[Bacula-users] Windows client and TLS
Hi, I've been running Bacula in Linux/Solaris environment for a long time. Couple of days ago, I've attempted to install Bacula file daemon on Windows box and get it to work with TLS. However, if I have TLS Require = yes in bacula-fd.conf, the file daemon crashes. If I remove it and use plaintext connections, it works. Is TLS supported in Windows version at all? Is there a minimum version of file daemon or directory/storage daemon required for Windows TLS? I've found one email in list archives where Pozdrawiam Leszek asked preaty much the same question about a month ago. However, it doesn't seem he ever got any answer. Thanks, Aleksandar Milivojevic - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users
[Bacula-users] Re: [Bacula-devel] problems migrating bacula db from postgresql to mysql
Quoting Kern Sibbald [EMAIL PROTECTED]: On Thursday 09 February 2006 21:07, Aleksandar Milivojevic wrote: This is about one problem I have, and there's also a patch attached which might be good to incorporate into future version of Bacula. I'm in the middle of migrating Bacula database from PostgreSQL to MySQL, and got into kind of trouble because of different constraints on the columns in those two databases. The job table has columns poolid and filesetid defined as NOT NULL in MySQL, but there is no such constraint in PostgreSQL. Also, Bacula utilizes foreign keys with MySQL, but not with PostgreSQL. Simmilary, sqlite and sqlite3 backends also utilize foreign keys. While I was running on PostgreSQL, I got some entries in job table with those columns set to NULL. Of course, migration is failing on those. Yes, the creation of the tables is very database dependent and was not designed for portability. In hind-sight, one could probably make them much more portable. Foreign keys were initially used in PostgreSQL, but they slowed it down considerably -- by a factor of 2-10 if I remember right ! As a consequence, they were removed since they are not used (see below). Hmmm... I'm kind of surprised there was such a huge performance penalty (and much bigger then in MySQL/InnoDB). Anyhow, if they are not used, dropping them from MySQL and/or SQLite should speed up those two a bit as well... The jobs in question seems to be either restores or failed jobs: bacula=# select jobid, type, jobstatus from job where poolid is null or filesetid is null; jobid | type | jobstatus ---+--+--- 1040 | R| T 373 | R| T 98 | B| C 97 | B| R 99 | B| C 100 | B| C 101 | B| C 1146 | B| R (8 rows) Two 'R' jobs are also failed/canceled jobs (for whatever reason, Bacula never marked them as such). Should existance of these rows in database be considered bug in Bacula? I assume that you are asking if the existence of NULLs in certain columns is considered a bug. The reason I used NOT NULL was to avoid a lot of unnecessary programming (testing each value for NULL prior to accessing it). As a consequence, in most references in Bacula to values in the tables does not check for NULL (within Bacula a zero value is equivalent for all non-character fields). If an integer value is returned as NULL and Bacula references that value, then it will most likely segfault. Hmmm... Then I guess those two columns should be declared as NOT NULL in PosgreSQL too (plus some in other tables). They are defined as NOT NULL in MySQL and SQLite versions anyhow. Unless NOT NULL was dropped from PostgreSQL version for some reason in the past? Now, I guess I could simply delete those, and also all rows from other tables that reference these rows (file, jobmedia, basefiles, and unsavedfiles). My wild guess is that if I used MySQL initially, those rows wouldn't exist anyhow (inserts would fail). Anyhow, looking at the file table, there's about 32,000 rows that I'll need to delete... Hopefully I'm not going to nuke anything too usefull... Well, I have a hard time imagining that there are 32,000 bad rows, and suspect that if you delete them you will indeed be nuking something useful. A much more conservative approach would be to replace any NULL values by 0 (zero). Ah, I already nuked them. They belonged to failed jobs anyhow... However, regardless of this problem I have, it might be good move to utilize same features on all database backends (as long as they support them), which would basically mean adding foreign key constrains to PostgreSQL data definitions (yeah, it might slow database inserts a bit). I am not much in favor of the above suggestion, unless all databases that Bacula supports (and future ones as well) have the same features. The current Bacula code (everywhere including the database) with only a few exceptions has been written to be the least common denominator. Over many years of programming, I have found this to be the best approach. One rarely experiences any performance penalties in adopting this philosophy, while the reliability and portability are significantly improved. Then I guess dropping foreign keys completely (from MySQL and SQLite) would be a way to go (although, personally, I'd rather vote for referential integrity over raw performance). Foreign keys are ignored by MySQL if MyISAM tables are used (defualt) anyhow, they work only for MySQL InnoDB tables. So not even all MySQL sites will have those consistently. By the way, now that I am working on version 1.39, I would like to integrate the Python patch that someone sent me some time ago. I think it was you who sent me the patch. In preparing to go on vacation, I saved all the patches I have received, and have integrated them all. Unfortunately, I seem to have saved the wrong Python patch (for detecting the installation directories). If you
Re: [Bacula-users] Postgres speed
Quoting Karl Hakimian [EMAIL PROTECTED]: On Fri, Feb 10, 2006 at 07:42:45PM +0100, Magnus Hagander wrote: Yes, it would be possible to commit the filename/path inserts immediately (i.e. 1 insert per transaction) but still do the file inserts within a larger transaction. Not really, if you want/need to refer to them from transaction 1. If you add them in transaction2, transaciton 1 will *never* see those rows. It'll hav eto commit and open transactio 3 before they become visible. This would still work if you opened a transaction for committing the names after you finished updating paths and filenames (I'm thinking of the case where the attributes are spooled) in a case like this, your large number of adds to the file table will not need anything that gets added to the path or filename table after you start. It all depends on selected transaction isolation level (SQL standards define four of them). PostgreSQL implements read commited level (drity read is not possible, however non-repeatable read and phantom reads are possible) and serializable level (dirty, non-repeatable and phantom reads are not possible). For proposed change to work, I guess we would need to utilize serializable transaction isolation (the most strict level). However in this mode, transaction might fail if any other transaction changed rows that would result in incosisten view for the current transaction, and Bacula would need additional code to deal with it (make appropriate adjustments to transaction and re-attempt it). For more info and much better description of isolation levels: http://www.postgresql.org/docs/8.1/interactive/transaction-iso.html This message was sent using IMP, the Internet Messaging Program. --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://sel.as-us.falkag.net/sel?cmd=lnkkid=103432bid=230486dat=121642 ___ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users
[Bacula-users] problems migrating bacula db from postgresql to mysql
This is about one problem I have, and there's also a patch attached
which might be good to incorporate into future version of Bacula.
I'm in the middle of migrating Bacula database from PostgreSQL to
MySQL, and got into kind of trouble because of different constraints on
the columns in those two databases.
The job table has columns poolid and filesetid defined as NOT NULL in
MySQL, but there is no such constraint in PostgreSQL. Also, Bacula
utilizes foreign keys with MySQL, but not with PostgreSQL. Simmilary,
sqlite and sqlite3 backends also utilize foreign keys. While I was
running on PostgreSQL, I got some entries in job table with those
columns set to NULL. Of course, migration is failing on those.
The jobs in question seems to be either restores or failed jobs:
bacula=# select jobid, type, jobstatus from job where poolid is null or
filesetid is null;
jobid | type | jobstatus
---+--+---
1040 | R| T
373 | R| T
98 | B| C
97 | B| R
99 | B| C
100 | B| C
101 | B| C
1146 | B| R
(8 rows)
Two 'R' jobs are also failed/canceled jobs (for whatever reason, Bacula
never marked them as such).
