RHV/oVirt Enterprise Bacula Plugin Quick Guide

This Quick Guide presents the Bacula RHEV/oVirt Backup Plugin operational procedures for Enterprise Bacula version 10 and above.

The plugin provides clientless automated Virtual Machines image level backup, differential and incremental backups via CBT, restore and granular file-level extraction. It also supports LAN Free backups.

Installation

The Red Hat Virtualization allows 2 different connection modes and both can be used by the Bacula Plugin: OAuth and HTTP Basic Authentication. For more information refer to https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.1/html/rest_api_guide/documents-002_authentication_and_security#authentication.

To take advantage of Differential and Incremental CBT backup technologies, it is necessary that the Bacula Client and Plugin (Proxy) be installed inside a Virtual Machine in the RHV environment, with the following minimum requirements:

  • CentOS 7, 8 or higher, Debian or other Linux whose Plugin package is available
  • 4 GB RAM
  • Network: Access to the RHV logical network
  • Storage: 8 GB
  • Bacula Enterprise Edition version: 12.0.2 or higher
  • Java Virtual Machine: 8

Create a yum/apt repo according to the exclusive Enterprise Bacula repository RHEV plugin path, or download and install the package in a machine with a working Bacula Client. E.g.:

rpm -ivh bacula-enterprise-rhv-plugin-10.2.3.el7.x86_64.rpm

The Java Virtual Machine in an 8 version or greater is required and normally installed as a dependency.

Restart the bacula-fd service in order to load the plugin library.

VM Disks Preparation

In order to allow correct disks download during the backup processes, and due to an existing bug of RHEV (https://bugzilla.redhat.com/show_bug.cgi?id=1538814), the following configurations must be set:

For RHEV 4.1 (Compatible with RHEV 4.2)

Access the RHV Manager database PostgreSQL console via ssh. E.g.:

su postgres
psql -U postgres -d engine
# Get the existing value for future reference
SELECT * FROM vdc_options WHERE
option_name='ImageTransferClientTicketValidityInSeconds';
UPDATE vdc_options SET option_value=999999
WHERE option_name='ImageTransferClientTicketValidityInSeconds';
For RHEV 4.2

Access the RHV Manager manager machine shell, then:

# Get the existing value for future reference 
engine-config --get ImageTransferClientTicketValidityInSeconds 
# Set value (we recommend 999999 seconds, virtually unlimited) 
engine-config --set ImageTransferClientTicketValidityInSeconds=999999

Certificate and TrustStore

There are three ways to create the truststore that allows the Bacula plugin to connect to RHV in secure mode.

a) Automatic: Plugin Call

The plugin has an option to create the truststore automatically. To create the truststore run the following command:

java -jar /opt/bacula/lib/rhvPlugin.jar --server=myrhv.com --operation=system --create_truststore=true --truststore_file=/tmp/rhv_truststore --truststore_password=changeit

Example command to create the truststore

java -jar /opt/bacula/lib/rhvPlugin.jar --server={server} --operation=system --create_truststore=true --truststore_file={truststore_path} --truststore_password={truststore_password}

b) Automatic: Interactive Script

There is an interactive script in /opt/bacula/scripts/rhv_config.sh. When the script is executed it requests parameters such as: server, truststore path, truststore password, alias in truststore and keytool Java path. Only the parameter ’server’ is required. The others parameters by default are:

  • Truststore path: /opt/bacula/etc/rhv.cacerts
  • Truststore password: changeit
  • Truststore internal alias: rhvPluginX<randomNumber(1-100000)>
  • Path to Java’s keytool: /usr/bin/keytool

