Bacularis and Bacula community edition - Docker

• Docker Images
• Bacula
  • Bacula linux binaries
  • Bacula windows binaries
  • Create bacula client config files
  • Install bacula client on linux
• Bacularis
  • For Linux
  • For Windows
• Install docker container
  • Docker variables
  • Access WebUI
  • Access bconsole
  • DNS Records
  • Firewall rules
  • Add new autochanger
  • Add new storage and scheduler
  • Add new windows_pool
  • Customize notification from bacula
  • Docker Exim Relay Image
  • Script check storage is mounted
  • Enable cloud S3 storage plugin
• Backup
  • Backup mysql database
  • Backup postgres database
  • Backup docker container
  • Script check storage is mounted
• My Docker hub

Docker images 🐋

Images are based on Ubuntu 22 or Alpine 3.21. Unfortunately, Alpine repository does not include a cloud driver for bacula storage. Bacula community repository for Ubuntu, on the other hand, does have a cloud driver for bacula storage. Therefore I had to create two docker images. Ubuntu docker image does have a cloud driver for bacula storage.

pull	size ubuntu	size alpine	version ubuntu	version alpine	platform

ALpine version	Ubuntu version	Bacularis version

Bacula

Bacula is a set of Open Source, computer programs that permit you to manage backup, recovery, and verification of computer data across a network of computers.

Bacularis - The Bacula web interface

Bacularis is a web interface to configure, manage and monitor Bacula backup environment. It is a complete solution for setting up backup jobs, doing restore data, managing tape or disk volumes in local and remote storage, work with backup clients, and doing daily administrative work with backup.

Bacula linux binaries

Bacula linux binaries Deb / Rpm can be found on Bacula website. To access these binaries, you will need an access key, which will be provided when you complete a simple registration.

Bacula windows binaries

Bacula windows binaries can be found on Bacula website.

Install docker container

• Create folders, set permissions

# create folders
mkdir -p /opt/bacularis/data/{bacularis,bacula,pgsql}
mkdir -p /opt/bacularis/data/bacularis/www/bacularis-api/API/{Config,Logs}
mkdir -p /opt/bacularis/data/bacularis/www/bacularis-web/Web/{Config,Logs}
mkdir -p /opt/bacularis/data/bacula/{etc,working}
mkdir -p /opt/bacularis/data/pgsql/{data,socket}
mkdir -p /opt/bacularis/data/smtp/secret
tree -d -L 6 /opt/bacularis

# create bacula storage folder
mkdir -p /mnt/USB_NFS_PVE01/bstorage/archive

# set rights: 101 - bacula user uid and gid; 26 - tape group gid
chown 101:101 /opt/bacularis/data/bacula/etc
chown 101:101 /opt/bacularis/data/bacula/working
chown 101:26  /mnt/USB_NFS_PVE01/bacula/archive

• Create docker-compose.yml
  or
• Download all files below

cd /opt/bacularis
wget https://raw.githubusercontent.com/johann8/bacularis-ubuntu/master/docker-compose.yml
wget https://raw.githubusercontent.com/johann8/bacularis-ubuntu/master/docker-compose.override.yml
wget https://raw.githubusercontent.com/johann8/bacularis-ubuntu/master/.env

# show used subnets
cd /opt/bacularis && grep -r SUBNET /opt/*

• Customize variables in all files
• Generate admin user password here. You need both passwords decrypt and encrypted

# generate admin password
pwgen -1cnsB 20 5

# Example
Username: admin
Password decrypt: N04X1UYYbZ2J69sAYLb0N04
Password encrypted: $apr1$o2vlak5p$saFj/wl/MeGxQysvc462R1 

• Customize the file docker-compose.override.yml if you use trafik
• Run docker container

cd /opt/bacularis
docker-compose up -d
docker-compose ps
docker-compose logs
docker-compose logs bacularis

