{"id":1657,"date":"2022-09-27T16:39:54","date_gmt":"2022-09-27T14:39:54","guid":{"rendered":"https:\/\/hobbykeller.spdns.de\/?p=1657"},"modified":"2024-02-15T01:35:10","modified_gmt":"2024-02-15T00:35:10","slug":"bacularis-installation-and-configuration-notes","status":"publish","type":"post","link":"https:\/\/hobbykeller.spdns.de\/?p=1657","title":{"rendered":"Bacularis Installation and Configuration Notes"},"content":{"rendered":"\n<p class=\"wp-block-paragraph\"><a rel=\"noreferrer noopener\" href=\"https:\/\/bacularis.app\" target=\"_blank\">Bacularis<\/a> is a fully loaded Bacula CE suite that comes with a successor of highly popular Baculum GUI.  It can be installed by a one-liner Docker command thereby short-cutting hours of tedious installation steps like the ones I described in <a href=\"https:\/\/hobbykeller.spdns.de\/?p=1617\" data-type=\"post\" data-id=\"1617\">one of my previous posts<\/a>.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">1 Creating the container <\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">1.1 with <code>docker run<\/code><\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">By default, the docker container mounts <strong>six volumes<\/strong> that it labels with non-intuitive random alphanumeric uuids. To get meaningful volumes that we can later identify on the host machine, we add a set of <code>--mount<\/code> options so that volumes are not created with anonymous uuid labels.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Furthermore, we open not only the Bacularis port 9097 but also ports 9101-9103 which are needed for communication between the director, the file daemons and the storage daemons.<\/p>\n\n\n\n<div class=\"wp-block-urvanov-syntax-highlighter-code-block\"><pre class=\"toolbar:1 lang:default decode:true \" title=\"Initial run of Bacularis docker container\">ilek@q556:~$ docker run -d -p 9097:9097 -p 9101-9103:9101-9103 \\\n           --name bacuprod \\\n           --mount source=bacuprod_etc,destination=\/etc\/bacula \\\n           --mount source=bacuprod_archive,destination=\/var\/lib\/bacula \\\n           --mount source=bacuprod_postgre,destination=\/var\/lib\/postgresql\/data \\\n           --mount source=bacuprod_api_conf,destination=\/var\/www\/bacularis\/protected\/vendor\/bacularis\/bacularis-api\/API\/Config \\\n           --mount source=bacuprod_api_log,destination=\/var\/www\/bacularis\/protected\/vendor\/bacularis\/bacularis-api\/API\/Logs \\\n           --mount source=bacuprod_web_conf,destination=\/var\/www\/bacularis\/protected\/vendor\/bacularis\/bacularis-web\/Web\/Config \\\n           --mount source=bacuprod_web_log,destination=\/var\/www\/bacularis\/protected\/vendor\/bacularis\/bacularis-web\/Web\/Logs \\\n           bacularis\/bacularis-standalone\n<\/pre><\/div>\n\n\n\n<h3 class=\"wp-block-heading\">1.2 with <code>docker compose<\/code><\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">From my experience, it is more convenient to keep the container configuration in a <code>docker-compose.yml<\/code> file: The complete configuration is stored readily available on disk, so there is no need to look it up. Besides having to enter multi-line commands with dozens of parameters at the console is cumbersome and prone to syntax errors.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Save the <code>docker-compose.yml<\/code> file below in a directory like <code>~\/docker\/bacuprod<\/code><\/li>\n\n\n\n<li>Launch by issuing the command <code>docker compose up --detach<\/code> from the directory<\/li>\n\n\n\n<li>Stop by issuing the command <code>docker compose down<\/code><\/li>\n<\/ul>\n\n\n\n<div class=\"wp-block-simple-alerts-for-gutenberg-alert-boxes sab-alert sab-alert-primary\" role=\"alert\">Note that it is very important to provide the hostname of the machine on the local network in the services section of the compose file.<br>Failure to provide the hostname will result in slow DNS resolution, timeouts, and connection aborts both at the level of the bacularis web interface and bconsole level (even if executed from inside the container).<button type=\"button\" class=\"close\" data-dismiss=\"alert\" aria-label=\"Close\"><span aria-hidden=\"true\">\u00d7<\/span><\/button><\/div>\n\n\n\n<div class=\"wp-block-urvanov-syntax-highlighter-code-block\"><pre class=\"lang:default decode:true \" title=\"docker-compose.yml for bacularis\" >name: bacuprod\nservices:\n  bacuprod:\n    image: 'bacularis\/bacularis-standalone:2.1.0-alpine'\n    container_name: 'bacuprod'\n    hostname: 'q556.fritz.box'\n    ports:\n      - '9097:9097'\n      - '9101:9101'\n      - '9102:9102'\n      - '9103:9103'\n    volumes:\n      - etc:\/etc\/bacula\n      - archive:\/var\/lib\/bacula\n      - postgre:\/var\/lib\/postgresql\/data\n      - api_conf:\/var\/www\/bacularis\/protected\/vendor\/bacularis\/bacularis-api\/API\/Config\n      - api_log:\/var\/www\/bacularis\/protected\/vendor\/bacularis\/bacularis-api\/API\/Logs\n      - web_conf:\/var\/www\/bacularis\/protected\/vendor\/bacularis\/bacularis-web\/Web\/Config\n      - web_log:\/var\/www\/bacularis\/protected\/vendor\/bacularis\/bacularis-web\/Web\/Logs\n\nvolumes:\n  etc:\n  archive:\n  postgre:\n  api_conf:\n  api_log:\n  web_conf:\n  web_log:\n<\/pre><\/div>\n\n\n\n<h2 class=\"wp-block-heading\">2 Set meaningful daemon names<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">The default name of the director is simply the host name of the docker container&#8217;s Alpine Linux OS plus an appended <code>-dir<\/code>. So you get unintuitive names like <code>build-3-16-x86_64-dir<\/code>. To better identify the machine, &#8230;<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">&#8230; stop the Bacularis container, as <code>sudo<\/code> change to the host machine&#8217;s local <code>bacula_etc<\/code> volume (the path may differ on your machine, depending on the docker installation it might be \/var\/lib\/docker\/volumes while in my case it&#8217;s ~\/.local\/share\/docker\/volumes).