Should existance of these rows in database be considered bug in Bacula?
When using SQLite or MySQL (if InnoDB engine is used), inserting
those rows into database would fail anynow (as well as thousands of
other rows in file table that depend on them).
Now, I guess I could simply delete those, and also all rows from other
tables that reference these rows (file, jobmedia, basefiles, and
unsavedfiles). My wild guess is that if I used MySQL initially, those
rows wouldn't exist anyhow (inserts would fail). Anyhow, looking at
the file table, there's about 32,000 rows that I'll need to delete...
Hopefully I'm not going to nuke anything too usefull...
However, regardless of this problem I have, it might be good move to
utilize same features on all database backends (as long as they support
them), which would basically mean adding foreign key constrains to
PostgreSQL data definitions (yeah, it might slow database inserts a
bit). I've included a patch that does this. The patch might look
bigger than it really is, since I needed to reorder table creation.
Basically, all it does is adding foreign keys to the places where they
are defined in other backends (used MySQL backend as reference). I
haven't made an update script, since updating PostgreSQL tables to
start using foreign keys might require deletion of live data from
database (I'll leave it to someone with more internal knowledge of
Bacula).
When we are at patching... How about adding ON DELETE CASCADE to table
definitions (wherever foreign keys are used)? This would make some
stuff much easier (for example, the task that is now in front of me) if
database backend supports foreign keys (sqlite and postgresql do, mysql
depending on version and storage engine used).
This message was sent using IMP, the Internet Messaging Program.
--- bacula-1.38.2/src/cats/make_postgresql_tables.in.orig 2006-02-09 13:16:04.0 -0600
+++ bacula-1.38.2/src/cats/make_postgresql_tables.in 2006-02-09 13:50:54.0 -0600
@@ -24,29 +24,61 @@
CREATE INDEX path_name_idx on path (path);
-CREATE TABLE file
+CREATE TABLE pool
(
-fileid serial not null,
-fileindex integer not null default 0,
-jobid integer not null,
-pathid integer not null,
-filenameid integer not null,
-markid integer not null default 0,
-lstat text not null,
+poolid serial not null,
+name text not null,
+numvols integer not null default 0,
+maxvols integer not null default 0,
+useonce smallint not null default 0,
+usecatalog smallint not null default 0,
+acceptanyvolume smallint not null default 0,
+volretention bigint not null default 0,
+volusedurationbigint not null default 0,
+maxvoljobs integer not null default 0,
+maxvolfiles integer not null default 0,
+maxvolbytes bigint not null default 0,
+autoprune smallint not null default 0,
+recycle smallint not null default 0,
+pooltype text
+ check (pooltype in ('Backup','Copy','Cloned','Archive','Migration','Scratch')),
+labeltype integer not null default 0,
+labelformat text not null,
+enabled smallint not null default 1,
+scratchpoolid integer default 0 references pool,
+recyclepoolid integer default 0 references pool,
+NextPoolId integer default 0 references pool,
+MigrationHighBytes BIGINT DEFAULT 0,
+MigrationLowBytes BIGINT DEFAULT 0,
+MigrationTime BIGINT DEFAULT 0,
+primary key (poolid)
+);
+
+CREATE INDEX pool_name_idx on pool
Re: [Bacula-users] problems migrating bacula db from postgresql to mysql
Quoting Aleksandar Milivojevic [EMAIL PROTECTED]: This is about one problem I have, and there's also a patch attached which might be good to incorporate into future version of Bacula. I'm in the middle of migrating Bacula database from PostgreSQL to MySQL, and got into kind of trouble because of different constraints on the columns in those two databases. The job table has columns poolid and filesetid defined as NOT NULL in MySQL, but there is no such constraint in PostgreSQL. Also, Bacula utilizes foreign keys with MySQL, but not with PostgreSQL. Simmilary, sqlite and sqlite3 backends also utilize foreign keys. While I was running on PostgreSQL, I got some entries in job table with those columns set to NULL. Of course, migration is failing on those. BTW, looking a bit more, there are some other places where PostgreSQL data definitions are more relaxed then MySQL data definitions. For example, starttime and endtime in job table are NOT NULL in MySQL, but not in PostgreSQL (and of course, I got some NULLs in my database). Probably would be good thing to compare data definitions for three backends line-by-line and make them consistent. This message was sent using IMP, the Internet Messaging Program. --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://sel.as-us.falkag.net/sel?cmd=lnkkid=103432bid=230486dat=121642 ___ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users
[Bacula-users] slow performance when backing up server itself (compress+tls)
I've noticed that when my backup server (running 1.38.2) is backing up itself, the performance is terrible. The load average on the box goes through the roof, and I'm getting something like 60 bytes per second. The backup server is running on an older 1.7GHz machine, but still it should be plenty of CPU for this simple task. This happened after I switched to TLS. Basically, I simply configured all clients to use TLS, including file daemon on backup server itself (not really needed, but ended up being that way). I also had compression turned on. Lot of job for the CPU, but it should still yield way more than 60 bytes per second. After I disabled TLS and compression, I got something like 1.5 MB/sec. When I had it with compression-only, the performance was also good (don't remember exact numbers). Any idea why TLS is slowing it down so much? I know that same CPU needs to do encrypt and decrypt simultaniously, but it shouldn't slow it down so much. All my other clients (couple of them running on old sub-1GHz PIII boxes) don't seem to suffer from this that much (the slowest ones go to around 100-200 kB/sec with TLS and compression). This message was sent using IMP, the Internet Messaging Program. --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://sel.as-us.falkag.net/sel?cmd=lnkkid=103432bid=230486dat=121642 ___ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users
[Bacula-users] migrating to different database backend
I'd like to migrate one of my servers from PostgreSQL to MySQL. My plan was to use pg_dump to create a file with just insert commands, recreate tables in MySQL and then run commands from dump file to populate them. Reinstall director (with MySQL backend). Is this going to fly? Is there anything to watch out? Any special features (like counters) of particular database that Bacula might have used? This message was sent using IMP, the Internet Messaging Program. --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://sel.as-us.falkag.net/sel?cmd=lnkkid=103432bid=230486dat=121642 ___ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users
Re: [Bacula-users] migrating to different database backend
