Adrian Moya's picture

Ok, we needed a backup appliance, and after looking at the two best offerings, I went with bacula. As always, my work is based on a one or two days research of the software, so experienced bacula users are invited to step in and comment about best practices, test the patch and give constructive feedback. 

Features:
Bacula backup installed from ubuntu's repository.
Webacula web frontend for easy management. (convenience) 
securewebacula script to set admin password and allowed network access to webacula. (convenience)
http and https access enabled.
Webmin module for Bacula installed. (convenience)
 

What it does:

1. Set Hostname to bacula
HOSTNAME=bacula
echo "$HOSTNAME" > /etc/hostname
sed -i "s|127.0.1.1 \(.*\)|127.0.1.1 $HOSTNAME|" /etc/hosts
hostname bacula
 
2. Update package information
apt-get update
 
3. Install required packages. Note that bacula-server is installed after to prevent an error if mysql-server is still not running.
install mysql-server zendframework php5-gd bacula-console php5-mysql webmin-bacula-backup
install bacula-server
 
4. Download webacula web interface. I extracted the file to /var/www and renamed the directory to /var/www/webacula
cd /usr/src
wget -O webacula.tar.gz http://sourceforge.net/projects/webacula/files/webacula/5.0.2/webacula-5.0.2.tar.gz/download
tar xzf webacula.tar.gz -C /var/www/ 
mv /var/www/webacula-5.0.2/ /var/www/webacula
 
5. Install webacula: Run database scripts, link Zend framework and set some application and php settings.
/var/www/webacula/install/webacula_mysql_create_database.sh
/var/www/webacula/install/webacula_mysql_make_tables.sh     
ln -s /usr/share/php/Zend/ /var/www/webacula/library/
usermod -aG bacula www-data
sed -i "s/max_execution_time = 30/max_execution_time = 600/" /etc/php5/apache2/php.ini
sed -i "s|/usr/bin/sudo||" /var/www/webacula/application/config.ini
sed -i "s|/sbin/bconsole|/usr/bin/bconsole|" /var/www/webacula/application/config.ini
6. Enable apache modules. For ssl access and rewrite module required by webacula
a2enmod rewrite ssl
a2ensite default-ssl
7. Create user admin and set password for /webacula. We are using apache's basic authentication here. 
htpasswd -c -b /etc/apache2/webacula.users admin turnkey
8. Stop mysql and apache2, to prevent conflicts. 
service mysql stop
service apache2 stop
9. Clean apt cache and sources.
rm -f /usr/src/webacula.tar.gz
cleanup_apt
 

securewebacula script: 

The following is the content of this script, which overlays to /usr/local/bin, and basically ask a password and allowed networks to access the webacula application and issues a htpasswd command to change the password and replaces the Allow from entry of webacula's apache conf located in /etc/apache2/conf.d/webacula.conf. Comments are welcome. 
 
#!/bin/bash
# Script to secure access to webacula application
# by Adrian Moya

echo "This script will secure access to /webacula con this server"
echo 
while [[ $PASSWD = "" ]]; do
  stty -echo 
  read -p "Password for admin: " PASSWD; echo 
  stty echo  
  if [[ $PASSWD = "" ]]; then 
    echo "This password can't be blank"
  fi  
done
echo 
echo "Please set allowed network access to webacula"
echo "You can use Apache Allow Directive values here"
echo "Examples: if your network ip range is 192.168.1.x"
echo "Allow access from your current network (recommended): 192.168.1.0/24"
echo "More info at http://httpd.apache.org/docs/2.0/mod/mod_access.html#allow"
echo 
while [[ $ALLOWFROM = "" ]]; do
  read -p "Which ip's or domains can access webacula: " ALLOWFROM
  if [[ $ALLOWFROM = "" ]]; then 
    echo "This field can't be blank"
  fi
done
echo
htpasswd -b /etc/apache2/webacula.users admin $PASSWD
echo "Updating Allow directive for /webacula"
sed -r -i "s|Allow from .*|Allow from $ALLOWFROM|" /etc/apache2/conf.d/webacula.conf
service apache2 reload

Enjoy!

