The Bacula Kubernetes plugin will save all the important Kubernetes resources which make up the application or service. The plugin has the following features:
More information about the Kubernetes plugin can be found on (here).
Along with specifying a Storage list it is now possible to specify a Storage Group Policy which will be used for determining which Storage will be used for the Job. If no policy is specified, Bacula tries to use the first available Storage from the list.
If the first few storage daemons are unavailable due to network problems; broken or unreachable for some other reason, Bacula will use the first one from the list (sorted according to the policy used) which is network reachable and healthy.
Currently supported policies are:
Storage Groups may be used as follows (as a part of Job and Pool resources):
Job { ... Storage = File1, File2, File3 ... } Pool { ... Storage = File4, File5, File6 StorageGroupPolicy = LeastUsed ... }
When a Job or Pool with a Storage Group is used, the user will observe some messages related to the choice of Storage such as:
messages 31-maj 19:23 VBox-dir JobId 1: Start Backup JobId 1, Job=StoreGroupJob.2021-05-31_19.23.36_03 31-maj 19:23 VBox-dir JobId 1: Possible storage choices: "File1, File2" 31-maj 19:23 VBox-dir JobId 1: Storage daemon "File1" didn't accept Device "FileChgr1-Dev1" because: 3924 Device "FileChgr1-Dev1" not in SD Device resources or no matching Media Type or is disabled. 31-maj 19:23 VBox-dir JobId 1: Selected storage: File2, device: FileChgr2-Dev1, StorageGroupPolicy: "ListedOrder"
The new 'o' Accurate directive option for a Fileset has been added to save only the metadata of a file when possible.
The new 'o' option should be used in conjunction with one of the signature checking options (1, 2, 3, or 5). When the 'o' option is specified, the signature is computed only for files that have one of the other accurate options specified triggering a backup of the file (for example an inode change, a permission change, etc...).
In cases where only the file's metadata has changed (ie: the signature is identical), only the file's attributes will be backed up. If the file's data has been changed (hence a different singature), the file will be backed up in the usual way (attributes as well as the file's contents will be saved on the volume).
For example:
Job { Name = JobTest JobDefs = DefaultJob FileSet = TestFS Accurate = yes } FileSet { Name = TestFS Options { Signature = MD5 Accurate = pino5 } File = / }
The backup job will compare permission bits, inodes, number of links and, if any of it changes, it will also compute file's signature to verify if only the metadata must be backed up or if the full file must be saved.
The new Bacula Plugable Authentication Module (BPAM) API framework introduced in Bacula 13.0 comes with the first plugin which handles user authentication against any LDAP Directory Server (including OpenLDAP and Active Directory). To enable the build of the LDAP Console Authentication plugin, add the ldap options to your ./configure command line as shown below:
./configure --with-ldap --enable-ldap-bpam [... other options]
# bconsole *status director ... Plugin: ldap-dir.so ...
When the LDAP plugin is loaded you can configure a named console resource to use LDAP to authenticate users. BConsole will prompt for a User and Password and it will be verified by the Director. TLS PSK (activated by default) is recommended. To use this plugin, you have to specify the PluginDirectory Director resource directive, and add a new console resource directive Authentication Plugin as shown below:
Director { ... Plugin Directory = /opt/bacula/plugins } Console { Name = "ldapconsole" Password = "xxx" # New directive Authentication Plugin = "ldap:<parameters>" ... }
where parameters are the space separated list of one or more plugin parameters:
Working configuration examples:
bacula-dir.conf - Console resource configuration for BPAM LDAP Plugin with OpenLDAP authentication example.
Console { Name = "bacula_ldap_console" Password = "xxx" # New directive (on a single line) Authentication Plugin = "ldap: url=ldap://ldapsrv/ binddn=cn=root,dc=bacula,dc=com bindpass=secret query=dc=bacula,dc=com/(cn=%u) starttls" ... }
bacula-dir.conf - Console resource configuration for BPAM LDAP Plugin with Active Directory authentication example.
Console { Name = "bacula_ad_console" Password = "xxx" # New directive (on a single line) Authentication Plugin = "ldap: url=ldaps://ldapsrv/ binddn=cn=bacula,ou=Users,dc=bacula,dc=com bindpass=secret query=dc=bacula,dc=com/(&(objectCategory=person)(objectClass=user)(sAMAccountName=%u))" ... }
The following features were introduced in version 11.0.6
The schedule function has been reworked to support all possible schedule settings. Now it can be configured in five different ways: hourly, daily, weekly, monthly, and also custom for various uncommon settings.
Using the new wizards it is possible to easily create new copy and migrate jobs. The Wizard's steps are prepared and optimized to make the process as easy as possible.
