1Network setup 2============= 3 4.. _section-ClientInitiatedConnection: 5 6Client Initiated Connection 7--------------------------- 8 9The |dir| knows, when it is required to talk to a client (|fd|). Therefore, by defaults, the |dir| connects to the clients. 10 11However, there are setups where this can cause problems, as this means that: 12 13- The client must be reachable by its configured :config:option:`dir/client/Address`\ . Address can be the DNS name or the IP address. (For completeness: there are potential workarounds by using the :ref:`setip <bcommandSetIP>` command.) 14 15- The |dir| must be able to connect to the |fd| over the network. 16 17To circumvent these problems, since Bareos :sinceVersion:`16.2.2: Client Initiated Connection` it is possible to let the |fd| initiate the network connection to the |dir|. 18 19Which address the client connects to reach the |dir| is configured in the :config:option:`fd/director/Address`\ directive. 20 21To additional allow this connection direction use: 22 23- :config:option:`dir/client/ConnectionFromClientToDirector`\ = yes 24 25- :config:option:`dir/client/HeartbeatInterval`\ = 60 ``#`` to keep the network connection established 26 27- :config:option:`fd/director/ConnectionFromClientToDirector`\ = yes 28 29To only allow Connection From the Client to the Director use: 30 31- :config:option:`dir/client/ConnectionFromDirectorToClient`\ = no 32 33- :config:option:`dir/client/ConnectionFromClientToDirector`\ = yes 34 35- :config:option:`dir/client/HeartbeatInterval`\ = 60 ``#`` to keep the network connection established 36 37- :config:option:`fd/director/ConnectionFromDirectorToClient`\ = no 38 39- :config:option:`fd/director/ConnectionFromClientToDirector`\ = yes 40 41Using Client Initiated Connections has disadvantages. Without Client Initiated Connections the |dir| only establishes a network connection when this is required. With Client Initiated Connections, the |fd| connects to the |dir| and the |dir| keeps these connections open. The command :bcommand:`status dir` will show all waiting connections: 42 43.. code-block:: bconsole 44 :caption: show waiting client connections 45 46 *<input>status dir</input> 47 ... 48 Client Initiated Connections (waiting for jobs): 49 Connect time Protocol Authenticated Name 50 ==================================================================================================== 51 19-Apr-16 21:50 54 1 client1.example.com 52 ... 53 ==== 54 55When both connection directions are allowed, the |dir| 56 57#. checks, if there is a waiting connection from this client. 58 59#. tries to connect to the client (using the usual timeouts). 60 61#. waits for a client connection to appear (using the same timeout as when trying to connect to a client). 62 63If none of this worked, the job fails. 64 65When a waiting connection is used for a job, the |fd| will detect this and creates an additional connection. This is required, to keep the client responsive for additional commands, like :bcommand:`cancel`. 66 67To get feedback in case the |fd| fails to connect to the |dir|, consider configuring |fd| to log in a local file. This can be archived by adding the line 68 69``Append = "/var/log/bareos/bareos-fd.log" = all, !skipped, !restored`` 70 71to the default message resource :config:option:`Fd/Messages = Standard`\ : 72 73.. code-block:: bareosconfig 74 :caption: bareos-fd.d/messages/Standard.conf 75 76 Messages { 77 Name = Standard 78 Director = bareos-dir = all, !skipped, !restored 79 Append = "/var/log/bareos/bareos-fd.log" = all, !skipped, !restored 80 } 81 82.. _PassiveClient: 83 84Passive Clients 85--------------- 86 87The normal way of initializing the data channel (the channel where the backup data itself is transported) is done by the |fd| (client) that connects to the |sd|. 