TurnKey Linux Virtual Appliance Library

TKLPatch for Bacula [Updated]

Ok, we needed a backup appliance, and after looking at the two best offerings, I went with bacula. As always, my work is based on a one or two days research of the software, so experienced bacula users are invited to step in and comment about best practices, test the patch and give constructive feedback. 

Features:
Bacula backup installed from ubuntu's repository.
Webacula web frontend for easy management. (convenience) 
securewebacula script to set admin password and allowed network access to webacula. (convenience)
http and https access enabled.
Webmin module for Bacula installed. (convenience)
 

What it does:

1. Set Hostname to bacula
HOSTNAME=bacula
echo "$HOSTNAME" > /etc/hostname
sed -i "s|127.0.1.1 \(.*\)|127.0.1.1 $HOSTNAME|" /etc/hosts
hostname bacula
 
2. Update package information
apt-get update
 
3. Install required packages. Note that bacula-server is installed after to prevent an error if mysql-server is still not running.
install mysql-server zendframework php5-gd bacula-console php5-mysql webmin-bacula-backup
install bacula-server
 
4. Download webacula web interface. I extracted the file to /var/www and renamed the directory to /var/www/webacula
cd /usr/src
wget -O webacula.tar.gz http://sourceforge.net/projects/webacula/files/webacula/5.0.2/webacula-5...
tar xzf webacula.tar.gz -C /var/www/ 
mv /var/www/webacula-5.0.2/ /var/www/webacula
 
5. Install webacula: Run database scripts, link Zend framework and set some application and php settings.
/var/www/webacula/install/webacula_mysql_create_database.sh
/var/www/webacula/install/webacula_mysql_make_tables.sh     
ln -s /usr/share/php/Zend/ /var/www/webacula/library/
usermod -aG bacula www-data
sed -i "s/max_execution_time = 30/max_execution_time = 600/" /etc/php5/apache2/php.ini
sed -i "s|/usr/bin/sudo||" /var/www/webacula/application/config.ini
sed -i "s|/sbin/bconsole|/usr/bin/bconsole|" /var/www/webacula/application/config.ini
6. Enable apache modules. For ssl access and rewrite module required by webacula
a2enmod rewrite ssl
a2ensite default-ssl
7. Create user admin and set password for /webacula. We are using apache's basic authentication here. 
htpasswd -c -b /etc/apache2/webacula.users admin turnkey
8. Stop mysql and apache2, to prevent conflicts. 
service mysql stop
service apache2 stop
9. Clean apt cache and sources.
rm -f /usr/src/webacula.tar.gz
cleanup_apt
 

securewebacula script: 

The following is the content of this script, which overlays to /usr/local/bin, and basically ask a password and allowed networks to access the webacula application and issues a htpasswd command to change the password and replaces the Allow from entry of webacula's apache conf located in /etc/apache2/conf.d/webacula.conf. Comments are welcome. 
 
#!/bin/bash
# Script to secure access to webacula application
# by Adrian Moya

echo "This script will secure access to /webacula con this server"
echo 
while [[ $PASSWD = "" ]]; do
  stty -echo 
  read -p "Password for admin: " PASSWD; echo 
  stty echo  
  if [[ $PASSWD = "" ]]; then 
    echo "This password can't be blank"
  fi  
done
echo 
echo "Please set allowed network access to webacula"
echo "You can use Apache Allow Directive values here"
echo "Examples: if your network ip range is 192.168.1.x"
echo "Allow access from your current network (recommended): 192.168.1.0/24"
echo "More info at http://httpd.apache.org/docs/2.0/mod/mod_access.html#allow"
echo 
while [[ $ALLOWFROM = "" ]]; do
  read -p "Which ip's or domains can access webacula: " ALLOWFROM
  if [[ $ALLOWFROM = "" ]]; then 
    echo "This field can't be blank"
  fi
done
echo
htpasswd -b /etc/apache2/webacula.users admin $PASSWD
echo "Updating Allow directive for /webacula"
sed -r -i "s|Allow from .*|Allow from $ALLOWFROM|" /etc/apache2/conf.d/webacula.conf
service apache2 reload

Enjoy!

Attached: 

I added the webmin module

I forgot in the first published version to add the webmin module. So I've added it to give support to this frontend. It looks real nice. 

