, so that they refer to the ordinary GNU General Public License, version 2, instead of to this License. (If a newer version than version 2 of the ordinary GNU General Public License has appeared, then you can specify that version instead if you wish.) Do not make any other change in these notices.
Once this change is made in a given copy, it is irreversible for that copy, so the ordinary GNU General Public License applies to all subsequent copies and derivative works made from that copy.
This option is useful when you wish to copy part of the code of the Library into a program that is not a library.
4. You may copy and distribute the Library (or a portion or derivative of it, under Section 2) in object code or executable form under the terms of Sections 1 and 2 above provided that you accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange.
If distribution of object code is made by offering access to copy from a designated place, then offering equivalent access to copy the source code from the same place satisfies the requirement to distribute the source code, even though third parties are not compelled to copy the source along with the object code.
5. A program that contains no derivative of any portion of the Library, but is designed to work with the Library by being compiled or linked with it, is called a "work that uses the Library". Such a work, in isolation, is not a derivative work of the Library, and therefore falls outside the scope of this License.
However, linking a "work that uses the Library" with the Library creates an executable that is a derivative of the Library (because it contains portions of the Library), rather than a "work that uses the library". The executable is therefore covered by this License. Section 6 states terms for distribution of such executables.
When a "work that uses the Library" uses material from a header file that is part of the Library, the object code for the work may be a derivative work of the Library even though the source code is not. Whether this is true is especially significant if the work can be linked without the Library, or if the work is itself a library. The threshold for this to be true is not precisely defined by law.
If such an object file uses only numerical parameters, data structure layouts and accessors, and small macros and small inline functions (ten lines or less in length), then the use of the object file is unrestricted, regardless of whether it is legally a derivative work. (Executables containing this object code plus portions of the Library will still fall under Section 6.)
Otherwise, if the work is a derivative of the Library, you may distribute the object code for the work under the terms of Section 6. Any executables containing that work also fall under Section 6, whether or not they are linked directly with the Library itself.
6. As an exception to the Sections above, you may also combine or link a "work that uses the Library" with the Library to produce a work containing portions of the Library, and distribute that work under terms of your choice, provided that the terms permit modification of the work for the customer's own use and reverse engineering for debugging such modifications.
You must give prominent notice with each copy of the work that the Library is used in it and that the Library and its use are covered by this License. You must supply a copy of this License. If the work during execution displays copyright notices, you must include the copyright notice for the Library among them, as well as a reference directing the user to the copy of this License. Also, you must do one of these things:
For an executable, the required form of the "work that uses the Library" must include any data and utility programs needed for reproducing the executable from it. However, as a special exception, the materials to be distributed need not include anything that is normally distributed (in either source or binary form) with the major components (compiler, kernel, and so on) of the operating system on which the executable runs, unless that component itself accompanies the executable.
It may happen that this requirement contradicts the license restrictions of other proprietary libraries that do not normally accompany the operating system. Such a contradiction means you cannot use both them and the Library together in an executable that you distribute.
7. You may place library facilities that are a work based on the Library side-by-side in a single library together with other library facilities not covered by this License, and distribute such a combined library, provided that the separate distribution of the work based on the Library and of the other library facilities is otherwise permitted, and provided that you do these two things:
8. You may not copy, modify, sublicense, link with, or distribute the Library except as expressly provided under this License. Any attempt otherwise to copy, modify, sublicense, link with, or distribute the Library is void, and will automatically terminate your rights under this License. However, parties who have received copies, or rights, from you under this License will not have their licenses terminated so long as such parties remain in full compliance.
9. You are not required to accept this License, since you have not signed it. However, nothing else grants you permission to modify or distribute the Library or its derivative works. These actions are prohibited by law if you do not accept this License. Therefore, by modifying or distributing the Library (or any work based on the Library), you indicate your acceptance of this License to do so, and all its terms and conditions for copying, distributing or modifying the Library or works based on it.
10. Each time you redistribute the Library (or any work based on the Library), the recipient automatically receives a license from the original licensor to copy, distribute, link with or modify the Library subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. You are not responsible for enforcing compliance by third parties with this License.
