This repository has been archived by the owner on Mar 19, 2021. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 16
/
operating-system-univention-corporate-server.tex
287 lines (221 loc) · 14.5 KB
/
operating-system-univention-corporate-server.tex
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
\subsection{Univention Corporate Server}
\label{sec:UniventionCorporateServer}
\index[general]{Platform!Univention Corporte Server}
The Bareos version for the Univention App Center integraties into the Univention Enterprise Linux environment, making it easy to backup all the systems managed by the central Univention Corporate Server.
\subsubsection{Preamble}
The \elink{Univention Corporate Server}{http://www.univention.de/} is an enterprise Linux distribution based on Debian. It consists of an integrated management system for the centralised administration of servers, computer workplaces, users and their rights as well as a wide range of server applications. It also includes an Unvention App Center
for the easy installation and management of extensions and appliances.
Bareos is part of the
\elink{App Center}{https://www.univention.de/produkte/univention-app-center/app-katalog/bareos/}
and therefore an Univention environment can easily be extended to provide backup functionality for the Univention servers as well as for the connected client systems. Using the Univention Management Console (UMC), you can also create backup jobs for client computers (Windows or Linux systems), without the need of editing configuration files.
The Bareos app is shipped with a default configuration for the director daemon and the storage daemon. As a result Bareos is able to backup your Univention server without manual configuration.
\warning{You need to review some Univention configuration registry (UCR) variables. Most likely, you will want to set the location where the backups are stored. Otherwise, you may quickly run out of disk space on your backup server!}
You will find further information under \nameref{sec:UniventionBackupStorage}.
\subsubsection{Quick Start}
\begin{itemize}
\item Determine the space requirements and where to store your backup data
\item Set the \parameter{baroes/*} UCR variables according to your needs, see \nameref{sec:UCR}
\item Restart \command{bareos-dir}, \command{bareos-sd} and \command{bareos-fd} (or simply reboot the server)
\item Install the Bareos file daemon on clients and copy configuration file from \file{/etc/bareos/autogenerated/client-configs/<hostname>.conf}
\item Enable backup jobs for clients in the Univention Management Console
\end{itemize}
\subsubsection{UCR variables}
\label{sec:UCR}
\begin{description}
\item[\parameter{bareos/filestorage}]: /var/lib/bareos/storage (default)
\begin{itemize}
\item Location where to store the backup files. Make sure, it offers enough disk space for a configured backup volumes.
\end{itemize}
\item[\parameter{bareos/max_full_volume_bytes}]: 20 (default)
\begin{itemize}
\item Maximum size (in GB) of a volume for the \pool{Full} backup pool
\end{itemize}
\item[\parameter{bareos/max_full_volumes}]: 1 (default)
\begin{itemize}
\item Maximum number of volumes for the \pool{Full} backup pool
\end{itemize}
\item[\parameter{bareos/max_diff_volume_bytes}]: 10 (default)
\begin{itemize}
\item Maximum size (in GB) of a volume for the \pool{Differential} backup pool
\end{itemize}
\item[\parameter{bareos/max_diff_volumes}]: 1 (default)
\begin{itemize}
\item Maximum number of volumes for the \pool{Differential} backup pool
\end{itemize}
\item[\parameter{bareos/max_incr_volume_bytes}]: 1 (default)
\begin{itemize}
\item Maximum size (in GB) of a volume for the \pool{Incremental} backup pool
\end{itemize}
\item[\parameter{bareos/max_incr_volumes}]: 1 (default)
\begin{itemize}
\item Maximum number of volumes for the \pool{Incremental} backup pool
\end{itemize}
\item[\parameter{bareos/backup_myself}]: no (default)
\begin{description}
\item[no] don't backup the server itself
\item[yes] backup the server itself
\end{description}
\item[\parameter{bareos/webui/console/user1/username}]: admin (default)
\begin{itemize}
\item User name to login at the bareos-webui
\end{itemize}
\item[\parameter{bareos/webui/console/user1/password}]: (no default value)
\begin{itemize}
\item Password to login at the bareos-webui
\end{itemize}
\end{description}
UCR variables can be set via the Univention Configuration Registry Web interface
\begin{center}
\includegraphics[width=0.8\textwidth]{\idir univention-configuration-registry-settings}
\end{center}
or using the \command{ucr} command line tool:
\begin{commands}{Enable backup of the server itself}
root@ucs:~# <input>ucr set bareos/backup_myself=yes</input>
Setting bareos/backup_myself
File: /etc/bareos/bareos-dir.conf
[ ok ] Reloading Bareos Director: bareos-dir.
\end{commands}
\warning{univention-bareos $<$ 15.2 did require a manual reload/restart of the bareos-dir service:}
\begin{commands}{let bareos-dir reload its configuration}
root@ucs:~# <input>service bareos-dir reload</input>
[ ok ] Reloading Bareos Director: bareos-dir.
