Warning!!! If you are considering using PostreSQL, you should be aware of their philosophy of upgrades, which could be destabilizing for a production shop. Basically at every major version upgrade, you are required to dump your database in an ASCII format, do the upgrade, and then reload your database (or databases). This is because they frequently update the "data format" from version to version, and they supply no tools to automatically do the conversion. If you forget to do the ASCII dump, your database may become totally useless because none of the new tools can access it due to the format change, and the PostgreSQL server will not be able to start.
If you use the ./configure
statement for configuring Bacula, you will need PostgreSQL version 7.3
or later installed. NOTE! PostgreSQL versions earlier than 7.3 do not work
with Bacula. If PostgreSQL is installed in the standard system location, you
need only enter
--with-postgresql since the configure program will
search all the standard locations. If you install PostgreSQL in your home
directory or some other non-standard directory, you will need to provide the
full path with the
Installing and configuring PostgreSQL is not difficult but can be confusing the first time. If you prefer, you may want to use a package provided by your chosen operating system. Binary packages are available on most PostgreSQL mirrors.
If you prefer to install from source, we recommend following the instructions found in the PostgreSQL documentation.
If you are using FreeBSD, this FreeBSD Diary article will be useful. Even if you are not using FreeBSD, the article will contain useful configuration and setup information.
After installing PostgreSQL, you should return to completing the installation of Bacula. Later, after Bacula is installed, come back to this chapter to complete the installation. Please note, the installation files used in the second phase of the PostgreSQL installation are created during the Bacula Installation.
At this point, you should have built and installed PostgreSQL, or already have a running PostgreSQL, and you should have configured, built and installed Bacula. If not, please complete these items before proceeding.
Please note that the ./configure used to build Bacula will need to
--with-postgresql=PostgreSQL-directory, where PostgreSQL-directory is the directory name that you specified on the
./configure command for configuring PostgreSQL (if you didn't specify a
directory or PostgreSQL is installed in a default location, you do not need to
specify the directory). This is needed so that Bacula can find the necessary
include headers and library files for interfacing to PostgreSQL.
Bacula will install scripts for manipulating the database (create, delete, make tables etc) into the main installation directory. These files will be of the form *_bacula_* (e.g. create_bacula_database). These files are also available in the <bacula-src>/src/cats directory after running ./configure. If you inspect create_bacula_database, you will see that it calls create_postgresql_database. The *_bacula_* files are provided for convenience. It doesn't matter what database you have chosen; create_bacula_database will always create your database.
Now you will create the Bacula PostgreSQL database and the tables that Bacula uses. These instructions assume that you already have PostgreSQL running. You will need to perform these steps as a user that is able to create new databases. This can be the PostgreSQL user (on most systems, this is the pgsql user).
This directory contains the Bacula catalog interface routines.
This script creates the PostgreSQL bacula database. If it fails, it is probably because the database is owned by a user other than yourself. On many systems, the database owner is pgsql and on others such as RedHat and Fedora it is postgres. You can find out which it is by examining your /etc/passwd file. To create a new user under either your name or with say the name bacula, you can do the following:
su (enter root password) su pgsql (or postgres) createuser kern (or perhaps bacula) Shall the new user be allowed to create databases? (y/n) y Shall the new user be allowed to create more new users? (y/n) (choose what you want) exit
At this point, you should be able to execute the ./create_bacula_database command.
This script creates the PostgreSQL tables used by Bacula.
This script creates the database user bacula with restricted access rights. You may want to modify it to suit your situation. Please note that this database is not password protected.
Each of the three scripts (create_bacula_database, make_bacula_tables, and grant_bacula_privileges) allows the addition of a command line argument. This can be useful for specifying the user name. For example, you might need to add -h hostname to the command line to specify a remote database server.
To take a closer look at the access privileges that you have setup with the above, you can do:
PostgreSQL-directory/bin/psql --command \\dp bacula
Also, I had an authorization problem with the password. In the end, I had to modify my pg_hba.conf file (in /var/lib/pgsql/data on my machine) from:
local all all ident sameuser to local all all trust sameuser
This solved the problem for me, but it is not always a good thing to do from a security standpoint. However, it allowed me to run my regression scripts without having a password.