11. If, as a consequence of a court judgment or allegation of patent infringement or for any other reason (not limited to patent issues), conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not distribute the Library at all. For example, if a patent license would not permit royalty-free redistribution of the Library by all those who receive copies directly or indirectly through you, then the only way you could satisfy both it and this License would be to refrain entirely from distribution of the Library.
If any portion of this section is held invalid or unenforceable under any particular circumstance, the balance of the section is intended to apply, and the section as a whole is intended to apply in other circumstances.
It is not the purpose of this section to induce you to infringe any patents or other property right claims or to contest validity of any such claims; this section has the sole purpose of protecting the integrity of the free software distribution system which is implemented by public license practices. Many people have made generous contributions to the wide range of software distributed through that system in reliance on consistent application of that system; it is up to the author/donor to decide if he or she is willing to distribute software through any other system and a licensee cannot impose that choice.
This section is intended to make thoroughly clear what is believed to be a consequence of the rest of this License.
12. If the distribution and/or use of the Library is restricted in certain countries either by patents or by copyrighted interfaces, the original copyright holder who places the Library under this License may add an explicit geographical distribution limitation excluding those countries, so that distribution is permitted only in or among countries not thus excluded. In such case, this License incorporates the limitation as if written in the body of this License.
13. The Free Software Foundation may publish revised and/or new versions of the Lesser General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns.
Each version is given a distinguishing version number. If the Library specifies a version number of this License which applies to it and "any later version", you have the option of following the terms and conditions either of that version or of any later version published by the Free Software Foundation. If the Library does not specify a license version number, you may choose any version ever published by the Free Software Foundation.
14. If you wish to incorporate parts of the Library into other free programs whose distribution conditions are incompatible with these, write to the author to ask for permission. For software which is copyrighted by the Free Software Foundation, write to the Free Software Foundation; we sometimes make exceptions for this. Our decision will be guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally.
NO WARRANTY
15. BECAUSE THE LIBRARY IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE LIBRARY, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE LIBRARY "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE LIBRARY IS WITH YOU. SHOULD THE LIBRARY PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
16. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE LIBRARY AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE LIBRARY (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE LIBRARY TO OPERATE WITH ANY OTHER SOFTWARE), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
END OF TERMS AND CONDITIONS
If you develop a new library, and you want it to be of the greatest possible use to the public, we recommend making it free software that everyone can redistribute and change. You can do so by permitting redistribution under these terms (or, alternatively, under the terms of the ordinary General Public License).
To apply these terms, attach the following notices to the library. It is safest to attach them to the start of each source file to most effectively convey the exclusion of warranty; and each file should have at least the "copyright" line and a pointer to where the full notice is found.
{\it one line to give the library's name and an idea of what it does.}
Copyright (C) {\it year} {\it name of author}
This library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
License as published by the Free Software Foundation; either
version 2.1 of the License, or (at your option) any later version.
This library is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Lesser General Public License for more details.
You should have received a copy of the GNU Lesser General Public
License along with this library; if not, write to the Free Software
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301
USA
Also add information on how to contact you by electronic and paper mail.
You should also get your employer (if you work as a programmer) or your school, if any, to sign a "copyright disclaimer" for the library, if necessary. Here is a sample; alter the names:
Yoyodyne, Inc., hereby disclaims all copyright interest in
the library "Frob" (a library for tweaking knobs) written
by James Random Hacker.
{\it signature of Ty Coon}, 1 April 1990
Ty Coon, President of Vice
That's all there is to it! Return to GNU's home page.
FSF & GNU inquiries & questions to gnu@gnu.org. Other ways to contact the FSF.
Comments on these web pages to webmasters@www.gnu.org, send other questions to gnu@gnu.org.
Copyright notice above. Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA USA
Updated: 27 Nov 2000 paulv
Once a new major version of Bacula is released, the Bacula users will vote on a list of new features. This vote is used as the main element determining what new features will be implemented for the next version. Generally, the development time for a new release is between four to nine months. Sometimes it may be a bit longer, but in that case, there will be a number of bug fix updates to the currently released version.
For the current list of project, please see the projects page in the CVS at: http://cvs.sourceforge.net/viewcvs.py/*checkout*/bacula/bacula/projects see the projects file in the main source directory. The projects file is updated approximately once every six months.