<\/p>\n\n\n\n<div class=\"wp-block-urvanov-syntax-highlighter-code-block\"><pre class=\"toolbar:2 lang:default decode:true \">ilek@q556:~\/bacuprod$ docker stop bacuprod \nbacuprod\nilek@q556:~\/bacuprod$ sudo su\n[sudo] password for ilek: \nroot@q556:\/home\/ilek\/bacuprod# cd \/home\/ilek\/.local\/share\/docker\/volumes\/bacuprod_etc\/_data\nroot@q556:\/home\/ilek\/.local\/share\/docker\/volumes\/bacuprod_etc\/_data# ls\nbacula-dir.conf  bacula-fd.conf  bacula-sd.conf  bconsole.conf  scripts\nroot@q556:\/home\/ilek\/.local\/share\/docker\/volumes\/bacuprod_etc\/_data# vim bacula-dir.conf \n<\/pre><\/div>\n\n\n\n<p class=\"wp-block-paragraph\">First thing we have to edit is the <code>bconsole.conf<\/code> file. Replace Name and address directives as follows:<\/p>\n\n\n\n<div class=\"wp-block-urvanov-syntax-highlighter-code-block\"><pre class=\"lang:default range:2,4 decode:true \" title=\"bconsole.conf: Setting Name and Address directives\">Director {\n  Name = q556_d-dir\n  DIRport = 9101\n  address = q556 # was localhost\n<\/pre><\/div>\n\n\n\n<p class=\"wp-block-paragraph\">Save and continue editing <code>bacula-dir.conf<\/code> as follows:<\/p>\n\n\n\n<div class=\"wp-block-simple-alerts-for-gutenberg-alert-boxes sab-alert sab-alert-primary\" role=\"alert\">Instead of manually replacing, you can use the following replace command in vim:<br><code>%s\/build-3-16-x86_64-dir\/q556_d-dir\/gc<\/code> (<code>c<\/code> option will have each substitution confirmed)<button type=\"button\" class=\"close\" data-dismiss=\"alert\" aria-label=\"Close\"><span aria-hidden=\"true\">\u00d7<\/span><\/button><\/div>\n\n\n\n<div class=\"wp-block-urvanov-syntax-highlighter-code-block\"><pre class=\"toolbar:1 lang:default mark:2 decode:true \" title=\"Setting a meaningful name for your Director in bacula-dir.conf\">Director {                            # define myself\n  Name = q556_d-dir\n  DIRport = 9101                # where we listen for UA connections\n  QueryFile = \"\/etc\/bacula\/scripts\/query.sql\"\n  WorkingDirectory = \"\/var\/lib\/bacula\"\n  PidDirectory = \"\/run\/bacula\"\n  Maximum Concurrent Jobs = 20\n  Password = \"yRtfeKlgyBI7lXuDRXJJ3XuE718Nz\/M7cg2zeuSgUNuy\"         # Console password\n  Messages = Daemon\n}\n<\/pre><\/div>\n\n\n\n<p class=\"wp-block-paragraph\">In the same file, we can already change the name of the local client (file daemon) in the JobDef Resource:<\/p>\n\n\n\n<div class=\"wp-block-simple-alerts-for-gutenberg-alert-boxes sab-alert sab-alert-primary\" role=\"alert\">Again, you can use the vim command for automatic substitution:<br><code>%s\/build-3-16-x86_64-fd\/q556_d-fd\/gc<\/code> which will also replace all of the three <code>-fd<\/code> occurences below in one shot.<button type=\"button\" class=\"close\" data-dismiss=\"alert\" aria-label=\"Close\"><span aria-hidden=\"true\">\u00d7<\/span><\/button><\/div>\n\n\n\n<div class=\"wp-block-urvanov-syntax-highlighter-code-block\"><pre class=\"toolbar:1 lang:default mark:5 decode:true \" title=\"Changing the name of the local client in bacula-dir.conf\">JobDefs {\n  Name = \"DefaultJob\"\n  Type = Backup\n  Level = Incremental\n  Client = q556_d-fd\n  FileSet = \"Full Set\"\n  Schedule = \"WeeklyCycle\"\n  Storage = File1\n  Messages = Standard\n  Pool = File\n  SpoolAttributes = yes\n  Priority = 10\n  Write Bootstrap = \"\/var\/lib\/bacula\/%c.bsr\"\n}\n<\/pre><\/div>\n\n\n\n<p class=\"wp-block-paragraph\">Still in bacula-dir.conf we change the client name in the Job Resource for the Restore operation:<\/p>\n\n\n\n<div class=\"wp-block-urvanov-syntax-highlighter-code-block\"><pre class=\"toolbar:1 lang:default mark:4 decode:true \" title=\"Changing the client name for the Restore Job in bacula-dir.conf\">Job {\n  Name = \"RestoreFiles\"\n  Type = Restore\n  Client = q556_d-fd\n  Storage = File1\n# The FileSet and Pool directives are not used by Restore Jobs\n# but must not be removed\n  FileSet=\"Full Set\"\n  Pool = File\n  Messages = Standard\n  Where = \/var\/lib\/bacula\/archive\/bacula-restores\n}\n\n<\/pre><\/div>\n\n\n\n<p class=\"wp-block-paragraph\">And, still in bacula-dir.conf we change the client name in the <code>Client<\/code> Ressource:<\/p>\n\n\n\n<div class=\"wp-block-urvanov-syntax-highlighter-code-block\"><pre class=\"lang:default mark:3 decode:true \" title=\"Changing the local client name in the Client resource in bacula-dir.conf\"># Client (File Services) to backup\nClient {\n  Name = q556_d-fd\n  Address = localhost\n  FDPort = 9102\n  Catalog = MyCatalog\n  Password = \"9jTOS+av7cVucWfwyVKSxKVFWF45xgArseso98h6EBO1\"          # password for FileDaemon\n  File Retention = 60 days            # 60 days\n  Job Retention = 6 months            # six months\n  AutoPrune = yes                     # Prune expired Jobs\/Files\n}<\/pre><\/div>\n\n\n\n<p class=\"wp-block-paragraph\">For the sake of house-keeping, we also amend the <code>Name<\/code> directive of the Console resource in <code>bacula-conf.dir<\/code>:<\/p>\n\n\n\n<div class=\"wp-block-urvanov-syntax-highlighter-code-block\"><pre class=\"toolbar:1 lang:default mark:2 decode:true \" title=\"Changinge the name of the console monitor in bacula-conf.dir\">Console {\n  Name = q556_d-mon\n  Password = \"W2lr7PKwCsd2WRAXN8\/rAGFXMGB6XplIyMXlamqfYwaU\"\n  CommandACL = status, .status\n}\n<\/pre><\/div>\n\n\n\n<div class=\"wp-block-simple-alerts-for-gutenberg-alert-boxes sab-alert sab-alert-primary\" role=\"alert\">I am not sure if Bacula carries over such name changes into its database catalog.  It is therefore recommended to set all names <strong>before<\/strong> running the first backup jobs. This probably (and particularly) refers to names of clients (file daemons). Otherwise you might get into trouble when trying to restore files for a client whose name was changed.