Embedding full NDMP support in BAREOS.

No filed plugin but a proper implementation with support in
the director to act as a NDMP DMA (Data Management Application)
and for NDMP tape agent support in the storage daemon for saving
data using the NDMP protocol.

This code is based on the NDMJOB NDMP reference implementation
of Traakan, Inc., Los Altos, CA which has a BSD style license
(2 clause one).

http://www.traakan.com/ndmjob/index.html

We imported the latest actively supported version of this
reference NDMP code from the Amanda project. Instead of
basing it on glib what Amanda has done we reverted some changes
back to the way the latest spinnaker sources of the NDMJOB code
deliver things with per OS specific code.

The robot and tape simulator are rewritten versions from NDMJOB
with support for registering callbacks in the calling code. This
way we can implement virtual tape and robot functionality in the
storage daemon for handling NDMP backups.

There is also some code added for registering authentication
callbacks in the calling code. This way we can perform clear
text and md5 based authentication against the internal config
data we keep in BAREOS native resources.

The core fileindex handling code is rewritten to use callback
functions for doing the real work. This way we can hook in
internal functions into the core file indexing process which
happens after a backup and before a restore to fill the
files which have been backed up or restored.

Some missing initialization, commission and decommission is
added although it is empty it is better to have a consistent
coding path/style for everything. Added extra destroy method
as for some agents a decommission means make it ready for a next
run and we want something that does a tear down and cleanup
of anything dynamically allocated during a NDMP run.

We also added support for telling the initialization upfront
what NDMP services it should support. (e.g. DATA MANAGEMENT
APPLICATION (DMA), DATA AGENT, TAPE AGENT or ROBOT AGENT)
so when we accept a connection in the storage daemon via
ndmp_tape we only allow the client to use our NDMP TAPE AGENT
and not the ROBOT, DMA and DATA AGENT. See ndm_session structure
members ..._agent_enabled.

We also rewrote some of the internal structures. Normally
a NDMP session is described by a so called ndm_session struct
which is a whopping 1442392 bytes (almost 1.4 Mb) in size.
The coders decided they would allocate each array up front
and as such the total structure is huge. This is not very
handy when using it as a base for a shared library as we want
to support all agents but possibly not at the same time
(even most likely not at the same time.)

So the new ndm_session struct has pointers to the individual
members and storage is only allocated when things are needed
we also only allocate buffers at the time we need them not
upfront. For things like directory names or other pathnames
we just strdup the actual string and free it on decommission
of the data, this saves a lot when PATH_MAX = 1024 bytes and
you stuff a directory path of lets say 30 bytes.

The DMA and DATA AGENT also keep track of an list of environment
variables and a name list structure. In the original code the
environment variable list can have a maximum of 1024 entries
and 10240 entries for the name list and that is allocated as
one big array of either 1024 or 10240 entries. This is
madness we rewrote the list code to use a normal linked
list so we only need the space to store the actual number
of nodes of each list. There is a enumerate function which
returns a memory chunk with all entries concatenated which
is used for the rpc calls. We keep track of this enumerate
buffer in the list descriptor and when the list is torn down
it is freed. (We cannot free it earlier as it is needed
as buffer for the returning rpc call.) This lingering of
a buffer should be no problem as it should be moderate in
size now and not the whopping 1024 or 10240 entries anymore.

The media table is also rewritten to a linked list and not
a fixed list of 40 entries as it was in the old code.

This has significant size advantages to give an idea:

   ndm_control_agent, original size 523000 bytes, new size 928 bytes
   ndm_data_agent, original size 553232 bytes, new size 304 bytes
   ndm_tape_agent, original size 263388 bytes, new size 228 bytes
   ndm_plumbing, original size 102592 bytes, new size 20 bytes

As we initialize some things now later we needed to add some
extra checks and things may core dump due to dereferencing
a null pointer. We decided to take that as a risk and fix
those problems which we encounter them. Adding extra checks
all over the place checking if things are not initialized is
also gross overkill and as NDMP is a nice state machine we
probably can get away by putting checks in strategic places.

The test routines are put into an extra define named
NDMOS_OPTION_NO_TEST_AGENTS so one can disable them for a
production shared library.

Extra support for getaddrinfo() is added to the library
which supercedes the old and by POSIX deprecated gethostbyname()
interface. Also the implementation of poll() is completed and
we now also check the return info from poll() and set the
channel ready flag if we detect something on a channel. This
way the poll() handler should be on par with the select()
based poller.

The ndmjob program code is also included and you can build
the ndmjob binary using the new shared library. Currently
it is mostly for testing the new code in the shared library.

The ndmjob program code is rewritten to also use linked list
whereever possible without the need to completely rewrite the
code.

The NDMJOB header files are made C++ aware so we can compile
the shared lib a pure C-code (which it essentially also is)
and use it from BAREOS.

The config engine of the director and storage daemon have been
made aware of the NDMP protocol. Currently there is support for
creating NDMP protocol based Backup and Restore Jobs. The storage
resource is extended with a protocol and authentication type field
which can be used by the NDMP DMA coded in ndmp_dma.c. A Client
also has those two fields. When a storage daemon used in the NDMP
backup/restore is in real life an BAREOS storage daemon an extra
field named paired storage is part of the storage resource and is
used by the DMA to contact the storage daemon via the native protocol
to be able to simulate a NDMP save or restore via the normal
BAREOS infrastructure. Via the native protocol we reserve
things like drives etc so the virtual NDMP tape client can
save its data, the native link is also used for things like
getting the next volume to load etc.

The job start code for backup and restore is modified to check
for the job protocol and dispatch to the native routines when
it is a native backup or to the NDMP routines when it is any NDMP job.

