operating-system-univention-corporate-server.tex

\subsection{Univention Corporate Server}
\label{sec:UniventionCorporateServer}
\index[general]{Platform!Univention Corporate Server}
The Bareos version for the Univention App Center integraties into the Univention Enterprise Linux environment, making it easy to backup all the systems managed by the central Univention Corporate Server.

\subsubsection{Preamble}

The \elink{Univention Corporate Server}{http://www.univention.de/} is an enterprise Linux distribution based on Debian. It consists of an integrated management system for the centralised administration of servers, computer workplaces, users and their rights as well as a wide range of server applications. It also includes an Unvention App Center
for the easy installation and management of extensions and appliances.

Bareos is part of the 
\elink{App Center}{https://www.univention.de/produkte/univention-app-center/app-katalog/bareos/}
and therefore an Univention environment can easily be extended to provide backup functionality for the Univention servers as well as for the connected client systems. Using the Univention Management Console (UMC), you can also create backup jobs for client computers (Windows or Linux systems), without the need of editing configuration files.

The Bareos Univention App is shipped with a default configuration for the director daemon and the storage daemon.

\warning{You need to review some Univention configuration registry (UCR) variables. Most likely, you will want to set the location where the backups are stored. Otherwise, you may quickly run out of disk space on your backup server!}

You will find further information under \nameref{sec:UniventionBackupStorage}.

\subsubsection{Quick Start}

 \begin{itemize}
  \item Determine the space requirements and where to store your backup data
  \item Set the \parameter{bareos/*} UCR variables according to your needs, see \nameref{sec:UCR}
  \item Restart \command{bareos-dir}, \command{bareos-sd} and \command{bareos-fd} (or simply reboot the server)
  \item Install the Bareos file daemon on clients and copy Director configuration resource file from
    \begin{itemize}
        \item \file{/etc/bareos/bareos-dir-export/client/<clientname>-fd/bareos-fd.d/director/*.conf}
        \item (or \file{/etc/bareos/autogenerated/client-configs/<hostname>.conf}, if Bareos $<$ 16.2.0)
    \end{itemize}
    For details, see \nameref{sec:UniventionAddClient}.
  \item Enable backup jobs for clients in the Univention Management Console
 \end{itemize}

\subsubsection{UCR variables}
\label{sec:UCR}

  \begin{description}
    \item[\parameter{bareos/filestorage}]: /var/lib/bareos/storage (default)
      \begin{itemize}
	\item Location where to store the backup files. Make sure, it offers enough disk space for a configured backup volumes.
      \end{itemize}    
    \item[\parameter{bareos/max_full_volume_bytes}]: 20 (default)
      \begin{itemize}
	\item Maximum size (in GB) of a volume for the \pool{Full} backup pool
      \end{itemize}
    \item[\parameter{bareos/max_full_volumes}]: 1 (default)
     \begin{itemize}
	\item Maximum number of volumes for the \pool{Full} backup pool
      \end{itemize}
    \item[\parameter{bareos/max_diff_volume_bytes}]: 10 (default)
      \begin{itemize}
	\item Maximum size (in GB) of a volume for the \pool{Differential} backup pool
      \end{itemize}
    \item[\parameter{bareos/max_diff_volumes}]: 1 (default)
      \begin{itemize}
	\item Maximum number of volumes for the \pool{Differential} backup pool
      \end{itemize}
    \item[\parameter{bareos/max_incr_volume_bytes}]: 1 (default)
      \begin{itemize}
	\item Maximum size (in GB) of a volume for the \pool{Incremental} backup pool
      \end{itemize}
    \item[\parameter{bareos/max_incr_volumes}]: 1 (default)
      \begin{itemize}
	\item Maximum number of volumes for the \pool{Incremental} backup pool
      \end{itemize}
    \item[\parameter{bareos/backup_myself}]: no (default)
      \begin{description}
	\item[no] don't backup the server itself
	\item[yes] backup the server itself
      \end{description}
        \item[\parameter{bareos/webui/console/user1/username}]: Administrator (default)
      \begin{itemize}
        \item User name to login at the bareos-webui
      \end{itemize}
        \item[\parameter{bareos/webui/console/user1/password}]: (no default value)
      \begin{itemize}
        \item Password to login at the bareos-webui
      \end{itemize}
    \end{description}

