Re: [Bacula-users] client/server passwords
Hi Craig, See [1]: You should restrict access to the Bacula configuration files, so that the passwords are not world-readable. The Bacula daemons are password protected using CRAM-MD5 (i.e. the password is not sent across the network). This will ensure that not everyone can access the daemons. It is a reasonably good protection, but can be cracked by experts. [1] http://www.bacula.org/5.1.x-manuals/en/main/main/Bacula_Security_Issues.html On Tue, May 5, 2015 at 8:35 PM, Craig Shiroma shiroma.crai...@gmail.com wrote: Hello, I was wondering... Are all of the passwords exchanges used by Bacula (both server and client daemons) encrypted when going over the wire? Thanks in advance, Craig Shiroma -- One dashboard for servers and applications across Physical-Virtual-Cloud Widest out-of-the-box monitoring support with 50+ applications Performance metrics, stats and reports that give you Actionable Insights Deep dive visibility with transaction tracing using APM Insight. http://ad.doubleclick.net/ddm/clk/290420510;117567292;y ___ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users -- One dashboard for servers and applications across Physical-Virtual-Cloud Widest out-of-the-box monitoring support with 50+ applications Performance metrics, stats and reports that give you Actionable Insights Deep dive visibility with transaction tracing using APM Insight. http://ad.doubleclick.net/ddm/clk/290420510;117567292;y___ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users
Re: [Bacula-users] client/server passwords
Yes, it's encrypted with CRAM-MD5. http://en.wikipedia.org/wiki/CRAM-MD5 On Tue, May 5, 2015 at 10:18 PM, Craig Shiroma shiroma.crai...@gmail.com wrote: Hi Romeo, Thanks! Just so I understand correctly... The bacula-fd running on the clients communicate with the bacula server using the password in client's bacula-fd.conf. This authentication on the wire is actually encrypted. Is this correct? -craig On Tue, May 5, 2015 at 3:43 PM, Romeo Theriault rom...@hawaii.edu wrote: Hi Craig, See [1]: You should restrict access to the Bacula configuration files, so that the passwords are not world-readable. The Bacula daemons are password protected using CRAM-MD5 (i.e. the password is not sent across the network). This will ensure that not everyone can access the daemons. It is a reasonably good protection, but can be cracked by experts. [1] http://www.bacula.org/5.1.x-manuals/en/main/main/Bacula_Security_Issues.html On Tue, May 5, 2015 at 8:35 PM, Craig Shiroma shiroma.crai...@gmail.com wrote: Hello, I was wondering... Are all of the passwords exchanges used by Bacula (both server and client daemons) encrypted when going over the wire? Thanks in advance, Craig Shiroma -- One dashboard for servers and applications across Physical-Virtual-Cloud Widest out-of-the-box monitoring support with 50+ applications Performance metrics, stats and reports that give you Actionable Insights Deep dive visibility with transaction tracing using APM Insight. http://ad.doubleclick.net/ddm/clk/290420510;117567292;y ___ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users -- One dashboard for servers and applications across Physical-Virtual-Cloud Widest out-of-the-box monitoring support with 50+ applications Performance metrics, stats and reports that give you Actionable Insights Deep dive visibility with transaction tracing using APM Insight. http://ad.doubleclick.net/ddm/clk/290420510;117567292;y___ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users
Re: [Bacula-users] Restoring to different host
Anything in the system logs? Also check selinux, audit2allow -a /var/log/audit/audit.log to see if selinux might be stopping it. On Wed, Apr 29, 2015 at 10:07 PM, Craig Shiroma shiroma.crai...@gmail.com wrote: Hi Romeo, Yes, as root on the target host, I can create /tmp/etc. Kind of strange. Thanks, -craig On Wed, Apr 29, 2015 at 3:53 PM, Romeo Theriault rom...@hawaii.edu wrote: If you go onto the host yourself, as root can you create etc in /tmp? On Wed, Apr 29, 2015 at 9:01 PM, Craig Shiroma shiroma.crai...@gmail.com wrote: Hello, I'm trying to a restore file to a different host's /tmp. I've select the target host by changing the value of Restore Client during the restore process, selecting the desired target host to restore to from the hosts list presented. However, when I attempt the restore, I get the following error message: 2015-04-29 14:30:09target_hostname JobId 83765: Error: makepath.c:142 Cannot create directory /tmp/etc: ERR=Permission denied Any idea what could be causing the problem? Restoring to the source host is no problem. Note: I replaced the actual hostname with target_hostname in the above error message. Thanks in advance, -Craig -- One dashboard for servers and applications across Physical-Virtual-Cloud Widest out-of-the-box monitoring support with 50+ applications Performance metrics, stats and reports that give you Actionable Insights Deep dive visibility with transaction tracing using APM Insight. http://ad.doubleclick.net/ddm/clk/290420510;117567292;y ___ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users -- One dashboard for servers and applications across Physical-Virtual-Cloud Widest out-of-the-box monitoring support with 50+ applications Performance metrics, stats and reports that give you Actionable Insights Deep dive visibility with transaction tracing using APM Insight. http://ad.doubleclick.net/ddm/clk/290420510;117567292;y___ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users
