Bacula: The Open Source Network Backup Solution


The main advantages of Bacula-Web are the simplicity of installation, easy to configure and it’s totally web based without needing local fat client install, configure and upgrades.

Bacula-Web provide you with a lot of informations about your last backup jobs, restore jobs, volumes, pools and so on …
If you’re interested in full detailled features list, it may be found in the documentation section. You will be surprised at the way the ease of use of the Bacula-Web tool.

The only things you need is a well working and configured LAMP server and a valid database connection to your Bacula catalog.

Bacula-Web GUI (graphical user interface) is mostly written in PHP and is compatible with your prefered OS such as Red Hat, Centos, Fedora, Debian, Gentoo, FreeBSD, etc.

Requirements

Before installing Bacula-Web on your server, you must ensure that your system fullfill Bacula-Web requirements

ssh (root access) on the server
Apache Web server (at least version 2)
PHP version >= 5 with
Gettext support
GD library support (used for graphs)
TrueType support (optional)
PHP PDO and PHP support for MySQL, postgreSQL or SQLite (depend your Bacula setup)
Session support
Database connectivity to your Bacula director(s) database(s)
supported database MySQL, postgreSQL or SQLite

Install required packages on RedHat / Centos / Fedora

Install Apache web server

1. $ sudo yum install httpd
2. $ sudo chkconfig httpd on
3. $ sudo service httpd start

Install PHP

Install PHP and PHP support for the database you’ve installed for Bacula

with MySQL database support

1. $ sudo yum install php php-gd php-gettext php-mysql php-pdo

with postgreSQL database support

1. $ sudo yum install php php-gd php-gettext php-pgsql php-pdo

with SQLite database support

1. $ sudo yum install php php-gd php-gettext php-pdo

Change SQLite database file permissions

Assuming that the bacula database file is located under /var/spool/bacula

1. # chmod -v 705 /var/spool/bacula
2. # chmod -v 704 /var/spool/bacula/bacula.db

Move into Apache directory

// RedHat/Centos
# cd /var/www/html

// Debian / Ubuntu
# cd /var/www/
Download the source tarball

# wget http://www.bacula-web.org/files/bacula-web.org/downloads/bacula-web-latest.tgz

Uncompress the archive

// Red Hat / Centos / Fedora
# tar -xzf bacula-web-latest.tgz -C /var/www/html/

Rename the folder

# mv -v bacula-web-x.x.x bacula-web
Change files/folders permissions

// On Centos / Red Hat
# chown -Rv apache ./bacula-web

// On Debian / Ubuntu
# chown -Rv www-data: ./bacula-web

# chmod -Rv u=rx,g=rx,o=rx ./bacula-web

Configuring Bacula-Web

From Bacula-Web root folder, copy the file config.php.sample as below

Please note that since version 5.1.0, the config file is a PHP script.

# cd application/config

# cp -v config.php.sample config.php

# chown -v apache: config.php

Languages

Bacula-Web have been translated in different language (thank you to all the contributors for their efforts).

English (default)
Spanish (last update by Juan Luis Francés Jiménez)
Italian (last update by Gian Domenico Messina (gianni.messina AT c-ict.it)
French (last update by Morgan LEFIEUX – comete AT daknet.org)
German (last update by Florian Heigl)
Swedish – Maintened by Daniel Nylander (po@danielnylander.se)
Portuguese Brazil – Last updated by J. Ritter (condector@gmail.com)

To change the default displayed language, modify the option in config.php (see below)

$config[‘language’] = ‘en_EN’; // (default language)

// Other available languages

// en_US (or en_UK)
// es_ES
// it_IT
// fr_FR
// de_DE
// sv_SV
// pt_BR

Options

As of version 5.2.11, the configuration file contain two new options described below

// Show inactive clients (hidden by default)
$config[‘show_inactive_clients’] = true;

// Hide empty pools (displayed by default)
$config[‘hide_empty_pools’] = false;

Database connection settings

// Bacula catalog label (used for catalog selector)
$config[0][‘label’] = ‘Backup Server’;

// Server
$config[0][‘host’] = ‘localhost’;

// Database name
$config[0][‘db_name’] = ‘bacula’;