\end{commands}
\subsubsection{Setup}
After installation of the Bareos app, Bareos is ready for operation. A default configuration is created automatically.
Bareos consists of three daemons called \command{director} (or \command{bareos-dir}), \command{storage-daemon} (or \command{bareos-sd}) and \command{filedaemon} (or \command{bareos-fd}). All three daemons are started right after the installation by the univention app center.
If you want to enable automatic backups of the server, you need to set the Univention configuration registry (UCR) variable \parameter{bareos/backup_myself} to \argument{yes} and reload the director daemon.
\subsubsection{Administration}
For general tasks the \ilink{bareos-webui}{sec:webui} can be used.
Additional, there is the \command{bconsole} command line tool:
\begin{commands}{Starting the bconsole}
root@ucs:~# <input>bconsole</input>
Connecting to Director ucs:9101
1000 OK: ucs-dir Version: 15.2.2 (15 November 2015)
Enter a period to cancel a command.
*
\end{commands}
For general information, see the \ilink{Bconsole Tuturial}{sec:TuturialBconsole}.
\subsubsection{Backup Schedule}
As a result of the default configuration located at the \command{bareos-dir}, the backup schedule will look as follows:
\begin{description}
\item[Full Backups]
\begin{itemize}
\item are written into the \pool{Full} pool
\item on the first saturday at 21:00 o'clock
\item and kept for 365 days
\end{itemize}
\item[Differential Backups]
\begin{itemize}
\item are written into the \pool{Differential} pool
\item on every 2nd to 5th saturday at 21:00 o'clock
\item and kept for 90 days
\end{itemize}
\item[Incremental Backups]
\begin{itemize}
\item are written into the \pool{Incremental} pool
\item on every day from monday to friday at 21:00 o'clock
\item and kept for 30 days
\end{itemize}
\end{description}
That means full backups will be written every first saturday at 21:00 o'clock, differential backups every 2nd to 5th saturday at 21:00 o'clock and incremental backups from monday to friday at 21:00 o'clock. So you have got one full backup every month, four weekly differential and 20 daily differential backups per month.
This schedule is active for the univention server backup of itself and all other clients, which are backed up through the \command{bareos-dir} on the univention server.
There is also a special backup task, which is the Bareos backup of itself for a possible disaster recovery. This backup has got its own backup cycle which starts after the main backups. The backup consists of a database backup for the metadata of the Bareos backup server and a backup of the Bareos configuration files under \directory{/etc/bareos/}.
\subsubsection{Backup data management}
Data from the backup jobs is written to volumes, which are organized in pools (see chapter \nameref{DirectorResourcePool}).
The default configuration uses three different pools, called \pool{Full}, \pool{Differential} and \pool{Incremental},
which are used for full backups, differential and incremental backups, respectively.
% Each pool has a maximum size, which is controlled by the Univention configuration registry (UCR) variables \parameter{bareos/max_full_volumes}, \parameter{bareos/max_diff_volumes} and \parameter{bareos/max_incr_volumes}. Each variable is an integer number specifying the maximum number of volumes in the corresponding pool. Each volume has a maximum size of 10 Gigabytes.
%
% The default maximum number of volumes for each pool is 1, so the maximum disk space used for all backup data is 30 GB.
If you change the UCR variables, the configuration files will be rewritten automatically. After each change you will need to reload the director daemon.
\begin{commands}{Example for changing the Full pool size to $10 \ast 20$ GB}
root@ucs:~# <input>ucr set bareos/max_full_volumes=10</input>
Setting bareos/max_full_volumes
File: /etc/bareos/bareos-dir.conf
[ ok ] Reloading Bareos Director: bareos-dir.
root@ucs:~# <input>ucr set bareos/max_full_volume_bytes=20</input>
Setting bareos/max_full_volume_bytes
File: /etc/bareos/bareos-dir.conf
[ ok ] Reloading Bareos Director: bareos-dir.
\end{commands}
\warning{This only affects new volumes. Existing volumes will not change there size.}
\subsubsection{Backup Storage}
\label{sec:UniventionBackupStorage}
\warning{Using the default configuration, Bareos will store backups on your local disk. You may want to store the data to another location to avoid using up all of your disk space.}
The location for backups is \path|/var/lib/bareos/storage| in the default configuration.
For example, to use a NAS device for storing backups, you can mount your NAS volume via NFS on \path|/var/lib/bareos/storage|. Alternatively, you can mount the NAS volume to another directory of your own choice, and change the UCR variable \parameter{bareos/filestorage} to the corresponding path.
