Support #637: Install Bacula Server on FreeBSD - FreeBSD Administration

Support #637

Install Bacula Server on FreeBSD

Added by Daniel Curtis over 9 years ago. Updated almost 3 years ago.

Status:

Suspended

Priority:

Normal

Assignee:

Daniel Curtis

Category:

Backup Server

Target version:

FreeBSD 9

Start date:

07/28/2015

Due date:

% Done:

80%

Estimated time:

4.00 h

Spent time:

8.50 h

Description

Table of contents
Setting up the Environment
Install Bacula
Install Nginx
- Configure PHP-FPM
Install Bacula Web Tool
Resources

This is a guide for installing a Bacula Director, Storage Daemon, and File Daemon along with the Bacula Web GUI on an Nginx Server using FreeBSD 9.

Setting up the Environment¶

Start by making sure everything is up to date:

pkg update && pkg upgrade
portsnap fetch extract

Install portmaster:
```
pkg install portmaster
```

Install Bacula¶

Install the Bacula
```
portmaster sysutils/bacula-server
```
- NOTE: Bacula uses PostreSQL by default, but can use MySQL or SQLite.

(Optional) Install Bacula using pkg:
```
pkg install bacula-server
```

Configure the Director¶

Edit the bacula director config:

vi /usr/local/etc/bacula/bacula-dir.conf

Update the automatically generated Director, Client, and Storage password fields. The default director config is already setup really well, my setup is stripped down from the default, but update the file to suit your needs:

# Default Bacula Director Configuration file
#
#  The only thing that MUST be changed is to add one or more
#   file or directory names in the Include directive of the
#   FileSet resource.
#
#  For Bacula release 7.0.5 (28 July 2014) -- freebsd 9.3-RELEASE-p16
#
#  You might also want to change the default email address
#   from root to your address.  See the "mail" and "operator" 
#   directives in the Messages resource.
#

Director {  # define myself
  Name = bacula.example.com-dir
  DIRport = 9101  # where we listen for UA connections
  QueryFile = "/usr/local/share/bacula/query.sql" 
  WorkingDirectory = "/var/db/bacula" 
  PidDirectory = "/var/run" 
  Maximum Concurrent Jobs = 20
  Password = "SuperSecretDirectorPassword"  # Console password
  Messages = Daemon
}

JobDefs {
  Name = "DefaultJob" 
  Type = Backup
  Level = Incremental
  Client = bacula.example.com-fd
  FileSet = "Full Set" 
  Schedule = "WeeklyCycle" 
  Storage = File1
  Messages = Standard
  Pool = File
  SpoolAttributes = yes
  Priority = 10
  Write Bootstrap = "/var/db/bacula/%c.bsr" 
}

# Define the main nightly save backup job
#   By default, this job will back up to disk in /tmp
Job {
  Name = "BackupClient1" 
  JobDefs = "DefaultJob" 
}

# Backup the catalog database (after the nightly save)
Job {
  Name = "BackupCatalog" 
  JobDefs = "DefaultJob" 
  Level = Full
  FileSet="Catalog" 
  Schedule = "WeeklyCycleAfterBackup" 
  # This creates an ASCII copy of the catalog
  # Arguments to make_catalog_backup.pl are:
  #  make_catalog_backup.pl <catalog-name>
  RunBeforeJob = "/usr/local/share/bacula/make_catalog_backup.pl MyCatalog" 
  # This deletes the copy of the catalog
  RunAfterJob  = "/usr/local/share/bacula/delete_catalog_backup" 
  Write Bootstrap = "/var/db/bacula/%n.bsr" 
  Priority = 11                   # run after main backup
}

# Standard Restore template, to be changed by Console program
#  Only one such job is needed for all Jobs/Clients/Storage ...
Job {
  Name = "RestoreFiles" 
  Type = Restore
  Client=bacula.example.com-fd
  FileSet="Full Set" 
  Storage = File1
  Pool = File
  Messages = Standard
  Where = /tmp/bacula-restores
}

# List of files to be backed up
FileSet {
  Name = "Full Set" 
  Include {
    Options {
      signature = MD5
    }
    File = /usr/local/sbin
    File = /usr/local/etc
  }