Dan Langille wrote: On 2 Feb 2006 at 13:57, Aleksandar Milivojevic wrote: I'd like to migrate one of my servers from PostgreSQL to MySQL. My plan was to use pg_dump to create a file with just insert commands, recreate tables in MySQL and then run commands from dump file to populate them. Reinstall director (with MySQL backend). Is this going to fly? As the author of the Bacula PostgreSQL module, I'm curious as to why you would go in that direction. Most people tend to move to PostgreSQL from MySQL. Is there something missing you need? The reasons are completely political in nature. There's nothing wrong with PostgreSQL and Bacula's PostgreSQL module. It's just that I got surrounded by too many MySQL junkies. Personally, I prefer PostgreSQL. The databases are all pretty similar. Bacula doesn't do anything particular to any one database, pretty much. OK, then I guess simply moving the tables around should work. Thanks. --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://sel.as-us.falkag.net/sel?cmd=lnkkid=103432bid=230486dat=121642 ___ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users
Re: [Bacula-users] Problem with bconsole and passphrase protected certificate key
Landon Fuller wrote: Aleksandar Milivojevic wrote: If client certificate for bconsole is passhprase protected, there is a prompt displayed to enter the passphrase. Then bconsole hangs. Ctrl-C doesn't work. The only way to get out is to kill it from another terminal. # bconsole Connecting to Director backup.foobar.com:9101 Passphrase for Director backup-dir TLS private key: - hangs right here The PEM passphrase callback makes use of getpass(). getpass() will read from and write directly to /dev/tty. If the process has no controlling TTY (eg, after calling setsid()), getpass() will write to stderr and read the password from stdin. Can you tell me more about your environment? Are you trying to pipe a password to bconsole? The code works fine here (I tested on Mac OS X and FreeBSD.): It was just standard Linux box (CentOS 4 distribution, basically RHEL 4 recompiled from sources). No fancy invocations, no pipeing. I just typed bconsole, it prompted me for passphrase and hang there. --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click ___ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users
[Bacula-users] tls
I've just started experimenting with new TLS feature. One thing that almost immediattely popped out. It would be good to have TLS Allowed DN and TLS Allowed Peer Certificate options (or something shorter for the second one). The first option (TLS Allowed DN) would be there since CN might not be unique enough (actually, I was a bit surprised that initial implementation was checking the CN, not DN). Especially on sites that already use TLS for other things and have established nameing conventions. The CN field often contains only host name, and it is common practice that it is shared by all certificates issued for services running on that host (for example, web server and bacula file daemon running on same machine might have different certificates, signed by same CA with same CN). On the other hand, DN is uniqe within single CA. It would be nice if the CA DN could also be specified (that would solve uniqeness problem in case when there is several trusted CAs). It would be nice if it was possible to match only on part of DN (for example, like in Apache configuration file). But I guess this would additionally complicate things (although, I guess for some people it would be usefull feature). The second option (TLS Allowed Peer Certificate) would allow usage of self-signed certificates for authentication. Setting up CA might be too much to ask for small sites. Using the TLS Allowed Peer Certificate, server would check if the file pointed by that option contains same certificate (public key) as the one that client presented. This message was sent using IMP, the Internet Messaging Program. --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click ___ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users
[Bacula-users] Problem with bconsole and passphrase protected certificate key
If client certificate for bconsole is passhprase protected, there is a prompt displayed to enter the passphrase. Then bconsole hangs. Ctrl-C doesn't work. The only way to get out is to kill it from another terminal. # bconsole Connecting to Director backup.foobar.com:9101 Passphrase for Director backup-dir TLS private key: - hangs right here This message was sent using IMP, the Internet Messaging Program. --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click ___ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users
Re: [Bacula-users] Re: [Bacula-devel] Using TLS
Quoting Ray Burr [EMAIL PROTECTED]: I just set mine up today. I started with Landon's configuration, but one thing I noticed is that (based on watching with tcpdump) I wasn't getting an encrypted connection from the FD to the SD. I had to add TLS Require = yes to the FileDaemon section on the client configuration to get an encrypted connection. I'm no SSL guru, so maybe I've missed some other problem in my configuration. Ah, lucky you. On my test server, the connections were actually failing until I configured TLS in those additional sections (Client in bacula-dir.conf, and FileDaemon in bacula-fd.conf). BTW, since same certificate may be used (and usually will be used) in various sections, it would be nice if CA and daemon's certificates could be referenced only from the global section of the file (for example Director section in bacula-dir.conf, Storage section in bacula-sd.conf, and FileDaemon section in bacula-fd.conf). Probably not much point in repeating same three lines for each defined Client and Storage in bacula-dir.conf (same goes for bacula-sd.conf and bacula-fd.conf, although not that much repetitions there). An option to globally enable/require TLS from global section of configuration files might be nice to have too. That way, for example, no TLS options would need to be specified in Client and Storage sections of bacula-dir.conf. This message was sent using IMP, the Internet Messaging Program. --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click ___ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users
Re: [Bacula-users] Re: gnome 1 and 1.38
Quoting D. Scott Barninger [EMAIL PROTECTED]: Unless you think otherwise I will commit the new spec as platforms/redhat/bacula-rh7.spec.in, probably next weekend when I have time to adjust the configure script. I don't wish to maintain two separate spec files going forward so I'm asking now for a volunteer from the RedHat 7.x community to take over maintenance of those packages. I'll be happy to provide whatever assistance I can to that individual. Hmmm... I've just built Bacula 1.38.2 on RHL 7.3 using standard bacula.spec file with minimal changes to disable gnome and bacula-gconsole package for this build. Yeah, lack of nested if structures is kind of pain, but there are ways around it... I'm not volunteering to take over RHL 7.3 community, however I can submit a patch to get 7.3 back into default bacula.spec file ;-). If you'r interested... Actually, what I was thinking was to reorganize bacula.spec a bit to remove all that reduntant stuff. I'm planning that for more than a month now, however haven't had time to put my hands on it. Too many projects on the radar, closing fast :-( This message was sent using IMP, the Internet Messaging Program. --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click ___ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users
[Bacula-users] default UID/GID for bacula?
Is there default UID/GID that could be used for bacula? If not, it might be nice if Bacula could get default UID and GID assigned at least in several major distributions (such as Red Hat, Debian, Suse, Mandrake). This message was sent using IMP, the Internet Messaging Program. --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click ___ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users
Re: [Bacula-users] default UID/GID for bacula?