The NDMP tape agent lives in ndmp_tape.c in the storage
daemon it creates an extra listening thread which handles NDMP
connections. Its based on the BAREOS bnet_server_thread code but
put somewhat on a diet as for NDMP we don't need all the bells
and whistles from the bsock class so we implemented a light weight
ndmp connection structure. This structure is passed as handle to
the connection handler and could be seen as local hook data and
can be extended along the way to keep some state information on
the NDMP session related to internal BAREOS resources.

A ndmp backup configuration looks somethings like this:

Configuration in bareos-dir.conf:

Replace <ndmp_data_server> with the hostname of the storage device
you are backing up e.g. the DATA AGENT in NDMP terms.

#
# Use the DUMP protocol (e.g. UNIX DUMP comparable to tar/cpio)
# Generates FileHandle Information which can be used for single file
# restore.
#
JobDefs {
  Name = "DefaultNDMPJob"
  Type = Backup
  Protocol = NDMP
  Level = Incremental
  Client = <ndmp_data_server>-ndmp
  Backup Format = dump
  FileSet = "NDMP Fileset"
  Schedule = "WeeklyCycle"
  Storage = NDMPFile
  Messages = Standard
  Pool = NDMPFile
  Priority = 10
  Write Bootstrap = "/var/opt/bareos/run/bareos/%c.bsr"
}

#
# A special restore Job which has the protocol set right etc.
#
JobDefs {
  Name = "DefaultNDMPRestoreJob"
  Client = <ndmp_data_server>-ndmp
  Type = Restore
  Protocol = NDMP
  Backup Format = dump
  FileSet = "NDMP Fileset"
  Storage = NDMPFile
  Pool = Default
  Messages = Standard
  Where = /
}

#
# A NDMP Backup Job using the JobDef above.
#
Job {
  Name = "BackupNDMPDump"
  JobDefs = "DefaultNDMPJob"
}

#
# Use the NETAPP SMTAPE protocol e.g. same protocol is used as replication protocol
# between two NETAPP storage boxes. Doesn't allow single file restore all or nothing
# restore of whole NETAPP volume.
#
Job {
  Name = "BackupNDMPSMTape"
  JobDefs = "DefaultNDMPJob"
  Backup Format = smtape
  Client = <ndmp_data_server>-ndmp
  FileSet = "NDMP SMtape Fileset"
}

#
# A NDMP restore Job using the JobDef above.
#
Job {
  Name = "NDMPRestoreDump"
  JobDefs = "DefaultNDMPRestoreJob"
}

#
# A NDMP restore Job using the JobDef above but for restoring a SMTAPE type of NDMP backup.
#
Job {
  Name = "NDMPRestoreSMTape"
  JobDefs = "DefaultNDMPRestoreJob"
  Backup Format = smtape
  FileSet = "NDMP SMtape Restore Fileset"
}

Fileset {
  Name = "NDMP Fileset"
  Include {
    Options {
       meta = "USER=root"
    }
    File = /export/home/...
  }
}

#
# A NDMP Backup using SMPTAPE of a NetAPP storage box.
#
Fileset {
  Name = "NDMP SMtape Fileset"
  Include {
    Options {
       meta = "SMTAPE_DELETE_SNAPSHOT=Y"
    }
    File = /vol/vol1
  }
}

#
# A NDMP Restore using SMPTAPE of a NetAPP storage box.
#
Fileset {
  Name = "NDMP SMtape Restore Fileset"
  Include {
    Options {
       meta = "SMTAPE_BREAK_MIRROR=Y"
    }
    File = /vol/vol1
  }
}

#
# A NDMP Client.
#
Client {
  Name = <ndmp_data_server>-ndmp
  Address = ...
  Port = 10000
  Protocol = NDMPv4                   # Need to specify protocol before password as protocol determines password encoding used.
  Auth Type = Clear                   # Clear == Clear Text, MD5 == Challenge protocol
  Username = "ndmp"                   # username of the NDMP user on the DATA AGENT e.g. storage box being backed up.
  Password = "test"                   # password of the NDMP user on the DATA AGENT e.g. storage box being backed up.
}

#
# Your normal Bareos SD definition should be already in your config.
#
Storage {
  Name = File
  Address = ...                       # N.B. Use a fully qualified name here
  SDPort = 9103
  Password = ...
  Device = FileStorage
  Media Type = File
}

#
# Same storage daemon but via NDMP protocol.
# We link via the PairedStorage config option the Bareos SD instance definition to a NDMP TAPE AGENT.
#
Storage {
  Name = NDMPFile
  Address = ...                       # N.B. Use a fully qualified name here
  Port = 10000
  Protocol = NDMPv4                   # Need to specify protocol before password as protocol determines password encoding used.
  Auth Type = Clear                   # Clear == Clear Text, MD5 == Challenge protocol
  Username = ndmp                     # username of the NDMP user on the TAPE AGENT e.g. the Bareos SD but accessed via the NDMP protocol.
  Password = test                     # password of the NDMP user on the TAPE AGENT e.g. the Bareos SD but accessed via the NDMP protocol.
  Device = FileStorage
  Media Type = File
  PairedStorage = File
}

#
# Your normal File based backup pool normally already defined.
#
Pool {
  Name = File
  Pool Type = Backup
  Recycle = yes
  AutoPrune = yes
  Storage = File
  Volume Retention = 365 days         # one year
  Maximum Volume Bytes = 50G          # Limit Volume size to something reasonable
  Maximum Volumes = 100               # Limit number of Volumes in Pool
}

#
# Separate Pool for NDMP data so upgrading of Jobs works and selects the right storage.
#
Pool {
  Name = NDMPFile
  Pool Type = Backup
  Recycle = yes
  AutoPrune = yes
  Storage = NDMPFile
  Volume Retention = 365 days         # one year
  Maximum Volume Bytes = 50G          # Limit Volume size to something reasonable
  Maximum Volumes = 100               # Limit number of Volumes in Pool
}

Configuration in bareos-sd.conf:

