Opensource

Bacula – Open Source Network Backup

Bacula is an open source network backup solution that allows you create backups and perform data recovery of your computer systems. It is very flexible and robust, which makes it, while slightly cumbersome to configure, suitable for backups in many situations.

A backup system is an important component in most server infrastructures, as recovering from data loss is often a critical part of disaster recovery plans.

In this tutorial, we will show you how to install and configure the server components of Bacula on an Ubuntu server.

Open Source Network Backup: Bacula Prerequisites

  • You must have superuser (sudo) access on an Ubuntu server. The server will also be storing the backup archives, which will require adequate disk space for all of the backups that you plan on retaining at any given time.
  • We will configure Bacula to use private IP addresses of our servers. If you have a DNS setup, feel free to use the appropriate domain names instead.

Bacula Component Overview

Although Bacula is composed of several software components, it follows the server-client backup model; to simplify the discussion, we will focus more on the backup server and the backup clients than the individual Bacula components. Still, it is important to have cursory knowledge of the various Bacula components, so we will go over them now.

A Bacula server, which we will also refer to as the “backup server”, has these components:

  • Bacula Director (DIR): Software that controls the backup and restore operations that are performed by the File and Storage daemons
  • Storage Daemon (SD): Software that performs reads and writes on the storage devices used for backups
  • Catalog: Services that maintain a database of files that are backed up. The database is stored in an SQL database such as MySQL or PostgreSQL
  • Bacula Console: A command-line interface that allows the backup administrator to interact with, and control, Bacula Director

Note: The Bacula server components don’t need to run on the same server, but they all work together to make provide the backup server functionality.

A Bacula client, i.e. a server that will be backed up, runs the File Daemon (FD) component. The File Daemon is software that provides the Bacula server (the Director, specifically) access to the data that will be backed up. We will also refer to these servers as “backup clients” or “clients”.

As we noted in the introduction, we will configure the backup server to create a backup of its own filesystem. This means that the backup server will also be a backup client, and will run the File Daemon component.

Install MySQL

Bacula uses an SQL database, such as MySQL or PostreSQL, to manage its backups catalog. We will use MySQL in this tutorial.

First, update apt-get:

sudo apt-get update

Now install MySQL Server with apt-get:

sudo apt-get install mysql-server

You will be prompted for a password for the MySQL database administrative user, root. Enter a password, then confirm it.

Remember this password, as it will be used in the Bacula installation process.

Install Bacula

Install the Bacula server and client components, using apt-get:

sudo apt-get install bacula-server bacula-client

You will be prompted for some information that will be used to configure Postfix, which Bacula uses:

  • General Type of Mail Configuration: Choose “Internet Site”
  • System Mail Name: Enter your server’s FQDN or hostname

Next, you will be prompted for information that will be used to set up the Bacula database:

  • Configure database for bacula-director-mysql with dbconfig-common?: Select “Yes”
  • Password of the database’s administrative user: Enter your MySQL root password (set during MySQL installation)
  • MySQL application password for bacula-director-mysql: Enter a new password and confirm it, or leave the prompt blank to generate a random password

The last step in the installation is to update the permissions of a script that Bacula uses during its catalog backup job:

sudo chmod 755 /etc/bacula/scripts/delete_catalog_backup

The Bacula server (and client) components are now installed. Let’s create the backup and restore directories.

Create Backup and Restore Directories

Bacula needs a backup directory—for storing backup archives—and restore directory—where restored files will be placed. If your system has multiple partitions, make sure to create the directories on one that has sufficient space.

Let’s create new directories for both of these purposes:

sudo mkdir -p /bacula/backup /bacula/restore

We need to change the file permissions so that only the bacula process (and a superuser) can access these locations:

sudo chown -R bacula:bacula /bacula
sudo chmod -R 700 /bacula

Now we’re ready to configure the Bacula Director.

Configure Bacula Director

Bacula has several components that must be configured independently in order to function correctly. The configuration files can all be found in the /etc/bacula directory.

We’ll start with the Bacula Director.

