2.4. Storage Daemon Configuration

[TAG=Configuration] [TAG=Storage Daemon->Configuration] [TAG=Configuration->Storage Daemon]

The Bareos Storage Daemon configuration file has relatively few resource definitions. However, due to the great variation in backup media and system capabilities, the storage daemon must be highly configurable. As a consequence, there are quite a large number of directives in the Device Resource definition that allow you to define all the characteristics of your Storage device (normally a tape drive). Fortunately, with modern storage devices, the defaults are sufficient, and very few directives are actually needed.

For a general discussion of configuration file and resources including the data types recognized by Bareos, please see the Configuration chapter of this manual. The following Storage Resource definitions must be defined:

  • Storage – to define the name of the Storage daemon.
  • Director – to define the Director’s name and his access password.
  • Device – to define the characteristics of your storage device (tape drive).
  • Messages – to define where error and information messages are to be sent.

Following resources are optional:

  • StorageResourceAutochanger – to define Autochanger devices.
  • StorageResourceNDMP – to define the NDMP authentication context.

2.4.1. Storage Resource

[TAG=Resource->Storage] [TAG=Storage->Resource]

In general, the properties specified under the Storage resource define global properties of the Storage daemon. Each Storage daemon configuration file must have one and only one Storage resource definition.

begin{description}

resourceDirective{Sd}{Storage}{Absolute Job Timeout}{dt{Pint32}}{}{}{}{}

resourceDirective{Sd}{Storage}{Allow Bandwidth Bursting}{dt{Boolean}}{}{no}{}{}

resourceDirective{Sd}{Storage}{Auto XFlate On Replication}{dt{Boolean}}{}{no}{13.4.0}{}

resourceDirective{Sd}{Storage}{Backend Directory}{dt{DirectoryList}}{}{/home/joergs/git/bareos/bareos-18.2/regress/usr/lib/bareos/backends textit{small(platform specific)}}{}{}

resourceDirective{Sd}{Storage}{Client Connect Wait}{dt{Time}}{}{1800}{}{}

resourceDirective{Sd}{Storage}{Collect Device Statistics}{dt{Boolean}}{}{no}{}{}

resourceDirective{Sd}{Storage}{Collect Job Statistics}{dt{Boolean}}{}{no}{}{}

resourceDirective{Sd}{Storage}{Compatible}{dt{Boolean}}{}{no}{}{}

resourceDirective{Sd}{Storage}{Description}{dt{String}}{}{}{}{}

resourceDirective{Sd}{Storage}{Device Reserve By Media Type}{dt{Boolean}}{}{no}{}{}

resourceDirective{Sd}{Storage}{FD Connect Timeout}{dt{Time}}{}{1800}{}{}

resourceDirective{Sd}{Storage}{File Device Concurrent Read}{dt{Boolean}}{}{no}{}{}

resourceDirective{Sd}{Storage}{Heartbeat Interval}{dt{Time}}{}{0}{}{}

resourceDirective{Sd}{Storage}{Log Timestamp Format}{dt{String}}{}{}{15.2.3}{}

resourceDirective{Sd}{Storage}{Maximum Bandwidth Per Job}{dt{Speed}}{}{}{}{}

resourceDirective{Sd}{Storage}{Maximum Concurrent Jobs}{dt{Pint32}}{}{20}{}{}

resourceDirective{Sd}{Storage}{Maximum Connections}{dt{Pint32}}{}{42}{15.2.3}{}

resourceDirective{Sd}{Storage}{Maximum Network Buffer Size}{dt{Pint32}}{}{}{}{}

resourceDirective{Sd}{Storage}{Messages}{dt{Commonresourceheader}}{}{}{}{}

resourceDirective{Sd}{Storage}{Name}{dt{Name}}{required}{}{}{}

resourceDirective{Sd}{Storage}{NDMP Address}{dt{Address}}{}{10000}{}{}

resourceDirective{Sd}{Storage}{NDMP Addresses}{dt{Addresses}}{}{10000}{}{}

resourceDirective{Sd}{Storage}{NDMP Enable}{dt{Boolean}}{}{no}{}{}

resourceDirective{Sd}{Storage}{NDMP Log Level}{dt{Pint32}}{}{4}{}{}

resourceDirective{Sd}{Storage}{NDMP Port}{dt{Port}}{}{10000}{}{}

resourceDirective{Sd}{Storage}{NDMP Snooping}{dt{Boolean}}{}{no}{}{}

resourceDirective{Sd}{Storage}{Pid Directory}{dt{Directory}}{}{/home/joergs/git/bareos/bareos-18.2/regress/working textit{small(platform specific)}}{}{}

resourceDirective{Sd}{Storage}{Plugin Directory}{dt{Directory}}{}{}{}{}

resourceDirective{Sd}{Storage}{Plugin Names}{dt{PluginNames}}{}{}{}{}

resourceDirective{Sd}{Storage}{Scripts Directory}{dt{Directory}}{}{}{}{}

resourceDirective{Sd}{Storage}{SD Address}{dt{Address}}{}{8103}{}{}

resourceDirective{Sd}{Storage}{SD Addresses}{dt{Addresses}}{}{8103}{}{}

resourceDirective{Sd}{Storage}{SD Connect Timeout}{dt{Time}}{}{1800}{}{}

resourceDirective{Sd}{Storage}{SD Port}{dt{Port}}{}{8103}{}{}

resourceDirective{Sd}{Storage}{SD Source Address}{dt{Address}}{}{0}{}{}

resourceDirective{Sd}{Storage}{Secure Erase Command}{dt{String}}{}{}{15.2.1}{Specify command that will be called when bareos unlinks files.}

resourceDirective{Sd}{Storage}{Statistics Collect Interval}{dt{Pint32}}{}{30}{}{}

resourceDirective{Sd}{Storage}{Sub Sys Directory}{dt{Directory}}{}{}{}{}

resourceDirective{Sd}{Storage}{TLS Allowed CN}{dt{StringList}}{}{}{}{“Common Name”s (CNs) of the allowed peer certificates.}

resourceDirective{Sd}{Storage}{TLS Authenticate}{dt{Boolean}}{}{no}{}{Use TLS only to authenticate, not for encryption.}

resourceDirective{Sd}{Storage}{TLS CA Certificate Dir}{dt{Stddirectory}}{}{}{}{Path of a TLS CA certificate directory.}

resourceDirective{Sd}{Storage}{TLS CA Certificate File}{dt{Stddirectory}}{}{}{}{Path of a PEM encoded TLS CA certificate(s) file.}

resourceDirective{Sd}{Storage}{TLS Certificate}{dt{Stddirectory}}{}{}{}{Path of a PEM encoded TLS certificate.}

resourceDirective{Sd}{Storage}{TLS Certificate Revocation List}{dt{Stddirectory}}{}{}{}{Path of a Certificate Revocation List file.}

resourceDirective{Sd}{Storage}{TLS Cipher List}{dt{String}}{}{}{}{List of valid TLS Ciphers.}

resourceDirective{Sd}{Storage}{TLS DH File}{dt{Stddirectory}}{}{}{}{Path to PEM encoded Diffie-Hellman parameter file. If this directive is specified, DH key exchange will be used for the ephemeral keying, allowing for forward secrecy of communications.}

resourceDirective{Sd}{Storage}{TLS Enable}{dt{Boolean}}{}{no}{}{Enable TLS support.}

resourceDirective{Sd}{Storage}{TLS Key}{dt{Stddirectory}}{}{}{}{Path of a PEM encoded private key. It must correspond to the specified “TLS Certificate”.}

resourceDirective{Sd}{Storage}{TLS PSK Enable}{dt{Boolean}}{}{yes}{}{Enable TLS-PSK support.}

resourceDirective{Sd}{Storage}{TLS PSK Require}{dt{Boolean}}{}{no}{}{Without setting this to yes, Bareos can fall back to use unencryption connections. Enabling this implicitly sets “TLS-PSK Enable = yes”.}

resourceDirective{Sd}{Storage}{TLS Require}{dt{Boolean}}{}{no}{}{Without setting this to yes, Bareos can fall back to use unencrypted connections. Enabling this implicitly sets “TLS Enable = yes”.}

resourceDirective{Sd}{Storage}{TLS Verify Peer}{dt{Boolean}}{}{no}{}{If disabled, all certificates signed by a known CA will be accepted. If enabled, the CN of a certificate must the Address or in the “TLS Allowed CN” list.}

resourceDirective{Sd}{Storage}{Ver Id}{dt{String}}{}{}{}{}

resourceDirective{Sd}{Storage}{Working Directory}{dt{Directory}}{}{/home/joergs/git/bareos/bareos-18.2/regress/working textit{small(platform specific)}}{}{}

end{description}

The following is a typical Storage daemon storage resource definition.

