Available NS7

Maintainer

Stephane de Labrusse at stephdl@de-labrusse.fr

Is this Module helpful to you ? Please consider donating

Installation

  • First you need to install my repository, see how to do it
  • You need to install the bareos repository
wget http://download.bareos.org/bareos/release/latest/CentOS_7/bareos.repo -O /etc/yum.repos.d/bareos.repo
  • then you can install the rpm
yum install nethserver-bareos --enablerepo=stephdl

First access

It's possible to access bareos the first time pointing the browser to http://your_ip/bareos-webui, restricted to your local network, access from WAN are refused.

you have a link at the Applications menu of Nethgui and cockpit

The admin user of nethserver is the user that can authenticate in the bareos UI, think to install either openldap (nethserver-directory) or Samba AD (nethserver-dc) to create it, after this you have to set a password inside the server-manager of NethServer.

Obviously you can add more users for the UI of bareos, you simply have to create a bareos group inside the server-manager of NethServer, all members of this group will be granted to use the web UI of bareos. You have to use the short format name (user) to login to bareos, it seems the long format is not accepted(user@domain.org)

Storage

By default it is /var/lib/bareos/storage/ that is used to store all your backups, either mount a storage to this path, or check the link at the bottom to use another path

Official manual

The manual is intended to be the extended resource for all standard questions on using Bareos at https://docs.bareos.org/

Set up a backup client Set up a Relax-and-Recover with Bareos

Bareos uses rh-postgresql12, we need to enable scl before to use a bareos script and set the ENV custom port of postgresql (TCP 55434)

for example

  • upgrade the database structure
  su - postgres  -c "export PGPORT=55434;scl enable rh-postgresql12 /usr/lib/bareos/scripts/update_bareos_tables"

- backup database to /var/lib/bareos

  export PGPORT=55434;scl enable rh-postgresql12 -- /usr/lib/bareos/scripts/make_catalog_backup.pl MyCatalog

Create Clients and Jobs

An excellent documentation comes from https://www.svennd.be/bareos-articles/ I use it as a source for all these examples

Backup a NethServer

You can backup a NethServer or any other client(windows, Linux), for a client linux install bareos-fd and open the TCP port 9102 in the firewall, for NethServer you simply need to install nethserver-bareos-client from my repository.

On the client nethserver
  • First you need to install my repository, see how to do it
  • You need to install the bareos repository
wget http://download.bareos.org/bareos/release/latest/CentOS_7/bareos.repo -O /etc/yum.repos.d/bareos.repo
  • then you can install the rpm
yum install nethserver-bareos-client --enablerepo=stephdl

Depending how works your network and specifically the domain name resolution, you might have in the client to fill the domain name of the backup server with its IP in the /etc/hosts, use the UI or make a custom-template. you should give the host name (host) and the Fully qualified domain name (host.domain.org)

192.168.56.14     	ns7loc13.nethservertest.org ns7loc13
On the backup server

once installed, go to the console on the backup server. Since the web interface can’t be used (yet?) lets fire up bconsole. Adding the client is done like this (the client here is named swennd):

You need to think about good name for your client, it could be quickly a mess if you do not use relevant name.

bconsole
configure add client name=svennd address=192.168.0.2 password=SOME_PASSWORD

This should result in something like :

*configure add client name=svennd address=8.8.8.8 password=alfa123
Exported resource file "/etc/bareos/bareos-dir-export/client/svennd/bareos-fd.d/director/bareos-dir.conf":
Director {
  Name = bareos-dir
  Password = "[md5]f7180d44d3cad452f611e2dfdfd3b007"
}
Created resource config file "/etc/bareos/bareos-dir.d/client/svennd.conf":
Client {
  Name = svennd
  Address = 8.8.8.8
  Password = alfa123
}

After that the configuration for the bareos director has been made, the only configuration that still is missing is on the client, this has been made by the bconsole, and can be found in /etc/bareos/bareos-dir-export/client/svennd/bareos-fd.d/director/bareos-dir.conf we need to copy that to /etc/bareos/bareos-fd.d/director/ on the client machine.

This can be copied using scp to the client.

scp /etc/bareos/bareos-dir-export/client/svennd/bareos-fd.d/director/bareos-dir.conf root@8.8.8.8:/etc/bareos/bareos-fd.d/director/ && ssh root@8.8.8.8 "systemctl restart bareos-fd"

Then on the client you have to restart the filedaemon after any changes:

systemctl restart bareos-fd

And that’s it, now we are ready to start creating a backup job.

you can valid that the server/client can communicate

bconsole

then type:

*status client
The defined Client resources are:
     1: bareos-fd
     2: svennd
Select Client (File daemon) resource (1-5): 2
Connecting to Client ns7loc10 at 192.168.56.11:9102
Probing client protocol... (result will be saved until config reload)
 Handshake: Immediate TLS, Encryption: PSK-AES256-CBC-SHA

svennd-fd Version: 19.2.6 (11 February 2020)  Linux-3.10.0-1062.9.1.el7.x86_64 redhat CentOS Linux release 7.7.1908 (Core)
Daemon started 05-Apr-20 16:08. Jobs: run=0 running=0, bareos.org build binary
 Sizeof: boffset_t=8 size_t=8 debug=0 trace=0 bwlimit=0kB/s

