This Quick Guide presents the Bacula RHEV/oVirt Backup Plugin operational procedures for Enterprise Bacula version 10 and above.
The plugin provides clientless automated Virtual Machines image level backup, differential and incremental backups via CBT, restore and granular file-level extraction. It also supports LAN Free backups.
Installation
The Red Hat Virtualization allows 2 different connection modes and both can be used by the Bacula Plugin: OAuth and HTTP Basic Authentication. For more information refer to https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.1/html/rest_api_guide/documents-002_authentication_and_security#authentication.
To take advantage of Differential and Incremental CBT backup technologies, it is necessary that the Bacula Client and Plugin (Proxy) be installed inside a Virtual Machine in the RHV environment, with the following minimum requirements:
- CentOS 7, 8 or higher, Debian or other Linux whose Plugin package is available
- 4 GB RAM
- Network: Access to the RHV logical network
- Storage: 8 GB
- Bacula Enterprise Edition version: 12.0.2 or higher
- Java Virtual Machine: 8
Create a yum/apt repo according to the exclusive Enterprise Bacula repository RHEV plugin path, or download and install the package in a machine with a working Bacula Client. E.g.:
rpm -ivh bacula-enterprise-rhv-plugin-10.2.3.el7.x86_64.rpm
The Java Virtual Machine in an 8 version or greater is required and normally installed as a dependency.
Restart the bacula-fd service in order to load the plugin library.
VM Disks Preparation
In order to allow correct disks download during the backup processes, and due to an existing bug of RHEV (https://bugzilla.redhat.com/show_bug.cgi?id=1538814), the following configurations must be set:
For RHEV 4.1 (Compatible with RHEV 4.2)
Access the RHV Manager database PostgreSQL console via ssh. E.g.:
su postgres psql -U postgres -d engine # Get the existing value for future reference SELECT * FROM vdc_options WHERE option_name='ImageTransferClientTicketValidityInSeconds'; UPDATE vdc_options SET option_value=999999 WHERE option_name='ImageTransferClientTicketValidityInSeconds';
For RHEV 4.2
Access the RHV Manager manager machine shell, then:
# Get the existing value for future reference engine-config --get ImageTransferClientTicketValidityInSeconds # Set value (we recommend 999999 seconds, virtually unlimited) engine-config --set ImageTransferClientTicketValidityInSeconds=999999
Certificate and TrustStore
There are three ways to create the truststore that allows the Bacula plugin to connect to RHV in secure mode.
a) Automatic: Plugin Call
The plugin has an option to create the truststore automatically. To create the truststore run the following command:
java -jar /opt/bacula/lib/rhvPlugin.jar --server=myrhv.com --operation=system --create_truststore=true --truststore_file=/tmp/rhv_truststore --truststore_password=changeit
Example command to create the truststore
java -jar /opt/bacula/lib/rhvPlugin.jar --server={server} --operation=system --create_truststore=true --truststore_file={truststore_path} --truststore_password={truststore_password}
b) Automatic: Interactive Script
There is an interactive script in /opt/bacula/scripts/rhv_config.sh. When the script is executed it requests parameters such as: server, truststore path, truststore password, alias in truststore and keytool Java path. Only the parameter ’server’ is required. The others parameters by default are:
- Truststore path: /opt/bacula/etc/rhv.cacerts
- Truststore password: changeit
- Truststore internal alias: rhvPluginX<randomNumber(1-100000)>
- Path to Java’s keytool: /usr/bin/keytool
Example of a script execution:
user@host:~/bacula-plugin-rhev/src\$ ./promptTrustStore.sh
Welcome wizard to create TrustStore File
Enter FQDM Red Hat Virtualization Manager:myrhev.com
Path truststore (/opt/bacula/etc/rhev.cacerts): /opt/bacula/etc/rhevProbes.certs
Password truststore (changeit):
Alias (rhevPluginX7687): rhevPluginRHEV
Path keytool ('/usr/bin/keytool'): /usr/bin/java/bin/keytool
Resume:
Server: myrhev.com
Path Truststore: /opt/bacula/etc/rhevProbes.certs
Pass Truststore: custom
Alias: rhevPluginRHEV
Keytool: /usr/bin/java/bin/keytool
Are you sure? [no] yes
c) Manual
Still at the Client Machine, generate the truststore that allows the Plugin to connect with the RHVM, as follows:
curl -o /root/rhvm.cer http://ovirtman/ovirt-engine/services/pki-resource?resource=ca-certificate&format=X509-PEM-CA
Generate a password for the truststore certificate. Replace the Java Home Path if necessary.
keytool -import -alias "rhev truststore" -file /root/rhvm.cer -keystore /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.161-0.b14.el7_4.x86_64/jre/lib/security/cacerts
It will ask for a password, the default value is: “changeit”.
Note: by default, the Java truststore path is: $JAVA_HOME/jre/lib/security/cacerts
RHEV Backup User
It is possible to use the ‘admin’ user for the plugin, or a user with restricted permissions. Read the referenced whitepaper for more details.
Installation Test
It is possible to use the Bacula Plugin directly to test the prior configurations and even list RHEV datacenters, templates, storage_domains, hosts, disks and others, as in the following example:
java -jar /opt/bacula/lib/rhvPlugin.jar --server=ovirtman --truststore_file=/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.171-8.b10.el7_5.x86_64/jre/lib/security/cacerts --truststore_password=changeit --auth=http --profile=internal --user=admin --password=xxx --operation=list --list_datacenters
Configuration
FileSet Creation
Create a new FileSet. All the Plugin options can be set at the bweb Bacula graphical interface Include – Plugin Options.
The plugin parameter config_file allows creation of a file which can be used to provide all needed options instead of putting them into the plugin line. These configuration files are plain text files containing one setting per line, where the name of the setting and its value are separated by an equals sign “=”. A configuration file could thus look like this:
# /opt/bacula/etc/rhv.conf server=rhv.example.com user=admin truststore_file=/opt/bacula/etc/rhvm.truststore target_datacenters=myDatacenter operation=backup
Then, an example to backup all VMs:
rhv: config_file=/opt/bacula/etc/rhv.conf
Alternatively, this example will also backup all VMs from an RHEV Datacenter.
rhv: server=rhv.example.com password=rhvpass123
It is also possible to select one or more VMs for backup using their name. Multiple plugin configuration lines can be used for different machines selection.
rhv: server=rhv.example.com password=rhvpass123 target_virtualmachine=vmExample
It is possible to exclude a VM disk from backup adding the following directive. Multiple disks ID can be listed between commas (,):
target_exclude_disks=[list_disks]
A regular expression can be used to select multiple VMs by name, and specific VMs can be excluded from backups:
target_virtualmachine_regex=vm* target_exclude_vms=vmname
Fetch the referenced Whitepaper for a full list and description of available backup options.
Save the new FileSet.
Job Creation
Create an ordinary Bacula backup Job, associating it to the RHEV machine File Daemon and the newly created FileSet.
Attention! The Accurate=yes option should not be checked for backups of RHV VMs.
Apply changes and run a test backup Job.
Restore
In order to restore a machine directly to RHEV, use the where=/ (origin) restore option and mark the whole VM backup directory for restoration (e.g. @rhev/vmname/).
In order to restore the VM XML configuration and disks to a filesystem, change the where= to the desired restoration directory (e.g. where=/tmp).
File-level Restore
The granular restauration is performed through the Bacula Enterprise Single-Item Restore Plugin.
Reference
Red Hat Virtualization Plugin – http://baculasystems.com
Disponível em: 
Português (Portuguese (Brazil))
English
Español (Spanish)
