Category Archives: Backup

SAN and Tape backup with bacula

Install and configure bacula for SAN and Tape backup

There is already an excellent document about bacula installation and configurations at bacula website. This article is one way of getting SAN and Tape backup working together with single bacula director installation. It assumes that you already have installed and mounted the SAN and configured the tape device.

This configuration aim at:

  • Incremental daily for 20 days
  • Differential weekly for 3 months
  • Monthly full for 6 months
  • Eject the tape to mailslot after the back and notify admin etc.

customise it based on your requirements.

The configurations are tested with HP MSL 2024 Tape library and MSA SAN array.

Bacula server setup

The configurare are done on Redhat Enterprise linux, likely similar for other Linux distros.

  • Create a user for backup
# useradd -d /home/backup backup
  • Install bacula server and create the database and database users : ref: http://www.bacula.org/5.2.x-manuals/en/main/main/Installing_Bacula.html for installation instructions.
  • Create the necessary directories:
# su - backup
$ mkdir -p /home/backup/bacula/var/lock/subsys
$ mkdir /home/backup/bacula/var/run/
  • Configure the director (bacula-dir.conf)

$ cat ~/bacula-dir.conf

# Define the director, common for SAN and Tape
Director { # define myself
Name = {hostname}-dir # use your hostname
DIRport = 9101 # where we listen for UA connections
QueryFile = "/home/backup/bacula/script/query.sql"
WorkingDirectory = "/home/backup/bacula/wdir"
PidDirectory = "/home/backup/bacula/var/run"
Maximum Concurrent Jobs = 3
Password = "{console_password} # Console password
Messages = Daemon
}
# List of files to be backed up to SAN
FileSet {
 Name = "File Set"
 Include {
 Options {
 signature = MD5
 }
 File = /
 }

 Exclude {
 File = /proc
 File = /tmp
 File = /.journal
 File = /.fsck
 }
}
# List of files to be backed up to tape
FileSet {
 Name = "tape Set"
 Include {
 Options {
 signature = MD5
 }
 File = /
 }

 Exclude {
 File = /proc
 File = /tmp
 File = /.journal
 File = /.fsck
 }
}
# Schedule for SAN backup
Schedule {
 Name = "WeeklyCycle"
 Run = Full 1st sun at 01:00
 Run = Differential 2nd-5th sun at 01:00
 Run = Incremental mon-sat at 01:00
}
# Schedule for tape backup
Schedule {
 Name = "TapeWeeklyFull"
 Run = Level=Full 1st sun at 03:00
}
# Definition of file storage (SAN)
Storage {
 Name = File
# Do not use "localhost" here
 Address = {FQDN} # N.B. Use a fully qualified name here
 SDPort = 9103
 Password = "{sdpassword}"
 Device = FileStorage
 Media Type = File
}
# Define storage (Tape)
Storage {
 Name = msl2024
 Address = {director-address}
 SDPort = 9103
 Password = "{director-password}"
 Device = MSL2024
 Media Type = LTO-4
 Autochanger = yes
 Maximum Concurrent Jobs = 3
}
# Generic catalog service
Catalog {
 Name = MyCatalog
 dbname = "dbname"; dbuser = "dbuser"; dbpassword = "dbpass"
}
# Tape catalog
Job {
 Name = "TapeBackupCatalog"
 JobDefs = "{dir-host-name}-tape"
 Level = Full
 FileSet="Catalog"
 Schedule = "CatalogAfterTapeBackup"
 RunBeforeJob = "/home/backup/bacula/script/make_catalog_backup.pl MyCatalog"
 RunAfterJob = "/home/backup/bacula/script/delete_catalog_backup"
 Write Bootstrap = "/home/backup/bacula/wdir/%n.bsr"
 Priority = 20 # run after main backup
}
# Default pool definition
Pool { 
 Name = Default
 Pool Type = Backup 
 Recycle = yes # Bacula can automatically recycle Volumes
 AutoPrune = yes # Prune expired volumes
 Volume Retention = 365 days # one year
}
# General Tape backup pool
Pool { 
 Name = TapePool
 Pool Type = Backup 
 Recycle = yes # Bacula can automatically recycle Volumes
 AutoPrune = yes # Prune expired volumes
 Volume Retention = 6 months # 6 months
 Recycle Oldest Volume = yes
 Storage = msl2024 
 Volume Use Duration = 4 days
}
## Do the following configurations for each client
# Job definition, define it for each bacula client, replace clientX_hostname, Fileset accordingly
# SAN
JobDefs {
Name = "{clientX_hostname}"
Type = Backup
Client = {clientX_hostname}-fd
FileSet = "File Set"
Schedule = "WeeklyCycle"
Storage = File
Messages = Standard
Pool = File
Full Backup Pool = Full-Pool-{clientX_hostname}
Incremental Backup Pool = Inc-Pool-{clientX_hostname}
Differential Backup Pool = Diff-Pool-{clientX_hostname}
Priority = 10
Write Bootstrap = "/home/backup/bacula/wdir/%c.bsr"
}
# Tape