Open the Bacula Director configuration file in your favorite text editor. We’ll use vi:

sudo vi /etc/bacula/bacula-dir.conf

Configure Local Jobs

A Bacula job is used to perform backup and restore actions. Job resources define the details of what a particular job will do, including the name of the Client, the FileSet to back up or restore, among other things.

Here, we will configure the jobs that will be used to perform backups of the local filesystem.

In the Director configuration, find the Job resource with a name of “BackupClient1” (search for “BackupClient1”). Change the value of Name to “BackupLocalFiles”, so it looks like this:

Job {
  Name = "BackupLocalFiles"
  JobDefs = "DefaultJob"
}

Next, find the Job resource that is named “RestoreFiles” (search for “RestoreFiles”). In this job, you want to change two things: update the value of Name to “RestoreLocalFiles”, and the value of Where to “/bacula/restore”. It should look like this:

Job {
  Name = "RestoreLocalFiles"
  Type = Restore
  Client=BackupServer-fd
  FileSet="Full Set"
  Storage = File
  Pool = Default
  Messages = Standard
  Where = /bacula/restore
}

This configures the RestoreLocalFiles job to restore files to /bacula/restore, the directory we created earlier.

Configure File Set

A Bacula FileSet defines a set of files or directories to include or exclude files from a backup selection, and are used by jobs.

Find the FileSet resource named “Full Set” (it’s under a comment that says, “# List of files to be backed up”). Here we will make three changes: (1) Add the option to use gzip to compress our backups, (2) change the include File from /usr/sbin to /, and (3) change the second exclude File to /bacula. With the comments removed, it should look like this:

FileSet {
  Name = "Full Set"
  Include {
    Options {
      signature = MD5
      compression = GZIP
    }    
File = /
}
  Exclude {
    File = /var/lib/bacula
    File = /bacula
    File = /proc
    File = /tmp
    File = /.journal
    File = /.fsck
  }
}

Let’s go over the changes that we made to the “Full Set” FileSet. First, we enabled gzip compression when creating a backup archive. Second, we are including /, i.e. the root partition, to be backed up. Third, we are excluding /bacula because we don’t want to redundantly back up our Bacula backups and restored files.

Note: If you have partitions that are mounted within /, and you want to include those in the FileSet, you will need to include additional File records for each of them.

Keep in mind that if you always use broad FileSets, like “Full Set”, in your backup jobs, your backups will require more disk space than if your backup selections are more specific. For example, a FileSet that only includes your customized configuration files and databases might be sufficient for your needs, if you have a clear recovery plan that details installing required software packages and placing the restored files in the proper locations, while only using a fraction of the disk space for backup archives.

Configure Storage Daemon Connection

In the Bacula Director configuration file, the Storage resource defines the Storage Daemon that the Director should connect to. We’ll configure the actual Storage Daemon in just a moment.

Find the Storage resource, and replace the value of Address, localhost, with the private IP address (or FQDN) of your backup server. It should look like this (substitute the highlighted word):

Storage {
  Name = File
# Do not use "localhost" here
  Address = backup_server_private_IP                # N.B. Use a fully qualified name here
  SDPort = 9103
  Password = "ITXAsuVLi1LZaSfihQ6Q6yUCYMUssdmu_"
  Device = FileStorage
  Media Type = File
}

This is necessary because we are going to configure the Storage Daemon to listen on the private network interface, so remote clients can connect to it.

Configure Pool

A Pool resource defines the set of storage used by Bacula to write backups. We will use files as our storage volumes, and we will simply update the label so our local backups get labeled properly.

Find the Pool resource named “File” (it’s under a comment that says “# File Pool definition”), and add a line that specifies a Label Format. It should look like this when you’re done:

# File Pool definition
Pool {
  Name = File
  Pool Type = Backup
  Label Format = Local-
  Recycle = yes                       # Bacula can automatically recycle Volumes
  AutoPrune = yes                     # Prune expired volumes
  Volume Retention = 365 days         # one year
  Maximum Volume Bytes = 50G          # Limit Volume size to something reasonable
  Maximum Volumes = 100               # Limit number of Volumes in Pool
}

Save and exit. You’re finally done configuring the Bacula Director.