88 89In many setups, this can cause problems, as this means that: 90 91- The client must be able to resolve the name of the |sd| (often not true, you have to do tricks with the hosts file) 92 93- The client must be allowed to create a new connection. 94 95- The client must be able to connect to the |sd| over the network (often difficult over NAT or Firewall) 96 97By using Passive Client, the initialization of the datachannel is reversed, so that the storage daemon connects to the |fd|. This solves almost every problem created by firewalls, NAT-gateways and resolving issues, as 98 99- The |sd| initiates the connection, and thus can pass through the same or similar firewall rules that the director already has to access the |fd|. 100 101- The client never initiates any connection, thus can be completely firewalled. 102 103- The client never needs any name resolution and is totally independent from any resolving issues. 104 105.. image:: /include/images/passive-client-communication.* 106 :width: 60.0% 107 108 109 110 111Usage 112~~~~~ 113 114To use this new feature, just configure :config:option:`dir/client/Passive`\ =yes in the client definition of the |dir|: 115 116.. code-block:: bareosconfig 117 :caption: Enable passive mode in bareos-dir.conf 118 119 Client { 120 Name = client1-fd 121 Password = "secretpassword" 122 <input>Passive = yes</input> 123 [...] 124 } 125 126Also, prior to bareos version 15, you need to set :config:option:`fd/client/Compatible`\ =no in the :file:`bareos-fd.conf` configuration file. Since Bareos Version 15, the compatible option is set to no per default and does not need to be specified anymore. 127 128.. code-block:: bareosconfig 129 :caption: Disable compatible mode for the |fd| in bareos-fd.conf 130 131 Director { 132 Name = bareos-dir 133 Password = "secretpassword" 134 } 135 136 Client { 137 Name = client1-fd 138 [...] 139 <input>Compatible = no</input> 140 } 141 142.. _LanAddress: 143 144Using different IP Adresses for SD – FD Communication 145----------------------------------------------------- 146 147:index:`\ <single: Lan Address>`\ 148 149Bareos supports network topologies where the |fd| and |sd| are situated inside of a LAN, but the |dir| is outside of that LAN in the Internet and accesses the |fd| and |sd| via SNAT / port forwarding. 150 151Consider the following scheme: 152 153.. code-block:: shell-session 154 155 /-------------------\ 156 | | LAN 10.0.0.1/24 157 | | 158 | FD_LAN SD_LAN | 159 | .10 .20 | 160 | | 161 \___________________/ 162 | 163 NAT Firewall 164 FD: 8.8.8.10 -> 10.0.0.10 165 SD: 8.8.8.20 -> 10.0.0.20 166 | 167 /-------------------\ 168 | | 169 | | WAN / Internet 170 | DIR | 171 | 8.8.8.100 | 172 | | 173 | FD_WAN SD_WAN | 174 | .30 .40 | 175 \___________________/ 176 177The |dir| can access the :strong:`FD_LAN` via the IP 8.8.8.10, which is forwarded to the IP 10.0.0.10 inside of the LAN. 178 179The |dir| can access the :strong:`SD_LAN` via the IP 8.8.8.20 which is forwarded to the IP 10.0.0.20 inside of the LAN. 180 181There is also a |fd| and a |sd| outside of the LAN, which have the IPs 8.8.8.30 and 8.8.8.40 182 183All resources are configured so that the :strong:`Address`\ directive gets the address where the |dir| can reach the daemons. 