Bacula backup plan and disaster recovery setup for a data center

Bacula logo

Setting up a Bacula backup plan and disaster recovery setup for a data center with two servers and a storage backup server running Ubuntu Linux involves several steps. In this example, we’ll assume the following:

  • Server 1: Web server (hostname: webserver1)
  • Server 2: Database server (hostname: dbserver1)
  • Storage Backup Server (hostname: backupserver1)
  • All systems are running Ubuntu Linux.
      Backup

      Please note that this is a simplified guide. You should adapt it to your specific environment and requirements.

      Install Bacula

      Install Bacula on all three servers (web server, database server, and backup server) using the package manager (apt-get):

      sudo apt-get update
      sudo apt-get install bacula-director-mysql bacula-console-qt bacula-fd

      During installation, you’ll be prompted to configure Bacula. Use the following settings:

      • Director hostname: backupserver1
      • Director password: Choose a strong password
      • Database configuration: Set up MySQL as the database backend.

      Configure Bacula Director

      On the backup server (backupserver1), configure the Bacula Director by editing

      /etc/bacula/bacula-dir.conf:’

      sudo nano /etc/bacula/bacula-dir.conf

      Here is a simplified configuration:

      Director {
        Name = backupserver-dir
        DIRport = 9101
        QueryFile = "/etc/bacula/query.sql"
        WorkingDirectory = "/var/lib/bacula"
        Pid Directory = "/var/run/bacula"
        Maximum Concurrent Jobs = 1
      }
      
      JobDefs {
        Name = "DefaultJob"
        Type = Restore
        FileSet="Full Set"
        Schedule = "WeeklyCycle"
        Storage = File
        Messages = Standard
        Pool = Default
        Priority = 10
        Write Bootstrap = "/var/lib/bacula/%c.bsr"
      }
      
      Job {
        Name = "RestoreFiles"
        Type = Restore
        FileSet="Full Set"
        Schedule = "WeeklyCycle"
        Storage = File
        Messages = Standard
        Pool = Default
        Priority = 10
        File Retention = 30 days
        Job Retention = 6 months
        AutoPrune = yes
      }
      
      # Include the FileSet and Job definitions for your servers here
      
      # Example FileSet for web server
      FileSet {
        Name = "webserver-fileset"
        Include {
          Options {
            signature = MD5
          }
          File = /var/www/html
        }
        Exclude {
          File = /var/www/html/tmp
        }
      }

      Configure Bacula File Daemons

      On each server (web server and database server), edit the Bacula File Daemon configuration ‘(/etc/bacula/bacula-fd.conf):

      sudo nano /etc/bacula/bacula-fd.conf

      Configure the File Daemon for each server:

      FileDaemon {
        Name = webserver-fd
        FDport = 9102
        WorkingDirectory = /var/lib/bacula
        Pid Directory = /var/run/bacula
        Maximum Concurrent Jobs = 20
      }
      
      FileDaemon {
        Name = dbserver-fd
        FDport = 9102
        WorkingDirectory = /var/lib/bacula
        Pid Directory = /var/run/bacula
        Maximum Concurrent Jobs = 10
      }

      Define Bacula Backup Jobs

      In the Bacula Director configuration (bacula-dir.conf) on the backup server, define backup jobs for each server (web server and database server). Customize these job definitions based on your requirements.

      Job {
        Name = "webserver-backup"
        Type = Backup
        Client=webserver-fd
        FileSet="webserver-fileset"
        Schedule = "WeeklyCycle"
        Storage = File
        Messages = Standard
        Pool = Default
        Priority = 10
      }
      
      Job {
        Name = "dbserver-backup"
        Type = Backup
        Client=dbserver-fd
        FileSet="dbserver-fileset"  # Define a FileSet for your database server
        Schedule = "WeeklyCycle"
        Storage = File
        Messages = Standard
        Pool = Default
        Priority = 10
      }

      Start Bacula Services

      On all servers, start the Bacula services:

      sudo systemctl start bacula-director
      sudo systemctl start bacula-fd

      Backup Schedule

      Create a backup schedule in /etc/bacula/schedule.conf:

      Storage {
        Name = File
        Address = backupserver1-fd
        SDPort = 9103
        Password = "your_password"
        Device = FileStorage
        Media Type = File
      }

      Set Up Disaster Recovery

      • Regularly back up Bacula’s configuration files (bacula-dir.conf, bacula-fd.conf, etc.) to a secure location.
      • Document disaster recovery procedures, including how to rebuild Bacula in case of failure.

      Testing and Monitoring

      • Test backups and restores regularly.
      • Monitor Bacula jobs and set up email notifications for failures.

      Email Notifications

      Configure email notifications to be informed of backup job results. In Bacula Director’s configuration (bacula-dir.conf), you can specify email notification settings:

      Messages {
        Name = Standard
        director = bacula-dir = all, !skipped, !restored
      }

      Additionally, ensure your system has a functional email server configured to send notifications.

      Implement Data Encryption (Optional)

      To enhance data security, you can implement encryption for Bacula backups. To do this, you’ll need to enable encryption in the Bacula Director and File Daemon configuration files (bacula-dir.conf and bacula-fd.conf). Here’s a simplified example:

      In bacula-dir.conf:

      Director {
        Name = backupserver-dir
        Password = "your_password"
        Messages = Standard
        TLS Enable = yes
        TLS Require = yes
        TLS CA Certificate File = /etc/bacula/ssl/ca.crt
        TLS Certificate = /etc/bacula/ssl/bacula-dir.crt
        TLS Key = /etc/bacula/ssl/bacula-dir.key
      }

      In bacula-fd.conf on client servers (web server and database server):

      FileDaemon {
        Name = webserver-fd
        Password = "your_password"
        TLS Enable = yes
        TLS Require = yes
        TLS CA Certificate File = /etc/bacula/ssl/ca.crt
        TLS Certificate = /etc/bacula/ssl/webserver-fd.crt
        TLS Key = /etc/bacula/ssl/webserver-fd.key
      }

      You’ll need to generate the SSL certificates and configure them accordingly.

      Periodic Backup Testing

      Regularly test your backups to ensure they can be successfully restored. Plan and document these tests to verify that your disaster recovery procedures work as expected.

      Documentation

      Thoroughly document your Bacula setup and disaster recovery plan. Include:

      • Configuration files (bacula-dir.conf, bacula-fd.conf, etc.).
      • Backup schedules and retention policies.
      • Disaster recovery procedures.
      • Contacts for support and emergency situations.
      • Any custom scripts or tools used in your setup.

      Regular Maintenance

      Perform regular maintenance tasks:

      • Update Bacula and its components to the latest versions.
      • Test backups after major changes or upgrades.
      • Review and update your disaster recovery plan as your infrastructure evolves.

      Monitoring and Alerts

      Implement monitoring tools or scripts to keep an eye on Bacula’s status. Set up alerts for backup failures or issues. Popular monitoring solutions include Nagios, Zabbix, or simple shell scripts.

      Offsite Backup Copies

      For added data protection, consider storing backup copies offsite in a secure location. This guards against on-site disasters like fires or floods.

      Disaster Recovery Drills

      Conduct periodic disaster recovery drills to ensure your team is prepared to handle real disasters. These drills should test your ability to recover data and systems using your documented procedures.

      Remember that a backup and disaster recovery plan is not a one-time setup; it requires ongoing maintenance, testing, and documentation updates to remain effective in protecting your data and ensuring business continuity.

      Tags: No tags

      Add a Comment

      Your email address will not be published. Required fields are marked *