• check if all services in container are running

dcexec bacularis bash
ss -tln
exit

• Adjust postgres database access rights file pg_hba.conf

# show IP Address of bacula-db
CONTAINER_NAME=$(docker ps --format 'table {{.ID}}\t{{.Names}}' |grep bacula-db |awk '{print $1}')
dcexec bacula-db cat /etc/hosts |grep ${CONTAINER_NAME}

# change pg_hba.conf
vim /opt/bacularis/data/pgsql/data/pg_hba.conf
---------------
from
...
# IPv4 local connections:
host    all             all             127.0.0.1/32            trust
...

to
...
# IPv4 local connections:
host    all             all             127.0.0.1/32            trust
host    all             all             172.26.2.0/24           trust
...
-------------

• Change var DB_INIT=true to DB_INIT=false

cd /opt/bacularis && vim docker-compose.yml
--------------
    environment:
from
...
      - DB_INIT=true
...

to
...
      - DB_INIT=false
...
-------------

• Disable accwss to pgsql socket

cd /opt/bacularis && vim docker-compose.yml
--------------
...
    volumes:
...

from

      - ${DOCKERDIR}/data/pgsql/socket:/var/run/postgresql          # comment after install
to
      #- ${DOCKERDIR}/data/pgsql/socket:/var/run/postgresql          # comment after install
...
-------------

• First access to bacularis

URL: https://bacularis.mydomain.de
User: admin

• First restart of docker container

cd /opt/bacularis
docker-compose down && docker-compose up -d

Docker variables

• Bacularis docker container

Variable	Value	Description
TZ	Europe/Berlin	Time zone
DB_INIT	true or false	true - required for DB init only (first run)
DB_UPDATE	false or true	true - required for DB update only
DB_HOST	bacula-db	PostgreSQL db host name
DB_PORT	5432	PostgreSQL db port
DB_NAME	bacula	bacula database name
DB_USER	bacula	bacula user name
DB_PASSWORD	MyDBPassword	password use to access to the bareos database
DB_ADMIN_USER	postgres	PostgreSQL root user name (required for DB init only)
DB_ADMIN_PASSWORD	MyDBAdminPassword	Password for PostgreSQL root user (required for DB init only)
BUILD_DAEMON_NAME	build-3-17-x86_64	from alpine assigned bacula daemons name
DESIRED_DAEMON_NAME	bacula	desired name for bacula daemons
WEB_ADMIN_USER	admin	User name for bacula web interface
WEB_ADMIN_PASSWORD_DECRYPT	MyWebPassword	User password (decrypt) for bacula web interface
WEB_ADMIN_PASSWORD_ENCRYPTED	$apr1$1fvq6ki0$AScxxxx	User password (encrypted) for bacula web interface
SMTP_HOST	smtpd:8025	docker container smtp service - name & port
ADMIN_MAIL	[email protected]	your email address
ADD_STORAGE_POOL	true or false	true - standard pool are replaced by Incremental, Differential and Full
ENABLE_CLOUD_S3_PLUGIN	true or false	true - following dependencies will be installed: awscli, python3.10, python3.10-dev
DOCKER_HOST_IP	192.168.2.10	IP address of docker host
DOCKERDIR	/opt/bacularis	Docker container config and data folder
PORT_BACULARIS	9097	Bacula port for Web interface
PORT_STORAGE	9103	Bacula port for storage daemon: bacula-sd
PORT_DIRECTOR	9101	Bacula port for director daemon: bacula-dir
MEMORY_LIMIT	1024 MB	PHP memory_limit in MB

• bacula-db docker container

Variable	Value	Description
TZ	Europe/Berlin	Time zone
DB_ADMIN_USER	postgres	PostgreSQL root user name (required for DB init only)
DB_ADMIN_PASSWORD	MyPostgresRootPassword	Password for PostgreSQL root user (required for DB init only)