<button type=\"button\" class=\"close\" data-dismiss=\"alert\" aria-label=\"Close\"><span aria-hidden=\"true\">\u00d7<\/span><\/button><\/div>\n\n\n\n<p class=\"wp-block-paragraph\">Don&#8217;t forget that director name also needs to be set for any daemon which the director should talk to. In our default installation, this should be the local file daemon and the storage daemon.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Save the changes in <code>bacula-dir.conf<\/code> and continue with editing <code>bacula-fd.conf<\/code>:<\/p>\n\n\n\n<div class=\"wp-block-simple-alerts-for-gutenberg-alert-boxes sab-alert sab-alert-primary\" role=\"alert\">Spare yourself the manual find and replace and use vim&#8217;s substitution command:<br><code>%s\/build-3-16-x86_64\/q556_d\/gc<\/code><button type=\"button\" class=\"close\" data-dismiss=\"alert\" aria-label=\"Close\"><span aria-hidden=\"true\">\u00d7<\/span><\/button><\/div>\n\n\n\n<div class=\"wp-block-urvanov-syntax-highlighter-code-block\"><pre class=\"toolbar:1 lang:default mark:2,7,15 decode:true \" title=\"Set nice names in bacula-fd.conf\">Director {\n  Name = q556_d-dir\n  Password = \"9jTOS+av7cVucWfwyVKSxKVFWF45xgArseso98h6EBO1\"\n}\n[...]\nDirector {\n  Name = q556_d-mon\n  Password = \"G+UhGCVuxrajBJAU0yyIDFY+KiUBlA\/9n2u\/qfJq84NW\"\n  Monitor = yes\n}\n[...]\n# Send all messages except skipped files back to Director\nMessages {\n  Name = Standard\n  director = q556_d-dir = all, !skipped, !restored, !saved\n}\n<\/pre><\/div>\n\n\n\n<p class=\"wp-block-paragraph\">Save and continue with editing <code>bacula-sd.conf<\/code>:<\/p>\n\n\n\n<div class=\"wp-block-simple-alerts-for-gutenberg-alert-boxes sab-alert sab-alert-primary\" role=\"alert\">vim&#8217;s substitution spares you the manual find and replace. Use the command<br><code>%s\/build-3-16-x86_64\/q556_d\/gc<\/code><br><button type=\"button\" class=\"close\" data-dismiss=\"alert\" aria-label=\"Close\"><span aria-hidden=\"true\">\u00d7<\/span><\/button><\/div>\n\n\n\n<div class=\"wp-block-urvanov-syntax-highlighter-code-block\"><pre class=\"toolbar:1 lang:default mark:2,13,21 decode:true \" title=\"Set meaningfull names in bacula-sd.con\">Storage {                             # definition of myself\n  Name = q556_d-sd\n  SDPort = 9103                  # Director's port\n  WorkingDirectory = \"\/var\/lib\/bacula\"\n  Pid Directory = \"\/run\/bacula\"\n  Plugin Directory = \"\/usr\/lib\"\n  Maximum Concurrent Jobs = 20\n}\n[...]\n# List Directors who are permitted to contact Storage daemon\n#\nDirector {\n  Name = q556_d-dir\n  Password = \"X2FRyPJvCMGw8phX2\/GkvkTOUxcgfAkTjfILgYFWbIhP\"\n}\n[...]\n# Restricted Director, used by tray-monitor to get the\n#   status of the storage daemon\n#\nDirector {\n  Name = q556_d-mon\n  Password = \"V\/dvYvy+gzV5dAiA7a8wptnVP\/zfDFIejzoCkpMB2Ett\"\n  Monitor = yes\n}\n<\/pre><\/div>\n\n\n\n<p class=\"wp-block-paragraph\">Save and exit.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">3 Further amendments<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">3.1 Add host ip and name to <code>\/etc\/hosts<\/code><\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">As we use host names instead of IP addresses we make sure that the q556 host&#8217;s IP address is known to bacularis. We therefore have to edit \/etc\/hosts inside the bacularis container.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">For convenience we first install <code>vim<\/code> inside the bacularis container.<\/p>\n\n\n\n<div class=\"wp-block-urvanov-syntax-highlighter-code-block\"><pre class=\"lang:default decode:true \" title=\"Installing vim inside the bacularis container\">root@q556:\/var\/lib\/docker\/volumes\/bacuprod_etc\/_data# docker exec -it bacuprod bash\nbash-5.1# apk add vim\nfetch https:\/\/dl-cdn.alpinelinux.org\/alpine\/v3.16\/main\/x86_64\/APKINDEX.tar.gz\nfetch https:\/\/dl-cdn.alpinelinux.org\/alpine\/v3.16\/community\/x86_64\/APKINDEX.tar.gz\nOK: 114 MiB in 95 packages\n<\/pre><\/div>\n\n\n\n<p class=\"wp-block-paragraph\">We can then invoke vim \/etc\/hosts and add the host machine&#8217;s name and IP:<\/p>\n\n\n\n<div class=\"wp-block-urvanov-syntax-highlighter-code-block\"><pre class=\"lang:default range:3 decode:true \" title=\"Adding the host machine's name and IP in \/etc\/hosts of baculris\">127.0.0.1\tlocalhost\n\n192.168.4.64\tq556\n\n::1\tlocalhost ip6-localhost ip6-loopback\nfe00::0\tip6-localnet\nff00::0\tip6-mcastprefix\nff02::1\tip6-allnodes\nff02::2\tip6-allrouters\n172.17.0.2\t7abceb86cb26\n<\/pre><\/div>\n\n\n\n<div class=\"wp-block-simple-alerts-for-gutenberg-alert-boxes sab-alert sab-alert-primary\" role=\"alert\">When updating bacularis, this setting might get overwritten. So, after pulling a new version of bacularis, remember to check if the host name is still set in <code>\/etc\/hosts<\/code> and reamend if necessary.<button type=\"button\" class=\"close\" data-dismiss=\"alert\" aria-label=\"Close\"><span aria-hidden=\"true\">\u00d7<\/span><\/button><\/div>\n\n\n\n<h3 class=\"wp-block-heading\">3.2 Wrong database name in script of <code>BackupCatalog<\/code> job<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">In my case the default BackupCatalog failed when I tried to run it from the console:<\/p>\n\n\n\n<div class=\"wp-block-urvanov-syntax-highlighter-code-block\"><pre class=\"wrap:true wrap-toggle:false lang:default mark:27 decode:true \" title=\"BackupCatalog failing in the Bacula default setup\">ilek@q556:~\/docker\/bacudock$ docker exec -it bacutest bconsole\nConnecting to Director localhost:9101\n1000 OK: 10002 build-3-16-x86_64-dir Version: 11.0.6 (10 March 2022)\nEnter a period to cancel a command.\n*run\nAutomatically selected Catalog: MyCatalog\nUsing Catalog \"MyCatalog\"\nA job name must be specified.