Note: I didn't re-run tests after adding the module, so if you have any issue please post asap. :)

Please rename the patch

For some reason the forum adds a _1 to the filename of the patch. This will break it if you use the tar.gz directly with the tklpatch command. I hope Liraz/Alon can fix this issue. Anyway, just rename it to bacula.tar.gz and you'll be fine.

Liraz Siri's picture

Sorry the weird filenames are a Drupal thing

I'm hoping it will be fixed in future versions of the module we're using. I'm adding it to my long todo list for the web site. For now, we'll have to use workarounds.
Jeremy's picture

Please note - Filename change not needed now

The current file is "bacula1.tar.gz" and it does not need to be renamed.

@Liraz - I'm not sure if its just me but I have had a few problems with these Drupal-renamed files being corrupted.

I think the best workaround is to not replace files, delete the old and upload a file with a new name. I haven't had any problems with those.

Jeremy's picture

Nice work Adrian! - And a little more info for users/testers

IMO a great choice! I have had a look myself and thought that Bacula was the one to pick for a TKL Backup Server appliance. I note too that in the spirit of TKL appliances you have gone beyond the basic setup and padded it out with some neat extras to add extra value!

I am yet to test it out but I thought beyond acknowledging your work, I'd be nice to add some info (from my previous investigations) to make it a little easier for testers to find what they need to get it up and running (and assuming it makes it into the next release, some info as a start for the appliance page/wiki).

For those who aren't aware, Bacula is a server/client based backup system, aimed largely at the enterprise market but useful for SOHO/home users too. From what I've read, it can be somewhat technical to set up but is very powerful, adaptable and scaleable. Obviously Adrian has kindly produced this patch for server component, but the client module is available for all major OSs (eg Win 98->2K8 - server/desktop 32/64bit, Linux - server/desktop 32/64 bit, Mac OSX, full OS support details here) making it great for mixed OS environments.

Personally I think an appliance like this, teamed with the newly released TKLBAM is a winning combo for sitewide, crossplatform system backups! Backup workstations (and servers if desired) to the TKL Bacula appliance and then use TKLBAM to backup your whole worksite's data! What a winner! :)

To help you get setup, Bacula Documentation can be found here. Bacula client v5.0.1 (AKA File-daemon/Bacula File) can be installed in Ubuntu 10.04/Lucid (and v5.0.2 in the upcoming 10.10/Maverick) desktop (or server) system with the command
sudo apt-get update && sudo apt-get install bacula-client
there is also a Bacula system tray monitor (works under both Gnome & KDE - no use for server obviously) that can be installed similarly ('bacula-traymonitor'). For other Ubuntu releases, I'm not sure if the repo versions of Bacula-client are compatible with this server version (Hardy-backports, Jaunty & Karmic all have v2.4.x - apparently server versions are backwards compatible with older clients but 2.4.x -> 5.0.1 is quite a jump!). For other Linux OSs check your repositories or download RPMs from the Bacula website. Windows users can download the client from the Bacula website too (note Win 64 bit pre Vista isn't supported). I haven't done extensive reading but apparently Mac users will need to install Linux packages under Darwin (sorry not much help there).

Thanks for that info Jed!

And for the kind words! I feel that we need to give complete info on the appliance for newcomers to know how to take advantage of each appliance. It's a lot of work, but it would give so much added value to have some basic usage documentation and maybe a short screencast. In the case of Bacula, I appreciate a lot your information, as it helps me to understand quicker how to use it. And the Bacula/TKLBAM combo seems great! I didn't think about it, but it does add TKLBAM power to windows servers as you suggested in the other thread! That's a winner solution for mixed environments!! And combined with the upcoming Zenoss TKLPatch I'm preparing, you would have a complete monitoring/backups solution that will ease the life of system administrators!!!

BTW, that gave me the idea of a TKLCombos section in the forum!!! :D

Liraz Siri's picture

TKLBAM/Bacula is a killer combo

You know I hadn't really considered the TKLBAM angle before. TKLBAM is TurnKey-specific and it will probably take a while before TurnKey achieves total world domination and displace all IT systems. :)

In the meantime, having a way to leverage TurnKey/TKLBAM to extend cloud backups to non-TurnKey systems is a big win for users. It makes perfect sense!

This is exactly what I have

This is exactly what I have been looking for. I used your instructions to manually install this and determined that I needed  to change the value of zendframework to zend-framework. Once I did this, the apps downloaded but I ran into an issue with the portion a2enmod rewrite ssl and a2ensite default-ssl. I am still researching this error.