Storage daemon storage definition
#
# "Global" Storage daemon configuration specifications appear
# under the Storage resource.
#
Storage {
  Name = "Storage daemon"
  Address = localhost
}

2.4.2. Director Resource

[TAG=Resource->Director] [TAG=Director->Resource]

The Director resource specifies the Name of the Director which is permitted to use the services of the Storage daemon. There may be multiple Director resources. The Director Name and Password must match the corresponding values in the Director’s configuration file.

begin{description}

resourceDirective{Sd}{Director}{Description}{dt{String}}{}{}{}{}

resourceDirective{Sd}{Director}{Key Encryption Key}{dt{Autopassword}}{}{}{}{}

resourceDirective{Sd}{Director}{Maximum Bandwidth Per Job}{dt{Speed}}{}{}{}{}

resourceDirective{Sd}{Director}{Monitor}{dt{Boolean}}{}{}{}{}

resourceDirective{Sd}{Director}{Name}{dt{Name}}{required}{}{}{}

resourceDirective{Sd}{Director}{Password}{dt{Autopassword}}{required}{}{}{}

resourceDirective{Sd}{Director}{TLS Allowed CN}{dt{StringList}}{}{}{}{“Common Name”s (CNs) of the allowed peer certificates.}

resourceDirective{Sd}{Director}{TLS Authenticate}{dt{Boolean}}{}{no}{}{Use TLS only to authenticate, not for encryption.}

resourceDirective{Sd}{Director}{TLS CA Certificate Dir}{dt{Stddirectory}}{}{}{}{Path of a TLS CA certificate directory.}

resourceDirective{Sd}{Director}{TLS CA Certificate File}{dt{Stddirectory}}{}{}{}{Path of a PEM encoded TLS CA certificate(s) file.}

resourceDirective{Sd}{Director}{TLS Certificate}{dt{Stddirectory}}{}{}{}{Path of a PEM encoded TLS certificate.}

resourceDirective{Sd}{Director}{TLS Certificate Revocation List}{dt{Stddirectory}}{}{}{}{Path of a Certificate Revocation List file.}

resourceDirective{Sd}{Director}{TLS Cipher List}{dt{String}}{}{}{}{List of valid TLS Ciphers.}

resourceDirective{Sd}{Director}{TLS DH File}{dt{Stddirectory}}{}{}{}{Path to PEM encoded Diffie-Hellman parameter file. If this directive is specified, DH key exchange will be used for the ephemeral keying, allowing for forward secrecy of communications.}

resourceDirective{Sd}{Director}{TLS Enable}{dt{Boolean}}{}{no}{}{Enable TLS support.}

resourceDirective{Sd}{Director}{TLS Key}{dt{Stddirectory}}{}{}{}{Path of a PEM encoded private key. It must correspond to the specified “TLS Certificate”.}

resourceDirective{Sd}{Director}{TLS PSK Enable}{dt{Boolean}}{}{yes}{}{Enable TLS-PSK support.}

resourceDirective{Sd}{Director}{TLS PSK Require}{dt{Boolean}}{}{no}{}{Without setting this to yes, Bareos can fall back to use unencryption connections. Enabling this implicitly sets “TLS-PSK Enable = yes”.}

resourceDirective{Sd}{Director}{TLS Require}{dt{Boolean}}{}{no}{}{Without setting this to yes, Bareos can fall back to use unencrypted connections. Enabling this implicitly sets “TLS Enable = yes”.}

resourceDirective{Sd}{Director}{TLS Verify Peer}{dt{Boolean}}{}{no}{}{If disabled, all certificates signed by a known CA will be accepted. If enabled, the CN of a certificate must the Address or in the “TLS Allowed CN” list.}

end{description}

The following is an example of a valid Director resource definition:

Storage daemon Director definition
Director {
  Name = MainDirector
  Password = my\_secret\_password
}

2.4.3. NDMP Resource

[TAG=Resource->NDMP] [TAG=NDMP->Resource]

The NDMP Resource specifies the authentication details of each NDMP client. There may be multiple NDMP resources for a single Storage daemon. In general, the properties specified within the NDMP resource are specific to one client.

begin{description}

resourceDirective{Sd}{Ndmp}{Auth Type}{dt{AuthType}}{}{None}{}{}

resourceDirective{Sd}{Ndmp}{Description}{dt{String}}{}{}{}{}

resourceDirective{Sd}{Ndmp}{Log Level}{dt{Pint32}}{}{4}{}{}

resourceDirective{Sd}{Ndmp}{Name}{dt{Name}}{required}{}{}{}

resourceDirective{Sd}{Ndmp}{Password}{dt{Autopassword}}{required}{}{}{}

resourceDirective{Sd}{Ndmp}{Username}{dt{String}}{required}{}{}{}

end{description}

2.4.4. Device Resource

[TAG=Resource->Device] [TAG=Device->Resource]

The Device Resource specifies the details of each device (normally a tape drive) that can be used by the Storage daemon. There may be multiple Device resources for a single Storage daemon. In general, the properties specified within the Device resource are specific to the Device.

begin{description}

resourceDirective{Sd}{Device}{Alert Command}{dt{Strname}}{}{}{}{}

resourceDirective{Sd}{Device}{Always Open}{dt{Bit}}{}{yes}{}{}

resourceDirective{Sd}{Device}{Archive Device}{dt{Strname}}{required}{}{}{}

resourceDirective{Sd}{Device}{Auto Deflate}{dt{IoDirection}}{}{}{13.4.0}{}

resourceDirective{Sd}{Device}{Auto Deflate Algorithm}{dt{CompressionAlgorithm}}{}{}{13.4.0}{}

resourceDirective{Sd}{Device}{Auto Deflate Level}{dt{Pint16}}{}{6}{13.4.0}{}

resourceDirective{Sd}{Device}{Auto Inflate}{dt{IoDirection}}{}{}{13.4.0}{}

resourceDirective{Sd}{Device}{Auto Select}{dt{Boolean}}{}{yes}{}{}

resourceDirective{Sd}{Device}{Autochanger}{dt{Bit}}{}{no}{}{}

resourceDirective{Sd}{Device}{Automatic Mount}{dt{Bit}}{}{no}{}{}

resourceDirective{Sd}{Device}{Backward Space File}{dt{Bit}}{}{yes}{}{}

resourceDirective{Sd}{Device}{Backward Space Record}{dt{Bit}}{}{yes}{}{}

resourceDirective{Sd}{Device}{Block Checksum}{dt{Bit}}{}{yes}{}{}

resourceDirective{Sd}{Device}{Block Positioning}{dt{Bit}}{}{yes}{}{}

resourceDirective{Sd}{Device}{Bsf At Eom}{dt{Bit}}{}{no}{}{}

resourceDirective{Sd}{Device}{Changer Command}{dt{Strname}}{}{}{}{}

resourceDirective{Sd}{Device}{Changer Device}{dt{Strname}}{}{}{}{}

resourceDirective{Sd}{Device}{Check Labels}{dt{Bit}}{}{no}{}{}

resourceDirective{Sd}{Device}{Close On Poll}{dt{Bit}}{}{no}{}{}

resourceDirective{Sd}{Device}{Collect Statistics}{dt{Boolean}}{}{yes}{}{}

resourceDirective{Sd}{Device}{Description}{dt{String}}{}{}{}{The Description directive provides easier human recognition, but is not used by Bareos directly.}