\nThe defined Job resources are:\n     1: BackupClient1\n     2: BackupCatalog\n     3: RestoreFiles\nSelect Job resource (1-3): 2\nRun Backup job\nJobName:  BackupCatalog\nLevel:    Full\nClient:   build-3-16-x86_64-fd\nFileSet:  Catalog\nPool:     File (From Job resource)\nStorage:  File1 (From Job resource)\nWhen:     2022-09-19 15:46:09\nPriority: 11\nOK to run? (yes\/mod\/no): yes\nJob queued. JobId=1\n*messages\n19-Sep 15:46 build-3-16-x86_64-dir JobId 1: shell command: run BeforeJob \"\/etc\/bacula\/scripts\/make_catalog_backup MyCatalog\"\n19-Sep 15:46 build-3-16-x86_64-dir JobId 1: BeforeJob: pg_dump: error: connection to server on socket \"\/run\/postgresql\/.s.PGSQL.5432\" failed: FATAL:  database \"MyCatalog\" does not exist\n<\/pre><\/div>\n\n\n\n<p class=\"wp-block-paragraph\">For me the term &#8216;catalog&#8217; is somewhat confusing. According to the <a rel=\"noreferrer noopener\" href=\"https:\/\/www.bacula.org\/13.0.x-manuals\/en\/main\/main.pdf\" target=\"_blank\">Bacula MRG<\/a> (Section 22.17), the terms <strong>catalog<\/strong> and <strong>database<\/strong> are apparently used as synonyms. The error message above <code>FATAL: datatbase \"MyCatalog\" does not exist<\/code> corroborates such an assumption.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">This leads to two questions:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>What is the actual name of the Bacula database as set up by the Docker container? &#8211; Answer: The name of the Bacula PostgreSQL database is (unsurprisingly) <code>bacula<\/code>.<\/li>\n\n\n\n<li>In which Ressource(s) of which config file(s) has this ressource been incorrectly referred to as MyCatalog?<\/li>\n<\/ol>\n\n\n\n<p class=\"wp-block-paragraph\">Looking at <code>\/etc\/bacula-dir.conf<\/code>, we realize that the <code>Job<\/code> Ressource BackupCatalog contains a directive that is passed MyCatalog as a command line argument.<\/p>\n\n\n\n<div class=\"wp-block-urvanov-syntax-highlighter-code-block\"><pre class=\"lang:default mark:11 decode:true \" title=\"Erroneous referal to inexistent database MyCatalog in default bacula-dir.conf\"># Backup the catalog database (after the nightly save)\nJob {\n  Name = \"BackupCatalog\"\n  JobDefs = \"DefaultJob\"\n  Level = Full\n  FileSet=\"Catalog\"\n  Schedule = \"WeeklyCycleAfterBackup\"\n  # This creates an ASCII copy of the catalog\n  # Arguments to make_catalog_backup are:\n  #  make_catalog_backup &lt;catalog-name&gt;\n  RunBeforeJob = \"\/etc\/bacula\/scripts\/make_catalog_backup MyCatalog\"\n  # This deletes the copy of the catalog\n  RunAfterJob  = \"\/etc\/bacula\/scripts\/delete_catalog_backup\"\n  Write Bootstrap = \"\/var\/lib\/bacula\/%n.bsr\"\n  Priority = 11                   # run after main backup\n}<\/pre><\/div>\n\n\n\n<p class=\"wp-block-paragraph\">Let&#8217;s check the content of the script that is called with MyCatalog. And here&#8217;s the relevant line:<\/p>\n\n\n\n<div class=\"wp-block-urvanov-syntax-highlighter-code-block\"><pre class=\"start-line:91 lang:default mark:2 decode:true \" title=\"Excerpt from \/etc\/bacula\/scripts\/make_catalog_backup\">    # you could also add --compress for compression.  See man pg_dump\n    exec ${BINDIR}\/pg_dump -c $PGHOST -U $user $1 &gt;$1.sql\n    ;;\nesac\n<\/pre><\/div>\n\n\n\n<p class=\"wp-block-paragraph\">Clearly, the pg_dump command expects the <strong>database name<\/strong> &#8211; which by default is bacula &#8211; and not some externally assigned label or alias from a config file.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">So to fix the problem, we simply have to replace <code>MyCatalog<\/code> by <code>bacula<\/code> in the <code>RunBeforeJob<\/code> Directive of the Job Resource for <code>BackupCatalog<\/code> in <code>bacula-dir.conf<\/code>:<\/p>\n\n\n\n<div class=\"wp-block-urvanov-syntax-highlighter-code-block\"><pre class=\"lang:default decode:true \" title=\"Fixing database \" mycatalog\"=\"\" does=\"\" not=\"\" exist=\"\" error=\"\" in=\"\" backupcatalog=\"\" job\"=\"\">RunBeforeJob = \"\/etc\/bacula\/scripts\/make_catalog_backup bacula\"<\/pre><\/div>\n\n\n\n<h3 class=\"wp-block-heading\">3.3 No contact to SD when backing up external clients<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\"><code>bacula-dir.conf<\/code> of the Bacularis host features two <code>Storage<\/code> resources with an <code>Address<\/code> directive pointing to <code>localhost<\/code>. If you try to connect a client from outside the Docker container the job will stall \/ spin forever and can only be stopped by cancelling it. You will then get an error message that looks as follows:<\/p>\n\n\n\n<div class=\"wp-block-urvanov-syntax-highlighter-code-block\"><pre class=\"toolbar:1 lang:default decode:true \" title=\"Bacularis Error message for Job from an external client to a localhost SD\">q556_d-dir JobId 73: Fatal error: Bad response to Storage command: wanted 2000 OK storage\n, got Jmsg JobId=73 type=4 level=1664154685 x220-fd JobId 73: Fatal error: job.c:2720 Failed to connect to Storage daemon: localhost:9103<\/pre><\/div>\n\n\n\n<p class=\"wp-block-paragraph\">The solution is to replace the <code>localhost<\/code> <code>Address<\/code> directive in the <code>Storage<\/code> resource of <code>bacula-dir.conf<\/code> on host <code>q556<\/code> by the host&#8217;s hostname &#8211; which is <code>q556<\/code>.<\/p>\n\n\n\n<div class=\"wp-block-simple-alerts-for-gutenberg-alert-boxes sab-alert sab-alert-primary\" role=\"alert\">I more recent versions of bacularis, the default <code>bacula-dir.conf<\/code> file does not have any <code>Storage<\/code> resource, but this is directly included in the <code>Autochanger<\/code> sections.