Check the overlay

If you're running this patch by hand, be sure to copy the files under the overlay directory in their respective directory in the target system. That should resolve the a2ensite default-ssl. Also, check if the package ssl-cert is installed. Are you running under TKL Core Lucid beta? Please post if installing ssl-cert works, it may be a bug in the patch. 

Thanks

Issue on Install

Hi there, after modifying the conf to install ssl-cert & zend-framework and rebundling the package.

I also get the same error as above..

Creation of webacula MySQL tables succeeded.
+ ln -s /usr/share/php/Zend/ /var/www/webacula/library/
+ usermod -aG bacula www-data
+ sed -i 's/max_execution_time = 30/max_execution_time = 600/' /etc/php5/apache2/php.ini
+ sed -i 's|/usr/bin/sudo||' /var/www/webacula/application/config.ini
+ sed -i 's|/sbin/bconsole|/usr/bin/bconsole|' /var/www/webacula/application/config.ini
+ a2enmod rewrite ssl
Module rewrite installed; run /etc/init.d/apache2 force-reload to enable.
+ a2ensite default-ssl
This site does not exist!

Any idea's ?
Thanks

What I'm seeing here are two things

First, module ssl is not being enabled, only the rewrite module. Compare your results with Jed results below and you'll see the difference. 

Second, default-ssl file is not present, as ssl mod for apache was not enabled in the previous step. 

What's your patching environment? 

Jeremy's picture

I have just tested and it worked ok for me

But I did initially encounter an issue (but not the one stated above). In the process of dealing with the (Windows) issue I was having, I had to play with the patch file a little (permissions on conf file only). It ran fine no errors (see below) so I simply rebundled it and have attached it to Adrian's original post (bacula2.tar.gz see above). I'm not sure that Adrian's original patch even had any errors or issues but the one I just posted works fine for me. Perhaps download that one and try again. Here's the corresponding output when running the patch I just uploaded:

+ ln -s /usr/share/php/Zend/ /var/www/webacula/library/
+ usermod -aG bacula www-data
+ sed -i 's/max_execution_time = 30/max_execution_time = 600/' /etc/php5/apache2/php.ini
+ sed -i 's|/usr/bin/sudo||' /var/www/webacula/application/config.ini
+ sed -i 's|/sbin/bconsole|/usr/bin/bconsole|' /var/www/webacula/application/config.ini
+ a2enmod rewrite ssl
Enabling module rewrite.
Enabling module ssl.
See /usr/share/doc/apache2.2-common/README.Debian.gz on how to configure SSL and create self-signed certificates.
Run '/etc/init.d/apache2 restart' to activate new configuration!
+ a2ensite default-ssl
Enabling site default-ssl.

I can't see the file permission error

Exactly which kind of permission issues did you had? I downloaded it and it have execution permission (which is the one I always check as I develop using dropbox to sync the files from the office to my home, and that permission get lost during sync. 

Jeremy's picture

Yes just execution permission

I am at work using WinXP and somewhere along the line the patch got mangled. After download and rename, I uploaded the patch to a TKL Core Lucid VM but it didn't recognise the it (complained that it wasn't tar.gz format). So I had to extract it in Windows (which it didn't do cleanly either - it complained about some error but worked anyway), uploaded the folder, then reset execute permission (I only changed the conf file, if others need execute then they'll need fixing too). I then used the tklpatch-bundle command to rebundle the patch (which incidentally ended up slightly smaller than your original?!?) I then retested. As I had gone through an extensive process to get it to work in my environment, I couldn't be sure whether it was coincidence or not so I uploaded the version that worked ok for me with no mucking around.

I recall a patch posted by Basil that when he re-uploaded a newer version with the same name (as you did here) it seemed to get corupted, perhaps that is what is happening?

Could someone perhaps test my theory and download and test Adrian's original patch (the first one that needs renaming - above)? Perhaps its my Windows breaking it, or the website? I'll try to test using Ubuntu later if I get a chance (or when I'm at home if someone doesn't beat me to it).

FYI, when patching a running install (not patching the ISO first) the default Webacula user/password combo is admin/turnkey.

Hi Jed Firstly thank you

Hi Jed

Firstly thank you both for your quick responses

Just ran your patch you uploaded and getting the zendframework error

	Reading state information... Done
E: Couldn't find package zendframework

will modify the conf and see if that solves the problem with the above error.