#
# Normal SD config block, should enable the NDMP protocol here otherwise it won't listen
# on port 10000.
#
Storage {
   Name = ....
   ...
   NDMP Enable = yes
}

#
# This entry gives the DMA in the Director access to the bareos SD via the NDMP protocol.
# This option is used via the NDMP protocol to open the right TAPE AGENT connection to your
# Bareos SD via the NDMP protocol. The initialization of the SD is done via the native protocol
# and is handled via the PairedStorage keyword.
#
Ndmp {
  Name = ...-ndmp-dma                # Can be any name but normally you should use the name of the Director here.
  Username = ndmp                    # Same username as you specified in the NDMPFile storage definition.
  Password = test                    # Same password as you specified in the NDMPFile storage definition.
  AuthType = Clear                   # Clear == Clear Text, MD5 == Challenge protocol
}

Configuration API
=================

Naming
------

    * Components:
        * bareos-dir
        * bareos-sd
        * bareos-fd
        * bareos-traymonitor
        * bconsole
        * bat (only legacy config file: bat.conf)

    * $COMPONENT refers to one of the listed Components.

    * Legacy config file (still valid and supported, with some limitation when using the configuration API):
        * $CONFIGDIR/$COMPONENT.conf

    * $CONFIGDIR refers to the configuration directory. Bareos Linux packages use "/etc/bareos/".



Changes
-------

When updating from bareos < 16.2, most of these changes are not relevant, as the legacy configuration will still be used.

    * configsubdirectories
        * if legacy config file ($CONFIGDIR/$COMPONENT.conf) not found, following wildcard path will be used to load the configuration:
            * $CONFIGDIR/$COMPONENT.d/*/*.conf
        * one config file per resource. Name of the config file is identical with the resource name.
            * e.g.
                * bareos-dir.d/director/bareos-dir.conf
                * bareos-dir.d/pool/Full.conf
            * There is one exception: the resource bareos-fd.d/client/myself.conf always has the file name myself.conf, while the name is normally set to the hostname of the system.
        * the -c command line switch takes file and directories as arguments. When the argument is a directory, $COMPONENT.d/*/*.conf is added to load the configuration.
    * additional package can contain configuration files that are automatically included
        * However, most additional configuration resources require configuration. These configuration come as example files:
            * $CONFIGDIR/$COMPONENT.d/$RESOURCE/$NAME.conf.example
            * For example, the bareos-webui comes with two config resources for the bareos-director:
                * $CONFIGDIR/bareos-director.d/profile/webui.conf
                * $CONFIGDIR/bareos-director.d/console/user1.conf.example
    * modified resource names:
        * $HOSTNAME-dir => bareos-dir
        * $HOSTNAME-sd => bareos-sd
            * make more sense when installing just the fd. Then probaly only the Address must be changed.
            * fits better into configsubdirectory structure and packaging,
                because otherwise the filename is only known at install time /and might change)
        * "Linux All" => "LinuxAll"
            * Spaces are still valid in resource names. However, the build configuration script wasn't able to cope the file names containing spaces.
    * bareos-traymonitor
        * also single file per resource.
        * bareos-traymonitor package only contains $CONFIGDIR/tray-monitor.d/monitor/bareos-mon.conf.
            * The other resoures are part of the related packages:
                * $CONFIGDIR/tray-monitor.d/client/FileDaemon-local.conf is part of bareos-filedaemon
                * $CONFIGDIR/tray-monitor.d/storage/StorageDaemon-local.conf is part of bareos-storage
                * $CONFIGDIR/tray-monitor.d/director/Director-local.conf is part of bareos-director
            * This way, the bareos-traymonitor will be configured automatically for the installed components.

How to use configsubdirectories
-------------------------------

    * Fresh installation
        * We easiest way to start with configsubdirectories and configuration API is to start with a fresh installation.
            * It will be useable immediatly after installation of the bareos-director.
            * When additional packages come with example configuration files, copy them to $NAME.conf, modify it to your needs and reload the director.
            * Attention:
                * when you want to remove a configuration resource that has been deployed with the bareos packages, it is adviced to replace the resource config file by an empty file. This prevents that the resource reappears with a package update.
                    * This is mainly true for RPM Bareos packages. Debian store the deployed configuration in /usr/lib/bareos/defaultconfigs/ and copies them to /etc/bareos/ only if there is no configuration. Similar for Windows.
    * Update
        * When update to a Bareos version containing configsubdirectories (Bareos >= 16.2), the existing configuration will not be touched and is still the default configuration.
        * Attention: Problems can occur, if you have already splitted your configuration to the same subdirectories as used by the new packages ($CONFIGDIR/$COMPONENT.d/*/) and have implemented an own wildcard mechanism to load them. In this case, newly installed configuration resource files can alter your current configuration in adding additional resources.
        * As long as the old configuration file ($CONFIGDIR/$COMPONENT.conf) exists, it will be used.
        * The correct way to migrate to the new configuration scheme would be to split the configuration file into resources, store them in the reosurce directories and then remove the original configuration file.
            * This requires efford. It is planed to create a program that helps to migrate the settings, however, until now, it is not available.
            * The easy way is:
                * mkdir $CONFIGDIR/$COMPONENT.d/migrate && mv $CONFIGDIR/$COMPONENT.conf $CONFIGDIR/$COMPONENT.d/migrate
                * Resources defined in both, the new configuration directory scheme and the old configuration file must be removed from one of the places, best from the old configuration file, after verifying that the settings are identical with the new settings.

On Debian based systems (Debian, Ubuntu, Univention Corporate Server),
database configuration can be done with help of the dbconfig system.