Quoting Florian Schnabel [EMAIL PROTECTED]: checked my installations since they are all debian. doesn't look like it got a fixed UID/GID ... got 104/104 twice and twice 105/105 ^^ just curious .. but what good would a fixed UID/GID do ? It is convinient to have fixed UID/GIDs accross systems. For example, the files will have correct ownership when moved accross systems (when using UID/GID based archive formats or over NFS). This is especially important when restoring files without having entry for bacula in /etc/passwd file. Furthermore, it would be nice to have two usernames for Bacula project. The file daemon usually needs to run as root and does not require new username. The director and storage daemon would be best running as two separate non-root users. This is because director doesn't need (and shouldn't have) access to devices. Storage daemon might need access to tape devices (which could be given by either adding SD user to appropriate group, for example disk group on Red Hat systems, or changing the owner of backup device). I usually use bacula-d and bacula-s for director and storage daemon respectively (both have bacula group as their primary group, bacula-s is additionally member of disk group). Alternatively, if Debian already uses username bacula, usernames could be bacula for director and bacula-s for storage daemon. This message was sent using IMP, the Internet Messaging Program. --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click ___ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users
Re: [Bacula-users] concurrent backups to disk still hangs in 1.38.1
Quoting Kern Sibbald [EMAIL PROTECTED]: When it locks up, please get me a traceback as described in the Kaboom chapter of the manual. Make sure you do not strip the binaries during installation so that the symbol tables will be accessible ... It doesn't happen very often, but when it does, I'll send you the traceback. I'm using the RPM package (binaries were stripped automatically by rpmbuild). However rpmbuild also built bacula-debuginfo package. Can I use this bacula-debuginfo package to get you usable traceback? If so, how? Simply install it? Any additional steps? Or do I need to recompile/reinstall Bacula by hand (so I have unstripped binaries)? This message was sent using IMP, the Internet Messaging Program. --- This SF.Net email is sponsored by the JBoss Inc. Get Certified Today Register for a JBoss Training Course. Free Certification Exam for All Training Attendees Through End of 2005. For more info visit: http://ads.osdn.com/?ad_id=7628alloc_id=16845op=click ___ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users
[Bacula-users] rpm packages
I'm in the process of making couple of adjustments to bacula.spec file. This is the list of changes that I think might be worth incorporating into official bacula.spec file. If Scott and Kern like them, that is ;-) On Red Hat and look-alikes (rhl*, rhel*, centos4, fedora*), do not build mtx. mtx package is already part of distribution. Instead, put mtx package into Requires. This resolves conflicts if mtx package is already installed on the system. If for whatever reason Bacula needs it's own version of mtx, I guess the right thing to do would be to build and install mtx in bacula specific location (much like sqlite is built and installed). BTW, newer versions of centos (starting with centos 4.2) and newer fedoras have sqlite package (3.x.x), so same change could be done in that department too? Add defines for dir_daemon_user, sd_daemon_user, and fd_daemon_user, plus couple of lines of code to create users if they don't exist (much like daemon_group). Set dir_daemon_user and sd_daemon_user to bacula, and fd_daemon_user to root. Director doesn't really need to run as root. Storage daemon on most systems doesn't need either. For non-root storage daemon, either the ownership of directory/device can be adjusted on system level, or bacula user can be placed in appropriate group to give it access to storage device(s). Add '--with-*-password' set of options to configure. Storing something that looks like real passwords into default configuration files makes people lazy. Probably nobody really wants to use default passwords from RPM file anyhow. Also it doesn't make any sense. Next time packages are rebuilt, the passwords in them are going to be different anyhow (and not valid, unless all servers and clients are running exactly same OS and are all updated to new version). I used --with-dir-password=Replace with Director's password [`openssl rand -base64 16`] (and simmilary for other with-*-password options). This would generate config files where it would be obvious what password goes where and obvious that you should change Password lines, with some randomness between builds for lazy people. That's all for now. Let me know if you guys like any of those changes... This message was sent using IMP, the Internet Messaging Program. --- This SF.Net email is sponsored by the JBoss Inc. Get Certified Today Register for a JBoss Training Course. Free Certification Exam for All Training Attendees Through End of 2005. For more info visit: http://ads.osdn.com/?ad_id=7628alloc_id=16845op=click ___ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users
Re: [Bacula-users] rpm packages
Quoting Craig White [EMAIL PROTECTED]: I just love following your footsteps Aleksandar I just downloaded src rpm 1.380-1 and was about to try to build it. Do you want a test victim for your SPEC file (CentOS 4)? Here's the patched bacula.spec file. Since I was already hacking it, I went for Bacula 1.38.1. It would build 1.38.1-0.test packages. I used 0.test as release so that when Scott releases official SRPM for 1.38.1, he's is going to be newer. You'll need to download: bacula-1.38.1.tar.gz bacula-docs-1.38.1.tar.gz bacula-rescue-1.8.1.tar.gz depkgs-22Jun05.tar.gz Last two should be also in bacula-1.38.0-1.src.rpm, so you don't need to download them again. Place them wherever your sources directory is. Put bacula.spec file inthere. You'll also need to create Release_Notes-1.38.1-0.test.tar.gz file. It must contain single file Release_Notes-1.38.1-0.test.txt, you can create dummy file or just copy the file from bacula-1.38.0-1.src.rpm. In later case you'll need to rename both the archive and the txt file that is in the archive! Something like this would do the job: $ tar zxvf Release_Notes-1.38.0-1.tar.gz $ mv Release_Notes-1.38.0-1.txt Release_Notes-1.38.1-0.test.txt $ tar czvf Release_Notes-1.38.1.0.test.tar.gz Release_Notes-1.38.1-0.test.txt I was able to build the packages, however haven't tested them yet. This message was sent using IMP, the Internet Messaging Program. --- This SF.Net email is sponsored by the JBoss Inc. Get Certified Today Register for a JBoss Training Course. Free Certification Exam for All Training Attendees Through End of 2005. For more info visit: http://ads.osdn.com/?ad_id=7628alloc_id=16845op=click ___ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users
Re: [Bacula-users] rpm packages
for details.
fi
HAVE_BACULA=`grep %{fd_daemon_user} %{user_file} 2/dev/null`
if [ -z $HAVE_BACULA ]; then
%{useradd} -r -c Bacula -d %{working_dir} -g %{daemon_group} -M -n -s
/sbin/nologin %{fd_daemon_user} /dev/null 21
echo The user %{fd_daemon_user} has been added to %{user_file}.
echo See the manual chapter Running Bacula for details.
fi
%preun client
# delete our link
if [ $1 = 0 ]; then
/sbin/chkconfig --del bacula-fd
fi
%files updatedb
%defattr(-,root,root)
/etc/bacula/updatedb/*
%post updatedb
echo The database update scripts were installed to /etc/bacula/updatedb
%files gconsole
%defattr(-,root,root)
/usr/sbin/gnome-console
/etc/bacula/gconsole
%config(noreplace) /etc/bacula/gnome-console.conf
/usr/share/pixmaps/bacula.png
%if %{rh7}
/usr/share/gnome/apps/System/bacula.desktop
%else
/usr/share/applications/bacula.desktop
%endif
%if ! %{rh7} ! %{rh8}
/usr/sbin/bacula-tray-monitor
%config(noreplace) /etc/bacula/tray-monitor.conf
/usr/share/pixmaps/bacula-tray-monitor.xpm
/usr/share/applications/bacula-tray-monitor.desktop
%endif
%if ! %{su9}
# add the console helper files
%config(noreplace,missingok) /etc/pam.d/gnome-console
%config(noreplace,missingok) /etc/security/console.apps/gnome-console
/usr/bin/gnome-console
%endif
%changelog
* Fri Nov 18 2005 Aleksandar Milivojevic [EMAIL PROTECTED]
- Red Hat and look alikes have mtx RPM, do not build/package our version
* Sat Nov 05 2005 D. Scott Barninger [EMAIL PROTECTED]
- 1.38.0 release
- kern changed location of pdf files and html manual in docs package
* Sun Oct 30 2005 D. Scott Barninger [EMAIL PROTECTED]
- 1.38.0 release
- add docs (from prebuilt tarball) and rescue packages back in
- remove dvd-freespace and dvd-writepart files, add dvd-handler
- remove 3 of 4 sqlite script patches as not needed
* Sun Jul 24 2005 D. Scott Barninger [EMAIL PROTECTED]
- changes for 1.38
- remove docs and rescue sections (remove static fd)
- add dvd-freespace and dvd-writepart files
- update depkgs to 22Jun05
- change database update to 8 to 9
* Sun Jul 24 2005 D. Scott Barninger [EMAIL PROTECTED]
- minor cleanups before 1.38 changes
- add popt and popt-devel build dependencies
- add tetex and tetex-dvips dependencies for doc build
- replace deprecated Copyright tag with License
* Sat May 07 2005 D. Scott Barninger [EMAIL PROTECTED]
- move sqlite installation bindir to /usr/lib/bacula/sqlite and remove
- conflict with sqlite packages. remove readline dependency.