<button type=\"button\" class=\"close\" data-dismiss=\"alert\" aria-label=\"Close\"><span aria-hidden=\"true\">\u00d7<\/span><\/button><\/div>\n\n\n\n<div class=\"wp-block-urvanov-syntax-highlighter-code-block\"><pre class=\"lang:default mark:4,14 decode:true \" title=\"bacula-dir.conf on q556: Edit Storage Addesses\">Storage {\n  Name = \"File1\"\n  SdPort = 9103\n  Address = q556\n  Password = \"X2FRyPJvCMGw8phX2\/GkvkTOUxcgfAkTjfILgYFWbIhP\"\n  Device = \"FileChgr1\"\n  MediaType = \"File1\"\n  Autochanger = \"File1\"\n  MaximumConcurrentJobs = 10\n}\nStorage {\n  Name = \"File2\"\n  SdPort = 9103\n  Address = q556\n  Password = \"X2FRyPJvCMGw8phX2\/GkvkTOUxcgfAkTjfILgYFWbIhP\"\n  Device = \"FileChgr2\"\n  MediaType = \"File2\"\n  Autochanger = \"File2\"\n  MaximumConcurrentJobs = 10\n}\n<\/pre><\/div>\n\n\n\n<h2 class=\"wp-block-heading\">4 First test: running local jobs<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\"><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">We now access the Bacula director from the Docker host machine to start with local backups:<\/p>\n\n\n\n<div class=\"wp-block-urvanov-syntax-highlighter-code-block\"><pre class=\"toolbar:2 lang:default decode:true \" title=\"Launching bconsole on the host machine\">ilek@q556:~$ docker exec -it bacuprod bconsole<\/pre><\/div>\n\n\n\n<h3 class=\"wp-block-heading\">4.1 Catalog backup<\/h3>\n\n\n\n<div class=\"wp-block-urvanov-syntax-highlighter-code-block\"><pre class=\"height-set:true height:250 toolbar:1 lang:default mark:4,12,22 decode:true \" title=\"Running a backup of the Bacula database from bconsole\">Connecting to Director localhost:9101\n1000 OK: 10002 q556_d-dir Version: 11.0.6 (10 March 2022)\nEnter a period to cancel a command.\n*run\nAutomatically selected Catalog: MyCatalog\nUsing Catalog \"MyCatalog\"\nA job name must be specified.\nThe defined Job resources are:\n     1: BackupClient1\n     2: BackupCatalog\n     3: RestoreFiles\nSelect Job resource (1-3): 2\nRun Backup job\nJobName:  BackupCatalog\nLevel:    Full\nClient:   q556_d-fd\nFileSet:  Catalog\nPool:     File (From Job resource)\nStorage:  File1 (From Job resource)\nWhen:     2022-09-22 13:09:43\nPriority: 11\nOK to run? (yes\/mod\/no): yes\nJob queued. JobId=2\n*message\n22-Sep 13:09 q556_d-dir JobId 2: shell command: run BeforeJob \"\/etc\/bacula\/scripts\/make_catalog_backup bacula\"\n*messages\n22-Sep 13:09 q556_d-dir JobId 2: Start Backup JobId 2, Job=BackupCatalog.2022-09-22_13.09.45_03\n22-Sep 13:09 q556_d-dir JobId 2: Using Device \"FileChgr1-Dev1\" to write.\n22-Sep 13:09 q556_d-sd JobId 2: Volume \"Vol-0001\" previously written, moving to end of data.\n22-Sep 13:09 q556_d-sd JobId 2: Ready to append to end of Volume \"Vol-0001\" size=61,640\n22-Sep 13:09 q556_d-sd JobId 2: Elapsed time=00:00:01, Transfer rate=64.64 K Bytes\/second\n22-Sep 13:09 q556_d-sd JobId 2: Sending spooled attrs to the Director. Despooling 219 bytes ...\n22-Sep 13:09 q556_d-dir JobId 2: Bacula q556_d-dir 11.0.6 (10Mar22):\n  Build OS:               x86_64-alpine-linux-musl unknown unknown\n  JobId:                  2\n  Job:                    BackupCatalog.2022-09-22_13.09.45_03\n  Backup Level:           Full\n  Client:                 \"q556_d-fd\" 11.0.6 (10Mar22) x86_64-alpine-linux-musl,unknown,unknown\n  FileSet:                \"Catalog\" 2022-09-22 11:50:13\n  Pool:                   \"File\" (From Job resource)\n  Catalog:                \"MyCatalog\" (From Client resource)\n  Storage:                \"File1\" (From Job resource)\n  Scheduled time:         22-Sep-2022 13:09:43\n  Start time:             22-Sep-2022 13:09:50\n  End time:               22-Sep-2022 13:09:51\n  Elapsed time:           1 sec\n  Priority:               11\n  FD Files Written:       1\n  SD Files Written:       1\n  FD Bytes Written:       64,532 (64.53 KB)\n  SD Bytes Written:       64,643 (64.64 KB)\n  Rate:                   64.5 KB\/s\n  Software Compression:   None\n  Comm Line Compression:  76.1% 4.2:1\n  Snapshot\/VSS:           no\n  Encryption:             no\n  Accurate:               no\n  Volume name(s):         Vol-0001\n  Volume Session Id:      1\n  Volume Session Time:    1663852175\n  Last Volume Bytes:      126,753 (126.7 KB)\n  Non-fatal FD errors:    0\n  SD Errors:              0\n  FD termination status:  OK\n  SD termination status:  OK\n  Termination:            Backup OK\n\n22-Sep 13:09 q556_d-dir JobId 2: Begin pruning Jobs older than 6 months .\n22-Sep 13:09 q556_d-dir JobId 2: No Jobs found to prune.\n22-Sep 13:09 q556_d-dir JobId 2: Begin pruning Files.\n22-Sep 13:09 q556_d-dir JobId 2: No Files found to prune.\n22-Sep 13:09 q556_d-dir JobId 2: End auto prune.\n\n22-Sep 13:09 q556_d-dir JobId 2: shell command: run AfterJob \"\/etc\/bacula\/scripts\/delete_catalog_backup\"\n<\/pre><\/div>\n\n\n\n<h3 class=\"wp-block-heading\">4.2 Local FileSet backup<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">We now try to run a file backup job of the local client. Still in <code>bconsole<\/code> proceed as follows:<\/p>\n\n\n\n<div class=\"wp-block-urvanov-syntax-highlighter-code-block\"><pre class=\"height-set:true height:250 toolbar:1 lang:default mark:1,7,18 decode:true \" title=\"Running a local file backup job from bconsole\">*run\nA job name must be specified.\nThe defined Job resources are:\n     1: BackupClient1\n     2: BackupCatalog\n     3: RestoreFiles\nSelect Job resource (1-3): 1\nRun Backup job\nJobName:  BackupClient1\nLevel:    Incremental\nClient:   q556_d-fd\nFileSet:  Full Set\nPool:     File (From Job resource)\nStorage:  File1 (From Job resource)\nWhen:     2022-09-22 13:25:19\nPriority: 10\nOK to run? (yes\/mod\/no): yes\nJob queued. JobId=3\nYou have messages.\n*messages\n22-Sep 13:25 q556_d-dir JobId 3: No prior or suitable Full backup found in catalog. Doing FULL backup.\n22-Sep 13:25 q556_d-dir JobId 3: Start Backup JobId 3, Job=BackupClient1.2022-09-22_13.25.48_43\n22-Sep 13:25 q556_d-dir JobId 3: Using Device \"FileChgr1-Dev2\" to write.