  * Package: dbconfig-common
  * Homepage/Documentation: http://people.debian.org/~seanius/policy/dbconfig-common.html/

Install/update scenarios:
  * fresh install
  * preinstalled 2001
  * preinstalled 2002
  * 12: 2001 -> 2002, 13: 2001 -> 2002: update from 12 to 13

Behavior:
  * config file: /etc/dbconfig-common/bareos.conf
  * sql files stored at
    * /usr/share/dbconfig-common/data/bareos-database-common/upgrade/pgsql/2001
    * /usr/share/dbconfig-common/data/bareos-database-common/upgrade/pgsql/2002
    * /usr/share/dbconfig-common/data/bareos-database-common/upgrade/mysql/2001
    * /usr/share/dbconfig-common/data/bareos-database-common/upgrade/mysql/2002
    * /usr/share/dbconfig-common/data/bareos-database-common/install/pgsql
    * /usr/share/dbconfig-common/data/bareos-database-common/install/mysql

Upgrade:
  * bareos-database-common.postinst
    * every file from /usr/share/dbconfig-common/data/bareos-database-common/upgrade/DATABASE/*, that is larger than parameter $2 (package version of replaced package) will be installed.
        * even if the filename "is larger" than current package version
        * dbconfig does not store the installed version. It uses only the old and the current package version.
    * in Bareos, different branches can each do a database version update, example:
      * 12.4.6: 2001
      * 12.4.7: 2002
      * 12.4.8: 2003
      * 13.2.2: 2001
      * 13.2.3: 2002
      * 13.2.4: 2003
      * using standard dbconfig this could result in following
        * updating from 12.4.6 to 13.2.3 would result in a database update from
          * 2001 (12.4.6) -> 2002 (12.4.7) -> 2003 (12.4.8) -> 2001 (13.2.2) ... => failure
    * Bareos modifies the dbconfig behavior by not working with package versions, but database versions:
      * bareos-database-common.config, bareos-database-common.postinst:
        * instead of passing parameter $2 (old package version), this gots translated to database version with the help of a map file (versions.map).
           * with the help of this, every database schema update is only be done once
    * how to handle package update from version without dbconfig to version with it?
      Bareos dbconfig will be introduced with some version >= 14.1.0.
      The latest database version for 12.4 and 13.2 will be 2002.
      Therefore we claim, that the first version using db_config will be 2003, even if it is only 2002. Using this, all existing database updates get applied.
        if dpkg --compare-versions "$param2_orig" lt "14.1.0"; then
            dbc_first_version="2003"
            ...
        fi

Database Permissions by dbconfig:

MySQL:
    GRANT USAGE ON *.* TO 'bareos'@'localhost' IDENTIFIED BY PASSWORD '*3E80BB05233BE488EE70C1D6494E2F2DB00FEBB4'
    GRANT ALL PRIVILEGES ON `bareos`.* TO 'bareos'@'localhost'

PostgreSQL:
    bareos will be the database owner

Testing:
# bareos-database-dbconfig
#   ~/dbconf
#     fakeroot debian/rules binary
#  /var/lib/dpkg/info/*.postinst ...
/var/log/dbconfig-common/dbc.log

eval "`dbconfig-generate-include /etc/dbconfig-common/bareos-database-common.conf`"



Behavior
========

noninteractive
==============

export DEBIAN_FRONTEND=noninteractive
echo "bareos-database-common bareos-database-common/mysql/admin-pass select linuxlinux" | debconf-set-selections

postgresql
==========

  * install
    * /etc/dbconfig-common/bareos-database-common.conf created
    * db: setup
  * update from 12.4:
    * updates db_version from 2001 to 2002.
  * update from 13.2:
    * db_version is already 2002. It detects, nothing to do.
  * update dbconfig already configured
    * ?

mysql
=====

  * install
    * /etc/dbconfig-common/bareos-database-common.conf created
    * db: setup
    * dbpass must be set to bareos-dir.conf
  * update from 12.4:
    * updates db_version from 2001 to 2002.
  * update from 13.2:
    * db_version is already 2002. It detects, nothing to do.
  * update dbconfig already configured
    * ?

sqlite3
=======

  * install
    * /etc/dbconfig-common/bareos-database-common.conf created
    * db: setup
    * creates link from /var/lib/bareos/bareos.db to bareos
  * update from 12.4:
    * updates db_version from 2001 to 2002.
  * update from 13.2:
    * db_version is already 2002. It detects, nothing to do.
    * creates link from /var/lib/bareos/bareos.db to bareos
  * update dbconfig already configured
    * ?

Using droplet S3 as a backingstore for backups.

The droplet S3 storage backend writes chunks of data in an S3 bucket.

For this you need to install the the bareos-storage-droplet packages which contains
the libbareossd-chunked*.so  and  libbareossd-droplet*.so shared objects and the droplet storage backend which implements a dynamic loaded storage backend.

In the following example all the backup data is placed in the "bareos-backup" bucket on the defined S3 storage.
A volume is a sub-directory in the defined bucket, and every chunk is placed in the Volume directory with the filename 0000-9999 and a size that is defined in the chunksize.

The droplet S3 can only be used with virtual-hosted-style buckets like http://<bucket>.<s3_server>/object
Path-style buckets are not supported when using the droplet S3.

On the Storage Daemon the following configuration is needed.
Example bareos-sd.d/device/S3_ObjectStorage.conf file:

Device {
  Name = S3_ObjectStorage
  Media Type = S3_Object1
  Archive Device = S3 Object Storage

  #
  # Device Options:
  #    profile= - Droplet profile path, e.g. /etc/bareos/bareos-sd.d/droplet/droplet.profile
  #    location= - AWS location (e.g. us-east etc.). Optional.
  #    acl= - Canned ACL
  #    storageclass= - Storage Class to use.
  #    bucket= - Bucket to store objects in.
  #    chunksize= - Size of Volume Chunks (minimum = default = 10 Mb)
  #    iothreads= - Number of IO-threads to use for upload (use blocking uploads if not defined)
  #    ioslots= - Number of IO-slots per IO-thread (0-255, default 10)
  #    retries= - Number of retires if a write fails (0-255, default = 0, which means unlimited retries)
  #    mmap - Use mmap to allocate Chunk memory instead of malloc().
  #