184 185Additionally, devices being in the LAN get the LAN address configured in the :strong:`Lan Address`\ directive. The configuration looks as follows: 186 187.. code-block:: bareosconfig 188 :caption: bareos-dir.d/client/FD\_LAN.conf 189 190 Client { 191 Name = FD_LAN 192 Address = 8.8.8.10 193 LanAddress = 10.0.0.10 194 ... 195 } 196 197.. code-block:: bareosconfig 198 :caption: bareos-dir.d/client/SD\_LAN.conf 199 200 Storage { 201 Name = SD_LAN 202 Address = 8.8.8.20 203 LanAddress = 10.0.0.20 204 ... 205 } 206 207.. code-block:: bareosconfig 208 :caption: bareos-dir.d/client/FD\_WAN.conf 209 210 Client { 211 Name = FD_WAN 212 Address = 8.8.8.30 213 ... 214 } 215 216.. code-block:: bareosconfig 217 :caption: bareos-dir.d/client/SD\_WAN.conf 218 219 Storage { 220 Name = SD_WAN 221 Address = 8.8.8.40 222 ... 223 } 224 225This way, backups and restores from each |fd| using each |sd| are possible as long as the firewall allows the needed network connections. 226 227The |dir| simply checks if both the involved |fd| and |sd| both have a :strong:`Lan Address`\ (:config:option:`dir/client/LanAddress`\ and :config:option:`dir/storage/LanAddress`\ ) configured. 228 229In that case, the initiating daemon is ordered to connect to the :strong:`Lan Address`\ instead of the :strong:`Address`\ . In active client mode, the |fd| connects to the |sd|, in passive client mode (see :ref:`PassiveClient`) the |sd| connects to the |fd|. 230 231If only one or none of the involved |fd| and |sd| have a :strong:`Lan Address`\ configured, the :strong:`Address`\ is used as connection target for the initiating daemon. 232 233.. _ConnectionOverviewReference: 234 235Network Connections Overview 236============================ 237The following diagrams show Bareos components with any possible 238network connections between them. Arrows point always from the TCP 239Client to the respective TCP Server, thus the direction of the connection 240initiation. This is not neccessarily the direction of the data flow. 241 242Full connection overview 243------------------------ 244This diagram contains all possible connections between Bareos components 245that are virtually usable. See the chapters :ref:`below for specific diagrams <ConnecionOverviewNamedConsoleAndDefaultConsole>` of the Bareos operating modes. 246 247.. uml:: 248 :caption: Sequence diagram of a Bareos File Daemon connection 249 250 left to right direction 251 skinparam shadowing false 252 253 (Console\nPython\nWebUI) as Con 254 (Tray Monitor) as Tray 255 256 [Filedaemon] as FD 257 [Directordaemon] as Dir 258 [Storagedaemon] as SD 259 [Storagedaemon2] as SD2 260 261 database Catalog 262 263 !define arrow_hidden(from,direction,to,comment) from -[#white]direction->to : <color white>comment</color> 264 265 !define arrow(from,direction,to,comment) from -direction->to : comment 266 267 arrow(Con, right, Dir, 1) 268 arrow(Con, right, Dir, 2) 269 270 arrow(Dir, up, FD, 3) 271 arrow(FD, down, Dir, 4) 272 273 arrow(Dir, right, SD, 5a) 274 275 arrow(FD, down, SD, 6) 276 arrow(SD, down, FD, 7) 277 278 arrow(SD, down, SD2, 8) 279 arrow(Dir, down, SD2, 5b) 280 281 arrow(Tray, down, Dir, 9) 282 arrow(Tray, down, FD, 10) 283 arrow(Tray, down, SD, 11) 284 285 arrow(Dir, down, Catalog, 12) 286 287.. _LegendForFullConnectionOverviewReference: 288 289.. csv-table:: Legend for full connection overview 290 :header: "Connection Number", "Description", "Type" 291 :widths: auto 292 293 1, "Named Console", "control channel" 294 2, "Default Console", "control channel" 295 3, "**Director to File Daemon (default)**", "control channel" 296 4, ":ref:`Client initiated <section-ClientInitiatedConnection>` File