Separately from the project list, Kern maintains a current list of tasks as well as ideas, feature requests, and occasionally design notes. This list is updated roughly weekly (sometimes more often). For a current list of tasks you can see kernstodo in the Source Forge CVS at http://cvs.sourceforge.net/viewcvs.py/*checkout*/bacula/bacula/kernstodo.
Thanks to Richard Stallman for starting the Free Software movement and for bringing us gcc and all the other GNU tools as well as the GPL license.
Thanks to Linus Torvalds for bringing us Linux.
Thanks to all the Free Software programmers. Without being able to peek at your code, and in some cases, take parts of it, this project would have been much more difficult.
Thanks to John Walker for suggesting this project, giving it a name, contributing software he has written, and for his programming efforts on Bacula as well as having acted as a constant sounding board and source of ideas.
Thanks to the apcupsd project where I started my Free Software efforts, and from which I was able to borrow some ideas and code that I had written.
Special thanks to D. Scott Barninger for writing the bacula RPM spec file, building all the RPM files and loading them onto Source Forge. This has been a tremendous help.
Many thanks to Karl Cunningham for converting the manual from html format to LaTeX. It was a major effort flawlessly done that will benefit the Bacula users for many years to come. Thanks Karl.
Thanks to Dan Langille for the incredible amount of testing he did on FreeBSD. His perseverance is truly remarkable. Thanks also for the many contributions he has made to improve Bacula (pthreads patch for FreeBSD, improved start/stop script and addition of Bacula userid and group, stunnel, ...), his continuing support of Bacula users. He also wrote the PostgreSQL driver for Bacula and has been a big help in correcting the SQL.
Thanks to multiple other Bacula Packagers who make and release packages for different platforms for Bacula.
Thanks to Christopher Hull for developing the native Win32 Bacula emulation code and for contributing it to the Bacula project.
Thanks to Robert Nelson for bringing our Win32 implementation up to par with all the same features that exist in the Unix/Linux versions. In addition, he has ported the Director and Storage daemon to Win32!
Thanks to Thorsten Engel for his excellent knowledge of Win32 systems, and for making the Win32 File daemon Unicode compatible, as well as making the Win32 File daemon interface to Microsoft's Volume Shadow Copy (VSS). These two are big pluses for Bacula!
Thanks to Landon Fuller for writing both the communications and the data encryption code for Bacula.
Thanks to Arno Lehmann for his excellent and infatigable help and advice to users.
Thanks to all the Bacula users, especially those of you who have contributed ideas, bug reports, patches, and new features.
Bacula can be enabled with data encryption and/or communications encryption. If this is the case, you will be including OpenSSL code that that contains cryptographic software written by Eric Young (eay@cryptsoft.com) and also software written by Tim Hudson (tjh@cryptsoft.com).
The Bat (Bacula Administration Tool) graphs are based in part on the work of the Qwt project (http://qwt.sf.net).
The original variable expansion code used in the LabelFormat comes from the Open Source Software Project (www.ossp.org). It has been adapted and extended for use in Bacula. This code is now deprecated.
There have been numerous people over the years who have contributed ideas, code, and help to the Bacula project. The file AUTHORS in the main source release file contains a list of contributors. For all those who I have left out, please send me a reminder, and in any case, thanks for your contribution.
Thanks to the Free Software Foundation Europe e.V. for assuming the responsibilities of protecting the Bacula copyright.
Certain words and/or products are Copyrighted or Trademarked such as Windows (by Microsoft). Since they are numerous, and we are not necessarily aware of the details of each, we don't try to list them here. However, we acknowledge all such Copyrights and Trademarks, and if any copyright or trademark holder wishes a specific acknowledgment, notify us, and we will be happy to add it where appropriate.
Well fortunately there are not too many bugs, but thanks to Dan Langille, we have a bugs database where bugs are reported. Generally, when a bug is fixed, a patch for the currently released version will be attached to the bug report.
The directory patches in the current SVN always contains a list of the patches that have been created for the previously released version of Bacula. In addition, the file patches-version-number in the patches directory contains a summary of each of the patches.
A "raw" list of the current task list and known issues can be found in kernstodo in the main Bacula source directory.
