Introduction:
Bacula is an open source network backup program enabling you to backup, restore, and verify data across your network. There are Bacula clients for Linux, Windows, and Mac making it a cross-platform network wide solution. It is very flexible and robust, which makes it, while slightly cumbersome to configure, suitable for backups in many situations. A backup system is an important component in most server infrastructures, as recovering from data loss is often a critical part of disaster recovery plans. In this tutorial, we will show you how to install and configure the server components of Bacula on a Centos 7 server.
- Prerequisites:
You must have super user (sudo) access on a Centos 7 server. Also, the server will require adequate disk space for all of the backups that you plan on retaining at any given time. You should enable Private Networking on your Bacula server, and all of your client servers that are in the same datacenter region. This will allow your servers to use private networking when performing backups, reducing network overhead.- Overview:
Bacula is made up of several components and services used to manage which files to backup and backup locations:
- Bacula Director: a service that controls all backup, restore, verify, and archive operations.
- Bacula Console: an application allowing communication with the Director. There are three versions of the Console:
- Text based command line version.
- Gnome based GTK+ Graphical User Interface (GUI) interface.
- wxWidgets GUI interface.
- Bacula File: also known as the Bacula Client program. This application is installed on machines to be backed up, and is responsible for the data requested by the Director.
- Bacula Storage: it is programs that performs the storage and recovery of data to the physical media.
- Bacula Catalog: is responsible for maintaining the file indexes and volume databases for all files backed up, enabling quick location and restoration of archived files. The Catalog supports three different databases MySQL, PostgreSQL, and SQLite.
- Overview:
- Installation:
Bacula uses an SQL database, such as MySQL or Mariadb, to manage its backups catalog. We will use Mariadb. First we will login as root user.#su
Then install Bacual and mysql server using command:
# yum -y install bacula-director-mysql bacula-console bacula-client bacula-storage-mysql mysql-server mysql-devel
- Advertisement -# yum –y install mariadb-server.86_64 mariadb
Once the installation is complete, we need to start MySQL service and configure it to automatically start on system reboot with the following command:
# sudo systemctl start mariadb.service#sudo systemctl enable mariadb.service
Now create root password for mysql.
Note: i am using password as “centos” wherever i need to setup password. create your own password.
# mysqladmin -u root password centos
Next run the following commands one by one to create database and necessary tables for Bacula. Here “-u root” means that login with root account and “-p” means prompt for mysql root password in my case is “centos”.
# /usr/libexec/bacula/grant_mysql_privileges -u root -p # /usr/libexec/bacula/create_mysql_database -u root -p # /usr/libexec/bacula/make_mysql_tables -u root -p
Next, we want to run a simple security script that will remove some dangerous defaults and lock down access to our database system a little bit.
# sudo mysql_secure_installation
The prompt will ask you for your current root password. Enter the password. For the rest of the questions, you should simply hit the Enter key through each prompt to accept the default values. This will remove some sample users and databases, disable remote root logins, and load these new rules so that MySQL immediately respects the changes we have made.
It will look like this
Now we need to set the password for the Bacula database user.
Enter the MySQL console, as the root MySQL user:
# mysql -u root –p
Enter the MySQL root password.
Now set the password for the Bacula database user. Use this command, but replace “centos” with strong password:
# Mariadb [(none)]> UPDATE mysql.user SET password=PASSWORD("centos") WHERE user='bacula';Mariadb [(none)]> FLUSH PRIVILEGES;
Once you’re done here, exit the MySQL prompt:
# Mariadb [(none)]> exit
Enable MariaDB to start on boot. Use the following command to do so:
# sudo systemctl enable mariadb
Set Bacula to Use MySQL Library
By default, Bacula is set to use the PostgreSQL library. Because we are using MySQL, we need to set it to use the MySQL library instead.
Run this command:
# sudo alternatives --config libbaccats.s
You will see the following prompt.
Enter 1 (MySQL):
OutputThere are 3 programs which provide 'libbaccats.so'. Selection Command ----------------------------------------------- 1 /usr/lib64/libbaccats-mysql.so 2 /usr/lib64/libbaccats-sqlite3.so*+ 3 /usr/lib64/libbaccats-postgresql.so Enter to keep the current selection[+], or type selection number: 1
Create Backup and Restore Directories
Bacula needs a backup directory—for storing backup archives—and restore directory—where restored files will be placed. If your system has multiple partitions, make sure to create the directories on one that has sufficient space.
Let’s create new directories for both of these purposes:
# sudo mkdir -p /bacula/backup /bacula/restore
We need to change the file permissions so that only the bacula process (and a superuser) can access these locations:
# sudo chown -R bacula:bacula /bacula # sudo chmod -R 700 /bacula
Now we’re ready to configure the Bacula Director.
Configure Bacula Director
Bacula has several components that must be configured independently in order to function correctly. The configuration files can all be found in the /etc/bacula directory.
We’ll start with the Bacula Director.