Daemon to Director", "control channel" 297 5a, "**Director to Storage (default)**", "control channel" 298 5b, "Director to 2nd Storage doing SD-SD copy or migrate", "control channel" 299 6, "**File Daemon to Storage Daemon (default)**", "data channel" 300 7, ":ref:`Passive Client <PassiveClient>` Storage Daemon to File Daemon", "data channel" 301 8, "Storage Daemon to Storage Daemon", "data channel" 302 9, "Tray Monitor to Director Daemon", "monitor channel" 303 10, "Tray Monitor to File Daemon", "monitor channel" 304 11, "Tray Monitor to Storage Daemon", "monitor channel" 305 12, "Director to catalog database", "database channel" 306 307.. _ConnecionOverviewNamedConsoleAndDefaultConsole: 308 309Named Console and Default Console 310--------------------------------- 311 312.. _ConnectionDiagramNamedAndDefaultConsole: 313 314.. uml:: 315 :caption: Diagram of Console to Director connection 316 317 left to right direction 318 skinparam shadowing false 319 320 (Console\nPython\nWebUI) as Con 321 (Tray Monitor) as Tray 322 323 [Filedaemon] as FD 324 [Directordaemon] as Dir 325 [Storagedaemon] as SD 326 [Storagedaemon2] as SD2 327 328 !define arrow_hidden(from,direction,to,comment) from -[#white]direction->to : <color white>comment</color> 329 330 !define arrow(from,direction,to,comment) from -direction->to : comment 331 332 arrow(Con, right, Dir, 1) 333 arrow(Con, right, Dir, 2) 334 335 arrow_hidden(Dir, up, FD, 3) 336 arrow_hidden(FD, down, Dir, 4) 337 338 arrow_hidden(Dir, right, SD, 5a) 339 340 arrow_hidden(FD, down, SD, 6) 341 arrow_hidden(SD, down, FD, 7) 342 343 arrow_hidden(SD, down, SD2, 8) 344 arrow_hidden(Dir, down, SD2, 5b) 345 346 arrow_hidden(Tray, down, Dir, 9) 347 arrow_hidden(Tray, down, FD, 10) 348 arrow_hidden(Tray, down, SD, 11) 349 350Default Backup/Restore 351---------------------- 352 353.. _ConnectionDiagramDefaultBackupOrRestoreOperation: 354 355.. uml:: 356 :caption: Diagram of a default Backup or Restore operation 357 358 left to right direction 359 skinparam shadowing false 360 361 (Console\nPython\nWebUI) as Con 362 (Tray Monitor) as Tray 363 364 [Filedaemon] as FD 365 [Directordaemon] as Dir 366 [Storagedaemon] as SD 367 [Storagedaemon2] as SD2 368 369 !define arrow_hidden(from,direction,to,comment) from -[#white]direction->to : <color white>comment</color> 370 371 !define arrow(from,direction,to,comment) from -direction->to : comment 372 373 arrow_hidden(Con, right, Dir, 1) 374 arrow_hidden(Con, right, Dir, 2) 375 376 arrow(Dir, up, FD, 3) 377 arrow_hidden(FD, down, Dir, 4) 378 379 arrow(Dir, right, SD, 5a) 380 381 arrow(FD, down, SD, 6) 382 arrow_hidden(SD, down, FD, 7) 383 384 arrow_hidden(SD, down, SD2, 8) 385 arrow_hidden(Dir, down, SD2, 5b) 386 387 arrow_hidden(Tray, down, Dir, 9) 388 arrow_hidden(Tray, down, FD, 10) 389 arrow_hidden(Tray, down, SD, 11) 390 391Client Initiated Backup/Restore 392------------------------------- 393 394.. _ConnectionDiagramClientInitiatedBackupOrRestoreOperation: 395 396.. uml:: 397 :caption: Diagram of a **client initiated** Backup or Restore operation 398 399 left to right direction 400 skinparam shadowing false 401 402 (Console\nPython\nWebUI) as Con 403 (Tray Monitor) as Tray 404 405 [Filedaemon] as FD 406 [Directordaemon] as Dir 407 [Storagedaemon] as SD 408 [Storagedaemon2] as SD2 409 410 !define arrow_hidden(from,direction,to,comment) from -[#white]direction->to : <color white>comment</color> 411 412 !define arrow(from,direction,to,comment) from -direction->to : comment 413 414 arrow_hidden(Con, right, Dir, 1) 415 arrow_hidden(Con, right, Dir, 