  # testing:
  Device Options = "profile=/etc/bareos/bareos-sd.d/droplet/droplet.profile,bucket=bareos-bucket,chunksize=100M,iothreads=0,retries=1"

  # performance:
  #Device Options = "profile=/etc/bareos/bareos-sd.d/droplet/droplet.profile,bucket=bareos-bucket,chunksize=100M"

  Device Type = droplet
  LabelMedia = yes                    # lets Bareos label unlabeled media
  Random Access = yes
  AutomaticMount = yes                # when device opened, read it
  RemovableMedia = no
  AlwaysOpen = no
  Description = "S3 device"
  Maximum File Size = 500M            # 500 MB (allows for seeking to small portions of the Volume)
  Maximum Concurrent Jobs = 1
  Maximum Spool Size = 15000M
}

The droplet.profile file holds the credentials for S3 storage
Example /etc/bareos/bareos-sd.d/droplet/droplet.profile file:

Make sure the file is only readable for bareos, credentials for S3 are listed here.

Config options profile:

use_https = True
host = <FQDN for S3>
access_key = <S3 access key>
secret_key = <S3 secret key>
pricing_dir = ""
backend = s3
aws_auth_sign_version = 2

If the pricing_dir is not empty,
it will create an <profile_directory>/droplet.csv file which will record all S3 operations.
See the code at https://github.com/bareos/Droplet/blob/bareos-master/libdroplet/src/pricing.c for an explanation.

The parameter "aws_auth_sign_version = 2" is for the connection to a CEPH S3 gateway.
For use with AWS S3 the aws_auth_sign_version, must be set to "4".

On the Director you connect to the Storage Device with the following configuration
Example bareos-dir.d/storage/S3_1-00.conf file:

Storage {
  Name = S3_Object
  Address  = "Replace this by the Bareos Storage Daemon FQDN or IP address"
  Password = "Replace this by the Bareos Storage Daemon director password"
  Device = S3_ObjectStorage
  Media Type = S3_Object1
}


Troubleshooting
===============

S3 Backend Unreachable
----------------------

The droplet device can run in two modes:
  * direct writing (iothreads  = 0)
  * cached writing (iothreads >= 1)

If iothreads >= 1, retries = 0 (unlimited retries) and the droplet backend (e.g. S3 storage) is not available, a job will continue running until the backend problem is fixed.
If this is the case and the job is canceled, it will only be canceled on the Director. It continues running on the Storage Daemon, until the S3 backend is available again or the Storage Daemon itself is restarted.

If iothreads >= 1, retries != 0 and the droplet backend (e.g. S3 storage) is not available, write operation will be silently discarded after the specified number of retries.
*Don't use this combination of options*.

Caching when S3 backend is not available:
This behaviour have not changed, but I fear problems can arise, if the backend is not available and all write operations are stored in memory.

The status of the cache can be determined with the "status storage=..." command.


Pending IO chunks (and inflight chunks):
```
...
Device "S3_ObjectStorage" (S3) is mounted with:
    Volume:      Full-0085
    Pool:        Full
    Media type:  S3_Object1
Backend connection is working.
Inflight chunks: 2
Pending IO flush requests:
   /Full-0085/0002 - 10485760 (try=0)
   /Full-0085/0003 - 10485760 (try=0)
   /Full-0085/0004 - 10485760 (try=0)
...
Attached Jobs: 175
...
```

If try > 0, problems did already occur. The system will continue retrying.


Status without pending IO chunks:
```
Device "S3_ObjectStorage" (S3) is mounted with:
    Volume:      Full-0084
    Pool:        Full
    Media type:  S3_Object1
Backend connection is working.
No Pending IO flush requests.
Configured device capabilities:
  EOF BSR BSF FSR FSF EOM !REM RACCESS AUTOMOUNT LABEL !ANONVOLS !ALWAYSOPEN
Device state:
  OPENED !TAPE LABEL !MALLOC APPEND !READ EOT !WEOT !EOF !NEXTVOL !SHORT MOUNTED
  num_writers=0 reserves=0 block=8
Attached Jobs:
```

Integrating GlusterFS and BAREOS.

The gluster integration uses so called URIs that are mostly analog to the
way you specify gluster volumes in for example qemu.

Syntax:

gluster[+transport]://[server[:port]]/volname[/dir][?socket=...]

'gluster' is the protocol.

'transport' specifies the transport type used to connect to gluster
management daemon (glusterd). Valid transport types are tcp, unix
and rdma. If a transport type isn't specified, then tcp type is assumed.

'server' specifies the server where the volume file specification for
the given volume resides. This can be either hostname, ipv4 address
or ipv6 address. ipv6 address needs to be within square brackets [ ].
If transport type is 'unix', then 'server' field should not be specifed.
The 'socket' field needs to be populated with the path to unix domain
socket.

'port' is the port number on which glusterd is listening. This is optional
and if not specified, QEMU will send 0 which will make gluster to use the
default port. If the transport type is unix, then 'port' should not be
specified.

'volname' is the name of the gluster volume which contains the data that
we need to be backup.

'dir' is an optional base directory on the 'volname'

Examples:

gluster://1.2.3.4/testvol[/dir]
gluster+tcp://1.2.3.4/testvol[/dir]
gluster+tcp://1.2.3.4:24007/testvol[/dir]
gluster+tcp://[1:2:3:4:5:6:7:8]/testvol[/dir]
gluster+tcp://[1:2:3:4:5:6:7:8]:24007/testvol[/dir]
gluster+tcp://server.domain.com:24007/testvol[/dir]
gluster+unix:///testvol[/dir]?socket=/tmp/glusterd.socket
gluster+rdma://1.2.3.4:24007/testvol[/dir]

- Using glusterfs as backingstore for backups

  For this you need to install the storage-glusterfs package which contains
  the libbareossd-gfapi.so shared object which implements a dynamic loaded
  storage backend.