Check Director Configuration:

Let’s verify that there are no syntax errors in your Director configuration file:

sudo bacula-dir -tc /etc/bacula/bacula-dir.conf

If there are no error messages, your bacula-dir.conf file has no syntax errors.

Next, we’ll configure the Storage Daemon.

Configure Storage Daemon

Our Bacula server is almost set up, but we still need to configure the Storage Daemon, so Bacula knows where to store backups.

Open the SD configuration in your favorite text editor. We’ll use vi:

sudo vi /etc/bacula/bacula-sd.conf

Configure Storage Resource

Find the Storage resource. This defines where the SD process will listen for connections. Update the value of SDAddress to the private IP address of your backup server:

Storage {                             # definition of myself
  Name = BackupServer-sd
  SDPort = 9103                  # Director's port
  WorkingDirectory = "/var/lib/bacula"
  Pid Directory = "/var/run/bacula"
  Maximum Concurrent Jobs = 20
  SDAddress = private_IP_address
}

Configure Storage Device

Next, find the Device resource named “FileStorage” (search for “FileStorage”), and update the value ofArchive Device to match your backups directory:

Device {
  Name = FileStorage
  Media Type = File
  Archive Device = /bacula/backup 
  LabelMedia = yes;                   # lets Bacula label unlabeled media
  Random Access = Yes;
  AutomaticMount = yes;               # when device opened, read it
  RemovableMedia = no;
  AlwaysOpen = no;
}

Save and exit.

Verify Storage Daemon Configuration

Let’s verify that there are no syntax errors in your Storage Daemon configuration file:

sudo bacula-sd -tc /etc/bacula/bacula-sd.conf

If there are no error messages, your bacula-sd.conf file has no syntax errors.

We’ve completed the Bacula configuration. We’re ready to restart the Bacula server components.

Restart Bacula Director and Storage Daemon

To put the configuration changes that you made into effect, restart Bacula Director and Storage Daemon with these commands:

sudo service bacula-director restart
sudo service bacula-sd restart

Now that both services have been restarted, let’s test that it works by running a backup job.

Test Backup Job

We will use the Bacula Console to run our first backup job. If it runs without any issues, we will know that Bacula is configured properly.

Now enter the Console with this command:

sudo bconsole

This will take you to the Bacula Console prompt, denoted by a * prompt.

Create a Label

Begin by issuing a label command:

label

You will be prompted to enter a volume name. Enter any name that you want:
Enter new Volume name:

MyVolume

Then select the pool that the backup should use. We’ll use the “File” pool that we configured earlier, by entering “2”:
Select the Pool (1-3):

2

Manually Run Backup Job

Bacula now knows how we want to write the data for our backup. We can now run our backup to test that it works correctly:

run

You will be prompted to select which job to run. We want to run the “BackupLocalFiles” job, so enter “1” at the prompt:
Select Job resource (1-3):

1

At the “Run Backup job” confirmation prompt, review the details, then enter “yes” to run the job:

yes

Check Messages and Status

After running a job, Bacula will tell you that you have messages. The messages are output generated by running jobs.

Check the messages by typing:

messages

The messages should say “No prior Full backup Job record found”, and that the backup job started. If there are any errors, something is wrong, and they should give you a hint as to why the job did not run.

Another way to see the status of the job is to check the status of the Director. To do this, enter this command at the bconsole prompt:

status director

If everything is working properly, you should see that your job is running. Something like this:
Output — status director (Running Jobs)

Running Jobs:
Console connected at 09-Apr-15 12:16
 JobId Level   Name                       Status
======================================================================
     3 Full    BackupLocalFiles.2015-04-09_12.31.41_06 is running
====

When your job completes, it will move to the “Terminated Jobs” section of the status report, like this:
Output — status director (Terminated Jobs)

Terminated Jobs:
 JobId  Level    Files      Bytes   Status   Finished        Name
====================================================================
     3  Full    161,124    877.5 M  OK       09-Apr-15 12:34 BackupLocalFiles

The “OK” status indicates that the backup job ran without any problems. Congratulations! You have a backup of the “Full Set” of your Bacula server.