* Sun Apr 17 2005 D. Scott Barninger [EMAIL PROTECTED]
- release 1.36.3 update docs
* Tue Apr 05 2005 D. Scott Barninger [EMAIL PROTECTED]
- add centos4 build tag
- add x86_64 build tag
* Sun Apr 03 2005 D. Scott Barninger [EMAIL PROTECTED]
- add rhel4 build tag
- clean up for mysql4 which is now mdk-10.1, suse-9.2 and rhel4
* Sun Mar 06 2005 D. Scott Barninger [EMAIL PROTECTED]
- add rhel3 build tag
* Tue Mar 01 2005 D. Scott Barninger [EMAIL PROTECTED]
- fix tray-monitor.conf for noreplace
* Mon Feb 28 2005 D. Scott Barninger [EMAIL PROTECTED]
- fix distribution check for Fedora and Whitebox
* Sun Feb 06 2005 D. Scott Barninger [EMAIL PROTECTED]
- add logwatch script
- add dvd scripts
* Sat Jan 15 2005 D. Scott Barninger [EMAIL PROTECTED]
- add build for Fedora Core 3 (linc now included in ORDit2)
- add mysql4 define for Mandrake 10.1
* Fri Jan 14 2005 D. Scott Barninger [EMAIL PROTECTED]
- fix {group_file} variable in post scripts
* Thu Dec 30 2004 D. Scott Barninger [EMAIL PROTECTED]
- add distribution checking and custom Distribution tag
* Thu Dec 09 2004 D. Scott Barninger barninger at fairfieldcomputers.com
- ASSIGNMENT OF COPYRIGHT
- FOR VALUE RECEIVED, D. Scott Barninger hereby sells, transfers and
- assigns unto Kern Sibbald, his successors, assigns and personal
representatives,
- all right, title and interest in and to the copyright in this software RPM
- spec file. D. Scott Barninger warrants good title to said copyright, that it
is
- free of all liens, encumbrances or any known claims against said copyright.
* Sat Dec 04 2004 D. Scott Barninger barninger at fairfieldcomputers.com
- bug 183 fixes
- thanks to Daniel Widyono
- update description for rescue package to describe cdrom creation
* Thu Nov 18 2004 D. Scott Barninger barninger at fairfieldcomputers.com
- update depkgs to 29Oct04
* Fri Nov 12 2004 D. Scott Barninger barninger at fairfieldcomputers.com
- add cdrom rescue to bacula-rescue package
* Sun Oct 31 2004 D. Scott Barninger barninger at fairfieldcomputers.com
- misc fixes from 1.36.0 suse feedback
- fix situation where sqlite database exists but sqlite has been removed.
* Fri Oct 22 2004 D. Scott Barninger barninger at fairfieldcomputers.com
- remove tray-monitor from RH8 build
- fix permissions on tray-monitor files
* Wed Oct 13 2004 D. Scott Barninger barninger at fairfieldcomputers.com
- add Mandrake support and tray-monitor, misc changes for 1.35.8/1.36.0,
- change database update to 7 to 8 upgrade,
- revert depkgs to 08Mar04 as there seems
Re: [Bacula-users] rpm packages
Quoting Aleksandar Milivojevic [EMAIL PROTECTED]: Quoting Craig White [EMAIL PROTECTED]: I suspect the list stripped the attachment My mistake. I selected the file to attach in my webmail app, and forgot to click attach link... Uh, darn... Please, anybody using this spec file, first change 'Release' line to 0.test. I was experimenting with something and had it bumped to higher version, and forgot to undo it before posting the file. You probably really really want official Scott's package to have higher revision number then my testing mumbo-jumbo (unless you know exactly what you are doing, which I'm not)... This message was sent using IMP, the Internet Messaging Program. --- This SF.Net email is sponsored by the JBoss Inc. Get Certified Today Register for a JBoss Training Course. Free Certification Exam for All Training Attendees Through End of 2005. For more info visit: http://ads.osdn.com/?ad_id=7628alloc_id=16845op=click ___ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users
Re: [Bacula-users] rpm packages
Quoting Craig White [EMAIL PROTECTED]: OK - new ground here... # rpmbuild -bb bacula.spec build_centos4 error: You must specify a platform. Please examine the spec file. error: line 57: Unknown tag: exit 1 Doesn't that seem right? You need to specify which distribution and database backend you are building. For example, for CentOS 4 and PosgreSQL, you would do: $ rpmbuild -bb --define 'build_centos4 1' --define 'build_postgresql 1' bacula.spec BTW, I've just re-posted my email to bacula-devel list. It containts bacula.spec file with couple of fixes (some of which might be needed). Anybody interested in this, please check the new thread in bacula-devel list (should be in archives for those not subscribed to it). This message was sent using IMP, the Internet Messaging Program. --- This SF.Net email is sponsored by the JBoss Inc. Get Certified Today Register for a JBoss Training Course. Free Certification Exam for All Training Attendees Through End of 2005. For more info visit: http://ads.osdn.com/?ad_id=7628alloc_id=16845op=click ___ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users
Re: [Bacula-users] concurrent backups to disk still hangs in 1.38.1
Quoting Kern Sibbald [EMAIL PROTECTED]: You have multiple storage devices with the same Media Type pointing to the same directory, which means that if you run concurrent jobs, you can have two threads writing to the same file (Device:Volume), each with a different i/o packet (Device) thinking it owns the volume. This will result in chaos and corrupted backup Volumes. What you are doing is totally different from two concurrent jobs writing to to the *same* Device, something that Bacula handles quite well. Hmmm... I'm having similar problem like Luke (see one of my recent posts to the list). Using bacula 1.36.3. Unlike Luke's configuration, my configuration is a simple one (basically, very few changes from the default configuration files). I have only one storage device defined (media type = file), and I have couple of pools defined on it to have fulls and incrementals saved into different files (again, using examples from documentation with little or no changes). I'm doing concurrent backups, and director locks up from time to time. The only way to unlock it is to restart director. I can't even connect to it with bconsole when it gets locked up. If I serialize backups (only single backup at a time), everything seems to work OK. So, although Luke's configuration is probably broken, there seems to be a problem with Bacula itself too when several jobs are written to the same file. This message was sent using IMP, the Internet Messaging Program. --- This SF.Net email is sponsored by the JBoss Inc. Get Certified Today Register for a JBoss Training Course. Free Certification Exam for All Training Attendees Through End of 2005. For more info visit: http://ads.osdn.com/?ad_id=7628alloc_id=16845op=click ___ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users
[Bacula-users] stuck jobs
I'm running Bacula 1.36.3 (haven't yet upgraded) with couple of clients. Mostly, everything runs good. However, from time to time a job gets stuck, and director seems to be stuck with it too (can't connect to director with console either). I've read that Bacula has trouble with TLS libraries, and one of the first things to check was to eliminate that. Running lsof on bacula-dir processes shows they were not linked with any library in /lib/tls directory (I have export LD_ASSUME_KERNEL=2.4.19 in startup script). So I got that thing ruled out. The only way to unstuck director seems to be to restart it. After that, connecting with bconsole and running list jobs shows the job that was stuck with 'R' flag in jobstatus column, and the jobs that were supposed to run after it with 'C' flag. Should I cleanup this stale jobs from database manually? So far, it seems to only happen for first incremental backup that follows either full or differential (well, 2 out of 2 times, could be coincidence). This message was sent using IMP, the Internet Messaging Program. --- This SF.Net email is sponsored by the JBoss Inc. Get Certified Today Register for a JBoss Training Course. Free Certification Exam for All Training Attendees Through End of 2005. For more info visit: http://ads.osdn.com/?ad_id=7628alloc_id=16845op=click ___ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users
Re: [Bacula-users] Comments in FileSet example?