\n22-Sep 13:25 q556_d-sd JobId 3: Volume \"Vol-0001\" previously written, moving to end of data.\n22-Sep 13:25 q556_d-sd JobId 3: Ready to append to end of Volume \"Vol-0001\" size=126,753\n22-Sep 13:25 q556_d-sd JobId 3: Elapsed time=00:00:01, Transfer rate=12.04 M Bytes\/second\n22-Sep 13:25 q556_d-sd JobId 3: Sending spooled attrs to the Director. Despooling 9,909 bytes ...\n22-Sep 13:25 q556_d-dir JobId 3: Bacula q556_d-dir 11.0.6 (10Mar22):\n  Build OS:               x86_64-alpine-linux-musl unknown unknown\n  JobId:                  3\n  Job:                    BackupClient1.2022-09-22_13.25.48_43\n  Backup Level:           Full (upgraded from Incremental)\n  Client:                 \"q556_d-fd\" 11.0.6 (10Mar22) x86_64-alpine-linux-musl,unknown,unknown\n  FileSet:                \"Full Set\" 2022-09-22 13:25:49\n  Pool:                   \"File\" (From Job resource)\n  Catalog:                \"MyCatalog\" (From Client resource)\n  Storage:                \"File1\" (From Job resource)\n  Scheduled time:         22-Sep-2022 13:25:19\n  Start time:             22-Sep-2022 13:25:52\n  End time:               22-Sep-2022 13:25:53\n  Elapsed time:           1 sec\n  Priority:               10\n  FD Files Written:       56\n  SD Files Written:       56\n  FD Bytes Written:       12,044,152 (12.04 MB)\n  SD Bytes Written:       12,049,525 (12.04 MB)\n  Rate:                   12044.2 KB\/s\n  Software Compression:   None\n  Comm Line Compression:  57.8% 2.4:1\n  Snapshot\/VSS:           no\n  Encryption:             no\n  Accurate:               no\n  Volume name(s):         Vol-0001\n  Volume Session Id:      2\n  Volume Session Time:    1663852175\n  Last Volume Bytes:      12,186,782 (12.18 MB)\n  Non-fatal FD errors:    0\n  SD Errors:              0\n  FD termination status:  OK\n  SD termination status:  OK\n  Termination:            Backup OK\n\n22-Sep 13:25 q556_d-dir JobId 3: Begin pruning Jobs older than 6 months .\n22-Sep 13:25 q556_d-dir JobId 3: No Jobs found to prune.\n22-Sep 13:25 q556_d-dir JobId 3: Begin pruning Files.\n22-Sep 13:25 q556_d-dir JobId 3: No Files found to prune.\n22-Sep 13:25 q556_d-dir JobId 3: End auto prune.\n<\/pre><\/div>\n\n\n\n<h2 class=\"wp-block-heading\">5 Adding an (external) client<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Any client must have a Bacula File Daemon running on the system which allows to the machine to connect with the Bacula Director and the Storage Daemon.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">5.1 Installing bacula-fd on a client machine<\/h3>\n\n\n\n<h4 class=\"wp-block-heading\">Why not Docker for external file daemons?<\/h4>\n\n\n\n<p class=\"wp-block-paragraph\">The fastest way to install <code>bacula-fd<\/code> on a client machine is to pull the <a rel=\"noreferrer noopener\" href=\"https:\/\/hub.docker.com\/r\/bacularis\/bacularis-api-fd\" target=\"_blank\">bacularis-api-fd<\/a> from Docker and run a container with the file daemon.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">The disadvantage is though, that by default, such a file daemon can only see what is <strong>inside<\/strong> the container while we are typically interested in the data on the host which runs the container. Granting the container access to the host data comes with a lot of problems:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>We would need to come up with some NFS stunt to (ideally) mount the client&#8217;s complete file system as a volume into the container &#8211; but exclude the Docker container files it would produce some kind of &#8220;circular reference&#8221;.<\/li>\n\n\n\n<li>Even if this would work, we would have to worry about file ownership and access privileges in the backup process<\/li>\n\n\n\n<li>There may be older client machines that run a 32 bit OS, while Docker generally requires 64 bit architectures. (Still, Bacula&#8217;s deb packages are only provided for 64 bit machines, too).<\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading\">Direct deployment<\/h4>\n\n\n\n<p class=\"wp-block-paragraph\">All this looks pretty nasty, so installing the file daemon on the client machine in a direct deployment from some deb packages (or whatever installs on the client machine&#8217;s OS) looks more suitable.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">The first thing is to arm the GPG key and set up the repo information on the client machine. proceed as in section 2 of my post <a rel=\"noreferrer noopener\" href=\"https:\/\/hobbykeller.spdns.de\/?p=1617\" data-type=\"post\" data-id=\"1617\" target=\"_blank\">Bacula testing installation<\/a>. Once you have pulled the apt update from the new repositories, you can install <code>bacula-fd<\/code>:<\/p>\n\n\n\n<div class=\"wp-block-urvanov-syntax-highlighter-code-block\"><pre class=\"lang:default decode:true \" title=\"Direct deployment of Bacula File Daemon on a client machine\">ilek@x220:\/media\/ramdisk$ sudo apt install bacula-client\n<\/pre><\/div>\n\n\n\n<p class=\"wp-block-paragraph\">Check if the client is already running:<\/p>\n\n\n\n<div class=\"wp-block-urvanov-syntax-highlighter-code-block\"><pre class=\"lang:default decode:true \" title=\"Checking if bacula-fd is running\">ilek@x220:\/media\/ramdisk$ sudo service bacula-fd status\n\u25cf bacula-fd.service - Bacula File Daemon service\n     Loaded: loaded (\/lib\/systemd\/system\/bacula-fd.service; enabled; vendor preset: enabled)\n     Active: active (running) since Sun 2022-09-18 12:27:03 CEST; 1 day 13h ago\n   Main PID: 1088 (bacula-fd)\n      Tasks: 3 (limit: 4484)\n     Memory: 960.0K\n        CPU: 501ms\n     CGroup: \/system.slice\/bacula-fd.service\n             \u2514\u25001088 \/opt\/bacula\/bin\/bacula-fd -fP -c \/opt\/bacula\/etc\/bacula-fd.conf\n\nSep 18 12:27:03 x220 systemd[1]: Started Bacula File Daemon service.