• smtpd docker container

Variable	Value	Description
HOSTNAME_SMTP	bacularis.mydomain.de	hostname of smtp server
SMARTHOST	smtp.mydomain.de	smtp server FQDN
SMTP_USERNAME	[email protected]	smtp server user name
SMTP_PASSWORD	SmtpUserPassword	smtp server user password

Access WebUI

• Open http://host.domain.com:9097 or via traefik https://host.domain.com in your web browser then sign-in
• Login with your admin user credentials (user: admin / pass: <ADMIN_PASSWORD_DECRYPT>)
• Check the bacula director settings

Access bconsole

• With docker

docker exec -it bacularis bconsole

• With docker-compose

cd /opt/bacularis
docker-compose exec bacularis bconsole

DNS Records

Name	Type	Data
bacularis	CNAME	traefik-host.mydomain.de
bacula-dir	CNAME	docker-host.mydomain.de
bacula-sd	CNAME	docker-host.mydomain.de

Customize notification from bacula

• If you have several companies / customers, it quickly becomes confusing when checking the emails. To avoid this, add the company/customer name to the bacula-dir configuration. For example:

# customize variable
FIRMA=MyFirma
PATH_TO_BACULA_DIR=/opt/bacularis/data/bacula/etc/bacula-dir.conf

sed -i -e "s/Bacula:/Bacula ${FIRMA}:/" ${PATH_TO_BACULA_DIR}
cat ${PATH_TO_BACULA_DIR}  |grep "Bacula ${FIRMA}:"

sed -i -e "s/Bacula daemon message/Bacula ${FIRMA} daemon message/" ${PATH_TO_BACULA_DIR}
cat ${PATH_TO_BACULA_DIR} |grep "Bacula ${FIRMA} daemon message"

Firewall rules

Ports that need to be opened in firewall.

port	protocol	description
9102	TCP	For bacula-fd file daemon
9103	TCP	For bacula-sd storage daemon
9097	TCP	For Bacularis-APP without RP (Traefik)
443	TCP	For Bacularis-APP with RP (Traefik)

• Example for CentOS/Oracle/Rocky Linux

firewall-cmd --permanent --zone=public --add-port=9102/tcp
firewall-cmd --permanent --zone=public --add-port=9103/tcp
firewall-cmd --permanent --zone=public --add-port=9097/tcp
firewall-cmd --permanent --zone=public --add-port=443/tcp
firewall-cmd --reload
firewall-cmd --list-all

Docker Exim Relay Image

Exim mail relay is a lightweight Docker image, based on the official Alpine image. You can see the documentation for this here

Enable cloud S3 storage plugin

You need Bacula cloud S3 plugin drivers to create the cloud storage on the Storage Daemon. You also need to install AWS CLI. AWS CLI is a requirement for the Cloud S3/Amazon Plugin. Refer to the AWS Documentation. When installing AWS CLI, a large number of additional packages are installed. This leads to the docker image becoming large. That's why I introduced a variable ENABLE_CLOUD_S3_PLUGIN. If it is true, then AWS CLI is installed. The default setting is false - so when the docker container is started, AWS CLI is not installed.

Create bacula client config files

You can create client config files automatically. For this you can find some scripts and templates on the repo. You load the files into a directory and start the bash scripts. Run scriptname -h / --help to see help.

For Linux

---

• SSH login to bacula docker host
• Download files below in a directory

cd /tmp
wget https://raw.githubusercontent.com/johann8/bacularis-ubuntu/master/1_create_new_bacula_client_linux--server_side_template.sh
wget https://raw.githubusercontent.com/johann8/bacularis-ubuntu/master/2_create_new_bacula_client_linux--client_side_template.sh
wget https://raw.githubusercontent.com/johann8/bacularis-ubuntu/master/bacula-dir_template.conf
wget https://raw.githubusercontent.com/johann8/bacularis-ubuntu/master/bacula-dir_template_windows.conf
wget https://raw.githubusercontent.com/johann8/bacularis-ubuntu/master/bacula-fd_template.conf
wget https://raw.githubusercontent.com/johann8/bacularis-ubuntu/master/bconsole_template.conf
chmod u+x *.sh