JobDefs {
 Name = "{clientX_hostname}-tape"
 Type = Backup
 Client = {clientX_hostname}-tape-fd
 FileSet = "tape set"
 Schedule = "TapeWeeklyFull"
 Storage = msl2024
 Messages = Standard
 Pool = TapePool
 Full Backup Pool = TapePool
 Priority = 10
 Write Bootstrap = "/home/backup/bacula/wdir/%c.bsr"
}
# Define Job, replace clientX_hostname
# SAN
Job {
 Name = "{clientX_hostname}"
 JobDefs = "{clientX_hostname}"
}
# Tape
Job {
 Name = "{clientX_hostname}"
 JobDefs = "{clientX_hostname}-tape"
}

# Define restore job
# SAN
Job {
 Name = "RestoreFiles-{clientX_hostname}"
 Type = Restore
 Client={clientX_hostname}-fd
 FileSet="File Set" 
 Storage = File
 Pool = Default
 Messages = Standard
 Where = /home/backup/archive/bacula-restores
}
# Tape
Job {
 Name = "RestoreFiles-{clientX_hostname}-tape"
 Type = Restore
 Client={clientX_hostname}-tape-fd
 FileSet= "tape set"
 Storage = msl2024
 Pool = TapePool
 Messages = Standard
 Where = /home/backup/archive/bacula-restores
}

# Client (File Services) to backup
# SAN
Client { 
 Name = {clientX_hostname}-fd
 Address = {client_address}
 FDPort = 9102
 Catalog = MyCatalog
 Password = "{client_password}" # password for FileDaemon
 File Retention = 60 days # 60 days
 Job Retention = 6 months # six months
 AutoPrune = yes # Prune expired Jobs/Files
}
# Tape
Client {
 Name = {clientX_hostname}-tape-fd
 Address = {client_address}
 FDPort = 9202 # use different port
 Catalog = MyCatalog
 Password = "{client_password}" # password for FileDaemon
 File Retention = 6 months
 Job Retention = 6 months
 AutoPrune = yes
}
# Pool for each client
# SAN
Pool {
 Name = Full-Pool-{clientX_hostname}
 Pool Type = Backup
 Recycle = yes
 AutoPrune = yes
 Volume Retention = 6 months
 Maximum Volume Jobs = 1
 Label Format = Full-Pool-{clientX_hostname}-
 Maximum Volumes = 9
}
Pool { 
 Name = Inc-Pool-{clientX_hostname}
 Pool Type = Backup 
 Recycle = yes # automatically recycle Volumes
 AutoPrune = yes # Prune expired volumes
 Volume Retention = 20 days
 Maximum Volume Jobs = 6
 Label Format = Inc-Pool-{clientX_hostname}-
 Maximum Volumes = 7
}
Pool { 
 Name = Diff-Pool-{clientX_hostname}
 Pool Type = Backup
 Recycle = yes
 AutoPrune = yes
 Volume Retention = 40 days
 Maximum Volume Jobs = 1
 Label Format = Diff-Pool-{clientX_hostname}-
 Maximum Volumes = 10
}
# Tape, no extra definition required.

  • Make sure you label the tape and add it to the TapePool, if you tape drive has barcode device available, use
$ bconsole
* label barcode
then select the TapePool

If you have mailslot enabled you could configure the bacula to eject the tape to mailslot after backup finished and will notify.

$ cat /home/backup/bacula/script/delete_catalog_backup
# Unload the tape for storage
mtx -f /dev/sg1 unload 24 # replace 24 with your mailslot
# Send mail
/home/backup/bacula/script/mail.sh | mail -s "Tape backup done" admin@example.com

Configure storage daemon

Storage 
{ # definition of myself
 Name = {director_hostanme}-sd
 SDPort = 9103 # Director's port 
 WorkingDirectory = "/home/backup/bacula/wdir"
 Pid Directory = "/home/backup/bacula/var/run"
 Maximum Concurrent Jobs = 20
}
#
# List Directors who are permitted to contact Storage daemon
#
Director {
 Name = {director_hostname}-dir
 Password = "{director_password}"
}
# SAN
Device {
 Name = FileStorage
 Media Type = File
 Archive Device = /media/san/bacula/ # SAN volume
 LabelMedia = yes # lets Bacula label unlabeled media
 Random Access = yes
 AutomaticMount = yes # when device opened, read it
 RemovableMedia = no
 AlwaysOpen = no
}
# Tape
Autochanger {
 Name = MSL2024
 Device = lto4drive
 Changer Command = "/home/backup/bacula/script/mtx-changer %c %o %S %a %d"
 Changer Device = /dev/sg1 # change it based on your setup
}
Device {
 Name = lto4drive
 Drive Index = 0
 Media Type = LTO-4
 Archive Device = /dev/nst0
 AutomaticMount = no # when device opened, read it
 AlwaysOpen = no
 RemovableMedia = yes
 RandomAccess = no
 AutoChanger = yes
}

