Skip to content
This repository has been archived by the owner on Mar 19, 2021. It is now read-only.

Commit

Permalink
Browse files Browse the repository at this point in the history
Abschnitt "Use the new Bareos 12.4 features" von https://www.bareos.o…
…rg/en/HOWTO.html eingepflegt

Signed-off-by: Joerg Steffens <joerg.steffens@bareos.com>
  • Loading branch information
Kristian authored and joergsteffens committed Nov 13, 2015
1 parent 94ff711 commit c783592
Show file tree
Hide file tree
Showing 25 changed files with 302 additions and 70 deletions.
3 changes: 2 additions & 1 deletion manuals/en/main/backward-compability.tex
Expand Up @@ -58,7 +58,8 @@ \section{Compatibility between Bareos and Bacula}

The Bareos File Daemon is compatible with all version of the Bacula director (of version 5.2.13 and lower)
and not with Bacula 7.x. when you enable the compatible mode in the config of the file daemon.
The compatible option was set by default in Bareos < 15, and is disabled by default since Version 15.
The compatible option was set by default in Bareos < 15.2.0, and is disabled by default since Version
\sinceVersion{fd}{Compatible = no}{15.2.0}.
To be sure this is enabled you can explicitly set the compatible option
by putting the following in the bareos-fd.conf:

Expand Down
26 changes: 24 additions & 2 deletions manuals/en/main/bareos-fd-resource-client-definitions.tex
Expand Up @@ -42,11 +42,11 @@
some commands are part of the above protocols and by disallowing
the action the other commands are not invoked at all.

If runscripts are not needed it would we recommend as security measure to disable
If runscripts are not needed it would be recommended as a security measure to disable
running those or only allow the commands that you really want to be used.

Runscripts are particularly a problem as they allow the filedaemon to run
arbitrary commands. You may also look into the Allowed Script Dir keyword to
arbitrary commands. You may also look into the \linkResourceDirective{Fd}{Client}{Allowed Script Dir} keyword to
limit the impact of the runscript command.
}

Expand Down Expand Up @@ -205,6 +205,27 @@

\defDirective{Fd}{Client}{Pki Cipher}{}{}{%
See the \ilink{Data Encryption}{DataEncryption} chapter of this manual.

Depending on the openssl library version different ciphers are available. To choose the desired cipher, you can use the PKI Cipher option in the filedaemon configuration. Note that you have to set \parameter{compatible = no}:

\bconfigInput{config/FdClientPidDirectory1.conf}

The available options (and ciphers) are:
\begin{itemize}
\item aes128
\item aes192
\item aes256
\item camellia128
\item camellia192
\item camellia256
\item aes128hmacsha1
\item aes256hmacsha1
\item blowfish
\end{itemize}
They depend on the version of the openssl library installed.

For decryption of encrypted data, the right decompression algorithm should be automatically chosen.

}

\defDirective{Fd}{Client}{Pki Encryption}{}{}{%
Expand Down Expand Up @@ -269,6 +290,7 @@
}

\defDirective{Fd}{Client}{TLS Enable}{}{}{%
Bareos can be configured to encrypt all its network traffic. See chapter \nameref{TlsDirectives} to see how the Bareos Director (and the other components) have to be configured to use TLS.
}

\defDirective{Fd}{Client}{TLS Key}{}{}{%
Expand Down
Expand Up @@ -64,6 +64,7 @@
}

\defDirective{Fd}{Director}{TLS Enable}{}{}{%
Bareos can be configured to encrypt all its network traffic. See chapter \nameref{TlsDirectives} to see how the Bareos Director (and the other components) have to be configured to use TLS.
}

\defDirective{Fd}{Director}{TLS Key}{}{}{%
Expand Down
16 changes: 7 additions & 9 deletions manuals/en/main/bareos.sty
Expand Up @@ -5,15 +5,6 @@
%%
%% New Commands Currently implemented:
%%
%% \elink{target}{text}
%% Inserts the text indicated (highlighted) and provides
%% an external hyperlink to the target.
%%
%% \ilink{target}{text}
%% Inserts the text indicated (highlighted) and provides
%% an internal hyperlink to the target. Target must be a
%% \label somewhere in the same document.
%%
%% \idir
%% Inserts the path to the images
%%
Expand Down Expand Up @@ -78,13 +69,20 @@
%

% 1: text, 2: URL
% \elink{target}{text}
% Inserts the text indicated (highlighted) and provides
% an external hyperlink to the target.
\newcommand*{\elink}[2]{%
%\htmladdnormallink{#1}{#2}%
\href{#2}{#1}%
}
% or use \url{URL}