I an using the hardy core without any updates just the flat install from the iso. Do you recommened upgrading first before trying to apply the patch?

Thanks

Jeremy's picture

That explains it!

I an using the hardy core...

This patch requires TKL Core Lucid beta!

Thanks trying it now

Thanks trying it now

Lucid Core it is

Thanks Jed

That seemed to have fixed things, the patch has gone on all ok.

 

Many Thanks Everyone

Keep up the great work this is a truly GREAT site. :)

Jeremy's picture

This is an excellent patch Adrian

I still haven't played much but this is a really powerful backup tool. And as we said before, leveraging TKLBAM makes this a killer backup solution! Mighty fine work :)

Also: I'm not sure quite what has been going on for me - I was definitely having serious issues last night on WinXP! But I just tested downloading and unpacking your original patch on my Ubuntu (9.10) laptop and it all seemed to go fine?!? I'm pretty sure the issues I was having last night were something to do with Windows more than anything else (yay for Linux)!

So I've cleaned up by simply renaming your patch (and the folder inside so tklpatch can install it ok) and reuploading it. I double checked permissions (which were fine and didn't need changing - Windows again I'm sure). I also deleted your original and the one I uploaded last night, hope you don't mind. Whew!

I am trying this patch on TKL

I am trying this patch on TKL Core Lucid beta! and getting the following error:

fatal: no such directory: /tmp/tmp.u5DLbEVyV9/bacula

It appears there is an extra "/tmp" in there. What am I doing wrong?

Jeremy's picture

Don't rename patch

From your comment I am assuming that you are renaming the patch "bacula.tar.gz" but you need to leave it as "bacula1.tar.gz". For example if you wish to patch a running instance of TKL Core Lucid then use this command:

tklpatch-apply / bacula1.tar.gz

Does that do the trick?

Don Sanderson's picture

Kudos to Adrian and.........

the ingenious creators of tklpatch! (You know who you are. wink)

Couldn't help myself, even though I've only been around TKL for a week or so I had to have a go at applying Adrians Bacula patch to the TKL core iso.

Working from my running bare metal install of the TKL Dokuwiki Appliance I installed tklpatch, downloaded Adrians patch and the 'core' iso.

Applied the patch to the iso, even --finally-- took the time to learn to burn a CD from the CL!

Booted the new CD, ran securewebacula, and presto, 100% goodness!

Total time, from thought to appliance, less than an hour. WOW!

I then extracted the patch file and looked through the script and the overlay folders.

Simple, elegant, easy to understand, and apply.

After a loooong time in the computer industry I'm not easy to impress, but this did it.

I've built quite a few GNU/Linux 'remixes' but this beats any method I've used in the past.

TKL, tklbam and tklpatch are a Godsend to those of us in need of inexpensive, simple and fast to implement solutions for our small business customers.

Kudos to all involved.

(And yes, you can quote me on that.) smiley


Liraz Siri's picture

Wow, thanks for the positive feedback Don!

Naturally, users are more likely to post when they're dissatisfied with something not working quite right. Not that there's anything wrong with that but it's really nice that you took the time to share a purely positive experience and it's the kind of encouragement that makes it all worthwhile. Open source projects need love too!

And, yep we might just quote sometime. :)

Thanks Don!

I'm happy that it was useful for you! As Liraz said, it's nice of you to take some time to share your success story. 

Jeremy's picture

Unofficial ISO and OVZ template available from SourceForge

Have a look here. Info about this unofficial TKL community SF project can be found here.

cannot access to webacula!

Hi

 

when i tap htpasswd -c -b /etc/apache2/webacula.users admin admin and go to http://localhost/webacula it asks me for a login and passwor i taped admin admin, than it shows me the login page this time is the login page of webacula and again another login and password, but admin admin does not work for me, please help me

Same problem

Hi. I have the same problem. IMO, root login and pass should work, but it's not. Please, email me if you find solution of this problem. 

best regards, Artem. 

artem.kharkov@gmail.com

Login to Webacula

I hit this too - checked the walkthrough of what is applied above and saw the password is "turnkey"

One oddity - I can't see the /var/www/ directory when logged in as root

Great stuff though!

Tom.

Jeremy's picture

Good one

Good on you for hunting that down. IIRC is was stated in Adrian's original post (before he posted the update). And perhaps he has changed the location of the Webacula install (ie not in /var/www anymore)?