Open the Bacula Director Configuration file in your favorite text editor. We’ll use vim:# sudo vim /etc/bacula/bacula-dir.conf
Configure Director Resource
In this file we will Update Bacula server hostname, bacula mysql user password, Bacula console password, Bacula file daemon password etc. Be mindful that you should use a fully qualified domain name for adding clients or simply use the IP address instead. Edit just those words are Bold.
bacula-dir.conf — Add Director DirAddress
[…]Director { # define myself
Name = bacula-dir
DIRport = 9101 # where we listen for UA connections
QueryFile = “/usr/libexec/bacula/query.sql”
WorkingDirectory = “/var/spool/bacula”
PidDirectory = “/var/run”
Maximum Concurrent Jobs = 1
Password = “centos” # Console password
Messages = Daemon[…]
# Client (File Services) to backup
Client {
Name = bacula-fd
Address = 192.168.100.146
FDPort = 9102
Catalog = MyCatalogPassword = “centos” # password for FileDaemon
File Retention = 30 days # 30 days
Job Retention = 6 months # six months
AutoPrune = yes # Prune expired Jobs/Files}
[…]# Definition of file storage device
Storage {
Name = File# Do not use “localhost” here
Address = 192.168.100.146 # N.B. Use a fully qualified name here
SDPort = 9103
Password = “centos”
Device = FileStorage
Media Type = File
}
[…]
# Generic catalog service
Catalog {
Name = MyCatalog
# Uncomment the following line if you want the dbi driver
# dbdriver = “dbi:sqlite3”; dbaddress = 127.0.0.1; dbport =
dbname = “bacula”; dbuser = “bacula“; dbpassword = “centos”}
[…]Console {
Name = bacula-mon
Password = “centos”
CommandACL = status, .status
}
Now move on to the rest of the file. Now we will Update Bacula Console.Edit file /etc/bacula/bconsole.conf
# vi /etc/bacula/bconsole.conf
Director {
Name = bacula-dir
DIRport = 9101
address = localhost
Password = “centos”
}Update Storage Daemon
Edit file /etc/bacula/bacula-sd.conf
# vi /etc/bacula/bacula-sd.conf
Update the password, Find the red lines and delete them, do not uncomment them. Also set your Archive device path.
Set password here.
[...]
Director {
Name = bacula-dir
Password = "centos"
}
Set archive path here .
Device {
Name = FileStorage
Media Type = File
Archive Device = /mybackup
LabelMedia = yes; # lets Bacula label unlabeled media
Random Access = Yes;
AutomaticMount = yes; # when device opened, read it
RemovableMedia = no;
AlwaysOpen = no;
}
[...]
Delete these lines in the picture below.
Now we will Update file daemon
Edit file /etc/bacula/bacula-fd.conf,
# vi /etc/bacula/bacula-fd.conf
Update the password.
# List Directors who are permitted to contact this File daemon
#
Director {
Name = bacula-dir
Password = "centos"
}
Delete these line in below picture
Now we finished all passwords and address modifications. Next restart all bacula daemons and make them to start automatically on every reboot.
# systemctl start bacula-dir # systemctl start bacula-fd # systemctl start bacula-sd # systemctl enable bacula-dir # systemctl enable bacula-fd # systemctl enable bacula-sd
Bacula has been successfully installed and configured. You can now add clients, jobs and volumes by updating the Bacula Config files. Alternatively you can use webmin to make the work simpler. It is quite easier then updating the Config files manually.
Manage Bacula With Webmin
Webmin is a web-based interface for system administration for Linux/Unix. Using any modern web browser, you can setup user accounts, Apache, DNS, file sharing and much more.
Download and install the latest version of webmin.
# wget http://prdownloads.sourceforge.net/webadmin/webmin-1.900-1.noarch.rpm
Webmin requires some dependencies, so we will install using this command
#yum -y install perl perl-Net-SSLeay openssl perl-IO-Tty perl-Encode-Detect # rpm -Uvh webmin-1.900-1.noarch.rpm # systemctl start webmin # systemctl enable webmin
Rule for Firewall.
Now we will Add rule for Firewall, If we want to access the bacula server from a remote system, allow the webmin port “10000” and bacula ports “9101”, “9102”, “9103” through your firewall. Open terminal and run these commands one by one.
# sudo firewall-cmd --zone=public --add-port=10000/tcp --permanent # sudo firewall-cmd --zone=public --add-port=9101/tcp --permanent # sudo firewall-cmd --zone=public --add-port=9102/tcp --permanent # sudo firewall-cmd --zone=public --add-port=9103/tcp --permanent
Reload the rules:
#firewall-cmd --reload
Access Webmin
Now you can login through webmin by “//http://server-ip-address:10000” or“http://domain-name:10000/”.
Login to webmin using your root user and its password.
If unable to login. Stop firewall (not recommended just for testing) by this command
# systemctl stop firewalld
Then try to login again if logged in then your firewall rules are need to set.
Click on the “Bacula Backup System” link. Initially the Bacula server won’t start automatically. To start Bacula server click on “Module Configuration” link on the right of the “Bacula Backup System” page.
That’s it. here you can schedule backups according to your desire.
Best of Luck. !!!!
There’s a typo:
# sudo alternatives –config libbaccats.so
instead
# sudo alternatives –config libbaccats.s