Attached: 
Forum: 
Adrian Moya's picture

I forgot in the first published version to add the webmin module. So I've added it to give support to this frontend. It looks real nice. 

Note: I didn't re-run tests after adding the module, so if you have any issue please post asap. :)

Adrian Moya's picture

For some reason the forum adds a _1 to the filename of the patch. This will break it if you use the tar.gz directly with the tklpatch command. I hope Liraz/Alon can fix this issue. Anyway, just rename it to bacula.tar.gz and you'll be fine.

Liraz Siri's picture

I'm hoping it will be fixed in future versions of the module we're using. I'm adding it to my long todo list for the web site. For now, we'll have to use workarounds.
Jeremy Davis's picture

The current file is "bacula1.tar.gz" and it does not need to be renamed.

@Liraz - I'm not sure if its just me but I have had a few problems with these Drupal-renamed files being corrupted.

I think the best workaround is to not replace files, delete the old and upload a file with a new name. I haven't had any problems with those.

Jeremy Davis's picture

IMO a great choice! I have had a look myself and thought that Bacula was the one to pick for a TKL Backup Server appliance. I note too that in the spirit of TKL appliances you have gone beyond the basic setup and padded it out with some neat extras to add extra value!

I am yet to test it out but I thought beyond acknowledging your work, I'd be nice to add some info (from my previous investigations) to make it a little easier for testers to find what they need to get it up and running (and assuming it makes it into the next release, some info as a start for the appliance page/wiki).

For those who aren't aware, Bacula is a server/client based backup system, aimed largely at the enterprise market but useful for SOHO/home users too. From what I've read, it can be somewhat technical to set up but is very powerful, adaptable and scaleable. Obviously Adrian has kindly produced this patch for server component, but the client module is available for all major OSs (eg Win 98->2K8 - server/desktop 32/64bit, Linux - server/desktop 32/64 bit, Mac OSX, full OS support details here) making it great for mixed OS environments.

Personally I think an appliance like this, teamed with the newly released TKLBAM is a winning combo for sitewide, crossplatform system backups! Backup workstations (and servers if desired) to the TKL Bacula appliance and then use TKLBAM to backup your whole worksite's data! What a winner! :)

To help you get setup, Bacula Documentation can be found here. Bacula client v5.0.1 (AKA File-daemon/Bacula File) can be installed in Ubuntu 10.04/Lucid (and v5.0.2 in the upcoming 10.10/Maverick) desktop (or server) system with the command
sudo apt-get update && sudo apt-get install bacula-client
there is also a Bacula system tray monitor (works under both Gnome & KDE - no use for server obviously) that can be installed similarly ('bacula-traymonitor'). For other Ubuntu releases, I'm not sure if the repo versions of Bacula-client are compatible with this server version (Hardy-backports, Jaunty & Karmic all have v2.4.x - apparently server versions are backwards compatible with older clients but 2.4.x -> 5.0.1 is quite a jump!). For other Linux OSs check your repositories or download RPMs from the Bacula website. Windows users can download the client from the Bacula website too (note Win 64 bit pre Vista isn't supported). I haven't done extensive reading but apparently Mac users will need to install Linux packages under Darwin (sorry not much help there).
Adrian Moya's picture

And for the kind words! I feel that we need to give complete info on the appliance for newcomers to know how to take advantage of each appliance. It's a lot of work, but it would give so much added value to have some basic usage documentation and maybe a short screencast. In the case of Bacula, I appreciate a lot your information, as it helps me to understand quicker how to use it. And the Bacula/TKLBAM combo seems great! I didn't think about it, but it does add TKLBAM power to windows servers as you suggested in the other thread! That's a winner solution for mixed environments!! And combined with the upcoming Zenoss TKLPatch I'm preparing, you would have a complete monitoring/backups solution that will ease the life of system administrators!!!

