#551 Issue closed: Bareos bconsole mandatory for mkrescue¶
Labels: enhancement, support / question, fixed / solved / done
leonkramer opened issue at 2015-02-17 15:08:¶
Hello,
when trying to create a rescue image with rear -vD mkrescue I receive
the following ouput:
root@lk-toolbox /etc/bareos $ rear -vD mkrescue Relax-and-Recover 1.16.1-git201502120920 / 2015-02-12 Using log file: /var/log/rear/rear-lk-toolbox.log ERROR: Bareos console executable is missing Aborting due to an error, check /var/log/rear/rear-lk-toolbox.log for details Terminated
While the error is clear to me that the binary bconsole is missing, I
do not really understand why it is even mandatory.
In order to make backups and restore them with Bareos all you need is
the package bareos-fd. Why does ReaR also need the package
bareos-bconsole for the rescue?
gdha commented at 2015-02-17 15:14:¶
Because @sebastianlederer added it in the code:
restore/BAREOS/default/40_restore_backup.sh: echo "status client=$BAREOS_CLIENT" | bconsole | egrep "^JobId
leonkramer commented at 2015-02-18 01:50:¶
I have got it now.
Before I was kinda distracted by the requirement of bconsole and the
fact that only one Director can be set up for the backup server.
Therefore I falsely assumed that you more or less have to give lots of
power to the servers for which you want to create rescue images.
Just figured out how to do the kinda tricky configuration to limit the access. Maybe this will be of help in future for someone.
While you cannot add a second Director or directly limit access in the
Director resource of bareos-dir.conf you are able to add several
Console resources and define ACLs for them.
The minimum ACL requirements you need to define in bareos-dir.conf for
ReaR are:
Console {
Name = status-mon
Password = "macMP5TYGYaBCDaGLAj7o54KYERbEBQQs+bsh/E0LrPn"
CommandACL = status # if you want automatic restores, then you also need to grant 'restore'
ClientACL = *all* # or Client name of host, ReaR will fail to retrieve status without it
}
At the system, which you want to prepare a rescue image for, you need
the given Console resource and a Director resource in
bconsole.conf, even though the Director resource is only good for
telling bconsole the direction to the server. The password is mandatory,
but can be set arbitrarily.
Director {
Name = backups-dir
DIRport = 9101
address = 123.45.67.89
Password = "does not matter, rly! but better dont omit it!"
}
Console {
Name = status-mon
Password = "macMP5TYGYaBCDaGLAj7o54KYERbEBQQs+bsh/E0LrPn"
}
tigerfoot commented at 2015-08-25 07:37:¶
Having bconsole as requirement, just to pick the bareos dir ip address
is kinda overkill.
(Add binaries to systems, + specific configuration on dir and fd)
Why not just a REAR config line replacing
is the director server present? Fetch from /etc/bareos/bconsole.conf
file
BAREOS_DIRECTOR=$(grep -i address /etc/bareos/bconsole.conf | awk '{
print $3 }')
Moreover the bareos_director address capture receipt is wrong it could
return "" if the valid syntax
address=director.domain is used.
gdha commented at 2015-08-25 08:34:¶
@tigerfoot why not preparing a pull request for it? It seems to make sense to me (however, I cannot test it out)
schlomo commented at 2015-08-26 18:05:¶
Yes, this sounds like a good point. Do you need help to create a pull request?
gdha commented at 2015-08-26 19:01:¶
@tigerfoot I re-open the issue for better visibility
tigerfoot commented at 2015-08-27 05:59:¶
Well it need a deep analysis, but from what I've quickly inspect, was
that a global variable would be better than anything else.
Now about removing bconsole as dep, concern a number of script and
process. (Most of them out of my actual knowledge. I've not been using
rear yet :-)), the restore.
I'm afraid to not have enough free time to dig into this right now.
sebastianlederer commented at 2015-08-28 12:36:¶
The bconsole program is included for several reasons:
- automatically check the connection to the bareos director
- check if the restore is complete when using fully automatic restore
- make it possible to do the restore manually from the console of the machine to be restored
Arguably, all those are not strictly necessary, but I think they will make things a lot easier and less error-prone for most users.
If you absolutely don't want the bconsole program on your systems, it should be possible to make it optional, which would also bypass the checks and disable automatic restore and manual local restore.
tigerfoot commented at 2015-08-28 12:43:¶
Absolutely true @sebastianlederer this is what I've seen in the restore
script.
I will have to check how I can in my workflow bypass those. And then
perhaps being able to make everything optionnal. But this will not
happen before 1 or 2 months.
I'm still convinced that the way the bareos-director address is checked
need improvement
like at least checking you've got something not empty and if it's the
case try to check if a global
BAREOS_DIRECTOR exist. If none = error.
What's your throught about this ?
)
(unknown) commented at 2016-07-26 14:39:¶
Hello, i want to mention that you need to add
ClientACL = *all*
to the bareos-dir.conf to be able to get the clients status :)
gdha commented at 2016-07-31 11:47:¶
Script
usr/share/rear/prep/BAREOS/default/50_check_BAREOS_bconsole_results.sh
contains the requested addition - seems we can close this issue
[Export of Github issue for rear/rear.]