resourceDirective{Sd}{Device}{Device Options}{dt{String}}{}{}{15.2.0}{}

resourceDirective{Sd}{Device}{Device Type}{dt{DeviceType}}{}{}{}{}

resourceDirective{Sd}{Device}{Diagnostic Device}{dt{Strname}}{}{}{}{}

resourceDirective{Sd}{Device}{Drive Crypto Enabled}{dt{Boolean}}{}{}{}{}

resourceDirective{Sd}{Device}{Drive Index}{dt{Pint16}}{}{}{}{}

resourceDirective{Sd}{Device}{Drive Tape Alert Enabled}{dt{Boolean}}{}{}{}{}

resourceDirective{Sd}{Device}{Fast Forward Space File}{dt{Bit}}{}{yes}{}{}

resourceDirective{Sd}{Device}{Forward Space File}{dt{Bit}}{}{yes}{}{}

resourceDirective{Sd}{Device}{Forward Space Record}{dt{Bit}}{}{yes}{}{}

resourceDirective{Sd}{Device}{Free Space Command}{dt{Strname}}{}{}{deprecated}{}

resourceDirective{Sd}{Device}{Hardware End Of File}{dt{Bit}}{}{yes}{}{}

resourceDirective{Sd}{Device}{Hardware End Of Medium}{dt{Bit}}{}{yes}{}{}

resourceDirective{Sd}{Device}{Label Block Size}{dt{Pint32}}{}{64512}{}{}

resourceDirective{Sd}{Device}{Label Media}{dt{Bit}}{}{no}{}{}

resourceDirective{Sd}{Device}{Label Type}{dt{Label}}{}{}{}{}

resourceDirective{Sd}{Device}{Maximum Block Size}{dt{MaxBlocksize}}{}{}{}{}

resourceDirective{Sd}{Device}{Maximum Changer Wait}{dt{Time}}{}{300}{}{}

resourceDirective{Sd}{Device}{Maximum Concurrent Jobs}{dt{Pint32}}{}{}{}{}

resourceDirective{Sd}{Device}{Maximum File Size}{dt{Size64}}{}{1000000000}{}{}

resourceDirective{Sd}{Device}{Maximum Job Spool Size}{dt{Size64}}{}{}{}{}

resourceDirective{Sd}{Device}{Maximum Network Buffer Size}{dt{Pint32}}{}{}{}{}

resourceDirective{Sd}{Device}{Maximum Open Volumes}{dt{Pint32}}{}{1}{}{}

resourceDirective{Sd}{Device}{Maximum Open Wait}{dt{Time}}{}{300}{}{}

resourceDirective{Sd}{Device}{Maximum Part Size}{dt{Size64}}{}{}{deprecated}{}

resourceDirective{Sd}{Device}{Maximum Rewind Wait}{dt{Time}}{}{300}{}{}

resourceDirective{Sd}{Device}{Maximum Spool Size}{dt{Size64}}{}{}{}{}

resourceDirective{Sd}{Device}{Maximum Volume Size}{dt{Size64}}{}{}{deprecated}{}

resourceDirective{Sd}{Device}{Media Type}{dt{Strname}}{required}{}{}{}

resourceDirective{Sd}{Device}{Minimum Block Size}{dt{Pint32}}{}{}{}{}

resourceDirective{Sd}{Device}{Mount Command}{dt{Strname}}{}{}{}{}

resourceDirective{Sd}{Device}{Mount Point}{dt{Strname}}{}{}{}{}

resourceDirective{Sd}{Device}{Name}{dt{Name}}{required}{}{}{Unique identifier of the resource.}

resourceDirective{Sd}{Device}{No Rewind On Close}{dt{Boolean}}{}{yes}{}{}

resourceDirective{Sd}{Device}{Offline On Unmount}{dt{Bit}}{}{no}{}{}

resourceDirective{Sd}{Device}{Query Crypto Status}{dt{Boolean}}{}{}{}{}

resourceDirective{Sd}{Device}{Random Access}{dt{Bit}}{}{no}{}{}

resourceDirective{Sd}{Device}{Removable Media}{dt{Bit}}{}{yes}{}{}

resourceDirective{Sd}{Device}{Requires Mount}{dt{Bit}}{}{no}{}{}

resourceDirective{Sd}{Device}{Spool Directory}{dt{Directory}}{}{}{}{}

resourceDirective{Sd}{Device}{Two Eof}{dt{Bit}}{}{no}{}{}

resourceDirective{Sd}{Device}{Unmount Command}{dt{Strname}}{}{}{}{}

resourceDirective{Sd}{Device}{Use Mtiocget}{dt{Bit}}{}{yes}{}{}

resourceDirective{Sd}{Device}{Volume Capacity}{dt{Size64}}{}{}{}{}

resourceDirective{Sd}{Device}{Volume Poll Interval}{dt{Time}}{}{300}{}{}

resourceDirective{Sd}{Device}{Write Part Command}{dt{Strname}}{}{}{deprecated}{}

end{description}

2.4.4.1. Edit Codes for Mount and Unmount Directives

[TAG=Edit Codes for Mount and Unmount Directives] [TAG=Mount and Unmount: use variables in directives]