Client configuration

  • Install the bacula package on the client machines, except use –enable-client-only
  • Remove the director and storage daemon startup scripts
rm /etc/init.d/bacula-dir
rm /etc/init.d/bacula-sd
  • Create necessary directories
mkdir -p /home/backup/bacula/wdir /home/backup/bacula/var/run  /home/backup/bacula/var/lock/subsys/
  • Create bacula-filedeamon configuration for tape and san seperately

SAN (bacula-fd.conf)

FileDaemon { # this is me
 Name = {clientX_hostname}-fd
 FDport = 9102 # where we listen for the director
 WorkingDirectory = /home/backup/bacula/wdir
 Pid Directory = /home/backup/bacula/var/run
 Maximum Concurrent Jobs = 20
 }

Tape  (bacula-fd-tape.conf)

FileDaemon { # this is me
 Name = {clientX_hostname}-tape-fd
 FDport = 9102 # different port than the san
 WorkingDirectory = /home/backup/bacula/wdir
 Pid Directory = /home/backup/bacula/var/run
 Maximum Concurrent Jobs = 20
 }
  • Edit the bacula-fd startup script and add the extra line to start the tape file daemon
daemon /home/backup/bacula/sbin/bacula-fd $2 ${FD_OPTIONS} -c /home/backup/bacula/etc/bacula-fd-tape.conf

./arun

Install and configure rsnapshot for central backup (without root privilege)

Download and install RsnapShot
Download the latest package from: http://rsnapshot.org/downloads.html

# wget http://rsnapshot.org/downloads/rsnapshot-1.3.1-1.noarch.rpm
# rpm -Uvh rsnapshot-1.3.1-1.noarch.rpm

Configure public key authentication

– Enable public key authentication with remote hosts with normal user privilege

local# ssh-keygen -t rsa
local# scp id_rsa.pub ssh-remote-server:id_rsa.pub

remote# useradd -c “Backup user” -d /data/home/backup/ backup
remote# su – backup

remote# vi .ssh/authorized_keys

remote# chmod 600 .ssh/authorized_keys

remote# cat id_rsa.pub >> authorized_keys ; rm id_rsa.pub

Add the command allowed to execute in the authorized_keys

command=”/home/backup/validate-rsync.sh”

Create the /home/backup/validate-rsync.sh script with following contents

#!/bin/sh
case “$SSH_ORIGINAL_COMMAND” in
  *&*)
    echo “Rejected 1”
    ;;
  *;*)
    echo “Rejected 2”
    ;;
    rsync*)
    $SSH_ORIGINAL_COMMAND
    ;;
  *true*)
    echo $SSH_ORIGINAL_COMMAND
    ;;
  *)
    echo “Rejected 3”
    ;;
esac

$ chmod 700 validate-rsync.sh

Create the rsync wrapper script

$ cat  > /usr/local/bin/rsync_wrapper.sh

#!/bin/sh
/usr/bin/sudo /usr/bin/rsync “$@”;

# chmod 755 /usr/local/bin/rsync_wrapper.sh

This steps will basically force the ssh connection to execute the rsync as sudo

Grant user to execute rsync as root

backup    ALL=(root) NOPASSWD: /usr/bin/rsync

Configure Rsnapshot

master# cp /etc/rsnapshot.conf.default /etc/rsnapshot.conf

Configure path for cp, rsync, ssh, logger, du etc

set link_dest = 1

change rsync_long_args like

rsync_long_args –rsync-path=rsync_wrapper.sh –delete –numeric-ids –relative –delete-excluded

If you require daily backup for a week,

interval daily 7

More details are on the how to section for rsnapshot website
http://rsnapshot.org/howto/1.2/rsnapshot-HOWTO.en.html

Configure the hosts and file system to backup

backup      backup@remotehost:/etc/     remotehost/

./arun

 

 

 

 

Rsnapshot Lchown

# rsnapshot du localhost
require Lchown
Lchown module not found

Install the Lchown module:

# wget http://www.rsnapshot.org/downloads/extras/Lchown-1.00.tar.gz

# tar xvzf Lchown-1.00.tar.gz

# cd Lchown-1.00

# perl Makefile.PL
Checking if your kit is complete…
Looks good

# make install

# rsnapshot du localhost
require Lchown
Lchown module loaded successfully

You can also try installing the module from Perl CPAN

# perl -MCPAN -e ‘install qw(Lchown)’

./arun