// Database user
$config[0][‘login’] = ‘bacula’;

// Database user’s password
$config[0][‘password’] = ‘verystrongpassword’;

// Database type (mysql | pgsql | sqlite)
$config[0][‘db_type’] = ‘mysql’;

// Database port
$config[0][‘db_port’] = ‘3306’;

Single catalog (example)

$config[‘language’] = ‘en_EN’;

//MySQL bacula catalog
$config[0][‘label’] = ‘Backup Server’;
$config[0][‘host’] = ‘localhost’;
$config[0][‘login’] = ‘bacula’;
$config[0][‘password’] = ‘verystrongpassword’;
$config[0][‘db_name’] = ‘bacula’;
$config[0][‘db_type’] = ‘mysql’;
$config[0][‘db_port’] = ‘3306’;

Multiple catalogs (example)

<?php
//MySQL bacula catalog
$config[0][‘label’] = ‘Backup Server’;
$config[0][‘host’] = ‘localhost’;
$config[0][‘login’] = ‘bacula’;
$config[0][‘password’] = ‘verystrongpassword’;
$config[0][‘db_name’] = ‘bacula’;
$config[0][‘db_type’] = ‘mysql’;
$config[0][‘db_port’] = ‘3306’;

//PostgreSQL Lab serveur
$config[1][‘label’] = ‘Lab backup server’;
$config[1][‘host’] = ‘192.168.0.120’;
$config[1][‘login’] = ‘bacula’;
$config[1][‘password’] = ‘verystrongpassword’;
$config[1][‘db_name’] = ‘bacula’;
$config[1][‘db_type’] = ‘pgsql’;
$config[1][‘db_port’] = ‘5432’;
?>

Configuration example

Here’s below how your configuration file (config.php) could look like

<?php
// Language
$config[0][‘language’] = ‘en_EN’;

// Show inactive clients
$config[‘show_inactive_clients’] = false;

// Hide empty pools
$config[‘hide_empty_pools’] = true;

//MySQL bacula catalog
$config[0][‘label’] = ‘Backup Server’;
$config[0][‘host’] = ‘localhost’;
$config[0][‘login’] = ‘baculaweb’;
$config[0][‘password’] = ‘password’;
$config[0][‘db_name’] = ‘bacula’;
$config[0][‘db_type’] = ‘mysql’;
$config[0][‘db_port’] = ‘3306’;

// PostgreSQL bacula catalog
$config[1][‘label’] = ‘Prod Server’;
$config[1][‘host’] = ‘db-server.domain.com’;
$config[1][‘login’] = ‘bacula’;
$config[1][‘password’] = ‘otherstrongpassword’;
$config[1][‘db_name’] = ‘bacula’;
$config[1][‘db_type’] = ‘pgsql’;
$config[1][‘db_port’] = ‘5432’;

// SQLite bacula catalog
$config[2][‘db_type’] = ‘sqlite’;
$config[2][‘label’] = ‘bacula’;
$config[2][‘db_name’] = ‘/path/to/database’;
?>

Configure PHP

Update the timezone parameter in your PHP configuration in order to prevent Apache warning messages (see below)

Warning: mktime(): It is not safe to rely on the system’s timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected ‘Europe/Berlin’ for ‘CEST/2.0/DST’ instead in /var/www/html/bacula-web/config/global.inc.php on line 62

Modify PHP configuration file

1. # File: /etc/php.ini
2. # For *BSD users, the file is located /usr/local/etc/php.ini
3. # Locate and modify the line below
4. date.timezone =
5. # with this value (for example)
6. date.timezone = Europe/Zurich

Reload Apache configuration

1. $ sudo service httpd reload || sudo /etc/init.d/httpd reload

Secure your web server

In order to secure the application folder and avoid exposing sensitive information contained in Bacula-Web configuration.

