Conversation
96bc7e2 to
b0ead18
Compare
b0ead18 to
23715a2
Compare
| Schedule ACL = *all* | ||
| Storage ACL = *all* | ||
| Where ACL = *all* | ||
| } |
There was a problem hiding this comment.
This console definition can be simplified, as soon as #1875 is merged.
|
|
||
| .. note:: | ||
|
|
||
| The rescue image is created from the running system. |
There was a problem hiding this comment.
Maybe add the info that it also contains the Bareos client and related configuration to perform the restore?
| Instead you configure a :config:option:`dir/console` for every Bareos client using ReaR, | ||
| limiting the access to only one system and the required console commands: | ||
|
|
||
| .. code-block:: bareosconfig |
There was a problem hiding this comment.
This feels very cumbersome if you have lots of clients... If there is a way to make this more simple and still secure then maybe would be good to mention it.
There was a problem hiding this comment.
There are two ways we address this:
- when Fix multiple ACL handling bugs #1875 get merged, it still require one console per client, but using a rear profile, in can be reduced to just a few settings
- we like to add a mode, where the rescue image only contain the bareos-fd, not the bconsole. This got the limitation, that the restore must be triggered from the server, but simplifies the client a lot. Also using bconsole on the server is the typical use-case.
There was a problem hiding this comment.
Once this is done, we can extend the documentation to reflect that.
| root@host:~# rear recover | ||
| Console { | ||
| Name = "bareosclient-console" | ||
| Password = "secret" |
There was a problem hiding this comment.
Maybe hint that this needs to be protected with filesystem ACL and that ReaR will take it along and that the rescue image should be treated as a credential?
| Run Script { | ||
| Runs When = Before | ||
| Runs On Client = yes | ||
| Command = "/usr/local/sbin/update-rear-rescue.sh %l" |
There was a problem hiding this comment.
Maybe mention that the admin needs to put the file there himself, or is this distributed by Bareos automatically?
| Ideally the |bconsole| is configured in a way that it can only access this client, | ||
| see :ref:`section-named-console-for-rear`. | ||
|
|
||
| To configure the Bareos backend, ReaR uses the variables |
There was a problem hiding this comment.
Not sure if you have this, but it might be worth explaining that the fileset used for ReaR should be a full backup of all files and not a partial data-only backup.
There was a problem hiding this comment.
This has only be mentioned in the introduction, but making it more explicit is probably better. Added it now.
34ea551 to
d32b24d
Compare
sduehr
left a comment
There was a problem hiding this comment.
Thanks a lot, only suggested some typo/wording fixes.
7dcd940 to
a90071a
Compare
Bareos build now always requires OpenSSL.
Co-authored-by: sduehr <stephan.duehr@bareos.com>
As bareos#1875 and its backports (down to bareos-21) have been merged, we could simplify the ReaR configuration by using a standard Profile.
a5bbc09 to
29dc315
Compare
Updates the ReaR documentation. Bareos >= 22 requires a ReaR > 2.7, which is currently only available as snapshot package.
Please check
If you have any questions or problems, please give a comment in the PR.
Helpful documentation and best practices
Checklist for the reviewer of the PR (will be processed by the Bareos team)
Make sure you check/merge the PR using
devtools/pr-toolto have some simple automated checks run and a proper changelog record added.General
Source code quality