# If you backup the root directory, the following two excluded
#   files can be useful
  Exclude {
    File = /var/db/bacula
    File = /tmp
    File = /proc
    File = /tmp
    File = /sys
    File = /.journal
    File = /.fsck
  }
}

# When to do the backups, full backup on first sunday of the month,
#  differential (i.e. incremental since full) every other sunday,
#  and incremental backups other days
Schedule {
  Name = "WeeklyCycle" 
  Run = Full 1st sun at 23:05
  Run = Differential 2nd-5th sun at 23:05
  Run = Incremental mon-sat at 23:05
}

# This schedule does the catalog. It starts after the WeeklyCycle
Schedule {
  Name = "WeeklyCycleAfterBackup" 
  Run = Full sun-sat at 23:10
}

# This is the backup of the catalog
FileSet {
  Name = "Catalog" 
  Include {
    Options {
      signature = MD5
    }
    File = "/var/db/bacula/bacula.sql" 
  }
}

# Client (File Services) to bacula.example.com
Client {
  Name = bacula.example.com-fd
  Address = bacula.example.com
  FDPort = 9102
  Catalog = MyCatalog
  Password = "SuperSecretFileDaemonPassword"  # password for FileDaemon
  File Retention = 60 days  # 60 days
  Job Retention = 6 months  # six months
  AutoPrune = yes           # Prune expired Jobs/Files
}

# Definition of file Virtual Autochanger device
Storage {
  Name = File1
# Do not use "localhost" here
  Address = bacula.example.com  # N.B. Use a fully qualified name here
  SDPort = 9103
  Password = "SuperSecretStorageDaemonPassword" 
  Device = FileChgr1
  Media Type = File1
  Maximum Concurrent Jobs = 10     # run up to 10 jobs a the same time
}

# Generic catalog service
Catalog {
  Name = MyCatalog
  dbname = "bacula"; dbuser = "bacula"; dbpassword = ""; DB Address = "db.example.com"; DB Port = "5432"; 
}

# Reasonable message delivery -- send most everything to email address
#  and to the console
Messages {
  Name = Standard
  mailcommand = "/usr/local/sbin/bsmtp -h localhost -f \"\(Bacula\) \<%r\>\" -s \"Bacula: %t %e of %c %l\" %r" 
  operatorcommand = "/usr/local/sbin/bsmtp -h localhost -f \"\(Bacula\) \<%r\>\" -s \"Bacula: Intervention needed for %j\" %r" 
  mail = root@localhost = all, !skipped
  operator = root@localhost = mount
  console = all, !skipped, !saved

# WARNING! the following will create a file that you must cycle from
#          time to time as it will grow indefinitely. However, it will
#          also keep all your messages if they scroll off the console.
  append = "/var/log/bacula.log" = all, !skipped
  catalog = all
}

# Message delivery for daemon messages (no job).
Messages {
  Name = Daemon
  mailcommand = "/usr/local/sbin/bsmtp -h localhost -f \"\(Bacula\) \<%r\>\" -s \"Bacula daemon message\" %r" 
  mail = root@localhost = all, !skipped
  console = all, !skipped, !saved
  append = "/var/log/bacula.log" = all, !skipped
}

# Default pool definition
Pool {
  Name = Default
  Pool Type = Backup
  Recycle = yes                       # Bacula can automatically recycle Volumes
  AutoPrune = yes                     # Prune expired volumes
  Volume Retention = 365 days         # one year
  Maximum Volume Bytes = 50G          # Limit Volume size to something reasonable
  Maximum Volumes = 100               # Limit number of Volumes in Pool
}

# File Pool definition
Pool {
  Name = File
  Pool Type = Backup
  Recycle = yes                       # Bacula can automatically recycle Volumes
  AutoPrune = yes                     # Prune expired volumes
  Volume Retention = 365 days         # one year
  Maximum Volume Bytes = 50G          # Limit Volume size to something reasonable
  Maximum Volumes = 100               # Limit number of Volumes in Pool
  Label Format = "Vol-"               # Auto label
}

# Scratch pool definition
Pool {
  Name = Scratch
  Pool Type = Backup
}

# Restricted console used by tray-monitor to get the status of the director
Console {
  Name = bacula.example.com-mon
  Password = "SuperSecretDirectorMonitorPassword" 
  CommandACL = status, .status
}