Please note that as of version 1.37, the Variable Expansion is deprecated and replaced by Python scripting (not yet documented).
Variable expansion is somewhat similar to Unix shell variable expansion. Currently (version 1.31), it is used only in format labels, but in the future, it will most likely be used in more places.
This is basically a string expansion capability that permits referencing variables, indexing arrays, conditional replacement of variables, case conversion, substring selection, regular expression matching and replacement, character class replacement, padding strings, repeated expansion in a user controlled loop, support of arithmetic expressions in the loop start, step and end conditions, and recursive expansion.
When using variable expansion characters in a Volume Label Format record, the format should always be enclosed in double quotes (").
For example, ${HOME} will be replaced by your home directory as defined in the environment. If you have defined the variable xxx to be Test, then the reference ${xxx:p/7/Y/r} will right pad the contents of xxx to a length of seven characters filling with the character Y giving YYYTest.
Within Bacula, there are three main classes of variables with some minor variations within the classes. The classes are:
Since the syntax is quite extensive, below, you will find the pseudo BNF. The special characters have the following meaning:
::= definition ( ) grouping if the parens are not quoted | separates alternatives '/' literal / (or any other character) CAPS a character or character sequence * preceding item can be repeated zero or more times ? preceding item can appear zero or one time + preceding item must appear one or more times
And the pseudo BNF describing the syntax is:
input ::= ( TEXT
| variable
| INDEX_OPEN input INDEX_CLOSE (loop_limits)?
)*
variable ::= DELIM_INIT (name|expression)
name ::= (NAME_CHARS)+
expression ::= DELIM_OPEN
(name|variable)+
(INDEX_OPEN num_exp INDEX_CLOSE)?
(':' command)*
DELIM_CLOSE
command ::= '-' (TEXT_EXP|variable)+
| '+' (TEXT_EXP|variable)+
| 'o' NUMBER ('-'|',') (NUMBER)?
| '#'
| '*' (TEXT_EXP|variable)+
| 's' '/' (TEXT_PATTERN)+
'/' (variable|TEXT_SUBST)*
'/' ('m'|'g'|'i'|'t')*
| 'y' '/' (variable|TEXT_SUBST)+
'/' (variable|TEXT_SUBST)*
'/'
| 'p' '/' NUMBER
'/' (variable|TEXT_SUBST)*
'/' ('r'|'l'|'c')
| '%' (name|variable)+
('(' (TEXT_ARGS)? ')')?
| 'l'
| 'u'
num_exp ::= operand
| operand ('+'|'-'|'*'|'/'|'%') num_exp
operand ::= ('+'|'-')? NUMBER
| INDEX_MARK
| '(' num_exp ')'
| variable
loop_limits ::= DELIM_OPEN
(num_exp)? ',' (num_exp)? (',' (num_exp)?)?
DELIM_CLOSE
NUMBER ::= ('0'|...|'9')+
TEXT_PATTERN::= (^('/'))+
TEXT_SUBST ::= (^(DELIM_INIT|'/'))+
TEXT_ARGS ::= (^(DELIM_INIT|')'))+
TEXT_EXP ::= (^(DELIM_INIT|DELIM_CLOSE|':'|'+'))+
TEXT ::= (^(DELIM_INIT|INDEX_OPEN|INDEX_CLOSE))+
DELIM_INIT ::= '$'
DELIM_OPEN ::= '{'
DELIM_CLOSE ::= '}'
INDEX_OPEN ::= '['
INDEX_CLOSE ::= ']'
INDEX_MARK ::= '#'
NAME_CHARS ::= 'a'|...|'z'|'A'|...|'Z'|'0'|...|'9'
The items listed in command above, which always follow a colon (:) have the following meanings:
- perform substitution if variable is empty
+ perform substitution if variable is not empty
o cut out substring of the variable value
# length of the variable value
* substitute empty string if the variable value is not empty,
otherwise substitute the trailing parameter
s regular expression search and replace. The trailing
options are: m = multiline, i = case insensitive,
g = global, t = plain text (no regexp)
y transpose characters from class A to class B
p pad variable to l = left, r = right or c = center,
with second value.