2) 416 417 arrow_hidden(Dir, up, FD, 3) 418 arrow(FD, down, Dir, 4) 419 420 arrow(Dir, right, SD, 5a) 421 422 arrow(FD, down, SD, 6) 423 arrow_hidden(SD, down, FD, 7) 424 425 arrow_hidden(SD, down, SD2, 8) 426 arrow_hidden(Dir, down, SD2, 5b) 427 428 arrow_hidden(Tray, down, Dir, 9) 429 arrow_hidden(Tray, down, FD, 10) 430 arrow_hidden(Tray, down, SD, 11) 431 432Passive Client Backup/Restore 433----------------------------- 434 435.. _ConnectionDiagramPassiveClientBackupOrRestoreOperation: 436 437.. uml:: 438 :caption: Diagram of a **passive client** Backup or Restore operation 439 440 left to right direction 441 skinparam shadowing false 442 443 (Console\nPython\nWebUI) as Con 444 (Tray Monitor) as Tray 445 446 [Filedaemon] as FD 447 [Directordaemon] as Dir 448 [Storagedaemon] as SD 449 [Storagedaemon2] as SD2 450 451 !define arrow_hidden(from,direction,to,comment) from -[#white]direction->to : <color white>comment</color> 452 453 !define arrow(from,direction,to,comment) from -direction->to : comment 454 455 arrow_hidden(Con, right, Dir, 1) 456 arrow_hidden(Con, right, Dir, 2) 457 458 arrow(Dir, up, FD, 3) 459 arrow_hidden(FD, down, Dir, 4) 460 461 arrow(Dir, right, SD, 5a) 462 463 arrow_hidden(FD, down, SD, 6) 464 arrow(SD, down, FD, 7) 465 466 arrow_hidden(SD, down, SD2, 8) 467 arrow_hidden(Dir, down, SD2, 5b) 468 469 arrow_hidden(Tray, down, Dir, 9) 470 arrow_hidden(Tray, down, FD, 10) 471 arrow_hidden(Tray, down, SD, 11) 472 473Storage-Storage Migration 474------------------------- 475 476.. _ConnectionDiagramStorageToStorageCopyOrMigrateOperation: 477 478.. uml:: 479 :caption: Diagram of a Storage to Storage copy or migrate operation 480 481 left to right direction 482 skinparam shadowing false 483 484 (Console\nPython\nWebUI) as Con 485 (Tray Monitor) as Tray 486 487 [Filedaemon] as FD 488 [Directordaemon] as Dir 489 [Storagedaemon] as SD 490 [Storagedaemon2] as SD2 491 492 !define arrow_hidden(from,direction,to,comment) from -[#white]direction->to : <color white>comment</color> 493 494 !define arrow(from,direction,to,comment) from -direction->to : comment 495 496 arrow_hidden(Con, right, Dir, 1) 497 arrow_hidden(Con, right, Dir, 2) 498 499 arrow_hidden(Dir, up, FD, 3) 500 arrow_hidden(FD, down, Dir, 4) 501 502 arrow(Dir, right, SD, 5a) 503 504 arrow_hidden(FD, down, SD, 6) 505 arrow_hidden(SD, down, FD, 7) 506 507 arrow(SD, down, SD2, 8) 508 arrow(Dir, down, SD2, 5b) 509 510 arrow_hidden(Tray, down, Dir, 9) 511 arrow_hidden(Tray, down, FD, 10) 512 arrow_hidden(Tray, down, SD, 11) 513 514Tray-Monitor 515------------ 516 517.. _ConnectionDiagramAllTrayMonitorConnections: 518 519.. uml:: 520 :caption: Diagram of all Tray Monitor Connections 521 522 left to right direction 523 skinparam shadowing false 524 525 (Console\nPython\nWebUI) as Con 526 (Tray Monitor) as Tray 527 528 [Filedaemon] as FD 529 [Directordaemon] as Dir 530 [Storagedaemon] as SD 531 [Storagedaemon2] as SD2 532 533 !define arrow_hidden(from,direction,to,comment) from -[#white]direction->to : <color white>comment</color> 534 535 !define arrow(from,direction,to,comment) from -direction->to : comment 536 537 arrow_hidden(Con, right, Dir, 1) 538 arrow_hidden(Con, right, Dir, 2) 539 540 arrow_hidden(Dir, up, FD, 3) 541 arrow_hidden(FD, down, Dir, 4) 542 543 arrow_hidden(Dir, right, SD, 5a) 544 545 arrow_hidden(FD, down, SD, 6) 546 arrow_hidden(SD, down, FD, 7) 547 548 arrow_hidden(SD, down, SD2, 8) 549 arrow_hidden(Dir, down, SD2, 5b) 550 551 arrow(Tray, down, Dir, 9) 552 arrow(Tray, down, FD, 10) 553 arrow(Tray, down, SD, 11) 554 555