Now edit the bacula console config:

vi /usr/local/etc/bacula/bconsole.conf

And make sure the password is the same as defined in the Director block of the main bacula director configuration

# Bacula User Agent (or Console) Configuration File
Director {
  Name = bacula.example.com-dir
  DIRport = 9101
  address = bacula.example.com
  Password = "SuperSecretDirectorPassword" 
}

Start and enable the bacula director service at boot:

echo 'bacula_dir_enable="YES"' >> /etc/rc.conf
service bacula-dir start

Configure the Storage Daemon:¶

Edit the bacula storage configuration file:

vi /usr/local/etc/bacula/bacula-sd.conf

And modify it to suit your needs. Again, mine is just stripped down from the default:

#
# Default Bacula Storage Daemon Configuration file
#
#  For Bacula release 7.0.5 (28 July 2014) -- freebsd 9.3-RELEASE-p20
#
# You may need to change the name of your tape drive
#   on the "Archive Device" directive in the Device
#   resource.  If you change the Name and/or the
#   "Media Type" in the Device resource, please ensure
#   that dird.conf has corresponding changes.
#

Storage {                             # definition of myself
  Name = bacula.example.com-sd
  SDPort = 9103                  # Director's port
  WorkingDirectory = "/var/db/bacula" 
  Pid Directory = "/var/run" 
  Maximum Concurrent Jobs = 20
}

# List Directors who are permitted to contact Storage daemon
Director {
  Name = bacula.example.com-dir
  Password = "SuperSecretStorageDaemonPassword" 
}

# Restricted Director, used by tray-monitor to get the
#   status of the storage daemon
Director {
  Name = bacula.example.com-mon
  Password = "SuperSecretDirectorMonitorPassword" 
  Monitor = yes
}

# Devices supported by this Storage daemon
# To connect, the Director's bacula-dir.conf must have the
#  same Name and MediaType.

# Define a Virtual autochanger
Autochanger {
  Name = FileChgr1
  Device = FileChgr1-Dev1
  Changer Command = "" 
  Changer Device = /dev/null
}

Device {
  Name = FileChgr1-Dev1
  Media Type = File1
  Archive Device = /tmp
  LabelMedia = yes;                   # lets Bacula label unlabeled media
  Random Access = Yes;
  AutomaticMount = yes;               # when device opened, read it
  RemovableMedia = no;
  AlwaysOpen = no;
  Maximum Concurrent Jobs = 5
}

# Send all messages to the Director,
# mount messages also are sent to the email address
Messages {
  Name = Standard
  director = bacula.example.com-dir = all
}

Start and enable the bacula storage daemon at boot:

echo 'bacula_sd_enable="YES"' >> /etc/rc.conf
service bacula-sd start

Configure the File Daemon (Client)¶

Edit the bacula file daemon configuration file:

vi /usr/local/etc/bacula/bacula-fd.conf

And modify the config to suit your needs. Again, mine is just stripped down from the default:

# Default  Bacula File Daemon Configuration file
#
#  For Bacula release 7.0.5 (28 July 2014) -- freebsd 9.3-RELEASE-p16
#
# There is not much to change here except perhaps the
# File daemon Name to
#

# List Directors who are permitted to contact this File daemon
Director {
  Name = bacula.example.com-dir
  Password = "SuperSecretFileDaemonPassword" 
}

# Restricted Director, used by tray-monitor to get the
#   status of the file daemon
Director {
  Name = bacula.example.com-mon
  Password = "SuperSecretDirectorMonitorPassword" 
  Monitor = yes
}

# "Global" File daemon configuration specifications
FileDaemon {                          # this is me
  Name = bacula.example.com-fd
  FDport = 9102                  # where we listen for the director
  WorkingDirectory = /var/db/bacula
  Pid Directory = /var/run
  Maximum Concurrent Jobs = 20
# Plugin Directory = /usr/local/lib
}

# Send all messages except skipped files back to Director
Messages {
  Name = Standard
  director = bacula.example.com-dir = all, !skipped, !restored
}

Start and enable the bacula file daemon at boot:

echo 'bacula_fd_enable="YES"' >> /etc/rc.conf
service bacula-fd start

Configure the Database¶

Edit the bacula director config:
```
vi /usr/local/etc/bacula/bacula-dir.conf
```
- (Optional) Configure a remote database. I have my PostgreSQL database on a separate host, so I needed to change the database config parameter:

Generic catalog service

Catalog {
  Name = MyCatalog
  dbname = "bacula"; dbuser = "bacula"; dbpassword = "SuperSecretPassword"; DB Address = "db.example.com"; DB Port = "5432" 
}

Run the bacula database creation script:

/usr/local/share/bacula/create_bacula_database -h db.example.com -W -U bacula

Next run the bacula database table creation script:

/usr/local/share/bacula/make_bacula_tables -h db.example.com -W -U bacula

Then run the bacula database grant privileges script:

/usr/local/share/bacula/grant_bacula_privileges -h db.example.com -W -U bacula

Install Nginx¶

Install Nginx
```
portmaster www/nginx
```

(Optional) Install nginx using pkgng:
```
pkg install nginx
```

Start and enable nginx at boot:

echo 'nginx_enable="YES"' >> /etc/rc.conf
service nginx start

Create a configuration directory to make managing individual server blocks easier
```
mkdir /usr/local/etc/nginx/conf.d
```

Edit the main nginx config file:

vi /usr/local/etc/nginx/nginx.conf

And strip down the config file and add the include statement at the end to make it easier to handle various server blocks:

#user  nobody;
worker_processes  1;
error_log  /var/log/nginx-error.log;

events {
  worker_connections  1024;
}

http {
  include       mime.types;
  default_type  application/octet-stream;

  sendfile        on;
  #tcp_nopush     on;

  #keepalive_timeout  0;
  keepalive_timeout  65;

  #gzip  on;

  # Load config files from the /etc/nginx/conf.d directory
  include /usr/local/etc/nginx/conf.d/*.conf;

}

Configure PHP-FPM¶

Edit /usr/local/etc/php-fpm.conf:

vi /usr/local/etc/php-fpm.conf

Make the following changes:

events.mechanism = kqueue
listen = /var/run/php-fpm.sock
listen.owner = www
listen.group = www
listen.mode = 0666

Configure the default PHP settings

cp /usr/local/etc/php.ini-production /usr/local/etc/php.ini

Edit the PHP configuration file:

vi /usr/local/etc/php.ini

And set the timezone:
```
date.timezone = "America/Los_Angeles" 
```

Start and enable PHP-FPM at boot:

echo 'php_fpm_enable="YES"' >> /etc/rc.conf
service php-fpm start

Restart nginx:
```
service nginx restart
```

Install Bacula Web Tool¶

Install the bacula web frontend:
```
portmaster www/bacula-web
```

(Optional) Install Bacula Web with pkgng:
```
pkg install bacula-web
```

Change the ownsership of the bacula-web folder to the nginx user:
```
chown -R www:www /usr/local/www/bacula-web/
```

Create a new bacula-web config file:

cp /usr/local/www/bacula-web/application/config/config.php.sample /usr/local/www/bacula-web/application/config/config.php

Edit the new bacula-web config:

vi /usr/local/www/bacula-web/application/config/config.php

And change the database settings:

// PostgreSQL bacula catalog
$config[0]['label'] = 'Prod Server';
$config[0]['host'] = 'database.example.com';
$config[0]['login'] = 'bacula';
$config[0]['password'] = 'SuperSecretDatabasePassword';
$config[0]['db_name'] = 'bacula';
$config[0]['db_type'] = 'pgsql';
$config[0]['db_port'] = '5432';

Create a bacula-web nginx configuration file:

vi /usr/local/etc/nginx/conf.d/bacula-web.conf

And add the following:

server {
  listen       80;
#  server_name  bacula.example.com;
  root         /usr/local/www/bacula-web;
  access_log   /var/log/bacula.example.com-access.log;
  error_log    /var/log/bacula.example.com-error.log;

  location / {
    index  index.php index.html index.htm;
  }

  # For all PHP requests, pass them on to PHP-FPM via FastCGI
  location ~ \.php$ {
    fastcgi_pass unix:/var/run/php-fpm.sock;
    fastcgi_param SCRIPT_FILENAME /usr/local/www/bacula-web$fastcgi_script_name;
    fastcgi_param PATH_INFO $fastcgi_script_name;
    include fastcgi_params; # include extra FCGI params
  }

}