Before submitting the Mount Command, or Unmount Command directives to the operating system, Bareos performs character substitution of the following characters:

%% = %
%a = Archive device name
%e = erase (set if cannot mount and first part)
%n = part number
%m = mount point
%v = last part name (i.e. filename)

2.4.4.2. Devices that require a mount (USB)

[TAG=Devices that require a mount (USB)]

begin{description}

item Requires Mount (Sd->Device)You must set this directive to {bf yes} for removable devices such as USB unless they are automounted, and to {bf no} for all other devices (tapes/files). This directive indicates if the device requires to be mounted to be read, and if it must be written in a special way. If it set, Mount Point (Sd->Device), Mount Command (Sd->Device) and Unmount Command (Sd->Device)directives must also be defined.

item Mount Point (Sd->Device)Directory where the device can be mounted.

item Mount Command (Sd->Device)Command that must be executed to mount the device. Before the command is executed, %a is replaced with the Archive Device, and %m with the Mount Point.

Most frequently, you will define it as follows:

begin{verbatim}begin{bconfig}{} Mount Command = “/bin/mount -t iso9660 -o ro %a %m” end{bconfig}end{verbatim}

For some media, you may need multiple commands. If so, it is recommended that you use a shell script instead of putting them all into the Mount Command. For example, instead of this:

begin{verbatim}begin{bconfig}{} Mount Command = “/usr/local/bin/mymount” end{bconfig}end{verbatim}

Where that script contains:

begin{verbatim}begin{commands}{} #!/bin/sh ndasadmin enable -s 1 -o w sleep 2 mount /dev/ndas-00323794-0p1 /backup end{commands}end{verbatim}

Similar consideration should be given to all other Command parameters.

item Unmount Command (Sd->Device)Command that must be executed to unmount the device. Before the command is executed, %a is replaced with the Archive Device, and %m with the Mount Point.

Most frequently, you will define it as follows:

begin{verbatim}begin{bconfig}{} Unmount Command = “/bin/umount %m” end{bconfig}end{verbatim}

If you need to specify multiple commands, create a shell script.

end{description}

2.4.5. Autochanger Resource

[TAG=Autochanger Resource] [TAG=Resource->Autochanger]

The Autochanger resource supports single or multiple drive autochangers by grouping one or more Device resources into one unit called an autochanger in Bareos (often referred to as a “tape library” by autochanger manufacturers).

The following is an example of a valid Autochanger resource definition:

Autochanger Configuration Example
Autochanger {
  Name = "DDS-4-changer"
  Device = DDS-4-1, DDS-4-2, DDS-4-3
  Changer Device = /dev/sg0
  Changer Command = "/usr/lib/bareos/scripts/mtx-changer %c %o %S %a %d"
}
Device {
  Name = "DDS-4-1"
  Drive Index = 0
  Autochanger = yes
  ...
}
Device {
  Name = "DDS-4-2"
  Drive Index = 1
  Autochanger = yes
  ...
Device {
  Name = "DDS-4-3"
  Drive Index = 2
  Autochanger = yes
  Autoselect = no
  ...
}

Please note that it is important to include the Autochanger (Sd->Device)= yes directive in each device definition that belongs to an Autochanger. A device definition should not belong to more than one Autochanger resource.

Also, your Device (Dir->Storage) must refer to the Autochanger’s resource name rather than a name of one of the Devices.

For details refer to the Autochanger Support chapter.

2.4.6. Messages Resource

[TAG=Resource->Messages] [TAG=Messages->Resource]

For a description of the Messages Resource, please see the Messages Resource chapter of this manual.