Edit the Apache configuration file as described below

Red Hat / Centos / Fedora

1. $ sudo vim /etc/httpd/conf.d/bacula-web.conf

Debian / Ubuntu

1.$ sudo vi /etc/apache2/sites-available/default

and add the content below

AllowOverride All

Then reload Apache to apply the configuration change

Centos / Red Hat

1. $ sudo /etc/init.d/httpd restart

Debian / Ubuntu

1. $ sudo /etc/init.d/apache2 restart

Upgrading / Moving Bacula-Web

Upgrading or moving your Bacula-Web installation is very easy

* Make a copy of the config file which is located under the folder application/config/config.php
* Ensure that you meet all system requirements
* Follow the steps described in the installation guide
* Replace the default config file with your own version
* Test the installation through the test page

Enjoy it

Testing Bacula-Web

After installing and configuring Bacula-Web, just ensure that Bacula-Web will work fine.

A test page exist for this purpose that check the following items

required package are succesfully installed
smarty template cache good permissions
php modules are installed and properly configured
To test your installation of Bacula-Web, follow this link

http://yourserveroripaddress/bacula-web/test.php

You should got the same result as shown in the screenshot below

For quick installation You can use the below Steps also on RHEL/Cent-OS

This example shows to configure on the environment like follows.

(1) director.server.world [10.0.0.60] Bacula Management Server – Director, Storage, Database Daemon
(2) file01.server.world [10.0.0.61] Bacula Client – File Daemon ( Backup Target )

Database is required on backends, so this example shows to use MySQL Server on Bacula Management Server. It’s possible to use PostgreSQL, SQLite, too

[1] Install Director and Storage component on Bacula Management Server.

[root@director ~]# yum -y install bacula-director-mysql bacula-storage-mysql bacula-console

[2]Create a database for Bacula.

[root@director ~]# /usr/libexec/bacula/grant_mysql_privileges -p
Enter password: # root password for MySQL
Privileges for user bacula granted on database bacula.
[root@director ~]# /usr/libexec/bacula/create_mysql_database -p
Enter password: # root password for MySQL
Creation of bacula database succeeded.
[root@director ~]# /usr/libexec/bacula/make_mysql_tables -p
Enter password: # root password for MySQL
Creation of Bacula MySQL tables succeeded.
[root@director ~]# mysql -u root -p # connect to MySQL
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 10
Server version: 5.1.52 Source distribution
Copyright (c) 2000, 2010, Oracle and/or its affiliates. All rights reserved.
This software comes with ABSOLUTELY NO WARRANTY. This is free software,
and you are welcome to modify and redistribute it under the GPL v2 license
Type ‘help;’ or ‘\h’ for help. Type ‘\c’ to clear the current input statement.
# set password for Bacula
mysql> set password for bacula=password(‘password’);
Query OK, 0 rows affected (0.00 sec)
# set password for Bacula
mysql> set password for bacula@localhost=password(‘password’);
Query OK, 0 rows affected (0.00 sec)
# make sure settings
mysql> select user,host,password from mysql.user;

mysql> show databases;

mysql> use bacula;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Database changed
mysql> show tables;

mysql> exit
Bye

See the below Image:

b1
b2
b3

Pacemaker: Pacemaker is an Open Source, High Availability resource manager suitable for both small and large clusters.


Features

Detection and recovery of machine and application-level failures
Supports practically any redundancy configuration
Supports both quorate and resource-driven clusters
Configurable strategies for dealing with quorum loss (when multiple machines fail)
Supports application startup/shutdown ordering, regardless machine(s) the applications are on
Supports applications that must/must-not run on the same machine
Supports applications which need to be active on multiple machines
Supports applications with multiple modes (eg. master/slave)

Provably correct response to any failure or cluster state.
The cluster’s response to any stimuli can be tested offline before the condition exists

Configuration Tools

Pacemaker’s internal configuration format is XML, which is great for machines but terrible for humans. The community’s best minds have created GUIs and Shells to hide the XML and allow the configuration to be viewed and updated in a more human friendly format.

Command Line Interfaces (Shells)

crmsh – The original configuration shell for Pacemaker. Written and maintained by SUSE, it may be used either as an interactive shell with tab completion, for single commands directly on the shell’s command line or as batch mode scripting tool.

pcs – An alternate vision for a full cluster lifecycle configuration shell and web based GUI. Handles everything from cluster installation through to resource configuration and status.