Example of a script execution:

user@host:~/bacula-plugin-rhev/src\$ ./promptTrustStore.sh
Welcome wizard to create TrustStore File
Enter FQDM Red Hat Virtualization Manager:myrhev.com
Path truststore (/opt/bacula/etc/rhev.cacerts): /opt/bacula/etc/rhevProbes.certs
Password truststore (changeit):
Alias (rhevPluginX7687): rhevPluginRHEV
Path keytool ('/usr/bin/keytool'): /usr/bin/java/bin/keytool
Resume:
Server: myrhev.com
Path Truststore: /opt/bacula/etc/rhevProbes.certs
Pass Truststore: custom
Alias: rhevPluginRHEV
Keytool: /usr/bin/java/bin/keytool
Are you sure? [no] yes

c) Manual

Still at the Client Machine, generate the truststore that allows the Plugin to connect with the RHVM, as follows:

curl -o /root/rhvm.cer http://ovirtman/ovirt-engine/services/pki-resource?resource=ca-certificate&format=X509-PEM-CA

Generate a password for the truststore certificate. Replace the Java Home Path if necessary.

keytool -import -alias "rhev truststore" -file /root/rhvm.cer -keystore /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.161-0.b14.el7_4.x86_64/jre/lib/security/cacerts

It will ask for a password, the default value is: “changeit”.

Note: by default, the Java truststore path is:  $JAVA_HOME/jre/lib/security/cacerts

RHEV Backup User

It is possible to use the ‘admin’ user for the plugin, or a user with restricted permissions. Read the referenced whitepaper for more details.

Installation Test

It is possible to use the Bacula Plugin directly to test the prior configurations and even list RHEV datacenters, templates, storage_domains, hosts, disks and others, as in the following example:

java -jar /opt/bacula/lib/rhvPlugin.jar --server=ovirtman --truststore_file=/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.171-8.b10.el7_5.x86_64/jre/lib/security/cacerts --truststore_password=changeit --auth=http --profile=internal --user=admin --password=xxx --operation=list --list_datacenters

Configuration

FileSet Creation

Create a new FileSet. All the Plugin options can be set at the bweb Bacula graphical interface Include – Plugin Options.

The plugin parameter config_file allows creation of a file which can be used to provide all needed options instead of putting them into the plugin line. These configuration files are plain text files containing one setting per line, where the name of the setting and its value are separated by an equals sign “=”. A configuration file could thus look like this:

# /opt/bacula/etc/rhv.conf

server=rhv.example.com
user=admin
truststore_file=/opt/bacula/etc/rhvm.truststore
target_datacenters=myDatacenter
operation=backup

Then, an example to backup all VMs:

rhv: config_file=/opt/bacula/etc/rhv.conf

Alternatively, this example will also backup all VMs from an RHEV Datacenter.

rhv: server=rhv.example.com password=rhvpass123

It is also possible to select one or more VMs for backup using their name. Multiple plugin configuration lines can be used for different machines selection.

rhv: server=rhv.example.com password=rhvpass123 target_virtualmachine=vmExample

It is possible to exclude a VM disk from backup adding the following directive. Multiple disks ID can be listed between commas (,):

target_exclude_disks=[list_disks]

A regular expression can be used to select multiple VMs by name, and specific VMs can be excluded from backups:

target_virtualmachine_regex=vm* target_exclude_vms=vmname

Fetch the referenced Whitepaper for a full list and description of available backup options.

Save the new FileSet.

Job Creation

Create an ordinary Bacula backup Job, associating it to the RHEV machine File Daemon and the newly created FileSet.

Attention! The Accurate=yes option should not be checked for backups of RHV VMs.

Apply changes and run a test backup Job.

Restore

In order to restore a machine directly to RHEV, use the where=/ (origin) restore option and mark the whole VM backup directory for restoration (e.g. @rhev/vmname/).

In order to restore the VM XML configuration and disks to a filesystem, change the where= to the desired restoration directory (e.g. where=/tmp).

File-level Restore

The granular restauration is performed through the Bacula Enterprise Single-Item Restore Plugin.

Reference

Red Hat Virtualization Plugin – http://baculasystems.com

Disponível em: pt-brPortuguês (Portuguese (Brazil)) enEnglish esEspañol (Spanish)

Leave a Reply