Re: [Bacula-users] Restoring to different host
If you go onto the host yourself, as root can you create etc in /tmp? On Wed, Apr 29, 2015 at 9:01 PM, Craig Shiroma shiroma.crai...@gmail.com wrote: Hello, I'm trying to a restore file to a different host's /tmp. I've select the target host by changing the value of Restore Client during the restore process, selecting the desired target host to restore to from the hosts list presented. However, when I attempt the restore, I get the following error message: 2015-04-29 14:30:09target_hostname JobId 83765: Error: makepath.c:142 Cannot create directory /tmp/etc: ERR=Permission denied Any idea what could be causing the problem? Restoring to the source host is no problem. Note: I replaced the actual hostname with target_hostname in the above error message. Thanks in advance, -Craig -- One dashboard for servers and applications across Physical-Virtual-Cloud Widest out-of-the-box monitoring support with 50+ applications Performance metrics, stats and reports that give you Actionable Insights Deep dive visibility with transaction tracing using APM Insight. http://ad.doubleclick.net/ddm/clk/290420510;117567292;y ___ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users -- One dashboard for servers and applications across Physical-Virtual-Cloud Widest out-of-the-box monitoring support with 50+ applications Performance metrics, stats and reports that give you Actionable Insights Deep dive visibility with transaction tracing using APM Insight. http://ad.doubleclick.net/ddm/clk/290420510;117567292;y___ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users
Re: [Bacula-users] Adding a client remotely
If you're using chef I'd suggest splitting out each of your client config files into their own conf file and use chef templates to create them. Then have a cron script check if there are any new/changed conf files and reload the director config if their are. This is what I do. On Wed, Dec 17, 2014 at 10:29 AM, Roberto Leibman robe...@leibman.net wrote: I was able to successfully install bacula. Now the next step. I use chef to spin up various systems on aws, I need to back up each of these systems. I am able to manually go to the bacula box and add my clients. Is there a way to programatically (scripts, bconsole, whatever) register a client on the bacula box? Basically add a client to bacula-dir.conf and schedule the necessary jobs. Thanks for your answers! Roberto Leibman -- Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server from Actuate! Instantly Supercharge Your Business Reports and Dashboards with Interactivity, Sharing, Native Excel Exports, App Integration more Get technology previously reserved for billion-dollar corporations, FREE http://pubads.g.doubleclick.net/gampad/clk?id=164703151iu=/4140/ostg.clktrk ___ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users -- Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server from Actuate! Instantly Supercharge Your Business Reports and Dashboards with Interactivity, Sharing, Native Excel Exports, App Integration more Get technology previously reserved for billion-dollar corporations, FREE http://pubads.g.doubleclick.net/gampad/clk?id=164703151iu=/4140/ostg.clktrk___ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users
[Bacula-users] Help pruning expired records using bconsole prune command
Hi all, (running bacula 7.0.5) We currently, backup to disk and use 'Autoprune = True' in our Pool and Client resources to remove expired records from the catalog. This works great, but as our clients are growing I'm wanting to move away from having the pruning done during the backup period. My plan is to use 'prune expired' console command as a RunScript in the catalog backup job. Something like this [1]: Job { Name = CatalogBackup ... RunScript { Console = prune expired volume yes RunsWhen = Before } } My question though, is, since we rotate through our disk volumes, like so: Pool { Name = aim01 Storage = aim01 Pool Type = Backup Recycle = True Recycle Oldest Volume = True AutoPrune = True Volume Retention = 29 days Maximum Volumes = 30 Volume Use Duration = 23h Label Format = ${Client}-${JobId}-vol } will we ever have any volumes that are expired, and need to be pruned? In my case should I change those Console commands to: 'prune expired files yes' 'prune expired jobs yes' ? Thank you for any clarification. [1]: Taken from the Bacula community disk backup whitepaper: http://blog.bacula.org/whitepapers/CommunityDiskBackup.pdf -- Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server from Actuate! Instantly Supercharge Your Business Reports and Dashboards with Interactivity, Sharing, Native Excel Exports, App Integration more Get technology previously reserved for billion-dollar corporations, FREE http://pubads.g.doubleclick.net/gampad/clk?id=164703151iu=/4140/ostg.clktrk___ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users
Re: [Bacula-users] Planning large installation