GUI Tools

pygui – The original GUI for Pacemaker written in Python by IBM China. Mostly deprecated on SLES in favor of Hawk

hawk – Hawk is a web-based GUI for managing and monitoring Pacemaker HA clusters. It is generally intended to be run on every node in the cluster, so that you can just point your web browser at any node to access it. It is documented as part of the SUSE Linux Enterprise High Availability Extension documentation

LCMC – The Linux Cluster Management Console (LCMC) is a GUI with an inovative approach for representing the status of and relationships between cluster services. It uses SSH to let you install, configure and manage clusters from your desktop.

pcs – An alternate vision for a full cluster lifecycle configuration shell and web based GUI. Handles everything from cluster installation through to resource configuration and status.

Other Add-ons

booth – The Booth cluster ticket manager extends Pacemaker to support geographically distributed clustering. It does this by managing the granting and revoking of ‘tickets’ which authorizes one of the cluster sites, potentially located in geographically dispersed locations, to run certain resources.

Install Linux High-Availability Cluster tool “Pacemaker”.

This example shows to configure on the environment like follows.
(1) www01.server.world ( eth0 [192.168.1.60], eth1 [10.0.0.60] )
(2) www02.server.world ( eth0 [192.168.1.61], eth1 [10.0.0.61] )

This example uses eth0 for inter-connection and uses eth1 for service provider.

[1] Install Pacemaker on both Hosts.

[root@www01 ~]# yum -y install pacemaker

[2] Create an authkeys that is used for inter-connection. Configure it on both Hosts.

[root@www01 ~]# vi /etc/ha.d/authkeys
auth 1
1 sha1 secret
[root@www01 ~]# chmod 600 /etc/ha.d/authkeys

[3] Configure Corosync on both Hosts.

[root@www01 ~]# cp /etc/corosync/corosync.conf.example /etc/corosync/corosync.conf
[root@www01 ~]# vi /etc/corosync/corosync.conf
compatibility: whitetank
# add like follows.
aisexec {
user: root
group: root
}
service {
name: pacemaker
ver: 0
use_mgmtd: yes
}
totem {
version: 2
secauth: off
threads: 0
interface {
ringnumber: 0
# Specify network address for inter-connection
bindnetaddr: 192.168.1.0
mcastaddr: 226.94.1.1
mcastport: 5405
}
}
logging {
fileline: off
to_stderr: no
to_logfile: yes
to_syslog: yes
logfile: /var/log/cluster/corosync.log
debug: off
timestamp: on
logger_subsys {
subsys: AMF
debug: off
}
}
amf {
mode: disabled
}

[root@www01 ~]# chown -R hacluster. /var/log/cluster
[root@www01 ~]# /etc/rc.d/init.d/corosync start
Starting Corosync Cluster Engine (corosync): [ OK ]
[root@www01 ~]# chkconfig corosync on

[4] Execute crm_mon on a Host, then it’s OK if the result like follows is shown. Basic settings is done for Pacemaker. It’s necessarry to configure more if you’d like to configure a service as Cluster. See next Step.

[root@www01 ~]# crm_mon
============
Last updated: Fri Jul 15 20:56:49 2011
Stack: openais
Current DC: www01.server.world – partition with quorum
Version: 1.1.2-f059ec7ced7a86f18e5490b67ebf4a0b963bccfe
2 Nodes configured, 2 expected votes
0 Resources configured.
============

Online: [ www01.server.world www02.server.world ]

[root@www01 ~]# crm configure property no-quorum-policy=”ignore” stonith-enabled=”false”
[root@www01 ~]# crm configure rsc_defaults resource-stickiness=”INFINITY” migration-threshold=”1″

[5] If you’d like to clear all settings of pacemaker, Do like follows.

[root@www01 ~]# /etc/rc.d/init.d/corosync stop # stop
[root@www01 ~]# rm -f /var/lib/heartbeat/crm/* # remove all
[root@www01 ~]# /etc/rc.d/init.d/corosync start #start

nload – Monitor Network Traffic and Bandwidth Usage In Real Time


nload is a terminal based application for linux which monitors network traffic and bandwidth usage in real time. It monitors the in- and outgoing traffic using two graphs and provides additional info like the total amount of transferred data and min/max network usage.
It displays the total amount of data that has been transferred over a network device since the last reboot, the current bandwidth usage, and the minimum, maximum, and average bandwidth usage measured since it started.

nload

How to use it
Step 1: You can use nload by simply typing nload in the terminal, if you haven’t provided any interface then it will display information for all network interfaces starting with eth0 (which is default). To Toggle between different network interfaces, use arrows keys.

