New Features in Bacula Community
CommunityThis chapter presents the new features that have been added to the two recent Community versions of Bacula.
Note
Click here to find information about new features introduced in earlier versions of Bacula Community.
New Features in 15.0.0
Security Enhancements
The password information that might be present in some specific plugin FileSets is now hidden from the status client console output.
New security events are generated after incorrect network connections.
The restricted console have now a better control over various bconsole commands such last list, restore, …
Storage Daemon Encryption
The Bacula Storage Daemon can now encrypt the data at the volume level to enhance security of data at rest. The volumes cannot be read by a system that doesn’t have the correct encryption keys.
Click here for more information.
Malware Detection
Bacula allows you to configure your jobs to detect known Malware. The detection can be done at the end of the Backup job and/or with a Verify job. The Malware database can be downloaded from different providers, the default is set to abuse.ch. If a Backup job detects a malware in the backup content, an error is reported and the Job status is adapted.
20-Sep 12:26 zog8-dir JobId 9: Start Backup JobId 9, Job=backup.2022-09-20_12.26.30_13
...
20-Sep 12:26 zog8-dir JobId 9: [DI0002] Checking file metadata for Malwares
20-Sep 12:26 zog8-dir JobId 9: Error: [DE0007] Found Malware(s) on JobIds 9
Build OS: x86_64-pc-linux-gnu archlinux
JobId: 9
Job: backup.2022-09-20_12.26.30_13
Backup Level: Full
...
Last Volume Bytes: 659,912,644 (659.9 MB)
Non-fatal FD errors: 1
SD Errors: 0
FD termination status: OK
SD termination status: OK
Termination: Backup OK -- with warnings
The list of the Malware detected in a given Job can be displayed with the list files type=malware command.
*list files type=malware jobid=1
+-------+-----------------------------+---------------+----------+
| jobid | filename | description | source |
+-------+-----------------------------+---------------+----------+
| 1 | /tmp/regress/build/po/fr.po | Malware found | abuse.ch |
+-------+-----------------------------+---------------+----------+
Click here for more information.
TOTP Console Authentication Plugin
The TOTP (Time based One Time Password) Authentication Plugin is compatible with the RFC 6238. Many smartphone apps are available to store the keys and compute the TOTP code.
The standard password and encryption mechanisms will still be used to accept an incoming console connection. Once accepted, the Console will prompt for a second level of authentication with a TOTP secret key generated from a shared token.
To enable this feature, you needed to install the bacula-totp-dir-plugin package on your Director
system, then to set the PluginDirectory directive of the Director resource and configure the
AuthenticationPlugin directive of a given restricted Console in the Director configuration file.
# in bacula-dir.conf
Director {
Name = myname-dir
...
Plugin Directory = /opt/bacula/plugins
}
Console {
Name = "totpconsole"
Password = "xxx"
Authentication Plugin = "totp"
CommandACL = *all*
JobACL = *all*
ClientAcl = *all*
PoolACL = *all*
DirectoryACL = *all*
WhereACL = *all*
FileSetACL = *all*
StorageACL = *all*
CatalogACL = *all*
ScheduleACL = *all*
}
The matching Console configuration in bconsole.conf has no extra settings compared to a standard restricted Console.
# in bconsole.conf
Console {
Name = totpconsole
Password = "xxx" # Same as in bacula-dir.conf/Console
}
Director {
Name = mydir-dir
Address = localhost
Password = notused
}
At the first console connection, if the TLS link is correctly setup (using the shared secret key), the plugin will generate a specific random key for the console and display a QR code in the console output. The user must then scan the QR code with his smartphone using an app such as Aegis (Opensource) or Google Authenticator. The plugin can also be configured to send the QR code via an external program.
Click here for more information.
Storage Group Enhancements
The StorageGroup feature is now compatible with Copy and Migration jobs.
FreeSpace Storage Policy
This policy queries each Storage Daemon in the list for its FreeSpace (as a sum of devices specified in the Storage Daemon config) and sort the list by FreeSpace returned.
LastBackedUpTo Storage Policy
This policy ensures that job is backed up to the storage where the same job (of the same level, i.e. Full or Incremental) has been backed up the longest time ago. The goal is to split the jobs to improve redundancy.
LastBackupedToStore Storage Policy
This policy ensures that job is backed up on the storage where the same job (with same level i.e. Full or Incremental) has been backed up to the longest time ago. The goal is to spread the jobs to improve redundancy.
FreeSpaceLeastUsed Storage Policy
This policy ensures that a job is backed up to the storage with the most free space and least running jobs. Within the candidates storages, the least used one will be selected. Candidate storages are determined by the StorageGroupPolicyThreshold Job directive. If MaxFreeSpace is the largest amount of free space for all storages in the group, a storage will be a candidate if its free space is above \(\text{MaxFreeSpace} - \text{StorageGroupPolicyThreshold}\).
For example:
with StorageGroupPolicyThreshold=100MB
and storages free space being:
Storage1 = 500GB free
Storage2 = 200GB free
Storage3 = 400GB free
storage4 = 500GB free
In this case MaxFreeSpace=500GB.
Storage 1, 4 and 3 are candidates.
If 5 jobs are running on Storage1, 2 on Storage4, and 3 on Storage3 then Storage4 will be the selected storage.
Storage Groups can be used as follows (as part of Job and Pool configuration):
Job {
...
Storage = File1, File2, File3
...
}
Pool {
...
Storage = File4, File5, File6
StorageGroupPolicy = FreeSpaceLeastUsed
StorageGroupPolicyThreshold = 200 MB
...
}
FileDaemon Security Enhancements
Allowed Backup and Restore Directories
New FileDaemon directives lets the deamon control which client directories are allowed for backup on a per-director basis. Directives can be specified as comma-separated list of directories. The simplest version of the AllowedBackupDirectories and ExcludedBackupDirectories directives may look as follows:
# in bacula-fd.conf
Director {
Name = myname-dir
...
AllowedBackupDirectories = "/path/to/allowed/directory"
}
Director {
Name = my-other-dir
...
ExcludedBackupDirectories = "/path/to/excluded/directory"
}
This directive works on the FD side, and is fully independent of the include/exclude part of the Fileset defined in the Director’s config file. Nothing is backed up if none of the files defined in the Fileset is inside FD’s allowed directory.
Allowed Restore Directories
This new directive lets the deamon control which directories are allowed to be used as a restore destination on a per-director basis. Directive can be specified as a list of directories. The simplest version of the AllowedRestoreDirectories directive may look as follows:
# in bacula-fd.conf
Director {
Name = myname-dir
...
AllowedRestoreDirectories = "/path/to/directory"
}
Allowed Script Directories
New FileDaemon directive lets the deamon control directories which from the Director can execute client’s scripts and programs (e.g. using the Runscript feature or with the Fileset’s ‘File=’ directive). Directive can be specified as a list of directories. The simplest version of the AllowedScriptDirectories directive may look as follows:
# in bacula-fd.conf
Director {
Name = myname-dir
...
AllowedScriptDirectories = "/path/to/directory"
}
When this directive is set, Bacula is also checking programs to be run against set of not-allowed characters. When following resource:
FileSet {
Name = "Fileset_1"
Include {
File = "\\|/path/to/binary &"
}
}
is defined inside the Director’s config file, Bacula won’t backup any file for such Fileset. It’s because of the ‘&’ character, which is not allowed when the ‘Allowed Script Directories’ is used on the Client’s side. Full list of not-allowed characters:
$ ! ; \ & < > ` ( )
To disable all command sent by the Director, it is possible to use the following configuration in your FileDaemon:
AllowedScriptDirectories = none
Antivirus Plugin
The FileDaemon Antivirus plugin provides integration between the ClamAV Antivirus daemon and Bacula Verify Jobs, allowing post-backup virus detection within Bacula Enterprise.
More information can be found in the Antivirus Plugin documentation.
Volume Protection
Warning
This feature is only for file-based devices.
This feature can only be used if Bacula is run as a systemd service because only then, with proper capabilities set for the daemon, it’s allowed to manage Volume Files’ attributes. The show storage bconsole command informs if Bacula has needed capabilities.
For File-based volumes Bacula will set the Append Only attribute during the first backup job that uses the new volume. Note that the flag is set when Bacula actually uses volume for the first time, not when the volume is labelled (either automatically or using the label command). This will prevent Volumes to lost data by being overwritten.
The Append Only file attribute is cleared when the volume is being relabeled.
Bacula is now also able to set the Immutable file attribute on a file volume which is marked as Full. Note that as of now, Immutable flag is set only for Full volumes, setting it for other statuses (e.g. ‘Used’ volumes) may come in the future releases.
When a volume is Full and has the Immutable flag set, it cannot be relabeled and reused until the expiration period elapses. This helps to protect volumes from being reused too early, according to the protection period set.
If Volume’s filesystem does not support the Append only or Immutable flags, a proper warning message is printed in the job log and Bacula proceeds with the usual backup workflow.
There are three new directives available to set on a per-device basis to control the the Volume Protection behavior:
- SetVolumeAppendOnly
: Determines if Bacula should set the Append_Only attribute when writing on the volume for the rist time.
- SetVolumeImmutable
: Determines if Bacula should set the Immutable attribute when marking volume as ‘Full’.
- Minimum Volume Protection Time
: Specifies how much time has to elapse before Bacula is able to clear the attribute
Note
Both Append Only and Immutable flags set for volumes cannot be modified using catalog-related commands, e.g. purging a volume won’t clear the Immutable flag, that can only be done when MinimumVolumeProtection time expires.
If administrator wants to manually remove file attributes, chattr must be used:
- chattr -i path-to-vol/VolumeName
removes the Immutable flag
- chattr -a path-to-vol/VolumeName
removes the Append Only flag
This should not be needed, and it should be used only in a state of emergency. chattr tool must be used with user with proper capabilities to set/clear file attributes (e.g. root)
In some cases, for example when the status of the Volume is changed by the Director via the update volume command, the Storage Daemon will not be able to change the permission on the Volume. Some Volumes may have the Full/Used status without the proper protection.
The command update volumeprotect is designed to determine the list of the volumes that are not protected and connect the Storage Daemon to update the permissions. It can be executed in an Admin job once a day.
*update
Update choice:
1: Volume parameters
2: Pool from resource
3: Slots from autochanger
4: Long term statistics
5: Snapshot parameters
6: Volume protection attributes on Storage Daemon
Choose catalog item to update (1-6): 6
Found 1 volumes with status Used/Full that must be protected
Connected to Storage "File2" at zog8:8103 with TLS
3000 Marking volume "Vol-0009" as read-only.
or via update volumeprotect
*update volumeprotect
Found 1 volumes with status Used/Full that must be protected
Connected to Storage "File2" at zog8:8103 with TLS
3000 Marking volume "Vol-0009" as read-only.
The command can be scheduled in an Admin job
Job {
Name = adm-update-protected
Type = Admin
Runscript {
Console = "update volumeprotect"
RunsOnClient = no
RunsWhen = Before
}
JobDefs = DefaultJob
}
ZStandard FileSet Compression Option
The ZSTD compression algorithm is now available in the FileSet option directive Compression. It is possible to configure ZSTD level 1 zstd1, level 10 zstd10 and level 19 zstd19. The default zstd compression is 10.
Kubernetes Plugin
The Bacula Kubernetes plugin will save all the important Kubernetes resources which make up the application or service. The plugin can now use the CSI Snapshot method to backup persistent volumes.
Amazon Cloud Driver
A new Amazon Cloud Driver is available for beta testing. In the long term, it will enhance and replace the existing S3 cloud driver. The aws tool provided by Amazon is needed to use this cloud driver. The Amazon cloud driver is available within the bacula-cloud-storage-s3 package and can be enabled by using “Driver = Amazon” in the Cloud Storage Daemon resource.
Misc
New Storage Daemon Disk Volume Format
Bacula version 15.0 uses a new volume version named BB03. The new format adds the support for Volume Encryption, and the previous 32bits CRC32 checksum was replaced by the faster 64bits XXH64.
Volumes written with the BB03 format can only be read by Bacula version 15 or later. Old BB02 volumes can still be restored, and Volumes may start with BB02 blocks, and continue with BB03 blocks.
It is not possible to use the Volume Encryption=yes directive on a volume that was labeled using the BB02 format. In that case, the volume will be automatically marked as Used.
Progress Status for Copy/Migration Jobs
The status director command can now report the progress of Copy and Migration Jobs.
Scheduled Job List
The status director bconsole command has been updated to limit the number of scheduled jobs listed by default to 50.
The keyword limit can be used to choose how many lines will be printed.
* status director limit=5
127.0.0.1-dir Version: 14.1.5 (26 October 2022) x86_64-pc-linux-gnu archlinux
Daemon started 31-Oct-22 17:27, conf reloaded 31-Oct-2022 17:27:55
Jobs: run=2, running=0 max=4 mode=1,2010
Crypto: fips=no crypto=OpenSSL 1.0.2u 20 Dec 2019
Heap: heap=675,840 smbytes=774,259 max_bytes=2,058,994 bufs=2,470 max_bufs=4,024
Res: njobs=24 nclients=1 nstores=3 npools=1 ncats=1 nfsets=25 nscheds=3
Plugin: ldap totp
Scheduled Jobs (5/1440):
Level Type Pri Scheduled Job Name Volume
===================================================================================
Full Backup 10 31-Oct-22 17:29 NightlySave0 TestVolume001
Full Backup 10 31-Oct-22 17:30 NightlySave1 TestVolume001
Full Backup 10 31-Oct-22 17:31 NightlySave2 TestVolume001
Full Backup 10 31-Oct-22 17:32 NightlySave3 TestVolume001
Full Backup 10 31-Oct-22 17:33 NightlySave4 TestVolume001
5 scheduled Jobs over 1440 are displayed. Use the limit parameter to display more Jobs.
====
Running Jobs:
Console connected using TLS at 31-Oct-22 17:27
No Jobs running.
====
Terminated Jobs:
JobId Level Files Bytes Status Finished Name
====================================================================
1 Full 35 5.070 M OK 31-Oct-22 15:50 NightlySave
2 Full 35 5.070 M OK 31-Oct-22 17:27 NightlySave
3 Full 35 5.070 M OK 31-Oct-22 17:28 NightlySave
====
The APIv2 json output support has been added for the status dir scheduled command.
Catalog Enhancements
FileSet Content Overview
Now, the Catalog stores an overview of the FileSet definition in the Content field. If the FileSet handles files and directories, the Content field will be set to files. If any plugins are used, each plugin will be inserted into the Content field.
*sql
SELECT Content FROM FileSet;
+------------------------------+
| content |
+------------------------------+
| bpipe |
+------------------------------+
New Job Attributes
New SQL attributes have been added to the Job table such as isVirtualFull, Encrypted, LastReadStorageId, WriteStorageId, Rate, CompressRatio, StatusInfo, and so on.
New Media Attributes
New SQL attributes have been added to the Media table such as UseProtect, Protected, VolEncrypted
Search Function
Bconsole has a new .search command to search into the catalog accross client, job and volumes.
* .search text=sometext
volume=
client=sometext-fd
job=
The text to be searched must have 4 characters at the minimum.
Advanced Job Queue Control
The Job RunScript feature has been enhanced to control the start of a Job inside the Run Queue. When a Job is starting, the Director controls that resources are available for the Job to start properly, if these resources are not available, the Job will stay in the queue, waiting to acquire them.
It is now possible to execute a script to control any kind of external and custom resources and decide when a Job should start. For example, a script might control the load average of a server before to start a Job to find the best execution time.
Click here for more information.
Director’s PID File timestamp
The Director PID file timestamp is now updated after a successful reload command. External tools can use this information to perform certain actions such as to clear the cache.
RunScript Enhancements
A new Director RunScript RunsWhen keyword of AtJobCompletion has been implemented, which runs the command after at the end of job and can update the job status if the command fails.
Job {
...
Runscript {
RunsOnClient = no
RunsWhen = AtJobCompletion
Command = "mail command"
AbortJobOnError = yes
}
}
It has been added because the RunsWhen keyword After was not designed to update the job status if the command fails.
JSON Output
The console has been improved to support a JSON output to list catalog objects and various daemon output. The new “.jlist” command is a shortcut of the standard “list” command and will display the results in a JSON table. All options and filters of the “list” command can be used in the “.jlist” command. Only catalog objects are listed with the “list” or “.jlist” commands. Resources such as Schedule, FileSets, etc… are not handled by the “list” command.
See the “help list” bconsole output for more information about the “list” command. The Bacula configuration can be displayed in JSON format with the standard “bdirjson”, “bsdjson”, “bfdjson” and “bbconsjson” tools.
*.jlist jobs
{"type": "jobs", "data":[{"jobid": 1,"job": "CopyJobSave.2021-10-04_18.35.55_03",...
*.api 2 api_opts=j
*.status dir header
{"header":{"name":"127.0.0.1-dir","version":"12.8.2 (09 September 2021)"...
New Features in 13.0.0
Kubernetes Plugin
The Bacula Kubernetes plugin will save all the important Kubernetes resources which make up the application or service. The plugin has the following features:
Kubernetes cluster resources configuration backup
Ability to restore single Kubernetes configuration resource
Ability to restore Kubernetes resource configuration to local directory
Kubernetes Persistent Volumes data backup and restore
Ability to restore Kubernetes Persistent Volumes data to local directory
Ability to use new Kubernetes CSI driver snapshot features to perform Persistent Volume data backup
Ability to execute user defined commands on required Pod containers to prepare and clean data backup
Configure Kubernetes workload backup requirements directly with Pod annotations
Click here for more information.
Storage Group
It is now possible to configure more than one Storage resource for each Job/Pool. Storage can be specified as a comma separated list of Storage resources to use.
Along with specifying a Storage list it is now possible to specify a Storage Group Policy which will be used for determining which Storage will be used for the Job. If no policy is specified, Bacula tries to use the first available Storage from the list.
If the first few storage daemons are unavailable due to network problems; broken or unreachable for some other reason, Bacula will use the first one from the list (sorted according to the policy used) which is network reachable and healthy.
Currently supported policies are:
- ListedOrder
This is the default policy. It uses the first available storage from the list provided
- LeastUsed
This policy scans all storage daemons from the list and chooses the one with the least number of Jobs currently running
Storage Groups may be used as follows (as a part of Job and Pool resources):
Job {
...
Storage = File1, File2, File3
...
}
Pool {
...
Storage = File4, File5, File6
StorageGroupPolicy = LeastUsed
...
}
When a Job or Pool with a Storage Group is used, the user will observe some messages related to the choice of Storage such as:
messages
31-maj 19:23 VBox-dir JobId 1: Start Backup JobId 1, Job=StoreGroupJob.2021-05-31_19.23.36_03
31-maj 19:23 VBox-dir JobId 1: Possible storage choices: "File1, File2"
31-maj 19:23 VBox-dir JobId 1: Storage daemon "File1" didn't accept Device "FileChgr1-Dev1" because: 3924 Device "FileChgr1-Dev1" not in SD Device resources or no matching Media Type or is disabled.
31-maj 19:23 VBox-dir JobId 1: Selected storage: File2, device: FileChgr2-Dev1, StorageGroupPolicy: "ListedOrder"
New Accurate Option to Save Only File’s Metadata
The new ‘o’ Accurate directive option for a Fileset has been added to save only the metadata of a file when possible.
The new ‘o’ option should be used in conjunction with one of the signature checking options (1, 2, 3, or 5). When the ‘o’ option is specified, the signature is computed only for files that have one of the other accurate options specified triggering a backup of the file (for example an inode change, a permission change, etc…).
In cases where only the file’s metadata has changed (ie: the signature is identical), only the file’s attributes will be backed up. If the file’s data has been changed (hence a different signature), the file will be backed up in the usual way (attributes as well as the file’s contents will be saved on the volume).
For example:
Job {
Name = JobTest
JobDefs = DefaultJob
FileSet = TestFS
Accurate = yes
}
FileSet {
Name = TestFS
Options {
Signature = MD5
Accurate = pino5
}
File = /
}
The backup job will compare permission bits, inodes, number of links and, if any of it changes, it will also compute file’s signature to verify if only the metadata must be backed up or if the full file must be saved.
External LDAP Console Authentication
The new Bacula Plugable Authentication Module (BPAM) API framework introduced in Bacula 13.0 comes with the first plugin which handles user authentication against any LDAP Directory Server (including OpenLDAP and Active Directory). To enable the build of the LDAP Console Authentication plugin, add the ldap options to your ./configure command line as shown below:
./configure --with-ldap --enable-ldap-bpam [... other options]
# bconsole
*status director
...
Plugin: ldap-dir.so
...
When the LDAP plugin is loaded you can configure a named console resource to use LDAP to authenticate users. BConsole will prompt for a User and Password and it will be verified by the Director. TLS PSK (activated by default) is recommended. To use this plugin, you have to specify the PluginDirectory Director resource directive, and add a new console resource directive Authentication Plugin as shown below:
Director {
...