UCR variables can be set via the Univention Configuration Registry Web interface

\begin{center}
  \includegraphics[width=1.0\textwidth]{\idir univention-configuration-registry-settings}
\end{center}

or using the \command{ucr} command line tool:
\begin{commands}{Enable backup of the server itself}
root@ucs:~# <input>ucr set bareos/backup_myself=yes</input>
Setting bareos/backup_myself
File: /etc/bareos/bareos-dir.conf
[ ok ] Reloading Bareos Director: bareos-dir.
\end{commands}

\warning{univention-bareos $<$ 15.2 did require a manual reload/restart of the bareos-dir service:}
\begin{commands}{let bareos-dir reload its configuration}
root@ucs:~# <input>service  bareos-dir reload</input>
[ ok ] Reloading Bareos Director: bareos-dir.
\end{commands}

\subsubsection{Setup}

After installation of the Bareos app, Bareos is ready for operation. A default configuration is created automatically.

Bareos consists of three daemons called \command{director} (or \command{bareos-dir}), \command{storage-daemon} (or \command{bareos-sd}) and \command{filedaemon} (or \command{bareos-fd}). All three daemons are started right after the installation by the Univention App Center.

If you want to enable automatic backups of the server, you need to set the Univention configuration registry (UCR) variable \parameter{bareos/backup_myself} to \argument{yes} and reload the director daemon.


\subsubsection{Administration}

For general tasks the \ilink{bareos-webui}{sec:webui} can be used.
Additional, there is the \command{bconsole} command line tool:

\begin{commands}{Starting the bconsole}
root@ucs:~# <input>bconsole</input>
Connecting to Director ucs:9101
1000 OK: ucs-dir Version: 15.2.2 (15 November 2015)
Enter a period to cancel a command.
*
\end{commands}

For general information, see the \ilink{Bconsole Tuturial}{sec:TuturialBconsole}.


\subsubsection{Backup Schedule}

As a result of the default configuration located at the \command{bareos-dir}, the backup schedule will look as follows:

\begin{description}
  \item[Full Backups]
    \begin{itemize}
	\item are written into the \pool{Full} pool
	\item on the first saturday at 21:00 o'clock
	\item and kept for 365 days
    \end{itemize}
 \item[Differential Backups]
     \begin{itemize}
        \item are written into the \pool{Differential} pool
        \item on every 2nd to 5th saturday at 21:00 o'clock
        \item and  kept for 90 days
    \end{itemize}
 \item[Incremental Backups]
     \begin{itemize}
        \item are written into the \pool{Incremental} pool
        \item on every day from monday to friday at 21:00 o'clock
        \item and kept for 30 days
    \end{itemize}
\end{description}

That means full backups will be written every first saturday at 21:00 o'clock, differential backups every 2nd to 5th saturday at 21:00 o'clock and incremental backups from monday to friday at 21:00 o'clock. So you have got one full backup every month, four weekly differential and 20 daily incremental backups per month.

This schedule is active for the Univention server backup of itself and all other clients, which are backed up through the \command{bareos-dir} on the Univention server.

There is also a special backup task, which is the Bareos backups itself for a possible disaster recovery. This backup has got its own backup cycle which starts after the main backups. The backup consists of a database backup for the metadata of the Bareos backup server and a backup of the Bareos configuration files under \directory{/etc/bareos/}.



\subsubsection{Backup data management}

Data from the backup jobs is written to volumes, which are organized in pools (see chapter \nameref{DirectorResourcePool}).

The default configuration uses three different pools, called \pool{Full}, \pool{Differential} and \pool{Incremental},
which are used for full backups, differential and incremental backups, respectively.

% Each pool has a maximum size, which is controlled by the Univention configuration registry (UCR) variables \parameter{bareos/max_full_volumes}, \parameter{bareos/max_diff_volumes} and \parameter{bareos/max_incr_volumes}. Each variable is an integer number specifying the maximum number of volumes in the corresponding pool. Each volume has a maximum size of 10 Gigabytes.
% 
% The default maximum number of volumes for each pool is 1, so the maximum disk space used for all backup data is 30 GB.