\n<\/pre><\/div>\n\n\n\n<h3 class=\"wp-block-heading\">5.2 Configuration of the client<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">We first make sure that the client has the bacula director machine&#8217;s IP address mapped to the director machine&#8217;s host name, so we check if \/etc\/hosts on the client has an entry with <code>q556  192.196.4.64<\/code>.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Next, edit the config file in <code>\/opt\/bacula\/etc\/bacula-fd.conf<\/code> (you need to be <code>root<\/code> to get access to that file).<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">In the Director Resource, set the correct Name directive by putting in the Name of the director that runs inside the Bacularis Docker container on our main Bacula Server (which is <code>q556<\/code> in my case).<\/p>\n\n\n\n<div class=\"wp-block-urvanov-syntax-highlighter-code-block\"><pre class=\"toolbar:1 lang:default mark:4,13 decode:true \" title=\"Adjusting the Name directive of the Director Resource\"># List Directors who are permitted to contact this File daemon\n#\nDirector {\n  Name = q556_d-dir\n  Password = \"YSJfJkw_X9kfEOT8oFd0LvDgdjT-VoQjo\"\n}\n\n[...]\n\n# Send all messages except skipped files back to Director\nMessages {\n  Name = Standard\n  director = q556_d-dir = all, !skipped, !restored, !verified, !saved\n}\n<\/pre><\/div>\n\n\n\n<div class=\"wp-block-simple-alerts-for-gutenberg-alert-boxes sab-alert sab-alert-primary\" role=\"alert\">There is also a resource for a tray-monitor director, which currently has x220-mon. Unsure what this is good for and if it should refer to our q556_d-mon that we defined in the bacula-fd.conf of the Bacularis Docker container.<br><strong>Todo<\/strong>: Clarify the role and function of the Bacula monitor.<button type=\"button\" class=\"close\" data-dismiss=\"alert\" aria-label=\"Close\"><span aria-hidden=\"true\">\u00d7<\/span><\/button><\/div>\n\n\n\n<p class=\"wp-block-paragraph\">Save and restart the client machine&#8217;s file daemon:<\/p>\n\n\n\n<div class=\"wp-block-urvanov-syntax-highlighter-code-block\"><pre class=\"lang:default decode:true \" title=\"Restarting the Bacula file daemon\">ilek@x220:\/media\/ramdisk$ sudo service bacula-fd restart\nilek@x220:\/media\/ramdisk$ sudo service bacula-fd status\n<\/pre><\/div>\n\n\n\n<h3 class=\"wp-block-heading\">5.3 Amending <code>bacula-dir.conf<\/code> on the Bacula director machine<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Now change to the machine running the Bacula Director (our Bacularis container) and amend <code>bacula-dir.conf <\/code>as shown below. The <code>Password<\/code> directive must match the Password directive we set on the external client machine in the previous step.<\/p>\n\n\n\n<div class=\"wp-block-urvanov-syntax-highlighter-code-block\"><pre class=\"toolbar:1 lang:default mark:5,6 decode:true \" title=\"Telling our Bacula director about a second (external) client\"># Second Client (File Services) to backup\n#  You should change Name, Address, and Password before using\n#\nClient {\n  Name = x220-fd\n  Address = x220\n  FDPort = 9102\n  Catalog = MyCatalog\n  Password = \"YSJfJkw_X9kfEOT8oFd0LvDgdjT-VoQjo\"        # password for FileDaemon 2\n  File Retention = 60 days           # 60 days\n  Job Retention = 6 months           # six months\n  AutoPrune = yes                    # Prune expired Jobs\/Files\n}\n<\/pre><\/div>\n\n\n\n<p class=\"wp-block-paragraph\">Restart the Bacula director in the Docker container to activate the amendments:<\/p>\n\n\n\n<div class=\"wp-block-urvanov-syntax-highlighter-code-block\"><pre class=\"toolbar:1 lang:default decode:true \" title=\"Checking if external cient status director's bconsole after restart\">ilek@q556:~$ docker restart bacuprod \nbacuprod\nilek@q556:~$ docker exec -it bacuprod bconsole\nConnecting to Director localhost:9101\n1000 OK: 10002 q556_d-dir Version: 11.0.6 (10 March 2022)\nEnter a period to cancel a command.\n*status client\nThe defined Client resources are:\n     1: q556_d-fd\n     2: x220-fd\nSelect Client (File daemon) resource (1-2): 2\nConnecting to Client x220-fd at x220:9102\n\nx220-fd Version: 13.0.1 (05 August 2022)  x86_64-pc-linux-gnu-bacula-enterprise ubuntu 22.04\nDaemon started 22-Sep-22 15:58. Jobs: run=0 running=0.\n Heap: heap=966,656 smbytes=197,860 max_bytes=197,877 bufs=101 max_bufs=101\n Sizes: boffset_t=8 size_t=8 debug=0 trace=0 mode=0,0 bwlimit=0kB\/s\n Crypto: fips=N\/A crypto=OpenSSL 3.0.2 15 Mar 2022\n Plugin: bpipe-fd.so(2) \n\nRunning Jobs:\nDirector connected using TLS at: 22-Sep-22 16:13\nNo Jobs running.\n====<\/pre><\/div>\n\n\n\n<h3 class=\"wp-block-heading\">5.4 Opening and forwarding ports<\/h3>\n\n\n\n<h4 class=\"wp-block-heading\">Client side<\/h4>\n\n\n\n<p class=\"wp-block-paragraph\">On the client side, we the Bacula file daemon we installed will listen on port 9102. Use the <code>netstat<\/code> command to confirm that this port has already been opened when we installed the <code>bacula-client<\/code> package from the repository.<\/p>\n\n\n\n<div class=\"wp-block-urvanov-syntax-highlighter-code-block\"><pre class=\"toolbar:1 lang:default mark:8 decode:true \" title=\"Checking if port 9102 is opened for listening on the client side\">ilek@x220:~$ netstat -an | grep LISTEN\n[..]\ntcp        0      0 0.0.0.0:43457           0.0.0.0:*               LISTEN     \ntcp        0      0 0.0.0.0:43283           0.0.0.0:*               LISTEN     \ntcp        0      0 0.0.0.0:111             0.0.0.0:*               LISTEN     \ntcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN     \ntcp        0      0 0.0.0.0:2049            0.0.0.0:*               LISTEN     \ntcp        0      0 0.0.0.0:9102            0.0.0.0:*               LISTEN     \ntcp        0      0 10.126.44.1:53          0.0.0.0:*               LISTEN     \ntcp        0      0 0.0.0.0:631             0.0.0.0:*               LISTEN     \n[...]