% special function call (none implemented)
l lower case the variable value
u upper case the variable value
The loop_limits are start, step, and end values.
A counter variable name followed immediately by a plus (+) will cause the counter to be incremented by one.
To create an ISO date:
DLT-${Year}-${Month:p/2/0/r}-${Day:p/2/0/r}
on 20 June 2003 would give DLT-2003-06-20
If you set the environment variable mon to
January|February|March|April|May|...
File-${mon[${Month}]}/${Day}/${Year}
on the first of March would give File-March/1/2003
Prior to version 1.37, Bacula did not have built-in communications encryption. Please see the TLS chapter if you are using Bacula 1.37 or greater.
Without too much effort, it is possible to encrypt the communications between any of the daemons. This chapter will show you how to use stunnel to encrypt communications to your client programs. We assume the Director and the Storage daemon are running on one machine that will be called server and the Client or File daemon is running on a different machine called client. Although the details may be slightly different, the same principles apply whether you are encrypting between Unix, Linux, or Win32 machines. This example was developed between two Linux machines running stunnel version 4.04-4 on a Red Hat Enterprise 3.0 system.
First, you must know that with the standard Bacula configuration, the Director will contact the File daemon on port 9102. The File daemon then contacts the Storage daemon using the address and port parameters supplied by the Director. The standard port used will be 9103. This is the typical server/client view of the world, the File daemon is a server to the Director (i.e. listens for the Director to contact it), and the Storage daemon is a server to the File daemon.
The encryption is accomplished between the Director and the File daemon by using an stunnel on the Director's machine (server) to encrypt the data and to contact an stunnel on the File daemon's machine (client), which decrypts the data and passes it to the client.
Between the File daemon and the Storage daemon, we use an stunnel on the File daemon's machine to encrypt the data and another stunnel on the Storage daemon's machine to decrypt the data.
As a consequence, there are actually four copies of stunnel running, two on the server and two on the client. This may sound a bit complicated, but it really isn't. To accomplish this, we will need to construct four separate conf files for stunnel, and we will need to make some minor modifications to the Director's conf file. None of the other conf files need to be changed.
Since pictures usually help a lot, here is an overview of what we will be doing. Don't worry about all the details of the port numbers and such for the moment.
File daemon (client):
stunnel-fd1.conf
|===========|
Port 29102 >----| Stunnel 1 |-----> Port 9102
|===========|
stunnel-fd2.conf
|===========|
Port 9103 >----| Stunnel 2 |-----> server:29103
|===========|
Director (server):
stunnel-dir.conf
|===========|
Port 29102 >----| Stunnel 3 |-----> client:29102
|===========|
stunnel-sd.conf
|===========|
Port 29103 >----| Stunnel 4 |-----> 9103
|===========|
In order for stunnel to function as a server, which it does in our diagram for Stunnel 1 and Stunnel 4, you must have a certificate and the key. It is possible to keep the two in separate files, but normally, you keep them in one single .pem file. You may create this certificate yourself in which case, it will be self-signed, or you may have it signed by a CA.
If you want your clients to verify that the server is in fact valid (Stunnel 2 and Stunnel 3), you will need to have the server certificates signed by a CA (Certificate Authority), and you will need to have the CA's public certificate (contains the CA's public key).
Having a CA signed certificate is highly recommended if you are using your client across the Internet, otherwise you are exposed to the man in the middle attack and hence loss of your data.
See below for how to create a self-signed certificate.
To simplify things a bit, let's for the moment consider only the data channel. That is the connection between the File daemon and the Storage daemon, which takes place on port 9103. In fact, in a minimalist solution, this is the only connection that needs to be encrypted, because it is the one that transports your data. The connection between the Director and the File daemon is simply a control channel used to start the job and get the job status.
Normally the File daemon will contact the Storage daemon on port 9103 (supplied by the Director), so we need an stunnel that listens on port 9103 on the File daemon's machine, encrypts the data and sends it to the Storage daemon. This is depicted by Stunnel 2 above. Note that this stunnel is listening on port 9103 and sending to server:29103. We use port 29103 on the server because if we would send the data to port 9103, it would go directly to the Storage daemon, which doesn't understand encrypted data. On the server machine, we run Stunnel 4, which listens on port 29103, decrypts the data and sends it to the Storage daemon, which is listening on port 9103.