If you change the UCR variables, the configuration files will be rewritten automatically. After each change you will need to reload the director daemon.

\begin{commands}{Example for changing the Full pool size to $10 \ast 20$ GB}
root@ucs:~# <input>ucr set bareos/max_full_volumes=10</input>
Setting bareos/max_full_volumes
File: /etc/bareos/bareos-dir.conf
[ ok ] Reloading Bareos Director: bareos-dir.
root@ucs:~# <input>ucr set bareos/max_full_volume_bytes=20</input>
Setting bareos/max_full_volume_bytes
File: /etc/bareos/bareos-dir.conf
[ ok ] Reloading Bareos Director: bareos-dir.
\end{commands}

\warning{This only affects new volumes. Existing volumes will not change there size.}

\subsubsection{Backup Storage}
\label{sec:UniventionBackupStorage}

\warning{Using the default configuration, Bareos will store backups on your local disk. You may want to store the data to another location to avoid using up all of your disk space.}

The location for backups is \path|/var/lib/bareos/storage| in the default configuration.

For example, to use a NAS device for storing backups, you can mount your NAS volume via NFS on \path|/var/lib/bareos/storage|. Alternatively, you can mount the NAS volume to another directory of your own choice, and change the UCR variable \parameter{bareos/filestorage} to the corresponding path.
The directory needs to be writable by user \user{bareos}.

\begin{commands}{Example for changing the storage path}
root@ucs:/etc/bareos# <input>ucr set bareos/filestorage=/path/to_your/storage</input>
Setting bareos/filestorage
File: /etc/bareos/bareos-sd.conf
\end{commands}

\warning{You need to restart the Bareos storage daemon after having changed the storage path:}
\begin{commands}{}
root@ucs:/# <input>service bareos-sd restart</input>
\end{commands}

\subsubsection{Bareos Webui Configuration}

After installation you just need to setup your login credentials via UCR variables.
Therefore, set the Univention configuration registry (UCR) variable
\parameter{bareos/webui/console/user1/username} and
\parameter{bareos/webui/consoles/user1/password}
according to your needs. The director configuration is automatically reloaded if one of those two variables changes.


Alternatively you can also set those UCR variables via commandline.

\begin{commands}{Example for changing webui login credentials}
root@ucs:~# <input>ucr set bareos/webui/console/user1/username="bareos"</input>
Setting bareos/webui/console/user1/username
File: /etc/bareos/bareos-dir.conf
[ ok ] Reloading Bareos Director: bareos-dir.
root@ucs:~# <input>ucr set bareos/webui/console/user1/password="secret"</input>
Setting bareos/webui/console/user1/password
File: /etc/bareos/bareos-dir.conf
[ ok ] Reloading Bareos Director: bareos-dir.
\end{commands}

When your login credentials are set, you can login into Bareos Webui by following the entry in your Administration UCS Overview or directly via \url{https://<UCS_SERVER>/bareos-webui/}.

\begin{center}
  \includegraphics[width=0.8\textwidth]{\idir univention-ucs-overview-administration}
\end{center}



\subsubsection{Add a client to the backup}
\label{sec:UniventionAddClient}

\paragraph{Overview}

  \begin{itemize}
    \item Install the Bareos client software on the target system, see \ilink{Adding a Bareos Client}{SecondClient}
    \item Use the Univention Management Console to add the client to the backup, see the screenshot below
    \item Copy the filedaemon resource configuration file from the Univention server to the target system
  \end{itemize}

\paragraph{Bareos $>=$ 16.2.4}

\subparagraph{Server-side}

The Univention Bareos application comes with an automatism for the client and job configuration. If you want to add a client to the Bareos director configuration, you need use the Univention Management Console, select the client you want to backup and set the \argument{enable backup job} checkbox to true, as shown in the screenshot below.

\begin{center}
  \includegraphics[width=0.8\textwidth]{\idir univention-client-job-activation}
\end{center}

If the name of the client is \name{testw1.example.com}, corresponding configuration files will be generated:
\begin{itemize}
    \item \file{/etc/bareos/autogenerated/clients/testw1.example.com.include}
    \item \file{/etc/bareos/bareos-dir-export/client/testw1.example.com-fd/bareos-fd.d/director/bareos-dir.conf}
\end{itemize}