Decoding nload Output
Incoming: Data for incoming traffic:
Curr: 23.53 kBit/s current, speed right now
Avg: 11.28 kBit/s average
Min: 33.67 kBit/s Minimum, in the observed period
Max: 0.28 kBit/s Maximum, in the observe period
Ttl: 14.34 GByte total volume transferred

Outgoing: Data outgoing traffic:
Curr: 56.29 kBit/s (same as above)
Avg: 56.24 kBit/s
Min: 44.77 kBit/s
Max: 79.67 kBit/s
Ttl: 982.78 MByte

Step 2: You can check specific network interface by specifying its name.
$ nload lo

Step 3: You can check different network interfaces in same window by typing following command
$ nload -m lo ppp0

Step 4: nload uses bits/s as default unit to show traffic numbers, you can change it by specifying -u h|k|m. h – bits/s (Defualt) , k – kBits/s, m- Mbits/s.
$ nload -u k ppp0

Note: As you can see in the above screenshot output, the total data field(Ttl) is still in Mbytes, You can change that field by using -U(capital) option.
$ nload -U k ppp0

Step 5: To know more about nload refer man page or use help command
$ man nload
$ nload –help

That’s it. Hope you have Enjoyed the post.

How to secure the /tmp partition on a VPS with noexec,nosuid option?


On a VPS, there are 2 ways to mount OR secure /tmp and /var/tmp partitions with the noexec,nosuid option. One way is to mount these partitions from the Host Node (hosting provider can do this) and the other way is to mount them from within the VPS.

1) Login to the Node server and execute the following command:

# vzctl set VEID --bindmount_add /tmp,noexec,nosuid,nodev --save 
# vzctl set VEID --bindmount_add /var/tmp,noexec,nosuid,nodev --save

The “bindmount_add” option is use to mount the partition inside the VPS. The ‘VEID’ is the VPS ID you are working on.

2) The second option is to mount these partition from within the VPS itself. It is useful incase you don’t have access to the Node server. To mount /tmp and /var/tmp from within the VPS, execute:

# mount -t tmpfs -o noexec,nosuid,nodev tmpfs /tmp 
# mount -t tmpfs -o noexec,nosuid,nodev tmpfs /var/tmp

To check the mounted ‘tmp’ partitions, execute

# mount | grep tmp 
 tmpfs on /tmp type tmpfs (rw,noexec,nosuid) 
 tmpfs on /var/tmp type tmpfs (rw,noexec,nosuid,nodev)

Unable to start SSH: /dev/null is not a character device


The “/dev/null is not a character device” message occurs in a VPS when an upgrade is performed and the /dev/null turns into a regular file.

# /etc/init.d/sshd restart
Restarting Secure Shell server: sshd failed!
/dev/null is not a character device!.

The /dev/null should be a character device as per the Linux standards. To fix the issue, remove the file

# rm -f /dev/null

Create the character device

# mknod /dev/null c 1 3

The file should look like follows:

# ls -la /dev/null
crw-rw-rw- 1 root root 1, 3 Oct  1 11:42 /dev/null

Now restart the sshd service

# /etc/init.d/sshd restart
Stopping sshd:              [  OK  ]
Starting sshd:              [  OK  ]

Script to email successful Ftp logins


This Shell script will search the server logs on daily basis and will email you the successful Ftp Logins of the day. The ftp logs are saved in the /var/log/messages file as by default there is no separate log file for Ftp in Linux.