  - bareos-sd.conf

  Device {
    Name = GlusterStorage
    Device Type = gfapi
    Media Type = GlusterFile
    Archive Device = <some description>
    Device Options = "uri=gluster://<volume_spec>"
    LabelMedia = yes
    Random Access = Yes
    AutomaticMount = yes
    RemovableMedia = no
    AlwaysOpen = no
  }

  - bareos-dir.conf

  Storage {
    Name = Gluster
    Address = <sd-hostname>
    Password = "<password>"
    Device = GlusterStorage
    Media Type = GlusterFile
    Maximum Concurrent Jobs = 10
  }

  In the above GlusterFile is a sample MediaType if you use multiple Gluster storage
  devices in one storage daemon make sure you use different Media Types for each
  storage as the same Media Type means BAREOS thinks it can swap volumes between
  different storages which is probably not going to work if you point to different
  locations on your Gluster volume(s).

- Backing up data on a Gluster Volume

  For this you need to install the filedaemon-glusterfs-plugin package which contains
  the gfapi-fd.so shared object which implements a dynamic loaded filed plugin.

  For backing up Gluster the gfapi-fd.so implements two types of backups one in which
  it will crawl the filesystem itself and one where it uses glusterfind to create a
  list of files to backup. The glusterfind script is new since Gluster 3.7 so you need
  a version that includes it to be able to use it.

  A backup made using the gfapi-fd.so needs a Job and Fileset definition. For the local
  crawling example this would look somewhat like this:

  Job {
    Name = "gfapitest"
    JobDefs = "DefaultJob"
    FileSet = "GFAPI"
  }

  FileSet {
    Name = "GFAPI"
    Include {
      Options {
        aclsupport = yes
        xattrsupport = yes
        signature = MD5
      }
      Plugin = "gfapi:volume=gluster\\://<volume_spec>:"
    }
  }

  When you want to use glusterfind you should start by reading the documentation on glusterfind
  and the setup it needs before configuring things in BAREOS. You need to create at least a new
  session for glusterfind that you are going to use for backing up the gluster volume. There is
  a wrapper named bareos-glusterfind-wrapper which is used in the pre and post definition of a
  backup Job to interact with glusterfind.

  For a backup with glusterfind the FileSet and Job will look a little different then the one
  above as you need to interact with glusterfind to get the actual filelist that the backup should use.

  Job {
    Name = "gfapitest"
    JobDefs = "DefaultJob"
    FileSet = "GFAPI"
    RunScript {
      Runs On Client = Yes
      RunsWhen = Before
      FailJobOnError = Yes
      Command = "<bareos_script_dir>/bareos-glusterfind-wrapper -l %l -s %m prebackup <volume_name> <output_file>"
    }
    RunScript {
      Runs On Success = Yes
      RunsOnFailure = Yes
      Runs On Client = Yes
      RunsWhen = After
      Command = "<bareos_script_dir>/bareos-glusterfind-wrapper postbackup <volume_name> <output_file>"
    }
  }

  FileSet {
    Name = "GFAPI"
    Include {
      Options {
        aclsupport = yes
        xattrsupport = yes
        signature = MD5
      }
      Plugin = "gfapi:volume=gluster\\://<volume_spec>:gffilelist=<output_file>"
    }
  }

Modern tape drives, e.g. LTO >= 4, support hardware encryption.

There are several ways of using encryption with these drives
The following three types of key management are available for
doing encryption. The transmission of the keys to the volumes
is accomplished by:

- A backup application that supports Application Managed Encryption (AME)
- A tape library that supports Library Managed Encryption (LME)
- Using a Key Management Appliance (KMA).

We added support for Application Managed Encryption (AME) scheme where
on labeling a crypto key is generated for a volume and when the volume
is mounted the crypto key is loaded and when unloaded the key is cleared
from the memory of the Tape Drive using the SCSI SPOUT command set.

If you have implemented Library Managed Encryption (LME) or
a Key Management Appliance (KMA) there is no need to have support
from Bareos on loading and clearing the encryption keys as either
the Library knows the per volume encryption keys itself or it
will ask the KMA for the encryption key when it needs it. For
big installations you might consider using a KMA but the Application
Managed Encryption implemented in Bareos should also scale rather
well and has low overhead as the keys are only loaded and cleared
when needed.

How does it all work:

- the libbareos library has some new features:
   - crypto_wrap.c  - Implements a RFC3394 based wrapping of crypto keys
   - crypto_cache.c - Implements a cache of wrapped crypto keys used when
                      we cannot ask the director for the key e.g. on
                      startup of the storage daemon.
   - passphrase.c   - Implements generation of semi-random passphrases
   - scsi_lli.c     - Implements a lowlevel interface to the tape drive for
                      several ioctl interfaces available on some modern UNIX
                      platforms. Current supported platforms are:
                         - Linux (SG_IO ioctl interface) (tested)
                         - Solaris (USCSI ioctl interface) (tested)
                         - FreeBSD (libcam interface)
                         - NetBSD (SCIOCCOMMAND ioctl interface)
                         - OpenBSD (SCIOCCOMMAND ioctl interface)
   - scsi_crypto.c  - Implements sending of SCSI Security Protocol IN (SPIN)
                      and SCSI Security Protocol OUT (SPOUT) pages using
                      the scsi_lli interface.

- A new tool named bscrypto allows you to manipulate the tape drive.
  It is mostly used for Disaster Recovery (DR) purposes. The storage
  daemon and the btools (bls, bextract, bscan, btape, bextract) will
  use a so called storage daemon plugin to perform the setting and
  clearing of the encryption keys. To bootstrap the encryption support
  and for populating things like the crypto cache with encryption keys
  of volumes that you want to scan you need to use the bscrypto tool.