A more secure way to perform database authentication is with md5 password hashes. Begin by editing the pg_hba.conf file, and just prior the the existing ``local'' and ``host'' lines, add the line:
local bacula bacula md5
and restart the Postgres database server (frequently, this can be done using "/etc/init.d/postgresql restart") to put this new authentication rule into effect.
Next, become the Postgres administrator, postgres, either by logging on as the postgres user, or by using su to become root and then using su - postgres to become postgres. Add a password to the bacula database for the bacula user using:
\$ psql bacula bacula=# alter user bacula with password 'secret'; ALTER USER bacula=# \\q
Next, you'll have to add this password to two locations in the bacula-dir.conf file: once to the Catalog resource and once to the RunBeforeJob entry in the BackupCatalog Job resource. With the password in place, these two lines should look something like:
dbname = bacula; user = bacula; password = "secret" ... and ... RunBeforeJob = "/etc/make_catalog_backup bacula bacula secret"
Naturally, you should choose your own significantly more random password, and ensure that the bacula-dir.conf file containing this password is readable only by the root.
Even with the files containing the database password properly restricted, there is still a security problem with this approach: on some platforms, the environment variable that is used to supply the password to Postgres is available to all users of the local system. To eliminate this problem, the Postgres team have deprecated the use of the environment variable password-passing mechanism and recommend the use of a .pgpass file instead. To use this mechanism, create a file named .pgpass containing the single line:
This file should be copied into the home directory of all accounts that will need to gain access to the database: typically, root, bacula, and any users who will make use of any of the console programs. The files must then have the owner and group set to match the user (so root:root for the copy in root, and so on), and the mode set to 600, limiting access to the owner of the file.
After you have done some initial testing with Bacula, you will probably want to re-initialize the catalog database and throw away all the test Jobs that you ran. To do so, you can do the following:
cd <install-directory> ./drop_bacula_tables ./make_bacula_tables ./grant_bacula_privileges
Please note that all information in the database will be lost and you will be starting from scratch. If you have written on any Volumes, you must write an end of file mark on the volume so that Bacula can reuse it. Do so with:
(stop Bacula or unmount the drive) mt -f /dev/nst0 rewind mt -f /dev/nst0 weof
Where you should replace /dev/nst0 with the appropriate tape drive device name for your machine.
This will be the same with most other package managers too.
The conversion procedure presented here was worked out by Norm Dressler <ndressler at dinmar dot com>
This process was tested using the following software versions:
WARNING: Always as a precaution, take a complete backup of your databases before proceeding with this process!
mysqldump -f -t -n >bacula-backup.dmp
local all all trust host all all 127.0.0.1 255.255.255.255 trust NOTE: you should restart your postgres server if you made changes
./create_postgresql_database ./make_postgresql_tables ./grant_postgresql_privileges
psql -Ubacula bacula
You should not get any errors.
psql -Ubacula bacula <bacula-backup.dmp>
psql -Ubacula bacula SELECT SETVAL('basefiles_baseid_seq', (SELECT MAX(baseid) FROM basefiles)); SELECT SETVAL('client_clientid_seq', (SELECT MAX(clientid) FROM client)); SELECT SETVAL('file_fileid_seq', (SELECT MAX(fileid) FROM file)); SELECT SETVAL('filename_filenameid_seq', (SELECT MAX(filenameid) FROM filename)); SELECT SETVAL('fileset_filesetid_seq', (SELECT MAX(filesetid) FROM fileset)); SELECT SETVAL('job_jobid_seq', (SELECT MAX(jobid) FROM job)); SELECT SETVAL('jobmedia_jobmediaid_seq', (SELECT MAX(jobmediaid) FROM jobmedia)); SELECT SETVAL('media_mediaid_seq', (SELECT MAX(mediaid) FROM media)); SELECT SETVAL('path_pathid_seq', (SELECT MAX(pathid) FROM path)); SELECT SETVAL('pool_poolid_seq', (SELECT MAX(poolid) FROM pool));