<\/pre><\/div>\n\n\n\n<h4 class=\"wp-block-heading\">Docker host side<\/h4>\n\n\n\n<p class=\"wp-block-paragraph\">While Docker usually takes care of opening and forwarding all necessary ports between a container and its host, we also have to make sure that the host machine for the docker container has ports 9101-9103 opened for traffic from and to file and storage daemons.<\/p>\n\n\n\n<div class=\"wp-block-urvanov-syntax-highlighter-code-block\"><pre class=\"toolbar:1 lang:default decode:true \" title=\"Confirm that ports 9101-9103 are open for listening on the Docker host\">ilek@q556:~$ sudo netstat -tulpn | grep LISTEN\n[...]\ntcp        0      0 0.0.0.0:9101            0.0.0.0:*               LISTEN      17542\/rootlesskit   \ntcp        0      0 0.0.0.0:9103            0.0.0.0:*               LISTEN      17542\/rootlesskit   \ntcp        0      0 0.0.0.0:9102            0.0.0.0:*               LISTEN      17542\/rootlesskit   \ntcp        0      0 0.0.0.0:9097            0.0.0.0:*               LISTEN      17542\/rootlesskit  \n[...]\ntcp6       0      0 :::9101                 :::*                    LISTEN      17542\/rootlesskit   \ntcp6       0      0 :::9103                 :::*                    LISTEN      17542\/rootlesskit   \ntcp6       0      0 :::9102                 :::*                    LISTEN      17542\/rootlesskit   \ntcp6       0      0 :::9097                 :::*                    LISTEN      17542\/rootlesskit   \n<\/pre><\/div>\n\n\n\n<p class=\"wp-block-paragraph\">After making sure that the host machine is actually accepting traffic on ports 9101-9103, we have to ensure that this traffic is actually forwarded to the Docker container. <\/p>\n\n\n\n<p class=\"wp-block-paragraph\">First we check if the host machine has activated port forwarding per se. Check if the file <code>\/etc\/sysctl.conf<\/code> on the Docker host has the following line uncommented. Detailed instructions on principally allowing port forwarding can be found in my <a href=\"https:\/\/hobbykeller.spdns.de\/?p=1617\" data-type=\"post\" data-id=\"1617\" target=\"_blank\" rel=\"noreferrer noopener\">Bacula testing installation post<\/a>.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Next we check the ufw status:<\/p>\n\n\n\n<div class=\"wp-block-urvanov-syntax-highlighter-code-block\"><pre class=\"toolbar:1 lang:default decode:true \" title=\"Checking if ports 9101-9103 are allowed in ufw\">ilek@q556:~$ sudo ufw status\nStatus: active\n\nTo                         Action      From\n--                         ------      ----\n9096                       ALLOW       Anywhere                  \n9095                       ALLOW       Anywhere                  \n22\/tcp                     LIMIT       Anywhere                  \n9097                       ALLOW       Anywhere                  \n9096 (v6)                  ALLOW       Anywhere (v6)             \n9095 (v6)                  ALLOW       Anywhere (v6)             \n22\/tcp (v6)                LIMIT       Anywhere (v6)             \n9097 (v6)                  ALLOW       Anywhere (v6)             \n<\/pre><\/div>\n\n\n\n<p class=\"wp-block-paragraph\">Surprisingly, although the previous <code>iptables<\/code> command showed that the host is listening on ports 9101-9103, ufw does not list these ports under the allowed ports. We therefore allow these ports explicitly under ufw and remove ports 9095 and 9096 as these look like leftovers from a previous legacy Baculum installation:<\/p>\n\n\n\n<div class=\"wp-block-urvanov-syntax-highlighter-code-block\"><pre class=\"toolbar:1 lang:default decode:true \" title=\"Allowing ports 9101-9103 in ufw and removing obsolete legacy ports 9095-9096\">ilek@q556:~$ sudo ufw delete allow 9095\nRule deleted\nRule deleted (v6)\nilek@q556:~$ sudo ufw delete allow 9096\nRule deleted\nRule deleted (v6)\nilek@q556:~$ sudo ufw allow 9101\nRule added\nRule added (v6)\nilek@q556:~$ sudo ufw allow 9102\nRule added\nRule added (v6)\nilek@q556:~$ sudo ufw allow 9103\nRule added\nRule added (v6)<\/pre><\/div>\n","protected":false},"excerpt":{"rendered":"<p>Bacularis is a fully loaded Bacula CE suite that comes with a successor of highly popular Baculum GUI. It can be installed by a one-liner Docker command thereby short-cutting hours<span class=\"more-button\"><a href=\"https:\/\/hobbykeller.spdns.de\/?p=1657\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\">Bacularis Installation and Configuration Notes<\/span><\/a><\/span><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[343,350],"class_list":["post-1657","post","type-post","status-publish","format-standard","hentry","category-uncategorized","tag-bacula","tag-bacularis"],"_links":{"self":[{"href":"https:\/\/hobbykeller.spdns.de\/index.php?rest_route=\/wp\/v2\/posts\/1657","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hobbykeller.spdns.de\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hobbykeller.spdns.de\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hobbykeller.spdns.de\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/hobbykeller.spdns.de\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1657"}],"version-history":[{"count":38,"href":"https:\/\/hobbykeller.spdns.de\/index.php?rest_route=\/wp\/v2\/posts\/1657\/revisions"}],"predecessor-version":[{"id":1883,"href":"https:\/\/hobbykeller.spdns.de\/index.php?rest_route=\/wp\/v2\/posts\/1657\/revisions\/1883"}],"wp:attachment":[{"href":"https:\/\/hobbykeller.spdns.de\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1657"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hobbykeller.spdns.de\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1657"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hobbykeller.spdns.de\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1657"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}