Taming the three-headed dragon or how authentication works in Bacula

    Greetings, Khabravchane.

    Bacula is a cross-platform client-server software that allows you to manage backup, recovery, and data verification over the network for computers and operating systems of various types. ( Wikipedia )

    In general, I contacted the bakulea by accident. I always preferred self-written scripts for backups and monitoring of their execution by nagios, as all specialized tools (Bacula, Amanda, etc.) seemed architecturally too complex to me, which themselves, because of their complexity, require that they be backed up. But once, with politics from above, we were put on ARCserve. After playing a little with this monster, I returned to Bacula and realized that Bacula is the top of grace and simplicity.

    The only problem for me with Bacula was the magic of setting up authentication. It was just like magic, here I prescribed something - it works, here it changed something - it does not work. The fact was that:
    1) it is not clear who is connecting to whom;
    2) which fields from the configuration file are used by this someone for authentication.

    No schemes and documentation found on the Internet gave an exhaustive answer and I decided to figure it out myself, repeatedly changing the settings of the services and checking if it works / does not work. In common people - "scientific tyk."



    Objects in the diagram


    Backup Server - the server managing the backup
    Storage Server - the server managing the storage (the storage can be either a streamer or a disk array)
    Admin PC - administrator's computer with utilities for managing the server
    Backup Monitor - a computer with a program that monitors servers and clients
    Client PC - computer whose data you want to back up

    Who connects to whom


    From what we were able to find out at the moment:
    - Director connects to Client and Storage
    - Client connects to Storage (during backup)
    - Bacula Tray Monitor connects directly to Director, Client and Storage
    - Bacula Console connects only to Director
    - Storage independently, seems to be not connecting to anyone

    Authentication


    See the diagram above and note:
    - the red arrows indicate the authentication of the server on the server and the client , the blue arrow indicates the connection of the management console to the server , and the green arrows (optional) connect the monitoring utility to all services (server, store and client )
    - on where and how the IP addresses
    are registered - that you need to comment out DirAddress, SDAddress and FDAddress = 127.0.0.1 in the service settings (so that the services listen to the connections at 0.0.0.0, i.e. on all interfaces)

    What other parameters of some services should correspond to the parameters of others


    As it became clear at the moment, in addition to the parameters involved in authentication (see the diagram) and IP addresses, only “Device = Filestorage” and “Media Type = File” in the Director settings should correspond to the Storage settings. All other parameters do not affect anything and are used only inside the corresponding configuration files (some of them are indicated on the diagram as anyname1, anyname2, etc.).

    The work was carried out with:
    - Ubuntu Server 12.04.1
    - Bacula 5.2.5

    I hope this post saves someone a little time. Do not forget to save.

    Also popular now: