Latest revision as of 08:09, 21 October 2010

How to set up Bacula

These instructions are for adding a new machine to bacula.

1. Add it to /etc/bacula/bacula-dir.conf on persephone. You can do this by adding the "bacula" class to the machine in Configurator, and then re-generating the bacula director config with generate_bacula_director
2. Install the software on the machine. You may need to use packages in our Apt Repository so that they have PKI support.
3. Create a keypair on the machine- see below.
4. Remove the existing bacula-fd.conf so that cfengine will create a new one
5. Add the appropriate lines to host-exclude/machine and host-include/machine in demeter:/srv/cfengine/hosts/bacula-fd. In particular, you need to include filesystems that aren't on the root partition. A quick way to look for these is run `df` on the target machine and see what comes up. By default, / and /boot are backed up- anything else needs a line in host-include.
6. Run cfengine to create bacula-fd.conf and copy over the other relevant files.

You should be ready to start using Bacula! I would recommend running a full backup, and then checking its size when it is finished. If the size seems too small, you may have forgotten a filesystem- in this case, add it and re-run the backup.

Create a keypair

As root, run:

machine=machine_name
openssl genrsa -out ${machine}-fd.key 1024
chmod 600 ${machine}-fd.key
openssl req -new -key ${machine}-fd.key -x509 -out ${machine}-fd.cert
cat ${machine}-fd.key ${machine}-fd.cert > ${machine}-fd.pem
chown bacula:bacula ${machine}-fd.pem && chmod 600 ${machine}-fd.pem

For the certificate, use US/California/Pasadena/UGCS/backups, cn=<machine name>

If you use a key with more than 2048 bits, backups will be really slow. I recommend 1024 as it is a good tradeoff between security (not realistically going to be cracked *easily*) and speed.