  The bscrypto tools has the following capabilities:
     - Generate a new passphrase
        - to be used as a so called Key Encryption Key (KEK) for
          wrapping a passphrase using RFC3394 key wrapping with aes-wrap
          - or -
        - for usage as a clear text encryption key loaded into the tape drive.
     - Base64 encode a key if requested
     - Generate a wrapped passphrase which performs the following steps:
        - generate a semi random clear text passphrase
        - wrap the passphrase using the Key Encryption Key using RFC3394
        - base64 encode the wrapped key (as the wrapped key is binary, we
          always need to base64-encode it in order to be able to pass the
          data as part of the director to storage daemon protocol
     - show the content of a wrapped or unwrapped keyfile
       This can be used to reveal the content of the passphrase when
       a passphrase is stored in the database and you have the urge to
       change the Key Encryption Key. Normally I would urge people to not
       change their Key Encryption Key as this means that you have to redo
       all your stored encryption keys as they are stored in the database
       wrapped using the Key Encryption Key available in the config during
       the label phase of the volume
     - Clear the crypto cache on the machine running the bareos-sd which keeps
       a cache of used encryption keys which can be used when the bareos-sd is
       restarted without the need to connect to the bareos-dir to retrieve the
       encryption keys.
     - Set the encryption key of the drive
     - Clear the encryption key of the drive
     - Show the encryption status of the drive
     - Show the encryption status of the next block (e.g. volume)
     - Populate the crypto cache with data

- A new storage daemon plugin is added named scsicrypto-sd which
  hooks into the "unload", "label read", "label write" and "label verified"
  events for loading and clearing the key. It checks the drive if it
  needs to clear it by either using a internal state if it loaded
  a key before or when enabled via a special option which first issues
  an encryption status query. When there is a connection to the director
  and the volume information is not available it will ask the director
  for the data on the currently loaded volume. When no connection is
  available a cache is used which should contain the most recently mounted
  volumes. When an encryption key is available it is loaded into the
  drives memory.

- The director is extended with additional code for handling
  hardware data encryption. On a label of a volume the extra
  keyword "encrypt" will force the director to generate a new
  semi random passphrase for the volume and this passphrase
  is stored in the database as part of the media information.

  A passphrase is always stored in the database base64 encoded
  and when a so called Key Encryption Key is set in the config
  of the director the passphrase is first wrapped using RFC3394
  key wrapping and then base64 encoded. By using key wrapping
  the keys in the database are save against people sniffing
  the info as the data is still encrypted using the Key
  Encryption Key (which in essence is just an extra passphrase
  of the same length as the volume passphrases used)

  When the storage daemon needs to mount the volume it
  will ask the director for the volume information and
  that protocol is extended with the exchange of the
  base64 wrapped encryption key (passphrase). The storage
  daemon has an extra config option in which it records
  the Key Encryption Key of the particular director and
  as such can unwrap the key sended into the original
  passphrase.

  As can be seen from the above info we don't allow the
  user to enter a passphrase but generate a semi random
  passphrase using the openssl random functions (if available)
  and convert that into a readable ASCII stream of letters,
  numbers and most other characters other than the quotes
  and space etc. This will give much stronger passphrase than
  when requesting the info from a user, as we store things in
  the database the user never has to enter these passphrases.

  The volume label is written unencrypted to the volume so
  we can always recognize a Bareos volume. When the key is
  loaded onto the drive we set the decryption mode to mixed
  so we can read both unencrypted and encrypted data from the
  volume. When there is no key loaded or the wrong key is
  loaded the drive will give an IO error when trying to
  read the volume.

  For disaster recovery you can store the Key Encryption Key
  and the content of the wrapped encryption keys somewhere save
  and the bscrypto tool together with the scsicrypto-sd plugin
  can be used to get access to your volumes when you ever lose
  your complete environment.

  When you don't want to use the scsicrypto-sd plugin when
  doing DR and you are only reading one volume you can also
  set the crypto key using the bscrypto tool because we use
  the mixed decryption mode you can set the right encryption
  key before reading the volume label as in mixed mode you can
  read both encrypted and unencrypted data from a volume.
  When you need to read more then one volume you better use
  the scsicrypto-sd plugin with things like bscan/bextract
  as the plugin will then auto load the correct encryption
  key when it loads the volume just as what the storage
  daemon does when performing backups and restores.

  The volume label is unencrypted so a volume can also be
  recognized by a non encrypted installation but it won't be
  able to read the actual data from it. Using an encrypted
  volume label doesn't add much security (there is no security
  related info in the volume label anyhow) and it makes it
  harder to recognize either a labeled volume with encrypted
  data v.s. a unlabeled new volume (both would return an
  IO-error on read of the label.)

The initial setup of SCSI crypto looks something like this:

- Run configure with your normal configure options and
  add the --enable-scsi-crypto option.
- Build the Bareos programs and package/install them
  in the normal way.
- Generate a Key Encryption Key e.g.
     bscrypto -g -

  === Security Setup ===

   Some security levels need to be increased for the storage
   daemon to be able to use the low level SCSI interface for
   setting and getting encryption status on a tape device.

   The following additional security is needed for the following
   operating systems:

     - Linux (SG_IO ioctl interface)

       The user running the storage daemon needs the following
       additional capabilities:
          CAP_SYS_RAWIO (See capabilities(7))

       If bareos-sd does not have the appropriate capabilities, all
       other tape operations may still work correctly, but you will
       get "Unable to perform SG_IO ioctl" errors.

       On older kernels it can be you need CAP_SYS_ADMIN try
       CAP_SYS_RAWIO first and if that doesn't work try CAP_SYS_ADMIN

       When you are running the storage daemon as another user
       then root (which has the CAP_SYS_RAWIO capability) you
       need to add it to the current set of capabilities.

       When you are using systemd you could add this additional
       capability to the CapabilityBoundingSet parameter.