• To create configuration for Bacula Linux client on server side, you need to pass two parameters to script 1, namely client name and IP address
• To create configuration for Bacula Linux client on client side, you need to pass only one parametes to script 2, namely client name
• The MD5 bacula client password will be automatically created by the script
• The bacula-mon password will be automatically read from bacula server configuration.
• When everything is ready, run the scripts to create bacula linux client config files. Here is an example:

CLIENT_NAME=srv01
IP_ADDRESS=$(ip addr show $(ip route | awk '/default/ {print $5}') |grep -w inet | awk '/inet/ {print $2}' | cut -d'/' -f1)
echo ${IP_ADDRESS}

./1_create_new_bacula_client_linux--server_side_template.sh -n ${CLIENT_NAME} -ip ${IP_ADDRESS}
./2_create_new_bacula_client_linux--client_side_template.sh -n ${CLIENT_NAME}

• The created files can be found in the folder config_files. The content of the file bacula-dir_srv01.conf is added to the configuration file bacula-dir.conf of the bacula server

# stop bacula docker stack
cd /opt/bacularis && docker-compose down
cd -

# add client config to bacula-dir
cat config_files/bacula-dir_srv01.conf >> /opt/bacularis/data/bacula/config/etc/bacula-dir.conf

# run bacula docker stack
cd /opt/bacularis && docker-compose up -d && docker-compose exec bacularis bash

# reread config
bconsole
reload
q
exit
cd -

• The created files bacula-fd_srv01.conf and bconsole_srv01.conf must be copied from bacula docker host to client by folder /opt/bacula/etc
• SSH to bacula client host
• Copy files bacula-fd_srv01.conf and bconsole_srv01.conf from bacula docker host

# on docker host - copy config files to bacula client host
scp config_files/bacula-fd_pve01.conf config_files/bconsole_pve01.conf user@bacula-client-ip:/tmp
ssh user@bacula-client-ip
cd /opt/bacula/etc

# create backup of old files
mv bacula-fd.conf bacula-fd.conf.back
mv bconsole.conf bconsole.conf.back

# move files
mv /tmp/bacula-fd_srv01.conf bacula-fd.conf
mv /tmp/bconsole_srv01.conf bconsole.conf
systemctl restart bacula-fd.service

# delete files
cd /tmp
rm -rf bacula-* bconsole_template.conf config_files *.sh

#
### if bacula client is running on the docker host, than
#
cd /opt/bacula/etc
mv bacula-fd.conf bacula-fd.conf.back
mv bconsole.conf bconsole.conf.back
\cp /tmp/config_files/bacula-fd_oraclel8.conf ./bacula-fd.conf
\cp /tmp/config_files/bconsole_oraclel8.conf ./bconsole.conf
systemctl restart bacula-fd.service

# delete files
cd /tmp
rm -rf bacula-* bconsole_template.conf config_files *.sh

For Windows

---

• Download files below in a directory

cd /tmp
wget https://raw.githubusercontent.com/johann8/bacularis-ubuntu/master/3_create_new_bacula_client_windows--server_side_template.sh
wget https://raw.githubusercontent.com/johann8/bacularis-ubuntu/master/bacula-dir_template_windows.conf
chmod u+x *.sh

• To create configuration for Bacula Windows client on server side, you need to pass two parameters to script 3, namely client name and IP address
• The MD5 Bacula client password is automatically created by the script
• When everything is ready, run the scripts to create bacula windows client config files. Here is an example:

cd /tmp
CLIENT_NAME=win-srv01
IP_ADDRESS="192.168.155.5"
./3_create_new_bacula_client_windows--server_side_template.sh -n win-srv01 -ip 192.168.155.8

• The created files can be found in the folder config_files. The content of the file bacula-dir_win-srv01.conf is added to the configuration file bacula-dir.conf of the bacula server

cat config_files/bacula-dir_win-srv01.conf >> /opt/bacularis/data/bacula/config/etc/bacula/bacula-dir.conf
cd /opt/bacularis && docker-compose exec bacularis bash
bconsole
reload
q
exit

Bacula Windows client install

For the installation of Bacula Windows client you need the name of Bacula Director bacula-dir, MD5 password of bacula windows client and the ip address of docker host.