Quoting Timo Neuvonen [EMAIL PROTECTED]: 1.36.3. bacula-dir.conf has the following lines in fileset configuration example: # Note: / backs up everything on the root partition. #if you have other partitons such as /usr or /home #you will probably want to add them too. # What does this actually mean? Maybe I'm thinking something in a wrong way, but does Bacula know anything about disk partitions? If /usr or /home in the above are on the partitions of their own, what does it matter? They are accessible under / anyway, since they are mounted properly. If it was about unmounted partitions, that's a different thing, but then they are not accessed any more as /usr etc. While all your mounted file systems are accessible by recursing directories starting with /, Bacula will stop when it hits directory that is mount point of another file system (in other words resides on different physical or logical device than its parent). Usually this is a good thing. Prevents Bacula from backing up file systems you might not want to back up (such as CD-ROMs, DVDs, NFS mounted partitions, temporary mounts somebody forgot to unmount, and so on). Imagine you forget to unmount that dual-layer DVD, and next night your incremental backup goes from couple of megs to 9 gigs ;-). Or even worse, somebody NFS mounted that several-TB partition from your big file server... You can controll this by using onefs option. Default value of onefs is true, and Bacula will not cross file system boundaries. By setting onefs to false, Bacula will cross file system boundaries (but you better make sure to exclude all junk mentioned earlier). You can also use fstype option (in addition to onefs) to limit backup to ext2/3 file system only (or whatever file system types you have on your local hard drive). Do note that Bacula has only a limited list of file system types it can recognize. Also, note that DVD-RAM can be formatted as basically any file system type (including ext2). Once I formatted is as vfat, just to try that out. Unlike DVD+-RW, DVD-RAM behaves just like (removable) hard drive or huge floppy. Usually you'd format is as UDF, don't know why would anybody format it as anything else, but still, there's possibility. USB keys can also be formatted as any type of file system (not sure if you format it as ext2, if Bacula will consider it ext2 or usbdevfs) and they are getting into GB range these days. So in short, be carefull with setting onefs to false. This message was sent using IMP, the Internet Messaging Program. --- SF.Net email is sponsored by: Tame your development challenges with Apache's Geronimo App Server. Download it for free - -and be entered to win a 42 plasma tv or your very own Sony(tm)PSP. Click here to play: http://sourceforge.net/geronimo.php ___ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users
Re: [Bacula-users] Compression Exb-8900
Quoting Trevor Morrison [EMAIL PROTECTED]: Hi, I have an Exabyte-8900 20/40 GB drive and it does a great job backing up my boxes. My question is: After about 25 GB, Bacula says the tape is full and wants another tape. According to the LCD display on the drive itself, compression is turned on. So, how can I tell Bacula to write up to 40 GB worth of data to the tape before changing? The 40GB is relatively unrealistic 1:2 compression. The real compression (and tape's capacity) that you'll get depends on the files you actually back up. If they were already compressed, you won't get any compression in the drive (you can't compress compressed files), so you'll fit only about 20GB worth of data on the drive (same as not using compression). If you are backing up text files (which can be nicely compressed) you'd be closer to 40GB. In general case, you could expect your compression ratio to be somewhere between 25% and 75%, but very rarely to be what manufacturer told you. Anyhow, if you have enough CPU power, I found that software compression (using gzip) does better job than hardware compression in the drive. If you are compressing files that can actually be compressed. See the compression option in the FileSet resource chapter. However, unlike hardware compression in the drive, compressing compressed file (or extremely small file, like couple of bytes) with gzip will produce larger file then original ;-) For example, try this: echo a a; ls -l a for a in 1 2 3 4 5; do gzip -v a; ls -l a.gz; mv a.gz a; done rm a Moral of the story, know your files before compressing them ;-) This message was sent using IMP, the Internet Messaging Program. --- SF.Net email is sponsored by: Tame your development challenges with Apache's Geronimo App Server. Download it for free - -and be entered to win a 42 plasma tv or your very own Sony(tm)PSP. Click here to play: http://sourceforge.net/geronimo.php ___ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users
Re: [Bacula-users] Compression Exb-8900
Quoting Phil Stracchino [EMAIL PROTECTED]: Aleksandar Milivojevic wrote: Anyhow, if you have enough CPU power, I found that software compression (using gzip) does better job than hardware compression in the drive. Interesting -- this is the reverse of my experience. I've found hardware compression to give me comparable data compression and much faster actual throughput, with much lower host system CPU load. (And the host system is an AthlonXP 1700+, so it's no slouch.) Well, it also depends on the actuall tape drive you have, and on the type of files being compressed. After all, there's theoreticall maximum the file can be compressed to, the closer you go to that theoreticall maximum, more CPU power you need (and it's growing exponentially, sometime a lot more CPU is needed to get only small decrease in compressed file's size). Compression algorithms in the drives are optimized to be primarly fast enough to compress at the speed data can be written to the tape, with actuall compression ratio being secondary objective. I probably needed to include usually and/or your experience may vary in my original text ;-) Gzip, on the other hand, is optimized to give high compression ratios at expense of the speed. You can tune it to some degree using -1 (fast, lower compression) to -9 (slow, higher compression) options, with default being -6 (slightly biased to better compression at expense of speed). The difference between -1 and -9 (in terms of speed) can be as big as two to three times (or negligable, depending on compressability and the size of actuall files being compressed). If you have very fast tape drives, and backing up single machine at a time, gzip might not be able to compress fast enough. On the other hand, if I'm not mistaken, software compression is done on the client side (in file daemon), so it is distributed. If you are doing several clients in parallel, you should be able to feed the drives with continous data stream. Plus, network bandwith consumed for your backup will be lower (for example, you are backing up machine on remote site over slow(er) link). So, both software and hardware compressions have their cons and pros, and there's really no definite answer which one is better. This message was sent using IMP, the Internet Messaging Program. --- This SF.Net email is sponsored by: Power Architecture Resource Center: Free content, downloads, discussions, and more. http://solutions.newsforge.com/ibmarch.tmpl ___ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users
[Bacula-users] files changed during backup
Just couple of thoughts. I've got email, with subject line saying my restore failed. Almost gave me heart attack. Then I realized it was just one of the log files (size probably changed while Bacula was reading it), and all the other files (that I actaully cared about) were restored correctly. Would it be better if this was reported as warning? Or even better, reported as warning during the backup? The former would be less confusing to the user (OK, all your files were restored, but here are some warnings about them). And a lot safer too. No heart attacks what you get that email with subject line saying the restore failed. However it is already too late to do anything about the file the error/warning is complaining about. The later might be better time to complain (issue warning), since usually something can be done about it (if needed) while the file warning is about is still safe on the disc ;-) -- Aleksandar Milivojevic This message was sent using IMP, the Internet Messaging Program. --- SF.Net email is sponsored by: Tame your development challenges with Apache's Geronimo App Server. Download it for free - -and be entered to win a 42 plasma tv or your very own Sony(tm)PSP. Click here to play: http://sourceforge.net/geronimo.php ___ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users
Re: [Bacula-users] Rescue disk problems on a FC 4 box
Quoting Kern Sibbald [EMAIL PROTECTED]:
On Wednesday 14 September 2005 05:59, Aleksandar Milivojevic wrote:
It is possible to correctly restore even with /etc/passwd (and/or
/etc/group) file completely missing from the system. What for example
if I delete /etc/passwd by mistake? Even pre-historic Unix dump/restore
commands can do that. So yes, it is an issue with Bacula if it can't
restore ownerships and permissions to their original (numeric) values.