% 1: text, 2. label
% \ilink{target}{text}
% Inserts the text indicated (highlighted) and provides
% an internal hyperlink to the target. Target must be a
% \label somewhere in the same document.
\newcommand*{\ilink}[2]{%
%\htmlref{#1}{#2}%
\hyperref[#2]{#1}%
Expand Down
1 change: 1 addition & 0 deletions manuals/en/main/bconsole-resource-console-definitions.tex
Expand Up @@ -57,6 +57,7 @@
}

\defDirective{Console}{Console}{TLS Enable}{}{}{%
Bareos can be configured to encrypt all its network traffic. See chapter \nameref{TlsDirectives} to see how the Bareos Director (and the other components) have to be configured to use TLS.
}

\defDirective{Console}{Console}{TLS Key}{}{}{%
Expand Down
1 change: 1 addition & 0 deletions manuals/en/main/bconsole-resource-director-definitions.tex
Expand Up @@ -44,6 +44,7 @@
}

\defDirective{Console}{Director}{TLS Enable}{}{}{%
Bareos can be configured to encrypt all its network traffic. See chapter \nameref{TlsDirectives} to see how the Bareos Director (and the other components) have to be configured to use TLS.
}

\defDirective{Console}{Director}{TLS Key}{}{}{%
Expand Down
80 changes: 62 additions & 18 deletions manuals/en/main/bconsole.tex
Expand Up @@ -204,10 +204,6 @@ \section{Console Keywords}
jobid=536
\end{verbatim}

Please note, this list is incomplete.

\TODO{create bconsole keywords automatically}

\begin{description}
\item [all]
Permitted on the status and show commands to specify all components or
Expand Down Expand Up @@ -235,10 +231,10 @@ \section{Console Keywords}
\item [current]
Used in the restore command. Takes no argument.
\item [days]
Used to define the number of days the "list nextvol" command
Used to define the number of days the \bcommand{list nextvol}{} command
should consider when looking for jobs to be run. The days keyword
can also be used on the "status dir" command so that it will display
jobs scheduled for the number of days you want.
can also be used on the \bcommand{status dir}{} command so that it will display
jobs scheduled for the number of days you want. It can also be used on the \bcommand{rerun}{} command, where it will automatically select all failed jobids in the last number of days for rerunning.
\item [devices]
Used in the show command. Takes no arguments.
\item [director \textbar\ dir]
Expand All @@ -248,8 +244,8 @@ \section{Console Keywords}
Used in the restore command. Its argument specifies the directory
to be restored.
\item [enabled]
This keyword can appear on the {\bf update volume} as well
as the {\bf update slots} commands, and can
This keyword can appear on the \command{update volume} as well
as the \command{update slots} commands, and can
allows one of the following arguments: yes, true, no, false, archived,
0, 1, 2. Where 0 corresponds to no or false, 1 corresponds to yes or true, and
2 corresponds to archived. Archived volumes will not be used, nor will
Expand All @@ -266,6 +262,8 @@ \section{Console Keywords}
Used in the show command. Takes no arguments.
\item [help]
Used in the show command. Takes no arguments.
\item [hours]
Used on the \bcommand{rerun}{} command to select all failed jobids in the last number of hours for rerunning.
\item [jobs]
Used in the show, list and llist commands. Takes no arguments.
\item [jobmedia]
Expand All @@ -279,6 +277,8 @@ \section{Console Keywords}
in the catalog database, the same JobId can be reused once a
Job is removed from the catalog. Probably you will refer
specific Jobs that ran using their numeric JobId.

JobId can be used on the \bcommand{rerun} command to select all jobs failed after and including the given jobid for rerunning.
\item [job \textbar\ jobname]
The Job or Jobname keyword refers to the name you specified
in the Job resource, and hence it refers to any number of
Expand All @@ -305,11 +305,11 @@ \section{Console Keywords}
Used in the restore command. Takes no argument.
\item[limit]
Used in the setbandwidth command. Takes integer in KB/s unit.
\item [storages]
Used in the show command. Takes no arguments.
\item [schedules]
Used in the show command. Takes no arguments.
\item [storage \textbar\ store \textbar\ sd]
\item [storages]
Used in the show command. Takes no arguments.
\item [ujobid]
The ujobid is a unique job identification that is printed
in the Job Report output. At the current time, it consists
Expand Down Expand Up @@ -395,14 +395,39 @@ \section{Console Commands}
cancel [jobid=<number> job=<job-name> ujobid=<unique-jobid>]
\end{bconsole}

Once a Job is marked to be canceled, it may take a bit of time
Once a Job is marked to be cancelled, it may take a bit of time
(generally within a minute but up to two hours) before the Job actually
terminates, depending on what operations it is doing.
Don't be surprised that you receive a Job not found message. That just
means that one of the three daemons had already canceled the job.
Messages numbered in the 1000's are from the Director, 2000's are from
the File daemon and 3000's from the Storage daemon.