Create a file /home/script/ftplogins.sh and paste the below code:

#!/bin/bash

#Retrieve the current date

CUR_DATE=`date +”%b %e”`

#Create a temporary file to store the logs
touch /tmp/out.txt

echo “List Follows” > /tmp/out.txt

#Search the successful attempts and save in the temporary file

/bin/grep “$CUR_DATE” /var/log/messages | grep pure-ftpd | grep logged >> /tmp/out.txt

#Email the contents of the file to your email address
/bin/mail -s “Successful Ftp Login Attempts on ‘$CUR_DATE’” youremail@yourdomain.com < /tmp/out.txt

Save the file. You now have to schedule a cron to execute the file once in a day to search logs. Edit the cron file

crontab -e

and add the following cron job

59 23 * * * /bin/sh /home/script/ftplogins.sh

Note:

1) This script will work with Pure-Ftpd server. You will have to edit the search string a bit according to your Ftp server.

2) If you copy/paste the script as it is in shell, the single and double quotes may change to dots (.) so make sure you correct them before executing the script.

Script to terminate suspended accounts on a cPanel server


How to check suspended accounts on a cPanel server and terminate them after a specific time frame?

Many a times you suspend an account on the server and it goes unnoticed for months thus wasting disk space of your server. You can use the following script and schedule it to execute, say once in a day which will delete the suspended accounts from the server.

Create a file called terminatesuspended.sh

# pico /root/terminatesuspended.sh

Add the following code

for i in `find /var/cpanel/suspended/ -mtime +30 |\
  cut -d'/' -f5 | sed '1 d'` 
 do 
 y | /scripts/killacct $i;
 done;

The username of suspended accounts are saved under the /var/cpanel/suspended directory. The find command will search the /var/cpanel/suspended/ directory for files which are 30 days old and will pass the username to the ‘killacct’ command.

Save the file and set a cronjob to execute the file once in a day. Edit the root cronjob file

# crontab -e

Add the following cronjob

0 1 * * * /bin/sh /root/terminatesuspended.sh

The above cronjob will terminate the account that is been suspended from more than 30 days at 1.00AM.

Shell Script to Monitor Load Average on a Linux server


Load Average on a server reflects the current state of the server. Higher the load average, poorer is the server performance hence it is a necessity to monitor the load average on the server.

The following shell script monitors the load average on the Linux server and inform the server administrator with the load average and the process that are running if the load average is greater than the defined threshold.

Create a file, say, /root/monit_loadaverage.sh and paste the following script in it:

############### START OF THE SCRIPT ###############

#!/bin/bash

# Define Variables
CUR_TIME=`date +"%A %b %e %r"`
HOSTNAME=`hostname`

# Retrieve the load average of the past 1 minute
Load_AVG=`uptime | cut -d'l' -f2 | awk '{print $3}' | cut -d. -f1`
LOAD_CUR=`uptime | cut -d'l' -f2 | awk '{print $3 " " $4 " " $5}'\
 | sed 's/,//'`

# Define Threshold. This value will be compared with the current
# load average. Set the value as per your wish.
LIMIT=5

# Compare the current load average with the Threshold value and
# email the server administrator if the current load average
# is greater.
if [ $Load_AVG -gt $LIMIT ]
then

#Save the current running processes in a file
/bin/ps auxf >> /root/ps_output

# Save the other values in a file
echo "Current Time :: $CUR_TIME" >> /tmp/monitload.txt
echo "Current Load Average :: $LOAD_CUR" >> /tmp/monitload.txt
echo "The list of current processes is attached\
 with the email for your reference." >> /tmp/monitload.txt
echo "Please Check... ASAP."  >> /tmp/monitload.txt

# Send an email to the administrator of the server
/usr/bin/mutt -s "ALERT!!! High 1 minute load average\
 on '$HOSTNAME'" -a /root/ps_output youremail@youremail.com <\
/tmp/monitload.txt

fi

# Remove the temporary log files
/bin/rm -f /tmp/monitload.txt
/bin/rm -f /root/ps_output

############### END OF THE SCRIPT ###############

Make sure you replace the Treshold (LIMIT) value and your email address with your own values in the script.

Now, schedule a cronjob to execute the script on per minute basis. Edit the cronjob file

# crontab -e

and place the following cronjob at the end of the file

* * * * * /bin/sh /root/monit_loadaverage.sh

restart the crond service

# service crond restart

In order to use “mutt” to send emails, you need to install the mutt package on the server. It allows you to send emails with attachments.

# yum install mutt

Note: Please place a comment if you receive any error message while executing this script OR you need some modifications in the script.