The directory needs to be writable by user \user{bareos}.
\begin{commands}{Example for changing the storage path}
root@ucs:/etc/bareos# <input>ucr set bareos/filestorage=/path/to_your/storage</input>
Setting bareos/filestorage
File: /etc/bareos/bareos-sd.conf
\end{commands}
\warning{You need to restart the Bareos storage daemon after having changed the storage path:}
\begin{commands}{}
root@ucs:/# <input>service bareos-sd restart</input>
\end{commands}
\subsubsection{Client and backup job management}
\paragraph{Add a client to the backup setup}$\;$
The univention Bareos application comes with an automatism for the client and job configuration. If you want to add a client to the Bareos director configuration, you need to set the checkbox to true, as you can see in the screenshot below.
\begin{center}
\includegraphics[width=0.60\textwidth]{\idir bareos-univention}
\end{center}
After having enabled the Bareos backup for a client, it will be configured automatically and loaded into the configuration. Therefore Bareos comes with a special cronjob called \command{univention-bareos}, which performs a restart every day at 20:30 o'clock (Remember: backups will be started at 21:00 o'clock!).
So if you add a client to the backup at \file{client.conf}, the connection and job data are created, also the corresponding \file{bareos-fd.conf} will be generated to place them on the client you want to backup (you also need to install the bareos-fd client on the client which is to be backed up).
\paragraph{Client and job configuration}$\;$
All clients will be listed in the \file{/etc/bareos/autogenerated/clients.include} which points to a \file{/etc/bareos/autogenerated/clients/xxx.conf}. If you disable the Bareos backup for a client, the client will not be removed from the configuration files. Only the backup job will be set inactive.
\begin{commands}{}
root@ucs:/etc/bareos/autogenerated# <input>cat clients.include</input>
@/etc/bareos/autogenerated/clients/testw4.example.com.include
@/etc/bareos/autogenerated/clients/testw1.example.com.include
@/etc/bareos/autogenerated/clients/testw2.example.com.include
\end{commands}
\begin{commands}{}
root@ucs:/etc/bareos/autogenerated/clients# <input>ls -l</input>
-rw-r--r-- 1 root root 430 16. Mai 15:15 generic.template
-rw-r----- 1 root bareos 518 21. Mai 14:49 testw2.example.com.include
-rw-r----- 1 root bareos 518 16. Mai 18:17 testw4.example.com.include
-rw-r----- 1 root bareos 513 21. Mai 14:46 testw1.example.com.include
-rw-r--r-- 1 root root 439 16. Mai 15:15 windows.template
\end{commands}
The settings for each job resource are set by the job definition from the bareos-director default configuration and the template files you see above. The client configuration file contains, as you can see below, the connection information and the job information:
\begin{commands}{}
root@ucs:/etc/bareos/autogenerated/clients# <input>cat testw2.example.com.include</input>
Client {
Name = "testw2.example.com-fd"
Address = "testw2.example.com"
Password = "DBLtVnRKq5nRUOrnB3i3qAE38SiDtV8tyhzXIxqR"
File Retention = 30 days # 30 days
Job Retention = 6 months # six months
AutoPrune = no # Prune expired Jobs/Files
}
Job {
Name = "Backup-testw2.example.com" #job name
Client = "testw2.example.com-fd" # client name
JobDefs = "DefaultJob" # job definition for the job
FileSet = "Windows All Drives" # FileSet (data which is backed up)
Schedule = "WeeklyCycle" # schedule for the backup tasks
Enabled = "Yes" #this is the ressource which is toggled on/off by enabling or disabling a backup from the univention gui
}
\end{commands}
\subsubsection{Bareos Webui Configuration}
After installation you just need to setup your login credentials via UCR variables.
Therefore, set the Univention configuration registry (UCR) variable
\parameter{bareos/webui/console/user1/username} and
\parameter{bareos/webui/consoles/user1/password}
according to your needs. The director configuration is automatically reloaded if one of those two variables changes.
Alternatively you can also set those UCR variables via commandline.
\begin{commands}{Example for changing webui login credentials}
root@ucs:~# <input>ucr set bareos/webui/console/user1/username="bareos"</input>
Setting bareos/webui/console/user1/username
File: /etc/bareos/bareos-dir.conf
[ ok ] Reloading Bareos Director: bareos-dir.
root@ucs:~# <input>ucr set bareos/webui/console/user1/password="secret"</input>
Setting bareos/webui/console/user1/password
File: /etc/bareos/bareos-dir.conf
[ ok ] Reloading Bareos Director: bareos-dir.
\end{commands}
When your login credentials are set, you can login into Bareos Webui by following the entry in your Administration UCS Overview or directly via \url{https://<UCS_SERVER>/bareos-webui/}.
\begin{center}
\includegraphics[width=0.8\textwidth]{\idir univention-ucs-overview-administration}
\end{center}