Plugin Directory = /opt/bacula/plugins
}
Console {
Name = "ldapconsole"
Password = "xxx"
# New directive
Authentication Plugin = "ldap:<parameters>"
...
}
where parameters are the space separated list of one or more plugin parameters:
- url
LDAP Directory service location, i.e. “url=ldap://10.0.0.1/”
- binddn
DN used to connect to LDAP Directory service to perform required query
- bindpass
DN password used to connect to LDAP Directory service to perform required query
- query
A query performed on the LDAP Directory serice to find user for authentication The query string is composed as <basedn>/<filter>. Where `<basedn> is a DN search starting point and <filter> is a standard LDAP search object filter which support dynamic string substitution: %u will be replaced by credential’s username and %p by credential’s password, i.e. query=dc=bacula,dc=com/(cn=%u).
- starttls
Instruct the BPAM LDAP Plugin to use the StartTLS extension if the LDAP Directory service supports it and fallback to no TLS if this extension is not available.
- starttlsforce
Does the same as the starttls setting does but reports error on fallback.
Working configuration examples:
bacula-dir.conf - Console resource configuration for BPAM LDAP Plugin with OpenLDAP authentication example.
Console {
Name = "bacula_ldap_console"
Password = "xxx"
# New directive (on a single line)
Authentication Plugin = "ldap: url=ldap://ldapsrv/ binddn=cn=root,dc=bacula,dc=com
bindpass=secret query=dc=bacula,dc=com/(cn=%u) starttls"
...
}
bacula-dir.conf - Console resource configuration for BPAM LDAP Plugin with Active Directory authentication example.
Console {
Name = "bacula_ad_console"
Password = "xxx"
# New directive (on a single line)
Authentication Plugin = "ldap: url=ldaps://ldapsrv/
binddn=cn=bacula,ou=Users,dc=bacula,dc=com bindpass=secret
query=dc=bacula,dc=com/(&(objectCategory=person)(objectClass=user)(sAMAccountName=%u))"
...
}
New Baculum features
The following features were introduced in version 11.0.6
New Advanced Schedule Settings
The schedule function has been reworked to support all possible schedule settings. Now it can be configured in five different ways: hourly, daily, weekly, monthly, and also custom for various uncommon settings.
New Copy and Migrate Job Wizards
Using the new wizards it is possible to easily create new copy and migrate jobs. The Wizard’s steps are prepared and optimized to make the process as easy as possible.
New Director Page
This new page provides two major functions: The Director status and the Director configuration. The first one is for displaying in a graphical and textual way the Director status. The second one is for configuring all Director resources (Jobs, Clients, Pools, Storage …etc.). From one place users can configure various Director resources.
Bulk Delete Volumes Action
This feature is available on the media page. Apart from prune and purge bulk actions, now users are also able to bulk delete volumes. It is possible by selecting volumes in the volume table and using this new delete volumes action.
Loading Pages Optimization
Pages have been optimized to faster loading. The entire Baculum Web interface works faster.
Directive Documentation
In all Bacula component configurations, for almost all directives, official Bacula documentation has been added. It is available directly within the web interface.
Tag Support
It is now possible to assign custom Tags to various catalog records in Bacula such as:
Volume
Client
Job
*tag
Automatically selected Catalog: MyCatalog
Using Catalog "MyCatalog"
Available Tag operations:
1: Add
2: Delete
3: List
Select Tag operation (1-3): 1
Available Tag target:
1: Client
2: Job
3: Volume
Select Tag target (1-3): 1
The defined Client resources are:
1: 127.0.0.1-fd
2: test1-fd
3: test2-fd
4: test-rst-fd
5: test-bkp-fd
Select Client (File daemon) resource (1-5): 1
Enter the Tag value: test1
1000 Tag added
*tag add client=127.0.0.1-fd name=#important"
1000 Tag added
*tag list client
+--------------+----------+--------------+
| tag | clientid | client |
+--------------+----------+--------------+
| #tagviamenu3 | 1 | 127.0.0.1-fd |
| test1 | 1 | 127.0.0.1-fd |
| #tagviamenu2 | 1 | 127.0.0.1-fd |
| #tagviamenu1 | 1 | 127.0.0.1-fd |
| #important | 1 | 127.0.0.1-fd |
+--------------+----------+--------------+
*tag list client name=#important
+----------+--------------+
| clientid | client |
+----------+--------------+
| 1 | 127.0.0.1-fd |
+----------+--------------+
It is possible to assign Tags to a Job record with the new ‘Tag’ directive in a Job resource.