The Storage resource of the bacula-dir.conf normally looks something like the following:
Storage {
Name = File
Address = server
SDPort = 9103
Password = storage_password
Device = File
Media Type = File
}
Notice that this is running on the server machine, and it points the File daemon back to server:9103, which is where our Storage daemon is listening. We modify this to be:
Storage {
Name = File
Address = localhost
SDPort = 9103
Password = storage_password
Device = File
Media Type = File
}
This causes the File daemon to send the data to the stunnel running on localhost (the client machine). We could have used client as the address as well.
In the diagram above, we see above Stunnel 2 that we use stunnel-fd2.conf on the client. A pretty much minimal config file would look like the following:
client = yes [29103] accept = localhost:9103 connect = server:29103
The above config file does encrypt the data but it does not require a certificate, so it is subject to the man in the middle attack. The file I actually used, stunnel-fd2.conf, looked like this:
# # Stunnel conf for Bacula client -> SD # pid = /home/kern/bacula/bin/working/stunnel.pid # # A cert is not mandatory here. If verify=2, a # cert signed by a CA must be specified, and # either CAfile or CApath must point to the CA's # cert # cert = /home/kern/stunnel/stunnel.pem CAfile = /home/kern/ssl/cacert.pem verify = 2 client = yes # debug = 7 # foreground = yes [29103] accept = localhost:9103 connect = server:29103
You will notice that I specified a pid file location because I ran stunnel under my own userid so I could not use the default, which requires root permission. I also specified a certificate that I have as well as verify level 2 so that the certificate is required and verified, and I must supply the location of the CA (Certificate Authority) certificate so that the stunnel certificate can be verified. Finally, you will see that there are two lines commented out, which when enabled, produce a lot of nice debug info in the command window.
If you do not have a signed certificate (stunnel.pem), you need to delete the cert, CAfile, and verify lines.
Note that the stunnel.pem, is actually a private key and a certificate in a single file. These two can be kept and specified individually, but keeping them in one file is more convenient.
The config file, stunnel-sd.conf, needed for Stunnel 4 on the server machine is:
# # Bacula stunnel conf for Storage daemon # pid = /home/kern/bacula/bin/working/stunnel.pid # # A cert is mandatory here, it may be self signed # If it is self signed, the client may not use # verify # cert = /home/kern/stunnel/stunnel.pem client = no # debug = 7 # foreground = yes [29103] accept = 29103 connect = 9103
It will most likely be the simplest to implement the Data Channel encryption in the following order:
stunnel stunnel-sd.conf
stunnel stunnel-fd2.conf
The Job control channel is between the Director and the File daemon, and as mentioned above, it is not really necessary to encrypt, but it is good practice to encrypt it as well. The two stunnels that are used in this case will be Stunnel 1 and Stunnel 3 in the diagram above. Stunnel 3 on the server might normally listen on port 9102, but if you have a local File daemon, this will not work, so we make it listen on port 29102. It then sends the data to client:29102. Again we use port 29102 so that the stunnel on the client machine can decrypt the data before passing it on to port 9102 where the File daemon is listening.
We need to modify the standard Client resource, which would normally look something like:
Client {
Name = client-fd
Address = client
FDPort = 9102
Catalog = BackupDB
Password = "xxx"
}
to be:
Client {
Name = client-fd
Address = localhost
FDPort = 29102
Catalog = BackupDB
Password = "xxx"
}
This will cause the Director to send the control information to localhost:29102 instead of directly to the client.