BTW, that gave me the idea of a TKLCombos section in the forum!!! :D

Liraz Siri's picture

You know I hadn't really considered the TKLBAM angle before. TKLBAM is TurnKey-specific and it will probably take a while before TurnKey achieves total world domination and displace all IT systems. :)

In the meantime, having a way to leverage TurnKey/TKLBAM to extend cloud backups to non-TurnKey systems is a big win for users. It makes perfect sense!

Jeremy Davis's picture

But I did initially encounter an issue (but not the one stated above). In the process of dealing with the (Windows) issue I was having, I had to play with the patch file a little (permissions on conf file only). It ran fine no errors (see below) so I simply rebundled it and have attached it to Adrian's original post (bacula2.tar.gz see above). I'm not sure that Adrian's original patch even had any errors or issues but the one I just posted works fine for me. Perhaps download that one and try again. Here's the corresponding output when running the patch I just uploaded:

+ ln -s /usr/share/php/Zend/ /var/www/webacula/library/
+ usermod -aG bacula www-data
+ sed -i 's/max_execution_time = 30/max_execution_time = 600/' /etc/php5/apache2/php.ini
+ sed -i 's|/usr/bin/sudo||' /var/www/webacula/application/config.ini
+ sed -i 's|/sbin/bconsole|/usr/bin/bconsole|' /var/www/webacula/application/config.ini
+ a2enmod rewrite ssl
Enabling module rewrite.
Enabling module ssl.
See /usr/share/doc/apache2.2-common/README.Debian.gz on how to configure SSL and create self-signed certificates.
Run '/etc/init.d/apache2 restart' to activate new configuration!
+ a2ensite default-ssl
Enabling site default-ssl.

Adrian Moya's picture

Exactly which kind of permission issues did you had? I downloaded it and it have execution permission (which is the one I always check as I develop using dropbox to sync the files from the office to my home, and that permission get lost during sync. 

Jeremy Davis's picture

I am at work using WinXP and somewhere along the line the patch got mangled. After download and rename, I uploaded the patch to a TKL Core Lucid VM but it didn't recognise the it (complained that it wasn't tar.gz format). So I had to extract it in Windows (which it didn't do cleanly either - it complained about some error but worked anyway), uploaded the folder, then reset execute permission (I only changed the conf file, if others need execute then they'll need fixing too). I then used the tklpatch-bundle command to rebundle the patch (which incidentally ended up slightly smaller than your original?!?) I then retested. As I had gone through an extensive process to get it to work in my environment, I couldn't be sure whether it was coincidence or not so I uploaded the version that worked ok for me with no mucking around.

I recall a patch posted by Basil that when he re-uploaded a newer version with the same name (as you did here) it seemed to get corupted, perhaps that is what is happening?

Could someone perhaps test my theory and download and test Adrian's original patch (the first one that needs renaming - above)? Perhaps its my Windows breaking it, or the website? I'll try to test using Ubuntu later if I get a chance (or when I'm at home if someone doesn't beat me to it).

FYI, when patching a running install (not patching the ISO first) the default Webacula user/password combo is admin/turnkey.

Jeremy Davis's picture

I still haven't played much but this is a really powerful backup tool. And as we said before, leveraging TKLBAM makes this a killer backup solution! Mighty fine work :)

Also: I'm not sure quite what has been going on for me - I was definitely having serious issues last night on WinXP! But I just tested downloading and unpacking your original patch on my Ubuntu (9.10) laptop and it all seemed to go fine?!? I'm pretty sure the issues I was having last night were something to do with Windows more than anything else (yay for Linux)!

So I've cleaned up by simply renaming your patch (and the folder inside so tklpatch can install it ok) and reuploading it. I double checked permissions (which were fine and didn't need changing - Windows again I'm sure). I also deleted your original and the one I uploaded last night, hope you don't mind. Whew!