It is possible to cancel multiple jobs at once. Therefore, the following extra options are available for the job-selection:

\begin{itemize}
\item all jobs
\item all jobs with a created state
\item all jobs with a blocked state
\item all jobs with a waiting state
\item all jobs with a running state
\end{itemize}

Usage:
\begin{bconsole}{cancel all}
cancel all
cancel all state=<created|blocked|waiting|running>
\end{bconsole}

Sometimes the Director already removed the job from its running queue, but the storage daemon still thinks it is doing a backup (or another job) - so you cannot cancel the job from within a console anymore. Therefore it is possible to cancel a job by JobId on the storage daemon. It might be helpful to execute a \bcommand{status storage}{} on the Storage Daemon to make sure what job you want to cancel.

Usage:
\begin{bconsole}{cancel all}
cancel storage=<Storage Daemon> Jobid=<JobId>
\end{bconsole}

This way you can also remove a job that blocks any other jobs from running without the need to restart the whole storage daemon.

\item [create]
\index[general]{Console!Command!create pool}
This command is not normally used as the Pool records are automatically
Expand Down Expand Up @@ -564,7 +589,7 @@ \section{Console Commands}

The export command does exactly the opposite of the import command. You
can specify which slots should be transferred to import/export slots. The
most usefull application of the export command is the possibility to
most useful application of the export command is the possibility to
automatically transfer the volumes of a certain backup into the import/export
slots for external storage.

Expand All @@ -588,6 +613,24 @@ \section{Console Commands}
export srcslots=1-2 dstslots=37-38
\end{bconsole}

To automatically export the Volumes used by a certain backup job, you can use the following RunScript in that job:

\begin{bconsole}{automatic export}
RunScript {
Console = "export storage=TandbergT40 volume=%V"
RunsWhen = After
RunsOnClient = no
}
\end{bconsole}

To send an e-mail notification via the Messages resource regarding export tapes you can use the Variable \%V substitution in the Messages resource, which is implemented in Bareos 13.2. However, it does also work in earlier releases inside the job resources. So in versions prior to Bareos 13.2 the following workaround can be used:

\begin{bconsole}{e-mail notification via messages resource regarding export tapes}
RunAfterJob = "/bin/bash -c \"/bin/echo Remove Tape %V | \
/usr/sbin/bsmtp -h localhost -f root@localhost -s 'Remove Tape %V' root@localhost \""
\end{bconsole}


\item [gui]
\index[general]{Console!Command!gui}
Invoke the non-interactive gui mode.
Expand Down Expand Up @@ -1094,14 +1137,14 @@ \section{Console Commands}
configuration is automatically set to the defaults and it is hard to
configure everything like it was.

By using the rerun command, it is much easier to rerun a jobs exactly
By using the rerun command, it is much easier to rerun a job exactly
as it was configured. You only have to specify the JobId of the failed job.

\begin{bconsole}{rerun}
rerun jobid=<jobid> since_jobid=<jobid> days=<nr_days> hours=<nr_hours> yes
\end{bconsole}

You can select the jobid(s) to rerun by using one of the selection criteria.
You can select the jobid(s) to rerun by using one of the selection criteria. Using jobid= will automatically select all jobs failed after and including the given jobid for rerunning. By using days= or hours=, you can select all failed jobids in the last number of days or number of hours respectively for rerunning.

\item [restore]
\index[general]{Restore}
Expand Down Expand Up @@ -1393,7 +1436,7 @@ \section{Console Commands}
This gives more information than \bcommand{status director}{}.

Called without parameters, \bcommand{status scheduler}{} shows a preview for all schedules for the next 14 days.
It first shows a list of the known schedules and the jobs that will be triggered by these jobs:
It first shows a list of the known schedules and the jobs that will be triggered by these jobs, and next, a table with date (including weekday), schedule name and applied overrides is displayed:

\begin{bconsole}{status scheduler}
*<input>status scheduler</input>
Expand Down Expand Up @@ -1443,7 +1486,7 @@ \section{Console Commands}
\item[client=clientname] shows only the schedules that affect the given client.
\item[job=jobname] shows only the schedules that affect the given job.
\item[schedule=schedulename] shows only the given schedule.
\item[days=number] of days shows only the number of days in the scheduler preview. Positive numbers show the future, negative numbers show the past. days can be combined with the other selection criteria.
\item[days=number] of days shows only the number of days in the scheduler preview. Positive numbers show the future, negative numbers show the past. days can be combined with the other selection criteria. days= can be combined with the other selection criteria.
\end{description}

In case you are running a maintained version of Bareos,
Expand Down Expand Up @@ -1487,10 +1530,11 @@ \section{Console Commands}
}
\end{bconfig}

Not configuring the directive at all also disables it, as the default value for the Subscriptions directive is zero.

\item [time]
\index[general]{Console!Command!time}
Prints the current time.
The time command shows the current date, time and weekday.

\item [trace]
\index[general]{Console!Command!trace}
Expand Down
1 change: 1 addition & 0 deletions manuals/en/main/config/DirClientHardQuota1.conf
@@ -0,0 +1 @@
Fatal error: append.c:218 Quota Exceeded. Job Terminated.
1 change: 1 addition & 0 deletions manuals/en/main/config/DirClientSoftQuotaGracePeriod1.conf
@@ -0,0 +1 @@
Error: Softquota Exceeded, Grace Period starts now.
1 change: 1 addition & 0 deletions manuals/en/main/config/DirClientSoftQuotaGracePeriod2.conf
@@ -0,0 +1 @@
Error: Softquota Exceeded, will be enforced after Grace Period expires.
3 changes: 3 additions & 0 deletions manuals/en/main/config/DirClientSoftQuotaGracePeriod3.conf
@@ -0,0 +1,3 @@
Warning: Softquota Exceeded and Grace Period expired.
Setting Burst Quota to 122880000 Bytes.
Fatal error: Soft Quota Exceeded / Grace Time expired. Job terminated.
1 change: 1 addition & 0 deletions manuals/en/main/config/DirClientStrictQuotas1.conf
@@ -0,0 +1 @@
Softquota Exceeded, enforcing Burst Quota Limit.
1 change: 1 addition & 0 deletions manuals/en/main/config/DirClientStrictQuotas2.conf
@@ -0,0 +1 @@
Softquota Exceeded, enforcing Strict Quota Limit.
12 changes: 12 additions & 0 deletions manuals/en/main/config/FdClientPidDirectory1.conf
@@ -0,0 +1,12 @@
FileDaemon {
Name = client-fd
# encryption configuration
PKI Signatures = Yes # Enable Data Signing
PKI Encryption = Yes # Enable Data Encryption
PKI Keypair = "/etc/bareos/client-fd.pem" # Public and Private Keys
PKI Master Key = "/etc/bareos/master.cert" # ONLY the Public Key

# choose encryption cipher
compatible = no # PKI Cipher is not bacula compatible
PKI Cipher = aes128 # specify desired PKI Cipher here
}
14 changes: 8 additions & 6 deletions manuals/en/main/dataencryption.tex
Expand Up @@ -141,7 +141,7 @@ \section{Generating Private/Public Encryption Keys}
certificate encoding that contains only a single public key.


\section{Example Data Encryption Configuration}
\section{Example Data Encryption Configurations}
\index[general]{Example!File Daemon Configuration File}
\index[general]{Example!Data Encryption Configuration File}
\index[general]{Example Data Encryption Configuration}
Expand All @@ -150,18 +150,20 @@ \section{Example Data Encryption Configuration}
\footnotesize
\begin{verbatim}
FileDaemon {
Name = example-fd
FDport = 9102 # where we listen for the director
Name = client1-fd
# encryption configuration
PKI Signatures = Yes # Enable Data Signing
PKI Encryption = Yes # Enable Data Encryption
PKI Keypair = "/etc/bareos/fd-example.pem" # Public and Private Keys
PKI Keypair = "/etc/bareos/client-fd.pem" # Public and Private Keys
PKI Master Key = "/etc/bareos/master.cert" # ONLY the Public Key
# choose encryption cipher
compatible = no # PKI Cipher is not bacula compatible
PKI Cipher = aes128 # specify desired PKI Cipher here
}
\end{verbatim}
\normalsize


\section{Decrypting with a Master Key}
\index[general]{Decrypting with a Master Key}

Expand Down

0 comments on commit c783592

Please sign in to comment.