Oracle cloud account management
Cloud Account
To configure your Bacula Storage daemon with Oracle Cloud Infrastructure, you need to create an account through the Oracle Cloud portal.
Note that the registration process requires a Default Data Region. Bacula Storage deamon stores to the Oracle Cloud Object Storage. Make sure you that you select a region that supports it. See the following link for details on regions
Once you’ve entered the required information, you should be granted access to the Oracle Services Dashboard and receive a confirmation e-mail containing a link to connect the Oracle Services Dashboard.
Obtain Oracle Cloud Infrastructure Console URL
For the next operations, you’ll need to access your Oracle Cloud Infrastructure Console. Follow the next steps to retrieve the OCI Console URL. (If you already know your OCI console URL, you can skip this section.)
Follow the link provided in the registration e-mail to reach the Services Dashboard.
In the top right corner of the Dashboard, select you account Icon and choose My Admin Accounts from the drop down menu.
From the Administrative Accounts list Copy the URL associated to Compute (OCI) Users. That the URL is region-based. It should start like this:
https://console.<region>.oraclecloud.com/...
Keep track of this URL, it’s your main access point to the Oracle Storage.
Create a Bucket in Oracle Cloud
Before starting using Plugin, you need to create a Bucket in your Oracle Cloud Infrastructure Console. Bacula will create all its backup volumes in this Bucket.
Browse to your OCI Console
From the top left Menu, select Object Storage
Click Create Bucket
Fill the different creation fields, specifically:
Bucket Name: Will be used as specified here within the Bacula Cloud Resource
Storage Tier: The bucket Storage Tier influences the storage price and cannot be changed afterward: https://cloud.oracle.com/storage/archive-storage/faq
Standard will provide instant access to the bucket objects, while with Archive you’ll have to manually restore your objects with the OCI client before Bacula can restore them: https://docs.cloud.oracle.com/iaas/tools/oci-cli/latest/oci_cli_docs/cmdref/os/object/restore.html
Tags: Tags can be attached to your bucket to organize your tenancy. Bacula will not consider them.
Retrieve the OCID keys
These keys are required to complete OCI Command Line Interface installation.
Tenancy’s OCID
The tenancy OCID is in the Console in the Tenancy Details page: From the OCI Console, open the User menu in the top right corner and click The tenancy OCID is shown under Tenancy Information.
User’s OCID
The user OCID is in the Console in the User Settings page: From the OCI Console, open the User menu in the top right corner and click The user OCID is shown under User Settings.
Install the OCI Command Line Interface tool
The OCI Command Line Interface (CLI) is a Python application that allows access to Oracle Cloud Storage from the command line. Its installation is platform dependent as described in:
Since you should be running on a Unix-like platform, run the following bash command as root:
The installed binaries must be on the path so it’s important to modify the default location. We recommand installing in /usr/local/bin
install location should be changed to /usr/local/lib/oracle-cli
OCI executable location should be changed to /usr/local/bin
OCI scripts location should be changed to /usr/local/bin/
later on, you may be asked to modify the path. Answer no.
Eventually, you should get prompted with Installation successful.
Setup the OCI CLI config
Once the OCI CLI has been installed, you can run the setup_oracle_cloud_cli script located in /opt/bacula/scripts as root to guide you through this step.
You’ll be asked to provide the following information:
config location. Replace with /opt/bacula/etc/oci/config
user OCID.
tenancy OCID.
region:
RSA key pair. The script can generate it for you or you can provide your own: https://docs.cloud.oracle.com/iaas/Content/API/Concepts/apisigningkey.htm.
Make sure to locate them in /opt/bacula/etc/oci.
Alternativelly, you can manually run
sudo -u bacula /usr/local/bin/oci setup config
Upload public pem key to the OCI Console
Next the public key must be uploaded to the OCI Console. The public key is named oci_api_key_public.pem and is located in /opt/bacula/etc/oci. View the details for the user who will be calling the API with the key pair: Click Identity, Users, and then select the user from the list. Click Add Public Key. Paste the contents of the PEM public key in the dialog box and click Add.
Retrieve the Bucket namespace and the compartment id
From the OCI Console, open the navigation menu in the top left corner. Select Object Storage, then the Bucket used for Bacula backup. In the Bucket Information, note the namespace and copy the compartment id.
Compartment permissions
It may be necessary to set advanced policies such as below in order to allow access to the bucket:
allow group GROUPNAME to manage buckets in compartment COMPARTMENTNAME
allow group GROUPNAME to use buckets in compartment COMPARTMENTNAME
allow group GROUPNAME to manage objects in compartment COMPARTMENTNAME
Create the resource control file
Edit the config file (should be /opt/bacula/etc/oci/config) and add the following section
[CLI]
# globally scoped default for all operations with a -compartment-id parameter
compartment-id = <compartment-id>
# globally scoped default for all operations with a -namespace parameter
namespace = <namespace>
[OCI_CLI_SETTINGS]
default_profile=CLI
Replace <compartment-id> and <namespace> with the values you retrieved in Retrieve the Bucket namespace and the compartment id. Save the config file.
Test OCI CLI
In a terminal, type on the same line:
sudo -u bacula /usr/local/bin/oci os object list -bn MyBucket --cli-rc-file /opt/bacula/etc/oci/config --config-file /opt/bacula/etc/oci/config
Where MyBucket is the name of the bucket created in Create a Bucket in Oracle Cloud.
You should get no error message and the following reply:
"prefixes": []