Generated configuration files under \directory{/etc/bareos/bareos-dir-export/client/} are intended for the target systems.
After you have \ilink{installed the Bareos client on the target system}{SecondClient},
copy the generated client configuration over to the client and save it to following directories:
\begin{itemize}
    \item on Linux: \path|/etc/bareos/bareos-fd.d/director/|
    \item on Windows: \path|C:\Program Files\Bareos\bareos-fd.d/director/|
\end{itemize}

\begin{commands}{copy client configuration from the server to the testw1.example.com client (Linux)}
root@ucs:~# <input>CLIENTNAME=testw1.example.com</input>
root@ucs:~# <input>scp /etc/bareos/bareos-dir-export/client/testw1.example.com${CLIENTNAME}-fd/bareos-fd.d/director/*.conf root@${CLIENTNAME}:/etc/bareos/bareos-fd.d/director/</input>
\end{commands}


\paragraph{Background}

The settings for each job resource are defined by the template files you see below:

The files
\begin{itemize}
    \item \file{/etc/bareos/autogenerated/clients/generic.template}
    \item \file{/etc/bareos/autogenerated/clients/windows.template}
\end{itemize}
are used as templates for new clients. For Windows clients the file \file{windows.template} is used, the \file{generic.template} is used for all other client types.

%All clients will be listed in the \file{/etc/bareos/autogenerated/clients.include} which points to a \file{/etc/bareos/autogenerated/clients/xxx.conf}.

If you disable the Bareos backup for a client, the client will not be removed from the configuration files. Only the backup job will be set inactive.

If you add three client, your client directory will look similar to this:
\begin{commands}{}
root@ucs:/etc/bareos/autogenerated/clients# <input>ls -l</input>
-rw-r--r-- 1 root root 430 16. Mai 15:15 generic.template
-rw-r----- 1 root bareos 513 21. Mai 14:46 testw1.example.com.include
-rw-r----- 1 root bareos 518 21. Mai 14:49 testw2.example.com.include
-rw-r----- 1 root bareos 518 16. Mai 18:17 testw3.example.com.include
-rw-r--r-- 1 root root 439 16. Mai 15:15 windows.template
\end{commands}


The client configuration file contains, as you can see below, the client connection and the job information:

\begin{commands}{}
root@ucs:/etc/bareos/autogenerated/clients# <input>cat testw2.example.com.include</input>
Client {
 Name = "testw2.example.com-fd"
 Address = "testw2.example.com"
 Password = "DBLtVnRKq5nRUOrnB3i3qAE38SiDtV8tyhzXIxqR"
}

Job {
 Name = "Backup-testw2.example.com" # job name
 Client = "testw2.example.com-fd" # client name
 JobDefs = "DefaultJob" # job definition for the job
 FileSet = "Windows All Drives" # FileSet (data which is backed up)
 Schedule = "WeeklyCycle" # schedule for the backup tasks
 Enabled = "Yes" #this is the ressource which is toggled on/off by enabling or disabling a backup from the univention gui
}
\end{commands}

% After having enabled the Bareos backup for a client on your Domaincontroller master, where usually your director- and storage-daemon are running, it will be configured automatically and loaded into the bareos-director configuration.
% Bareos comes with a special cronjob called \command{univention-bareos}, which performs a restart every day at 20:30 o'clock (Remember: backups will be started at 21:00 o'clock!) and safely reload the configuration.



\paragraph{Bareos $<$ 16.2.0}

Older versions of Bareos handle generating the client configuration similar,
but not identical:

If the name of the client is \name{testw1.example.com}, corresponding configuration files will be generated/adapted:
\begin{itemize}
  \item creates \file{/etc/bareos/autogenerated/fd-configs/testw1.example.com.conf}
  \item creates \file{/etc/bareos/autogenerated/clients/testw1.example.com.include}
  \item extends \file{/etc/bareos/autogenerated/clients.include}
\end{itemize}

Here the files intended for the target systems are generated under \directory{/etc/bareos/autogenerated/fd-configs/}
and they do not only definr a director resource, but are full configuration files for the client.
After you have \ilink{installed the Bareos client on the target system}{SecondClient},
copy the generated client configuration over to the client and save it to 
\begin{itemize}
    \item on Linux: \path|/etc/bareos/bareos-fd.conf|
    \item on Windows: \path|C:\Program Files\Bareos\bareos-fd.conf|
\end{itemize}

\begin{commands}{copy client configuration from the server to the testw1.example.com client (Linux)}
root@ucs:~# <input>CLIENTNAME=testw1.example.com</input>
root@ucs:~# <input>scp /etc/bareos/autogenerated/fd-configs/${CLIENTNAME}.conf root@${CLIENTNAME}:/etc/bareos/bareos-fd.conf</input>
\end{commands}