Job {
Name = backup
...
Tag = "#important", "#production"
}
*tag list job
+--------------+-------+-------------+
| tag | jobid | job |
+--------------+-------+-------------+
| #important | 2 | backup |
| #production | 2 | backup |
+--------------+-------+-------------+
The Tags are also accessible from various BWeb Management Suite screens.
Support for SHA256 and SHA512 in FileSet
The support for strong signature algorithms SHA256 and SHA512 has been added to Verify Jobs. It is now possible to check if data generated by a Job that uses an SHA256 or SHA512 signature is valid.
FileSet {
Name = Linux-Etc
Options {
Signature = SHA512
Verify = pins3
}
File = /etc
}
In the FileSet Verify option directive, the following code has been added:
3 for SHA512 2 for SHA256
Windows Installer Silent Mode Enhancement
The following command line options may be used to control the regular Bacula installer values in silent mode:
-ConfigClientName
-ConfigClientPort
-ConfigClientPassword
-ConfigClientMaxJobs
-ConfigClientInstallService
-ConfigClientStartService
-ConfigStorageName
-ConfigStoragePort
-ConfigStorageMaxJobs
-ConfigStoragePassword
-ConfigStorageInstallService
-ConfigStorageStartService
-ConfigDirectorName
-ConfigDirectorPort
-ConfigDirectorMaxJobs
-ConfigDirectorPassword
-ConfigDirectorDB
-ConfigDirectorInstallService
-ConfigDirectorStartService
-ConfigMonitorName
-ConfigMonitorPassword
The following options control the components that will be installed:
-ComponentFile
-ComponentStorage
-ComponentTextConsole
-ComponentBatConsole
-ComponentTrayMonitor
-ComponentAllDrivesPlugin
-ComponentWinBMRPlugin
-ComponentCDPPlugin
Example
bacula-win64-13.0.0.exe /S -ComponentFile \
-ConfigClientName foo -ConfigClientPassword bar
Will install only file deamon with bacula-fd.conf configured.
bacula-win64-13.0.0.exe /S -ComponentStorage \
-ComponentFile-ConfigClientName foo \
-ConfigClientPassword bar -ConfigStorageName foo2 \
-ConfigStoragePassword bar2
Will install the Storage Deamon plus File Deamon with bacula-sd.conf and bacula-fd.conf configured.
New Message Identification Format
We are starting to add unique message identifiers to each message (other than debug and the Job report) that Bacula prints. At the current time only two files in the Storage Daemon have these message identifiers and over time with subsequent releases we will modify all messages.
The message identifier will be kept unique for each message and once assigned to a message it will not change even if the text of the message changes. This means that the message identifier will be the same no matter what language the text is displayed in, and more importantly, it will allow us to make listing of the messages with in some cases, an additional explanation or instructions on how to correct the problem. All this will take several years since it is a lot of work and requires some new programs that are not yet written to manage these message identifiers.
The format of the message identifier is:
[AAnnnn]
where A is an upper case character and nnnn is a four digit number, where the first character indicates the software component (daemon); the second letter indicates the severity, and the number is unique for a given component and severity.
For example:
[SF0001]
The first character representing the component at the current time one of the following:
S Storage daemon
D Director
F File daemon
The second character representing the severity or level can be:
A Abort
F Fatal
E Error
W Warning
S Security
I Info
D Debug
O OK (i.e. operation completed normally)
So in the example above [SF0001] indicates it is a message id, because of the brackets and because it is at the beginning of the message, and that it was generated by the Storage Daemon as a fatal error.
As mentioned above it will take some time to implement these message ids everywhere, and over time we may add more component letters and more severity levels as needed.
Misc
Plugin Object Status Support
The Object table has now a ObjectStatus field that can be used by plugins to report more precise information about the backup of an Object (generated by plugins).
Network Buffer Management
The new SDPacketCheck FileDaemon directive can be used to control the network flow in some specific use cases.
Click here for more information.
IBM Lintape Driver (BETA)
The new Use Lintape Storage Daemon directive has been added to support the Lintape Kernel driver.
Read more:
Go back to: New Features.