As I previously mentioned, this is exactly what Bacula does -- it restores
owenerships and permissions to their original numeric values.
You have UID, GID, and file mode (permissions). Simply restore them to
their original values.
It does that.
Well, Bacula hasn't done it for me. Almost all directories were restored with
permissions of 744 (rwxr--r--), user root, group root. Which was
totaly wrong.
My testing setup was rather simple. Bacula 1.36.3, PostreSQL 7.4.7 as
database
backend, two clients (backup server itself and one testing box). The fileset
directive was same for both client:
FileSet {
Name = Full Set
Include {
Options { signature = SHA1; compression = GZIP; }
File = /
File = /boot
File = /var
File = /srv
}
Exclude {
File = /proc
File = /tmp
File = .journal
File = .autofsck
File = /var/lib/pgsql
}
}
I did one full backup of both clients. Then took another testbox (with empty
discs), booted into rescue, recreated mirroring and LVM (md0 for /boot,
md1 for
physical volume for LVM, and all other file systems stored in logical volumes
under LVM) and mounted partitions under /mnt/sysimage. Copied over copy of
bacula-fd and bacula-fd.conf from first testbox (chaning client name in
bacula-fd.conf), and run it as user root. From console on backup server, I
initiated full restore of the client (relocating files to /mnt/sysimage and
telling it to restore first testbox to second testbox). I ended up with
screwed ownerships and screwed permissions on almost all directories. I think
that not even all of the regular files were restored correctly (I should have
done a better post-mortem analysis, sorry). But directories. They
were almost
all wrong.
Next day I spent Googling around and reading some more docs. Google revealed
that I was not the only one with the problem, but no answers or
explanations. I was hoping I would find something in lists archives,
but other then one or
two emails from people experiencing same problem with bacula, there was
nothing. I found rather unlogical requirement in docs that system's
passwd and
group files should be present before restoring. So I restored those files
first, placing them into what bacula-fd would see as /etc directory (not to be
confused with /mnt/sysimage/etc that would become /etc after reboot).
Then did
restore again (this time it had one full backup and one incremental to restore
from), and this time everything was restored correctly.
/etc/passwd and /etc/group files contain only relation between symbolic
user and group names and UID and GID numbers.
If I am not mistaken, this is a bit of a simplification of what actually goes
on.
Well, yes. But just a bit. It's used whenever system interacts with humans
(for example checking usernames and passwords). But internally, system uses
UIDs only. After all, users does not need to be local to machine, file
systems
do not need to be local to machine, and kernel has no way of accessing
databases
such as LDAP or NIS (it's performed on user-level only). This is true
for Unix.
Windows NT (when using NTFS) is storing some crap based on actual usernames
into file system's metadata, and access to actual user database is needed to
correctly update NTFS metadata. That's the reason why it is bad idea to mount
NTFS partition read/write under Linux (and also why WinXP refuses to access
disc formatted as NTFS on some other WinXP box (unless in some specific cases
when AD is used), and in case you wondered why Windows allows you to format
removable media only as FAT/FAT32, or why by default NTFS support under Linux
is read-only with read/write being highly discouraged compile time option --
you can seriously screw NTFS by writing to it from anything but exact instance
of WinXP that created it). Linux/Unix file systems such as BSD UFS, and Linux
ext2 and ext3 are clean in this regard, and always were, because metadata
contains only UIDs and GIDs, so you can freely move them from one system to
another (or format removable media with them).
I am probably wrong on this, but it is my understanding that ACLs are
based on
userids and groups rather than the numeric values.
Nope. Numeric values. I would be very surprised to find otherwise. You can
use user and group names as arguments for setfacl command, just like you can
use them for chown and chgrp commands. But I strongly beleive actual file
system metadata is numeric only. You can even use UIDs and GIDs directly as
arguments
[Bacula-users] Limit client to be to restore its own files only
I'm attempting to create console resource in bacula-dir.conf that would allow
client to restore its own files to itself only (so basically, no access to
anything else, no any kind of access that would affect other clients, and so
on).
What I did was something like this:
Console {
Name = zlurad-con
Password = some-long-password-here
ClientACL = zlurad-fd
JobACL = RestoreFiles
CommandACL = restore,quit
StorageACL = *all*
PoolACL = *all*
FileSetACL = *all*
}
Then in bconsole.conf on the client, I did something like:
Director {
Name = zlurad-con # or should I use becky-dir here?
DIRport = 9101
address = becky.milivojevic.org
Password = x
}
Console {
Name = zlurad-con
Password = some-long-password-here
}
Question to those that know much more than me, is this secure and tight
enough?
I was a bit lazy with specifying storage, pool and fileset ACLs. My guess is
using *all* for those shouldn't hurt since I already limited things using
ClientACL directive, and console can't issue any commands such as list that
would reveal resources not associated with that client. Am I right with my
assumption?
BTW, it seems I can't exit from console unless CommandACL contains quit
command ;-)
This message was sent using IMP, the Internet Messaging Program.
---
SF.Net email is sponsored by:
Tame your development challenges with Apache's Geronimo App Server.