Storage Daemon Issue

 

Adrian - Great job!  I am excited to have this tool available.
 
 
Creating a VM from the iso on ESXi 5 went very smooth. No issues getting it running or using Webacula or the Bacula Webmin module.  Both are working perfectly.
 
However, I am having an issue with the Storage Daemon.  When checking the status I receive "Failed to connect to the  Storage daemon File."  
 
I was working through the tutorial here: http://www.bacula.org/en/dev-manual/main/main/Brief_Tutorial.html and get the error in both bconsole and the Bacula Webmin module.
 
Has anyone seen this issue before or did I miss a step in setting up the VM from the iso?
 
Thanks!

upgrade turnkey bacula to 5.2.3

Will this turnkey bacula ever get upgraded to 5.2.3?

 

By the way thank you so much for sharing such a wonderful appliance.

Jeremy's picture

Not sure

It will depend on what happens when this appliance is officially released. If a viable version that's not too old is included in the Ubuntu repos, then it is likely that that will be the version used. If the Ubuntu version is too old, too buggy, missing important features, etc then it will probably be installed from upstream, then the latest stable version will probably be used.

Out of interest, is there a reason why the newer version is better for you? That sort of feedback could influence the decision on whether to install from upstream or not.

Storage Daemon Issue

Hi Daniel,

Did you find a resolution for this issue?   Thanks!

Storage Daemon Issue

No, but I did not have very much more time to investigate the issue.

Thanks

Jeremy's picture

I'm sorry I haven't had any more to say on this

I didn't test extensively so it may be an issue with the patch, the ISO (which I patched using Adrian's patch) or something else. Unfortunately I have a lot on my plate, but I'll have a look at this if/when I get a chanc.

Sorry I can't give you any more info. If you haven't already perhaps it's worth consulting the Bacula docs/forums/mailing list/whatever?

A quick google suggests that it is related to the Bacula config and that it requires an IP for the storage daemon (SD) - but I only had a quick look. I would imagine that Adrian configured this as a standalone setup and that to avoid the potential issues of differing (and/or dynamic) IP addresses he configured the ip as 127.0.0.1 (ie localhost). I would suggest that you try changing the SD IP to the real IP of the Bacula server and see how that goes. Don't forget to also set the IP as static. Apparently it requres a restart of Bacula (maybe easiest to just restart the machine to be sure).

Hopefully that will work!? Otherwise there seemed to be a fair bit of conversation around this issue online so I suggest you have a google and a bit of a read.

Good luck and please post back if you find a solution.

Storage Daemon Issue

Thank you Jeremy and Daniel,

It was in fact an issue completely resolved by changing all of the references to "localhost" and "127.0.0.1" to the actual static IP address of the machine.

Sorry it took me so long to get back to this.   Thanks again and great work!  --Michael

Jeremy's picture

Thanks for the feedback Michael

That's really good to have confirmed!

When I get a chance I will have a bit more of a look at Adrian's patch and update it again (if need be). I will also look at adding firstboot scripts so that a static IP (and password etc) can be set right from the start. IMO it doesn't make sense having an appliance that requires a static IP defaulting to DHCP. The firstboot scripts can then also propagate the static IP to the Bacula config so this works OOTB.

I'm not sure when I'll get a chance to do that though... In the meantime any other feedback you can give would be great. Also any additional config info/gotchas/etc would also be useful.

I tried changing from localhost to static ip

Director will no longer start.

Do you have more info on everwhere it needs to be changed?

Also I tried on squeeze as well but no bacula database got created.

static ip instead of localhost

Ok found my problems I had missed a few entries

starting up components from shell showed me config file entries all is working now on lucid

Post new comment

The content of this field is kept private and will not be shown publicly. If you have a Gravatar account, used to display your avatar.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <p> <span> <div> <h1> <h2> <h3> <h4> <h5> <h6> <img> <map> <area> <hr> <br> <br /> <ul> <ol> <li> <dl> <dt> <dd> <table> <tr> <td> <em> <b> <u> <i> <strong> <font> <del> <ins> <sub> <sup> <quote> <blockquote> <pre> <address> <code> <cite> <strike> <caption>

More information about formatting options

Leave this field empty. It's part of a security mechanism.
(Dear spammers: moderators are notified of all new posts. Spam is deleted immediately)