Taming the triceps dragon or how authentication in Bacula works
Greetings, Habravchane.
Bacula is a cross-platform client-server software that allows you to manage backup, recovery, and data verification over the network for computers and operating systems of various types. ( Wikipedia )
In general, I contacted the baculy quite by accident. I have always preferred self-written scripts for backups and monitoring their execution by nagios, since all the specialized tools (Bacula, Amanda, etc.) seemed to me architecturally too complex, which themselves, because of their complexity, require that they be backed up. But once, by politics from above, they put us on ARCserve. Having played a little with this monster, I returned to Bacula and realized that Bacula is the height of grace and simplicity.
The only problem for me with Bacula was the magic of setting up authentication. It was just like magic, here I have prescribed something - it works, here I have changed something - it does not work. The point was that:
1) it is not clear who is connected to whom;
2) which fields from the configuration file does this someone use for authentication.
')
No schemes and documentation found on the Internet did not give an exhaustive answer, and I decided to figure it out myself, changing the service settings many times and checking it works / does not work. In common people - "scientific tyk."
Backup Server - backup management server
Storage Server - server managing storage (storage can be either a tape drive or a disk array)
Admin PC - admin computer with utilities for server management
Backup Monitor - a computer with a program that monitors servers and clients
Client PC - the computer that needs to be backed up
From what has so far been found out:
- Director connects to Client and Storage
- Client connects to Storage (during the backup process)
- Bacula Tray Monitor connects directly to Director, Client and Storage
- Bacula Console connects only to Director
- Storage independently, like, does not connect to anyone
See the diagram above and note:
- that red arrows indicate server authentication at storage and client , blue arrow - connection of the management console to the server , and green (optional part) - connection of the monitoring utility to all services (server, storage and client).
- on where and how IP addresses are registered
- that in the settings of services it is necessary to comment out DirAddress, SDAddress and FDAddress = 127.0.0.1 (for services to listen for connections to 0.0.0.0, that is, on all interfaces)
As it has now become clear, in addition to the parameters involved in authentication (see diagram) and IP addresses, only “Device = Filestorage” and “Media Type = File” in the Director settings must match the settings of the Storage. All other parameters do not affect anything and are used only within the corresponding configuration files (some of them are designated in the diagram as anyname1, anyname2, etc.).
Works were carried out with:
- Ubuntu Server 04/12/1
- Bacula 5.2.5
I hope this post will save someone a little time. Do not forget to persist.
Bacula is a cross-platform client-server software that allows you to manage backup, recovery, and data verification over the network for computers and operating systems of various types. ( Wikipedia )
In general, I contacted the baculy quite by accident. I have always preferred self-written scripts for backups and monitoring their execution by nagios, since all the specialized tools (Bacula, Amanda, etc.) seemed to me architecturally too complex, which themselves, because of their complexity, require that they be backed up. But once, by politics from above, they put us on ARCserve. Having played a little with this monster, I returned to Bacula and realized that Bacula is the height of grace and simplicity.
The only problem for me with Bacula was the magic of setting up authentication. It was just like magic, here I have prescribed something - it works, here I have changed something - it does not work. The point was that:
1) it is not clear who is connected to whom;
2) which fields from the configuration file does this someone use for authentication.
')
No schemes and documentation found on the Internet did not give an exhaustive answer, and I decided to figure it out myself, changing the service settings many times and checking it works / does not work. In common people - "scientific tyk."
Objects in the diagram
Backup Server - backup management server
Storage Server - server managing storage (storage can be either a tape drive or a disk array)
Admin PC - admin computer with utilities for server management
Backup Monitor - a computer with a program that monitors servers and clients
Client PC - the computer that needs to be backed up
Who is connected to whom
From what has so far been found out:
- Director connects to Client and Storage
- Client connects to Storage (during the backup process)
- Bacula Tray Monitor connects directly to Director, Client and Storage
- Bacula Console connects only to Director
- Storage independently, like, does not connect to anyone
Authentication
See the diagram above and note:
- that red arrows indicate server authentication at storage and client , blue arrow - connection of the management console to the server , and green (optional part) - connection of the monitoring utility to all services (server, storage and client).
- on where and how IP addresses are registered
- that in the settings of services it is necessary to comment out DirAddress, SDAddress and FDAddress = 127.0.0.1 (for services to listen for connections to 0.0.0.0, that is, on all interfaces)
What other parameters of some services should match the parameters of other
As it has now become clear, in addition to the parameters involved in authentication (see diagram) and IP addresses, only “Device = Filestorage” and “Media Type = File” in the Director settings must match the settings of the Storage. All other parameters do not affect anything and are used only within the corresponding configuration files (some of them are designated in the diagram as anyname1, anyname2, etc.).
Works were carried out with:
- Ubuntu Server 04/12/1
- Bacula 5.2.5
I hope this post will save someone a little time. Do not forget to persist.
Source: https://habr.com/ru/post/157605/
All Articles