The stunnel config file, stunnel-dir.conf, for the Director's machine would look like the following:
# # Bacula stunnel conf for the Directory to contact a client # pid = /home/kern/bacula/bin/working/stunnel.pid # # A cert is not mandatory here. If verify=2, a # cert signed by a CA must be specified, and # either CAfile or CApath must point to the CA's # cert # cert = /home/kern/stunnel/stunnel.pem CAfile = /home/kern/ssl/cacert.pem verify = 2 client = yes # debug = 7 # foreground = yes [29102] accept = localhost:29102 connect = client:29102
and the config file, stunnel-fd1.conf, needed to run stunnel on the Client would be:
# # Bacula stunnel conf for the Directory to contact a client # pid = /home/kern/bacula/bin/working/stunnel.pid # # A cert is not mandatory here. If verify=2, a # cert signed by a CA must be specified, and # either CAfile or CApath must point to the CA's # cert # cert = /home/kern/stunnel/stunnel.pem CAfile = /home/kern/ssl/cacert.pem verify = 2 client = yes # debug = 7 # foreground = yes [29102] accept = localhost:29102 connect = client:29102
It will most likely be the simplest to implement the Control Channel encryption in the following order:
stunnel stunnel-dir.conf
stunnel stunnel-fd1.conf
On the client machine, you can just duplicate the setup that you have on the first client file for file and it should work fine.
In the bacula-dir.conf file, you will want to create a second client pretty much identical to how you did for the first one, but the port number must be unique. We previously used:
Client {
Name = client-fd
Address = localhost
FDPort = 29102
Catalog = BackupDB
Password = "xxx"
}
so for the second client, we will, of course, have a different name, and we will also need a different port. Remember that we used port 29103 for the Storage daemon, so for the second client, we can use port 29104, and the Client resource would look like:
Client {
Name = client2-fd
Address = localhost
FDPort = 29104
Catalog = BackupDB
Password = "yyy"
}
Now, fortunately, we do not need a third stunnel to on the Director's machine, we can just add the new port to the config file, stunnel-dir.conf, to make:
# # Bacula stunnel conf for the Directory to contact a client # pid = /home/kern/bacula/bin/working/stunnel.pid # # A cert is not mandatory here. If verify=2, a # cert signed by a CA must be specified, and # either CAfile or CApath must point to the CA's # cert # cert = /home/kern/stunnel/stunnel.pem CAfile = /home/kern/ssl/cacert.pem verify = 2 client = yes # debug = 7 # foreground = yes [29102] accept = localhost:29102 connect = client:29102 [29104] accept = localhost:29102 connect = client2:29102
There are no changes necessary to the Storage daemon or the other stunnel so that this new client can talk to our Storage daemon.
You may create a self-signed certificate for use with stunnel that will permit you to make it function, but will not allow certificate validation. The .pem file containing both the certificate and the key can be made with the following, which I put in a file named makepem:
#!/bin/sh
#
# Simple shell script to make a .pem file that can be used
# with stunnel and Bacula
#
OPENSSL=openssl
umask 77
PEM1="/bin/mktemp openssl.XXXXXX"
PEM2="/bin/mktemp openssl.XXXXXX"
${OPENSSL} req -newkey rsa:1024 -keyout $PEM1 -nodes \
-x509 -days 365 -out $PEM2
cat $PEM1 > stunnel.pem
echo "" >>stunnel.pem
cat $PEM2 >>stunnel.pem
rm $PEM1 $PEM2
The above script will ask you a number of questions. You may simply answer each of them by entering a return, or if you wish you may enter your own data.
The process of getting a certificate that is signed by a CA is quite a bit more complicated. You can purchase one from quite a number of PKI vendors, but that is not at all necessary for use with Bacula.
To get a CA signed certificate, you will either need to find a friend that has setup his own CA or to become a CA yourself, and thus you can sign all your own certificates. The book OpenSSL by John Viega, Matt Mesier & Pravir Chandra from O'Reilly explains how to do it, or you can read the documentation provided in the Open-source PKI Book project at Source Forge: http://ospkibook.sourceforge.net/docs/OSPKI-2.4.7/OSPKI-html/ospki-book.htm. Note, this link may change.
Please see the script ssh-tunnel.sh in the examples directory. It was contributed by Stephan Holl.
This document was generated using the LaTeX2HTML translator Version 2002-2-1 (1.71)
Copyright © 1993, 1994, 1995, 1996,
Nikos Drakos,
Computer Based Learning Unit, University of Leeds.
Copyright © 1997, 1998, 1999,
Ross Moore,
Mathematics Department, Macquarie University, Sydney.
The command line arguments were:
latex2html -white -no_subdir -split 0 -toc_stars -white -notransparent -init_file latex2html-init.pl bacula
The translation was initiated by on 2008-07-27