Download it for free - -and be entered to win a 42 plasma tv or your very
own Sony(tm)PSP. Click here to play: http://sourceforge.net/geronimo.php
___
Bacula-users mailing list
Bacula-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bacula-users
Re: [Bacula-users] Rescue disk problems on a FC 4 box
Quoting Trevor Morrison [EMAIL PROTECTED]: Hi, I just got Bacula up and running on a FC 4 box and I am backing up a FC 3 and a RH 9 box. This is a great program with excellent documentation. My question is I can make the rescue cd for both the FC 3 and RH 9 boxes, but not for the FC 4 box. I get the following error: ... ./make_rescue_disk Tarring /etc files to current directory tar: Removing leading `/' from member names tar: /etc/modules.conf: Cannot stat: No such file or directory tar: Removing leading `/' from hard link targets tar: Error exit delayed from previous errors make[1]: *** [all] Error 2 make[1]: Leaving directory `/var/tmp/bacula-1.36.3.tar.gz_FILES/bacula-1.36.3/rescue/linux/cdrom/bacula' make: *** [bacula] Error 2 It's the modules.conf file that doesn't exist on newer Red Hat distributions (they switched to modprobe.conf). You can edit the makefiles and/or scripts and remove modules.conf from tar list. After that, you'll get ISO image. However, it will not boot (the kernel gets loaded and than panics that it can't find root file system). Or at least that was what happened to me. At the end, I simply gave up on Bacula rescue CD. My guess is that the problem was modules not being loaded (since scripts that created rescue CD probably attempted to parse modules.conf to find list of modules to load on boot, instead of parsing modprobe.conf). What I did was to simply use Fedora (or RHEL) installation CD, booted into rescue mode from it, copied over bacula-fd and bacula-fd.conf files (which is really all you need in addition to the stuff you have in rescue mode), created /var/bacula directory (or maybe I could have simply edited bacula-fd.conf), and performed restore manually (created my mirrors, logical volumes, file systems, mounted them under /tmp/system, restored there, reinstalled LILO into MBR, reboot, it works). I did have some trouble with Bacula not restoring file permissions correctly (see thread strange file permissions), but I solved it by first restoring /etc/passwd and /etc/group files, and placing them into what rescue CD sees as /etc (you'll need to remove /etc/group first, since it points to copy on a CD, /etc/passwd is in ramfs, so you can just overwrite it). It was rather strange problem which is most likely a nasty bug in Bacula's restore code, which I hope will be fixed soon. This message was sent using IMP, the Internet Messaging Program. --- SF.Net email is Sponsored by the Better Software Conference EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile Plan-Driven Development * Managing Projects Teams * Testing QA Security * Process Improvement Measurement * http://www.sqe.com/bsce5sf ___ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users
Re: [Bacula-users] Re: Restoring to a Running Linux System
Quoting Michael Dauer [EMAIL PROTECTED]: I guess I need more the bacula-fd if I want to recover the backup server - at least space for all bacula daemons and console, sqlite, and the catalog. I haven't attempted recovery of the backup server itself, yet. But it should be doable by booting into rescue mode from installation CD... I can't access any disk with kernel before 2.6. I've just downloaded Knoppix 3.9 (2005-05-27). The kernel on the CD is 2.6.11. So you should be fine there. It also comes with MySQL 4.0.24, but no Postgres :-( This message was sent using IMP, the Internet Messaging Program. --- SF.Net email is Sponsored by the Better Software Conference EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile Plan-Driven Development * Managing Projects Teams * Testing QA Security * Process Improvement Measurement * http://www.sqe.com/bsce5sf ___ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users
Re: [Bacula-users] Restoring to a Running Linux System
Quoting Michael Dauer [EMAIL PROTECTED]: Hello, My planned process for bare metal recovery of my backup server is to: 1) install a minimal system + bacula 2) restore all 3) reboot pray Or you could: 1) boot into rescue mode 2) create file systems and mount them 3) copy bacula-fd executable bacula-fd.conf file (fits on a floppy) 4) restore all (no exclusions) 5) chroot to restored system 6) install LILO or Grub into MBR 7) reboot, should boot without praying ;-) Depending how bacula-fd was compiled and what is in your bacula-fd.conf file, you might need to create /etc/bacula and /var/bacula directories before running bacula-fd. I did a test restore like that, with some fixable problems. See a recent thread strange file permissions for more info. If you decide to do minimal install first for whatever reason, and your system is running 2.6 kernel, the file you do not want to overwrite is probably modprobe.conf (modules.conf is obsolete). Bacula docs are a bit outdated on that one. Also note that /usr/X11R6 on your minimal install ain't gonna have all the stuff that your full install has. /etc/X11/Conf is Linux distribution dependant. Not all distros will have it, and some will have it at different place. This message was sent using IMP, the Internet Messaging Program. --- SF.Net email is Sponsored by the Better Software Conference EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile Plan-Driven Development * Managing Projects Teams * Testing QA Security * Process Improvement Measurement * http://www.sqe.com/bsce5sf ___ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users
Re: [Bacula-users] Re: Restoring to a Running Linux System
Quoting Michael Dauer [EMAIL PROTECTED]: But I think most people here are doing sth like this. Isn't there a CD image with 2.6 kernel available which was prepared by somebody who has a better idea of what he is doing than I have. What Linux distribution are we talking about? Most Linux distributions offer more or less usable rescue mode on their installaction CDs. Red Hat and Fedora have more that usable rescue mode, you only need to copy bacula-fd executable onto the system from somewhere (you'll need network running to restore anyhow, and bacula-fd fits on a floppy too). Even without installation CD rescue mode, it is completely irrelevant what kernel is on Knoppix CD, as long as you have bacula-fd exacutable that will run with kernel/libs on the Knoppix CD, and the kernel has device drivers for your disc controllers. Remember, you are using Knoppix CD only to create file systems and restore files. This message was sent using IMP, the Internet Messaging Program. --- SF.Net email is Sponsored by the Better Software Conference EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile Plan-Driven Development * Managing Projects Teams * Testing QA Security * Process Improvement Measurement * http://www.sqe.com/bsce5sf ___ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users
Re: [Bacula-users] Re: Restoring to a Running Linux System
Quoting Kern Sibbald [EMAIL PROTECTED]: In principle you are right, but personally, I would be a bit nervous restoring a 2.6 system using a 2.4 kernel. For example, there are often new features added to newer kernels -- e.g. ext3 probably was not in kernel 2.2, so trying to get back an ext3 system would be a bit hard. Anyway, as I say, in principle, you are right, but good restore practice (IMO) dictates using the best matched kernel possible. Usually, what you do not want is restoring using newer kernel than the one you'll be using (in case of filesystems, they usually ignore extra metadata info, but you can't use LVM2 on kernel that only knows about LVM1 metadata format). If you are also building software RAID devices and/or configuring LVM, you probably also do not want too old kernel (as long as version of MD and LVM use same metadata format, you are OK), although things would work (you'd only loose some newer features). Ext3 is same thing as ext2 with journaling added (mkfs.ext3 is exactly the same thing as mkfs.ext2 -j). You can restore onto ext2 and enable journaling after restore (tunefs -j). It might result in .journal file being visible in root directory of the file system if you are not carefull (but there's a simple procedure for fixing that too, and it's mostly cosmetic thing anyhow). In short, it is safe as long as you know what you are doing ;-) This message was sent using IMP, the Internet Messaging Program. --- SF.Net email is Sponsored by the Better Software Conference EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile Plan-Driven Development * Managing Projects Teams * Testing QA Security * Process Improvement Measurement * http://www.sqe.com/bsce5sf ___ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users
Re: [Bacula-users] Postgres information
Tom Bishop wrote: I'm having a time getting my postgres tables to drop, I had this working and now I can't seem to remember which user was allowed to drop the tables. I think I used the postgres user, but when I su to that user, I get an error saying there is no postgres database. When I try it from a user it connects to the bacula database but doesn't have the privilige to delete the tables. Can anyone point me too some more detailed reading on how to set up/delete the postgres tables? Thanks. Use -d option to specify database (for example psql -d bacula). --- SF.Net email is Sponsored by the Better Software Conference EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile Plan-Driven Development * Managing Projects Teams * Testing QA Security * Process Improvement Measurement * http://www.sqe.com/bsce5sf ___ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users
Re: [Bacula-users] strange file permissions on restore
Quoting Phil Stracchino [EMAIL PROTECTED]: Aleksandar Milivojevic wrote: Hmmm... Is there a way to tell Bacula to simply restore using numeric UIDs and GIDs for files, and set permissions to their original, ignoring whatever /etc/passwd and group files are currently on the system? I've never looked at the restore code to see precisely how Bacula does this, but frankly, I'd sincerely hope this were the *default* behavior. Well, I was planning to have a look into the source (and also the content of database). The way restore was performed in my first attempt is definetely not the right way to do it. This message was sent using IMP, the Internet Messaging Program. --- SF.Net email is Sponsored by the Better Software Conference EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile Plan-Driven Development * Managing Projects Teams * Testing QA Security * Process Improvement Measurement * http://www.sqe.com/bsce5sf ___ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users