Running Jobs:
bareos-dir (director) connected at: 05-Apr-20 20:03
No Jobs running.
====

Terminated Jobs:
 JobId  Level    Files      Bytes   Status   Finished        Name 
======================================================================
====

Create backup job

In the last posts, we setup bareos and connected a client to the bareos server, there are however no backup jobs auto-magically added to the bareos server so that’s our job. At first creating a job seems difficult and complex, but most of the options only become interesting in specific applications and a simple basic job can be configured pretty easy. That’s what I am going to do now, create a backup job that will incremental backup the /etc directory of my Linux client.

Job requirements

First we need to understand the target of the job, this step is important, if you don’t do it you might end up with something completely different due to the options possible with bareos.

  • run a backup of /etc daily during non-business hours, but before the nightly update.
  • To save some space, I would take incremental updates. That means I always check what changes have occurred since the last incremental update. This makes that if nothing changes 0 extra bytes are used.
  • Disk storage, we have a tape library, but lets start with normal disk storage

Schedule

Since we have a pretty well defined time of day to run the backup job, let’s start with first creating the specific schedule. In bareos all the configurations are nicely filtered in config files. In the directory /etc/bareos since we are configuring jobs that will be “directed” by the director, we need to go in the director configuration : /etc/bareos/bareos-dir.d/ there we can find the schedule directory. There might already be some examples there. But let’s create a new schedule :

nano /etc/bareos/bareos-dir.d/schedule/Nightly.conf

with the content :

Schedule {
  # name (required)
  Name = "Nightly"
  
  # run time
  # allot of options are available,
  # you can create multiple "Run =" times
  # for now lets keep it simple
  # this will run once a day, every day at 21:10
  Run = daily at 21:10
}

You can make very complex schedules, but let’s start with something simple and easy. For more complex examples and options check the bareos manuel. Most important is the Run part, where we define the run frequency and the run time. Since /etc is rather small, it can be ran daily at an arbitrary time, but let’s do it outside work hours. Before you forget, all config files should be owned by the bareos user :

chown bareos.bareos /etc/bareos/bareos-dir.d/schedule/Nightly.conf

Fileset

Next we need to let bareos know what we want to have backed up, by default one of the filesets is already useful for Linux : LinuxAll: /etc/bareos/bareos-dir.d/fileset/LinuxAll.conf

This fileset will backup all the root and all its subdirectory’s. This however is way to much and for our storage servers would simply not be possible. So let’s go ahead and create a new file :

nano /etc/bareos/bareos-dir.d/fileset/LinuxConfig.conf

with content :

FileSet {
  # name (required)
  Name = "LinuxConfig"
  # include directory
  Include {
    Options {
      # calculate a signature for all files
      # both MD5/SHA1 are available, this is definitly for long term storage
      # a good idea to activate, note that the hash ads a bit of storage overhead
      Signature = MD5
      
      # compress every file with compression software
      # best known are : LZ4/GZIP (see manual for the others)
      # LZ4 is super fast in both compression and decompression
      # I would activate this always.
      Compression = LZ4
      
      # if supported by the OS, the read time won't be adapted
      # this would generate a bunch of writes for no reason on the client machine.
      noatime = yes
    }
    # the directory we are including
    # note: no trailing slashes!
    File = /etc
  }
}
chown bareos.bareos /etc/bareos/bareos-dir.d/fileset/LinuxConfig.conf

Most important parts is the Include { File = /etc } this will make sure it includes /etc directory and all its subdirectory’s (this is also an option, but on by default)

notable options here are signature, a great feature, cause you don’t want to put back a corrupt backup … (it happens) While it has been proven that MD5 hashes can be broken it still is extremely difficult to do. But if you have that fear, you can use SHA1 which is a bit more CPU intense and takes up 4 more bytes per file but more difficult to break.

Another important feature is compression, I like LZ4 cause its fast, the CPU penalty is small compared to the storage you can gain. Note that this is run on the client. (file-daemon on client side)

Last option I included is noatime, while most storage systems already have atime off. Some system might still have it on, but I don’t see the point of knowing when a file has been read by a backup process.