Thank you for the response Uwe. It gives me some idea on some items to look at when scaling the environment. On Thu, Jan 9, 2014 at 3:02 AM, Uwe Schuerkamp uwe.schuerk...@nionex.net wrote: On Tue, Jan 07, 2014 at 03:32:01PM -1000, Romeo Theriault wrote: Hi Uwe, thanks for the response. I'm not sure how many directors we'll have. Was going to start with one and go from there. How many do you have for your 110 client setup? It's good to hear you're fairly happy with the separate d/p/v for each client scheme. Initially we'll be backing up about 8TB nightly on incremental's and about 30TB on a full. Any tips you might have in terms of # of directors or catalogs or media servers we should start with would be appreciated. Otherwise It'll be a trial and error for me. :) Hi Romeo, we run a total of four directors for about 200 clients, but this is due to the fact we host servers in separate locations so it makes sense to back them up locally. The largest installation has about 120 clients and runs just fine, backing up about 1 TB daily and around 6TB over the weekend over gigabit links to HP MSA boxes connected to the director /sd which sustain around 120MB/sec write speed on average (using client side compression, both gzip and lzo where necessary). You seem to expect a rather large daily backup volume though so I guess if anything you might be bandwith- rather than cpu bound. What kind of network connectivity will you be using, that throughput can be achieved on the backup disks and so on? These are all important factors in designing your infrastructure. All the best, Uwe -- NIONEX --- Ein Unternehmen der Bertelsmann SE Co. KGaA -- CenturyLink Cloud: The Leader in Enterprise Cloud Services. Learn Why More Businesses Are Choosing CenturyLink Cloud For Critical Workloads, Development Environments Everything In Between. Get a Quote or Start a Free Trial Today. http://pubads.g.doubleclick.net/gampad/clk?id=119420431iu=/4140/ostg.clktrk ___ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users
Re: [Bacula-users] Planning large installation
Hi Uwe, thanks for the response. I'm not sure how many directors we'll have. Was going to start with one and go from there. How many do you have for your 110 client setup? It's good to hear you're fairly happy with the separate d/p/v for each client scheme. Initially we'll be backing up about 8TB nightly on incremental's and about 30TB on a full. Any tips you might have in terms of # of directors or catalogs or media servers we should start with would be appreciated. Otherwise It'll be a trial and error for me. :) Thanks, Romeo On Tue, Jan 7, 2014 at 4:50 AM, Uwe Schuerkamp uwe.schuerk...@nionex.netwrote: On Thu, Dec 19, 2013 at 01:18:58PM -1000, Romeo Theriault wrote: Hello, we're planning a fairly large Bacula backup environment (~500 clients). The environment will be a purely disk based backup environment and I'm trying to determine the best way to configure the devices/pools/volumes so we can have: * a large amount of concurrent backups * maximum flexibility in changing individual client backup schedules without having to hold onto huge volumes for an extended period of time How are other large installations managing their devices/pools/volumes? I've read of some folks creating new pools/devices for each of their backup jobs so each job is in it's own volume and you can have lots of concurrent jobs while maintaining flexibility in client retention periods without huge volumes. Is this viable for a large installation? Any tips or pointers are appreciated. Thank you, Romeo Hi Romeo, how many directors will you be using for this setup, and what is the total backup size? We've been running our clients in separate d/p/v for a few years now and are quite happy with this setup (around 110 clients). If your clients don't change that often (regarding adding new ones, deleting old ones and so on) the overhead isn't too bad given the enormous flexibility this approach offers. Cheers, Uwe -- NIONEX --- Ein Unternehmen der Bertelsmann SE Co. KGaA -- Rapidly troubleshoot problems before they affect your business. Most IT organizations don't have a clear picture of how application performance affects their revenue. With AppDynamics, you get 100% visibility into your Java,.NET, PHP application. Start your 15-day FREE TRIAL of AppDynamics Pro! http://pubads.g.doubleclick.net/gampad/clk?id=84349831iu=/4140/ostg.clktrk___ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users
[Bacula-users] Planning large installation
Hello, we're planning a fairly large Bacula backup environment (~500 clients). The environment will be a purely disk based backup environment and I'm trying to determine the best way to configure the devices/pools/volumes so we can have: * a large amount of concurrent backups * maximum flexibility in changing individual client backup schedules without having to hold onto huge volumes for an extended period of time How are other large installations managing their devices/pools/volumes? I've read of some folks creating new pools/devices for each of their backup jobs so each job is in it's own volume and you can have lots of concurrent jobs while maintaining flexibility in client retention periods without huge volumes. Is this viable for a large installation? Any tips or pointers are appreciated. Thank you, Romeo -- Rapidly troubleshoot problems before they affect your business. Most IT organizations don't have a clear picture of how application performance affects their revenue. With AppDynamics, you get 100% visibility into your Java,.NET, PHP application. Start your 15-day FREE TRIAL of AppDynamics Pro! http://pubads.g.doubleclick.net/gampad/clk?id=84349831iu=/4140/ostg.clktrk___ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users