This new page provides two major functions: The Director status and the Director configuration. The first one is for displaying in a graphical and textual way the Director status. The second one is for configuring all Director resources (Jobs, Clients, Pools, Storage ...etc.). From one place users can configure various Director resources.
This feature is available on the media page. Apart from prune and purge bulk actions, now users are also able to bulk delete volumes. It is possible by selecting volumes in the volume table and using this new delete volumes action.
Pages have been optimized to faster loading. The entire Baculum Web interface works faster.
In all Bacula component configurations, for almost all directives, official Bacula documentation has been added. It is available directly within the web interface.
It is now possible to assign custom Tags to various catalog records in Bacula such as:
*tag Automatically selected Catalog: MyCatalog Using Catalog "MyCatalog" Available Tag operations: 1: Add 2: Delete 3: List Select Tag operation (1-3): 1 Available Tag target: 1: Client 2: Job 3: Volume Select Tag target (1-3): 1 The defined Client resources are: 1: 127.0.0.1-fd 2: test1-fd 3: test2-fd 4: test-rst-fd 5: test-bkp-fd Select Client (File daemon) resource (1-5): 1 Enter the Tag value: test1 1000 Tag added *tag add client=127.0.0.1-fd name=#important" 1000 Tag added *tag list client +--------------+----------+--------------+ | tag | clientid | client | +--------------+----------+--------------+ | #tagviamenu3 | 1 | 127.0.0.1-fd | | test1 | 1 | 127.0.0.1-fd | | #tagviamenu2 | 1 | 127.0.0.1-fd | | #tagviamenu1 | 1 | 127.0.0.1-fd | | #important | 1 | 127.0.0.1-fd | +--------------+----------+--------------+ *tag list client name=#important +----------+--------------+ | clientid | client | +----------+--------------+ | 1 | 127.0.0.1-fd | +----------+--------------+
It is possible to assign Tags to a Job record with the new 'Tag' directive in a Job resource.
Job { Name = backup ... Tag = "#important", "#production" }
*tag list job +--------------+-------+-------------+ | tag | jobid | job | +--------------+-------+-------------+ | #important | 2 | backup | | #production | 2 | backup | +--------------+-------+-------------+
The Tags are also accessible from various BWeb Management Suite screens. (See (here)).
The support for strong signature algorithms SHA256 and SHA512 has been added to Verify Jobs. It is now possible to check if data generated by a Job that uses an SHA256 or SHA512 signature is valid.
FileSet { Name = Linux-Etc Options { Signature = SHA512 Verify = pins3 } File = /etc }
In the FileSet Verify option directive, the following code has been added:
The following command line options may be used to control the regular Bacula installer values in silent mode:
The following options control the components that will be installed:
bacula-win64-13.0.0.exe /S -ComponentFile \ -ConfigClientName foo -ConfigClientPassword bar
Will install only file deamon with bacula-fd.conf configured.
bacula-win64-13.0.0.exe /S -ComponentStorage \ -ComponentFile-ConfigClientName foo \ -ConfigClientPassword bar -ConfigStorageName foo2 \ -ConfigStoragePassword bar2
Will install the Storage Deamon plus File Deamon with bacula-sd.conf and bacula-fd.conf configured.
The message identifier will be kept unique for each message and once assigned to a message it will not change even if the text of the message changes. This means that the message identifier will be the same no matter what language the text is displayed in, and more importantly, it will allow us to make listing of the messages with in some cases, an additional explanation or instructions on how to correct the problem. All this will take several years since it is a lot of work and requires some new programs that are not yet written to manage these message identifiers.
The format of the message identifier is:
[AAnnnn]where A is an upper case character and nnnn is a four digit number, where the first character indicates the software component (daemon); the second letter indicates the severity, and the number is unique for a given component and severity.
For example:
[SF0001]
The first character representing the component at the current time one of the following:
S Storage daemon D Director F File daemon
The second character representing the severity or level can be:
A Abort F Fatal E Error W Warning S Security I Info D Debug O OK (i.e. operation completed normally)
So in the example above [SF0001] indicates it is a message id, because of the brackets and because it is at the beginning of the message, and that it was generated by the Storage Daemon as a fatal error.
As mentioned above it will take some time to implement these message ids everywhere, and over time we may add more component letters and more severity levels as needed.
The Object table has now a ObjectStatus field that can be used by plugins to report more precise information about the backup of an Object (generated by plugins).
The new SDPacketCheck FileDaemon directive can be used to control the network flow in some specific use cases.
See (here) for more information.
The new Use Lintape Storage Daemon directive has been added to support the Lintape Kernel driver.
See (here) for more information.