Jobdefs

Next part is combining all the property’s of a job that would execute the requirements we set. This is the ‘default’ setup we start from when making jobs. Real jobs are called jobs, and can overwrite these defaults.

nano /etc/bareos/bareos-dir.d/jobdefs/BackupLinuxConfig.conf
JobDefs {
  # name (required)
  Name = "BackupLinuxConfig"
  
  # type can be backup/restore/verify
  Type = Backup
  
  # the default level bareos will try
  # can also be Full/Differential(since last full)/Incremental(since last incremental)
  Level = Incremental
  
  # the default client, to be overwritten by the job.conf
  Client = bareos-fd
  
  # what files to include/exclude
  FileSet = "LinuxConfig"
  
  # the schedule we just created
  Schedule = "Nightly"
  
  # where to store it
  Storage = File
  
  # the message reporting
  Messages = Standard
  
  # the pool where to store it
  Pool = Incremental
  
  # the higher the value priority the lower it will be dropped in the queue
  # so for important jobs priority=1 will run first
  Priority = 10
  
  # the bootstrap file keeps a "log" of all the backups, and gets rewritten every time a 
  # full backup is made, it can be used during recovery
  Write Bootstrap = "/var/lib/bareos/%c.bsr"
  
  # in case these value's get overwritten
  # define where would be a good pool to write 
  # note that full backup will be used atleast once because no full
  # backup will exist
  Full Backup Pool = Full
  Differential Backup Pool = Differential
  Incremental Backup Pool = Incremental
}
chown bareos.bareos /etc/bareos/bareos-dir.d/jobdefs/BackupLinuxConfig.conf

The client is here bareos-fd, which is a default configured client pointing to its own installation. The fileset and schedule we just created is now being referenced here. Since all backups start from a “full” backup, there needs to be a backup pool.

Now that we have a good “sketch” (jobdef) for our backup job, creating the real backup is easy.

Job

Getting the final job to work is easy, just reference the jobdefs and overwrite the value’s you want changed.

nano /etc/bareos/bareos-dir.d/job/svennd-etc-backup.conf

with content :

Job {
  # required
  Name = "svennd-etc-backup"
  
  # the default settings
  JobDefs = "BackupLinuxConfig"
  
  # overwrite the client here
  Client = "svennd"
}
chown bareos.bareos /etc/bareos/bareos-dir.d/job/svennd-etc-backup.conf

And that’s it.

Running the job

Obviously the job will start every day at 21:10, but as a test, its great if you can just start to run it now. Before you can start, be sure to check that all files you created are owned by bareos user if not :

chown bareos.bareos file.conf

Then we can go to the bconsole and reload the configuration, this is required. If you don’t do it only at the next restart of bareos-dir will the new configuration be picked up.

bconsole

and run reload :

*reload
reloaded

Once this worked and no errors where reported you can run the job we just made (you can also run it from the bareos-webui:

* run job=svennd-etc-backup
Using Catalog "MyCatalog"
Run Backup job
JobName:  svennd-etc-backup
Level:    Incremental
Client:   svennd
Format:   Native
FileSet:  LinuxConfig
Pool:     Incremental (From Job IncPool override)
Storage:  File (From Job resource)
When:     2017-03-10 15:48:01
Priority: 10
OK to run? (yes/mod/no): yes
Job queued. JobId=3

note : although I specify the jobname here, you can just run “run” and you will be prompted for the exact job you wish to run.

The log would report after a bit :

10-Mar 10:21 bareos-dir JobId 1: No prior Full backup Job record found.
10-Mar 10:21 bareos-dir JobId 1: No prior or suitable Full backup found in catalog. Doing FULL backup.
10-Mar 10:21 bareos-dir JobId 1: Start Backup JobId 1, Job=lungo-01-etc-backup.2017-03-10_10.21.46_43
10-Mar 10:21 bareos-dir JobId 1: Created new Volume "Full-0001" in catalog.
10-Mar 10:21 bareos-dir JobId 1: Using Device "FileStorage" to write.

As I said before the first backup would be a full one, and the next one, should start being incremental. If we run the job command a few times (you can use arrow up like in bash) and login in the web interface, under jobs.

And voila our first client is being backed up. Its should now be pretty easy to add more clients and get them backed up (just add more jobs under the job/ and overwrite the client). In the next post, we will look at how the backups are stored and how we can fine tune this setup.

Change default storage location

By default the device used by Bareos for data archival/storage is FileStorage. Meaning data stored is stored in images on spinning disks in the file structure:

/var/lib/bareos/storage

While this might be a good place for you, its tricky with this location is in root … (full root and whatnot) You can change this in :

/etc/bareos/bareos-sd.d/device/FileStorage.conf

By changing the archive device :

Archive Device = /backup

Obviously you could make an extra device, and I’m only scratching the options you can do here, but since your root might not be terabytes in size, changing this is pretty crucial;

After changing this, you need to restart the bareos-fd :

systemctl restart bareos-fd

You can also remove the images that already are in /var/lib/bareos/storage and delete the volumes from the database :

bconsole
delete volume=Full-0001 yes

Don’t forget to physically remove them (rm -f)

Concurrent Jobs with disk storage

Fully remove a client

DB command

[root@ns7loc11 ~]# config show bareos-dir
bareos-dir=service
    TCPPort=9101
    access=green
    status=enabled
[root@ns7loc11 ~]# config show bareos-sd
bareos-sd=service
    TCPPort=9103
    access=green
    status=enabled
[root@ns7loc11 ~]# config show bareos-fd
bareos-fd=service
    TCPPort=9102
    access=green
    status=enabled

log

check logs at

/var/log/bareos/bareos.log

Authentication

Bugs

Please raise Issues on github