       For systemd add to the bareos-sd.service the following:

       Capabilities=cap_sys_rawio+ep

       You can also setup the extra capability on bscrypto and
       bareos-sd by running the following cmd:

       # setcap cap_sys_rawio=ep bscrypto
       # setcap cap_sys_rawio=ep bareos-sd

       Check the setting with

       # getcap -v bscrypto
       # getcap -v bareos-sd

       getcap and setcap are part of libcap-progs which may not be
       installed on your system.

     - Solaris (USCSI ioctl interface)

       The user running the storage daemon needs the following
       additional privileges:
          PRIV_SYS_DEVICES (See privileges(5))

       When you are running the storage daemon as another user
       then root (which has the PRIV_SYS_DEVICES privilege) you
       need to add it to the current set of privileges.

       This can be setup by setting this either as a project for
       the user or as a extra privileges in the SMF definition
       starting the storage daemon. The SMF setup is the cleanest.

       For SMF make sure you have something like this in the instance
       block.

       <method_context working_directory=":default">
          <method_credential user="bareos" group="bareos" privileges="basic,sys_devices"/>
       </method_context>

  === Changes in bareos-sd.conf ===

- Put the Key Encryption Key into the bareos-sd.conf
  under the director entry in that config for the specific
  director you are creating the config for. e.g.
  Key Encryption Key = "<passphrase>"
- Enable the loading of storage daemon plugins by
  setting the plugin dir in the bareos-sd.conf e.g.
  Plugin Directory = <path_to_sd_plugins>
- Enable the SCSI encryption option in the device configuration
  section of the drive in the bareos-sd.conf. e.g.
  Drive Crypto Enabled = Yes
- When you want the plugin to probe the drive for its encryption
  status if it needs to clear a pending key enable the Query
  Crypto Status option in the device configuration section of the
  drive in the bareos-sd.conf e.g.
  Query Crypto Status = Yes

  === Changes in bareos-dir.conf ===

- Put the Key Encryption Key into the bareos-dir.conf under
  the director config item named Key Encryption Key e.g.
  Key Encryption Key = "<passphrase>"

- restart sd and dir
- Label a volume with the encrypt option e.g.
  label slots=1-5 barcodes encrypt

For Disaster Recovery (DR) you need the following information:

- Actual bareos-sd.conf with config options enabled as described
  above, including things like a definition of a director with
  the Key Encryption Key used for creating the encryption keys
  of the volumes.
- The actual keys used for encryption of the volumes.

  This data needs to be available as a so called crypto cache
  file which is used by the plugin when no connection to the
  director can be made to do a lookup (most likely on DR).

  Most of the times the needed information e.g. bootstrap info
  is available on recently written volumes and most of the
  time the encryption cache will contain the most recent data
  so a recent copy of the bareos-sd.<portnr>.cryptoc file in
  the workingdir is most of the time enough. You can also save
  the info from database in a save place and use bscrypto to
  populate this info (VolumeName<tab>EncryptKey) into the crypto
  cache file used by bextract and bscan. You can use bscrypto
  with the following flags to create a new or update an existing
  crypto cache file e.g. :

  # bscrypto -p /var/lib/bareos/bareos-sd.<portnr>.cryptoc

- A valid BSR file with the location of the last save of the
  database makes recovery much easier. Adding a post script
  to the database save job could collect the needed info and
  make sure its stored somewhere safe.
- Recover the database in the normal way e.g. for postgresql:

  # bextract -D <director_name> -c bareos-sd.conf -V <volname> \
             /dev/nst0 /tmp -b bootstrap.bsr
  # /usr/lib64/bareos/create_bareos_database
  # /usr/lib64/bareos/grant_bareos_privileges
  # psql bareos < /tmp/var/lib/bareos/bareos.sql

  Or something similar (change paths to follow where you
  installed the software or where the package put it.)

NOTE: As described at the beginning of this README there are different
      types of key management:

- A backup application that supports Application Managed Encryption (AME)
- A tape library that supports Library Managed Encryption (LME)
- Using a Key Management Appliance (KMA).

If the Library is setup for LME or KMA it probably won't allow our AME setup
and the scsi-crypto plugin will fail to set/clear the encryption key. To be
able to use AME you need to "Modify Encryption Method" and set it to something
like "Application Managed". If you decide to use LME or KMA you don't have to
bother with the whole setup of AME which may for big libraries be easier, although
the overhead of using AME even for very big libraries should be minimal.

Adding additional storage backends:

- Creating a new backend:
   - Create a new derived class of DEVICE e.g.

      class whatever_device: public DEVICE {
      private:
         POOLMEM *m_virtual_filename;
         boffset_t m_offset;

      public:
         whatever_device();
         ~whatever_device();

         /*
          * Interface from DEVICE
          */
         int d_close(int);
         int d_open(const char *pathname, int flags, int mode);
         int d_ioctl(int fd, ioctl_req_t request, char *mt = NULL);
         boffset_t d_lseek(DCR *dcr, boffset_t offset, int whence);
         ssize_t d_read(int fd, void *buffer, size_t count);
         ssize_t d_write(int fd, const void *buffer, size_t count);
         bool d_truncate(DCR *dcr);
      };

      In file src/stored/backends/whatever_device.h
   - Create a new class implementing the pure virtual methods.
      In file src/stored/backends/whatever_device.c

     There are plenty of examples.
   - Add build rules to src/stored/backends/Makefile.in
   - Add new backend to AVAILABLE_DEVICE_API_SRCS in src/stored/Makefile.in for non dynamic loading.

- Glue code for loading and using the new backend
   - Add new enum value to Device types enum in src/stored/dev.h
   - Add new enum value to is_file() method of DEVICE class.
   - Add new enum mapping to dev_types array in src/stored/stored_conf.c
   - For static allocation of new backend add code to m_init_dev() in src/stored/dev.c
     (In switch (device->dev_type) which dispatches based on device type)
   - Add mapping for dynamic loading of backend to src/stored/sd_backends.h