The next step is to test the restore job.

Test Restore Job

Now that a backup has been created, it is important to check that it can be restored properly. Therestore command will allow us restore files that were backed up.

Run Restore All Job

To demonstrate, we’ll restore all of the files in our last backup:

restore all

A selection menu will appear with many different options, which are used to identify which backup set to restore from. Since we only have a single backup, let’s “Select the most recent backup”—select option 5:
Select item (1-13):

5

Because there is only one client, the Bacula server, it will automatically be selected.

The next prompt will ask which FileSet you want to use. Select “Full Set”, which should be 2:
Select FileSet resource (1-2):

2

This will drop you into a virtual file tree with the entire directory structure that you backed up. This shell-like interface allows for simple commands to mark and unmark files to be restored.

Because we specified that we wanted to “restore all”, every backed up file is already marked for restoration. Marked files are denoted by a leading * character.

If you would like to fine-tune your selection, you can navigate and list files with the “ls” and “cd” commands, mark files for restoration with “mark”, and unmark files with “unmark”. A full list of commands is available by typing “help” into the console.

When you are finished making your restore selection, proceed by typing:

done

Confirm that you would like to run the restore job:
OK to run? (yes/mod/no):

yes

Check Messages and Status

As with backup jobs, you should check the messages and Director status after running a restore job.

Check the messages by typing:

messages

There should be a message that says the restore job has started or was terminated with an “Restore OK” status. If there are any errors, something is wrong, and they should give you a hint as to why the job did not run.

Again, checking the Director status is a great way to see the state of a restore job:

status director

When you are finished with the restore, type exit to leave the Bacula Console:

exit

Verify Restore

To verify that the restore job actually restored the selected files, you can look in the /bacula/restoredirectory (which was defined in the “RestoreLocalFiles” job in the Director configuration):

sudo ls -la /bacula/restore

You should see restored copies of the files in your root file system, excluding the files and directories that were listed in the “Exclude” section of the “RestoreLocalFiles” job. If you were trying to recover from data loss, you could copy the restored files to their appropriate locations.

Delete Restored Files

You may want to delete the restored files to free up disk space. To do so, use this command:

sudo -u root bash -c "rm -rf /bacula/restore/*"

Note that you have to run this rm command as root, as many of the restored files are owned by root.

Install Bacula-web

Bacula-web is a PHP web application that provides an easy way to view summaries and graphs of Bacula backup jobs that have already run. Although it doesn’t allow you to control Bacula in any way, Bacula-web provides a graphical alternative to viewing jobs from the console. Bacula-web is especially useful for users who are new to Bacula, as its reports make it easy to understand what Bacula has been operating.

Install Nginx and PHP

Bacula-web is a PHP application, so we need to install PHP and a web server. We’ll use Nginx.

Update your apt-get listings:

sudo apt-get update

Then, install Nginx, PHP-fpm, and a few other packages with apt-get:

sudo apt-get install nginx apache2-utils php5-fpm php5-mysql php5-gd

Now we are ready to configure PHP and Nginx.

Configure PHP-FPM

Open the PHP-FPM configuration file in your favorite text editor. We’ll use vi:

sudo vi /etc/php5/fpm/php.ini

Find the line that specifies cgi.fix_pathinfo, uncomment it, and replace its value with 0. It should look like this when you’re done.

cgi.fix_pathinfo=0

Now find the date.timezone setting, uncomment it, and replace its value with your time zone. We’re in New York, so that’s what we’re setting the value to:

date.timezone = America/New_York

Save and exit.

PHP-FPM is configured properly, so let’s restart it to put the changes into effect:

sudo service php5-fpm restart

Configure Nginx

Now it’s time to configure Nginx to serve PHP applications.

First, because we don’t want unauthorized people to access Bacula-web, let’s create an htpasswd file. Use htpasswd to create an admin user, called “admin” (you should use another name), that can access the Bacula-web interface:

sudo htpasswd -c /etc/nginx/htpasswd.users admin

Enter a password at the prompt. Remember this login, as you will need it to access Bacula-web.

Now open the Nginx default server block configuration file in a text editor. We’ll use vi:

sudo vi /etc/nginx/sites-available/default

Replace the contents of the file with the following code block. Be sure to substitute the highlighted value of server_name with your server’s domain name or IP address:

server {
    listen 80 default_server;
    listen [::]:80 default_server ipv6only=on;

    root /usr/share/nginx/html;
    index index.php index.html index.htm;

    server_name server_domain_name_or_IP;

    auth_basic "Restricted Access";
    auth_basic_user_file /etc/nginx/htpasswd.users;

    location / {
        try_files $uri $uri/ =404;
    }

    error_page 404 /404.html;
    error_page 500 502 503 504 /50x.html;
    location = /50x.html {
        root /usr/share/nginx/html;
    }

    location ~ \.php$ {
        try_files $uri =404;
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass unix:/var/run/php5-fpm.sock;
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        include fastcgi_params;
    }
}

Save and exit. This configures Nginx to serve PHP applications, and to use the htpasswd file, that we created earlier, for authentication.

To put the changes into effect, restart Nginx.

sudo service nginx restart

Download and Configure Bacula-web

Change to your home directory, and download the latest Bacula-web archive

cd ~
wget --content-disposition http://www.bacula-web.org/download.html?file=files/bacula-web.org/downloads/bacula-web-7.0.3.tgz

Now create a new directory, bacula-web, change to it, and extract the Bacula-web archive:

mkdir bacula-web
cd bacula-web
tar xvf ../bacula-web-*.tgz

Before copying the files to our web server’s document root, we should configure it first.

Change to the configuration directory like this:

cd application/config

Bacula-web provides a sample configuration. Copy it like this:

cp config.php.sample config.php

Now edit the configuration file in a text editor. We’ll use vi:

vi config.php

Find the // MySQL bacula catalog, and uncomment the connection details. Also, replace thepassword value with your Bacula database password (which can be found in /etc/bacula/bacula-dir.conf in the “dbpassword” setting):

// MySQL bacula catalog
$config[0]['label'] = 'Backup Server';
$config[0]['host'] = 'localhost';
$config[0]['login'] = 'bacula';
$config[0]['password'] = 'bacula-db-pass';
$config[0]['db_name'] = 'bacula';
$config[0]['db_type'] = 'mysql';
$config[0]['db_port'] = '3306';

Save and exit.

Bacula-web is now configured. The last step is to put the application files in the proper place.

Copy Bacula-web Application to Document Root

We configured Nginx to use /usr/share/nginx/html as the document root. Change to it, and delete the default index.html, with these commands:

cd /usr/share/nginx/html
sudo rm index.html

Now, move the Bacula-web files to your current location, the Nginx document root:

sudo mv ~/bacula-web/* .

Change the ownership of the files to www-data, the daemon user that runs Nginx:

sudo chown -R www-data: *

Now Bacula-web is fully installed.

Access Bacula-web via a Browser

Bacula-web is now accessible on your server’s domain name or public IP address.

You may want to test that everything is configured properly. Luckily, a Bacula-web test page is provided. Access it by opening this URL in a web browser (substitute the highlighted part with your server’s information):

http://server_public_IP/test.php

You should see a table that shows the status of the various components of Bacula-web. They should all have a green checkmark status, except for the database modules that you don’t need. For example, we’re using MySQL, so we don’t need the other database modules:

Open Source Network Backup: Bacula Open Source Network Backup, Open Source Network Backup

 

If everything looks good, you’re ready to use the dashboard. You can access it by clicking on the top-left “Bacula-web” text, or by visiting your server in a web browser:

http://server_public_IP/

It should look something like this:

Open Source Network Backup: Bacula Open Source Network Backup Open Source Network Backup

Leave a Reply

Your email address will not be published. Required fields are marked *