Don Sanderson's picture

the ingenious creators of tklpatch! (You know who you are. wink)

Couldn't help myself, even though I've only been around TKL for a week or so I had to have a go at applying Adrians Bacula patch to the TKL core iso.

Working from my running bare metal install of the TKL Dokuwiki Appliance I installed tklpatch, downloaded Adrians patch and the 'core' iso.

Applied the patch to the iso, even --finally-- took the time to learn to burn a CD from the CL!

Booted the new CD, ran securewebacula, and presto, 100% goodness!

Total time, from thought to appliance, less than an hour. WOW!

I then extracted the patch file and looked through the script and the overlay folders.

Simple, elegant, easy to understand, and apply.

After a loooong time in the computer industry I'm not easy to impress, but this did it.

I've built quite a few GNU/Linux 'remixes' but this beats any method I've used in the past.

TKL, tklbam and tklpatch are a Godsend to those of us in need of inexpensive, simple and fast to implement solutions for our small business customers.

Kudos to all involved.

(And yes, you can quote me on that.) smiley

Liraz Siri's picture

Naturally, users are more likely to post when they're dissatisfied with something not working quite right. Not that there's anything wrong with that but it's really nice that you took the time to share a purely positive experience and it's the kind of encouragement that makes it all worthwhile. Open source projects need love too!

And, yep we might just quote sometime. :)

Adrian Moya's picture

I'm happy that it was useful for you! As Liraz said, it's nice of you to take some time to share your success story. 

Jeremy Davis's picture

Have a look here. Info about this unofficial TKL community SF project can be found here.

Jeremy Davis's picture

Good on you for hunting that down. IIRC is was stated in Adrian's original post (before he posted the update). And perhaps he has changed the location of the Webacula install (ie not in /var/www anymore)?

Jeremy Davis's picture

It will depend on what happens when this appliance is officially released. If a viable version that's not too old is included in the Ubuntu repos, then it is likely that that will be the version used. If the Ubuntu version is too old, too buggy, missing important features, etc then it will probably be installed from upstream, then the latest stable version will probably be used.

Out of interest, is there a reason why the newer version is better for you? That sort of feedback could influence the decision on whether to install from upstream or not.

Jeremy Davis's picture

I didn't test extensively so it may be an issue with the patch, the ISO (which I patched using Adrian's patch) or something else. Unfortunately I have a lot on my plate, but I'll have a look at this if/when I get a chanc.

Sorry I can't give you any more info. If you haven't already perhaps it's worth consulting the Bacula docs/forums/mailing list/whatever?

A quick google suggests that it is related to the Bacula config and that it requires an IP for the storage daemon (SD) - but I only had a quick look. I would imagine that Adrian configured this as a standalone setup and that to avoid the potential issues of differing (and/or dynamic) IP addresses he configured the ip as 127.0.0.1 (ie localhost). I would suggest that you try changing the SD IP to the real IP of the Bacula server and see how that goes. Don't forget to also set the IP as static. Apparently it requres a restart of Bacula (maybe easiest to just restart the machine to be sure).

Hopefully that will work!? Otherwise there seemed to be a fair bit of conversation around this issue online so I suggest you have a google and a bit of a read.

Good luck and please post back if you find a solution.

Jeremy Davis's picture

That's really good to have confirmed!

When I get a chance I will have a bit more of a look at Adrian's patch and update it again (if need be). I will also look at adding firstboot scripts so that a static IP (and password etc) can be set right from the start. IMO it doesn't make sense having an appliance that requires a static IP defaulting to DHCP. The firstboot scripts can then also propagate the static IP to the Bacula config so this works OOTB.

I'm not sure when I'll get a chance to do that though... In the meantime any other feedback you can give would be great. Also any additional config info/gotchas/etc would also be useful.

Add new comment