• You can read out MD5 bacula client password from created config file bacula-dir_win-srv01.conf

cat config_files/bacula-dir_win-srv01.conf | sed -n '/Client {/,+4p' | grep -w Password |cut -f 2 -d '"'

As a result comes something like this: [md5]607e60c2c1f4f859679fbe9d742b0c59

• You need the ip address of docker host. This ip address is specified as bacula-dir ip address. You can execute the following command on docker host to find out the ip address:

ip addr show $(ip route | awk '/default/ {print $5}') |grep -w inet | awk '/inet/ {print $2}' | cut -d'/' -f1

As a result comes something like this: 192.168.155.15

• Download Bacula windows binaries from Bacula website
• Run bacula installation
• Fill in the data as in the picture
• Finish the installation
• Open the file C:\Program Files\Bacula\bacula-fd.conf
• Find the section

#
# List Directors who are permitted to contact this File daemon
#
Director {
  Name = bacula-dir
  Password = "Ck7WxwW8xfew45stslKdXoPGIAk+8QyB07tli92W1XWC"        # Director must know this password

• Replace the password with the MD5 password from the client

#
# List Directors who are permitted to contact this File daemon
#
Director {
  Name = bacula-dir
  Password = "[md5]607e60c2c1f4f859679fbe9d742b0c59"        # Director must know this password

• Restart Windows bacula daemon
• Windows firewall configuration - unblock ports 9102/TCP and 9103/TCP for incoming rules

Backup

Backup mysql database

• Download script below to the client

cd /opt/bacula/scripts/
wget https://raw.githubusercontent.com/johann8/bacularis-ubuntu/master/scripts/backup_mysql.sh
chmod a+x backup_mysql.sh
cd -

• Start Bacularis-App and browse to: Director => Configure director => Job => Name => Edit => +Add => +Add Runscript block

• Fill out as in the picture (Path to the location of the script)

• Browse to: Director => Configure director => Fileset => Name => Edit => Include #1 +Add => +Add single file/directory

• Fill out as in the picture (Var "DST" from script /var/backup/container/mysql)

Backup postgres database

For Postgres DB backup the Script autopostgresqlbackup is used. There is a docker container with this script. You can find a description and configaration example here.

• Here is an example of how to backup Postgres database in a docker container

# create backup destination
mkdir -p /var/backup/container/postgres

# Add to the docker container where the dostgres database runs

...
  autopgbackup:
    image: rogersik/autopostgresqlbackup:latest
    container_name: autopgbackup
    environment:
      - DBHOST=${POSTGRES_HOST}
      - USERNAME=${POSTGRES_USER}
      - PASSWORD=${POSTGRES_PASSWORD}
      - CRON_LOG_LEVEL=0                            # Most verbose is 0, less verbose is 8
      - CRON_SCHEDULE=50 22 * * *                   # valid cron specification
      - LATEST=yes                                  # Additionally keep a copy of the most recent backup in a seperate directory
    volumes:
     - /var/backup/container/postgres:/backups
     - /etc/localtime:/etc/localtime:ro
    depends_on:
      - postgresdb
...

• Start Bacularis-App and browse to: Director => Configure director => Fileset => Name => Edit => Include #1 +Add => +Add single file/directory
• Fill out as in the picture (Volume path fron docker-compose.yml: /var/backup/container/postgres)

My Docker hub

• Docker images

Enjoy !