Verified Commit 720e6435 authored by anarcat's avatar anarcat
Browse files

document how to restore files as root (hopefully) 

/cc @hiro
parent c2301fed

service/backup.md

+55 −3
Original line number Diff line number Diff line
@@ -165,9 +165,15 @@ Short version: 
    $ ssh -tt bacula-director-01.torproject.org bconsole

    *restore



... and follow instructions. Reminder: by default, backups are

restored on the originating server. `llist jobid=N` and `messages` to

follow progress.

... and follow instructions. 



Reminder: by default, backups are restored to the originating server,

as the `bacula` user, in `/var/tmp/bacula-restores`. Make sure that

directory has enough disk space, and if you need to restore specific

ownership settings, you want to run `bacula-fd` as root, see the

[restoring files as root](#restoring-files-as-root) section.



Use the `llist jobid=N` and `messages` commands to follow progress.



The `bconsole` program has a pretty good interactive restore mode

which you can just call with `restore`. It needs to know which "jobs"
@@ -402,6 +408,52 @@ Once the job is done, the files will be present in the chosen location 
See the [upstream manual](https://www.bacula.org/9.4.x-manuals/en/main/Restore_Command.html) more information about the [restore

command](https://www.bacula.org/9.4.x-manuals/en/main/Restore_Command.html).



### Restoring files as root



Note that the above procedure restores files as the `bacula` user,

which means it cannot create files owned by another user. For basic

use cases that doesn't matter: files can be changed owner by hand

after restore.



But if you're restoring a full system or more complex configuration

than just a single service, that will likely not work because you'd

need to manually change files individually, and that doesn't scale.



So the solution is to run `bacula-fd` as root, temporarily. Follow

this procedure:



 1. Disable Puppet

 

        systemctl stop puppet-run.timer



 2. Remove the configuration file that tells `bacula-fd` to run as the

    `bacula` user:

    

        rm /etc/systemd/system/bacula-fd.service.d/bacula-fd-groups.conf



 3. Reload the daemon:

 

        systemctl daemon-reload

        systemctl restart bacula-fd



 4. On the director, run the backup (follow the above procedure):

 

        bconsole

        [...]



 5. Files in `/var/tmp/bacula-restores` (or wherever you put them)

    should now have the right owner



 6. Reset Puppet:

 

        pat



The last step will restart the systemd timer, reset the configuration

file, and restart all daemons (in theory).



TODO: Note that this procedure was never tested, but this, in theory,

works. Please confirm and update this section after success or failure.



## Restore a host that has been offline for a long time



If a host has been offline for a long time its storage configuration might have been expired by puppet. You will notice that when you are trying to restore some file to a different host you will get the following error after having selected the files: