4 Documentation to do: (a little bit at a time)
5 - Document running a test version.
6 - Make sure restore options are documented
7 - Document query file format.
8 - Document static linking
10 Testing to do: (painful)
11 - that console command line options work
12 - blocksize recognition code.
15 - Look at ua_prune.c in detail. Why did JobType work at all??????
16 - Figure out how to allow multiple simultaneous file Volumes on
20 - Implement FileOptions (see end of this document)
21 - Implement Bacula plugins -- design API
22 - Make hash table for linked files in findlib/find_one.c:161
23 - Make bcopy read through bad tape records.
24 - Need a verbose mode in restore, perhaps to bsr.
25 - Should we dump a SOS when starting a new tape?
26 - bscan without -v is too quiet -- perhaps show jobs.
27 - Add code to reject whole blocks if not wanted on restore.
28 - Implement multiple simultaneous file Volumes on a single device.
29 - Start working on Base jobs.
30 - Make sure the MaxVolFiles is fully implemented in SD
31 - Flush all the daemon messages at the end of every job.
32 - Check if both CatalogFiles and UseCatalog are set to SD.
33 - Check if we can increase Bacula FD priorty in Win2000
34 - Need return status on read_cb() from read_records(). Need multiple
35 records -- one per Job, maybe a JCR or some other structure with
37 - Figure out how to do a bare metal Windows restore
38 - Fix read_record to handle multiple sessions.
39 - Program files (i.e. execute a program to read/write files).
40 Pass read date of last backup, size of file last time.
41 - Put system type returned by FD into catalog.
42 - Possibly add email to Watchdog if drive is unmounted too
43 long and a job is waiting on the drive.
44 - Strip trailing slashes from Include directory names in the FD.
45 - Use read_record.c in SD code.
46 - Why don't we get an error message from Win32 FD when bootstrap
47 file cannot be created for restore command?
48 - Need to specify MaximumConcurrentJobs in the Job resource.
49 - When Marking a file in Restore that is a hard link, also
50 mark the link so that the data will be reloaded.
51 - Restore program that errors in SD due to no tape reports
52 OK incorrectly in output.
53 - After unmount, if restore job started, ask to mount.
54 - Fix db_get_fileset in cats/sql_get.c for multiple records.
55 - Fix catalog filename truncation in sql_get and sql_create. Use
56 only a single filename split routine.
57 - Make Restore report an error if FD or SD term codes are not OK.
58 - Convert all %x substitution variables, which are hard to remember
59 and read to %(variable-name). Idea from TMDA.
60 - Add JobLevel in FD status (but make sure it is defined).
61 - Make Pool resource handle Counter resources.
62 - Remove NextId for SQLite. Optimize.
63 - Fix gethostbyname() to use gethostbyname_r()
64 - Strip trailing / from Include
65 - Move all SQL statements into a single location.
66 - Cleanup db_update_media and db_update_pool
67 - Add UA rc and history files.
68 - put termcap (used by console) in ./configure and
69 allow -with-termcap-dir.
70 - Enhance time and size scanning routines.
71 - Fix Autoprune for Volumes to respect need for full save.
72 - Fix Win32 config file definition name on /install
73 - No READLINE_SRC if found in alternate directory.
74 - Add Client FS/OS id (Linux, Win95/98, ...).
75 - Test a second language e.g. french.
76 - Compare tape to Client files (attributes, or attributes and data)
77 - Restore to a particular time -- e.g. before date, after date.
78 - Make all database Ids 64 bit.
79 - Write an applet for Linux.
80 - Add estimate to Console commands
81 - Find solution to blank filename (i.e. path only) problem.
82 - Implement new daemon communications protocol.
83 - Remove PoolId from Job table, it exists in Media.
84 - Allow console commands to detach or run in background.
85 - Fix status delay on storage daemon during rewind.
86 - Add SD message variables to control operator wait time
87 - Maximum Operator Wait
88 - Minimum Message Interval
89 - Maximum Message Interval
90 - Send Operator message when cannot read tape label.
91 - Verify level=Volume (scan only), level=Data (compare of data to file).
92 Verify level=Catalog, level=InitCatalog
94 - Add keyword search to show command in Console.
95 - Fix Win2000 error with no messages during startup.
96 - Events : tape has more than xxx bytes.
97 - Restrict characters permitted in a Resource name.
98 - Complete code in Bacula Resources -- this will permit
99 reading a new config file at any time.
100 - Handle ctl-c in Console
101 - Implement LabelTemplate (at least first cut).
102 - Implement script driven addition of File daemon to config files.
103 - Think about how to make Bacula work better with File (non-tape) archives.
105 - see setgroup and user for Bacula p4-5 of stunnel.c
106 - Implement new serialize subroutines
107 send(socket, "string", &Vol, "uint32", &i, NULL)
108 - Audit all UA commands to ensure that we always prompt where possible.
109 - If ./btape is called without /dev, assume argument is a Storage resource name.
110 - Put memory utilization in Status output of each daemon
111 if full status requested or if some level of debug on.
112 - Make database type selectable by .conf files i.e. at runtime
113 - gethostbyname failure in bnet_connect() continues
114 generating errors -- should stop.
115 - Add HOST to Volume label.
116 - Set flag for uname -a. Add to Volume label.
117 - Implement throttled work queue.
118 - Check for EOT at ENOSPC or EIO or ENXIO (unix Pc)
119 - Allow multiple Storage specifications (or multiple names on
120 a single Storage specification) in the Job record. Thus a job
121 can be backed up to a number of storage devices.
122 - Implement dump label to UA
123 - Concept of VolumeSet during restore which is a list
124 of Volume names needed.
125 - Restore files modified after date
126 - Restore file modified before date
127 - Emergency restore info:
129 - Backup working directory
131 - Restore -- do nothing but show what would happen
132 - SET LD_RUN_PATH=$HOME/mysql/lib/mysql
133 - Implement Restore FileSet=
134 - Create a protocol.h and protocol.c where all protocol messages
136 - If SD cannot open a drive, make it periodically retry.
137 - Remove duplicate fields from jcr (e.g. jcr.level and jcr.jr.Level, ...).
138 - Timout a job or terminate if link goes down, or reopen link and query.
139 - Find general solution for sscanf size problems (as well
140 as sprintf. Do at run time?
141 - Concept of precious tapes (cannot be reused).
142 - Make bcopy copy with a single tape drive.
143 - Permit changing ownership during restore.
145 - Restore should get Device and Pool information from
146 job record rather than from config.
147 - Autolabel should be specified by DIR instead of SD.
148 - Find out how to get the system tape block limits, e.g.:
149 Apr 22 21:22:10 polymatou kernel: st1: Block limits 1 - 245760 bytes.
150 Apr 22 21:22:10 polymatou kernel: st0: Block limits 2 - 16777214 bytes.
153 - AutoScan (check checksum of tape)
154 - Format command = "format /dev/nst0"
158 - Seek resolution (usually corresponds to buffer size)
159 - EODErrorCode=ENOSPC or code
160 - Partial Read error code
161 - Partial write error code
162 - Nonformatted read error
163 - Nonformatted write error
164 - WriteProtected error
168 - IgnoreCloseErrors=yes
178 - FD sends unsaved file list to Director at end of job (see
180 - Write a Storage daemon that uses pipes and
181 standard Unix programs to write to the tape.
183 - Need something that monitors the JCR queue and
184 times out jobs by asking the deamons where they are.
185 - Enhance Jmsg code to permit buffering and saving to disk.
186 - device driver = "xxxx" for drives.
187 - restart: paranoid: read label fsf to
188 eom read append block, and go
189 super-paranoid: read label, read all files
190 in between, read append block, and go
191 verify: backspace, read append block, and go
192 permissive: same as above but frees drive
193 if tape is not valid.
195 - Ensure that /dev/null works
196 - File daemon should build list of files skipped, and then
197 at end of save retry and report any errors.
198 - Need report class for messages. Perhaps
199 report resource where report=group of messages
200 - enhance scan_attrib and rename scan_jobtype, and
201 fill in code for "since" option
202 - Need to save contents of FileSet to tape?
203 - Director needs a time after which the report status is sent
204 anyway -- or better yet, a retry time for the job.
205 Don't reschedule a job if previous incarnation is still running.
206 - Figure out how to save the catalog (possibly a special FileSet).
207 - Figure out how to restore the catalog.
208 - Some way to automatically backup everything is needed????
209 - Need a structure for pending actions:
211 - termination status (part of buffered msgs?)
212 - Concept of grouping Storage devices and job can use
213 any of a number of devices
215 Read, Write, Clean, Delete
216 - Login to Bacula; Bacula users with different permissions:
217 owner, group, user, quotas
218 - Store info on each file system type (probably in the job header on tape.
219 This could be the output of df; or perhaps some sort of /etc/mtab record.
222 - Design at hierarchial storage for Bacula.
223 - Implement FSM (File System Modules).
224 - Identify unchanged or "system" files and save them to a
225 special tape thus removing them from the standard
226 backup FileSet -- BASE backup.
227 - Turn virutally all sprintfs into snprintfs.
228 - Heartbeat between daemons.
229 - Audit M_ error codes to ensure they are correct and consistent.
230 - Add variable break characters to lex analyzer.
231 Either a bit mask or a string of chars so that
232 the caller can change the break characters.
233 - Make a single T_BREAK to replace T_COMMA, etc.
234 - Ensure that File daemon and Storage daemon can
235 continue a save if the Director goes down (this
236 is NOT currently the case). Must detect socket error,
237 buffer messages for later.
238 - Enhance time/duration input to allow multiple qualifiers e.g. 3d2h
242 Bacula Projects Roadmap
244 last update 27 November 2002
246 Item 1: Multiple simultaneous Jobs. (done)
249 What: Permit multiple simultaneous jobs in Bacula.
251 Why: An enterprise level solution needs to go fast without the
252 need for the system administrator to carefully tweak
253 timing. Based on the benchmarks, during a full
254 backup, NetWorker typically hit 10 times the bandwidth to
255 the tape compared to Bacula--largely. This is probably due to
256 running parallel jobs and multi-threaded filling of buffers
257 and writing them to tape. This should also make things work
258 better when you have a mix of fast and slow machines backing
261 Notes: Bacula was designed to run multiple simultaneous jobs. Thus
262 implementing this is a matter of some small cleanups and
266 Item 2: Make the Storage daemon use intermediate file storage to buffer data.
267 Deferred -- not necessary yet.
269 What: If data is coming into the SD too fast, buffer it to
270 disk if the user has configured this option.
272 Why: This would be nice, especially if it more or less falls out
273 when implementing (1) above. If not, it probably should not
274 be given a high priority because fundamentally the backup time
275 is limited by the tape bandwidth. Even though you may finish a
276 client job quicker by spilling to disk, you still have to
277 eventually get it onto tape. If intermediate disk buffering
278 allows us to improve write bandwidth to tape, it may make
281 Notes: Whether or not this is implemented will depend upon performance
282 testing after item 1 is implemented.
285 Item 3: Write the bscan program -- also write a bcopy program.
288 What: Write a program that reads a Bacula tape and puts all the
289 appropriate data into the catalog. This allows recovery
290 from a tape that is no longer in the database, or it allows
291 re-creation of a database if lost.
293 Why: This is a fundamental robustness and disaster recovery tool
294 which will increase the comfort level of a sysadmin
295 considering adopting Bacula.
297 Notes: A skeleton of this program already exists, but much work
298 needs to be done. Implementing this will also make apparent
299 any deficiencies in the current Bacula tape format.
302 Item 4: Implement Base jobs.
304 What: A base job is sort of like a Full save except that you
305 will want the FileSet to contain only files that are unlikely
306 to change in the future (i.e. a snapshot of most of your
307 system after installing it). After the base job has been run,
308 when you are doing a Full save, you can specify to exclude
309 all files saved by the base job that have not been modified.
311 Why: This is something none of the competition does, as far as we know
312 (except BackupPC, which is a Perl program that saves to disk
313 only). It is big win for the user, it makes Bacula stand out
314 as offering a unique optimization that immediately saves time
317 Notes: Big savings in tape usage. Will require more resources because
318 the e. DIR must send FD a list of files/attribs, and the FD must
319 search the list and compare it for each file to be saved.
322 Item 5: Implement Label templates
324 What: This is a mechanism whereby Bacula can automatically create
325 a tape label for new tapes according to a detailed specification
326 provided by the user.
328 Why: It is a major convenience item for folks who use automated label
331 Notes: Bacula already has a working form of automatic tape label
332 creation, but it is very crude. The design for the complete
333 tape labeling project is already documented in the manual.
336 Item 6: Write a regression script.
339 What: This is an automatic script that runs and tests as many features
340 of Bacula as possible. The output is compared to previous
341 versions of Bacula and any differences are reported.
343 Why: This is an enormous help in preventing introduction of new
344 errors in parts of the program that already work correctly.
346 Notes: This probably should be ranked higher, it's something the typical
347 user doesn't see. Depending on how it's implemented, it may
348 make sense to defer it until the archival tape format and
349 user interface mature.
352 Item 7: GUI for interactive restore
353 Item 8: GUI for interactive backup
355 What: The current interactive restore is implemented with a tty
356 interface. It would be much nicer to be able to "see" the
357 list of files backed up in typical GUI tree format.
358 The same mechanism could also be used for creating
359 ad-hoc backup FileSets (item 8).
361 Why: Ease of use -- especially for the end user.
363 Notes: Rather than implementing in Gtk, we probably should go directly
364 for a Browser implementation, even if doing so meant the
365 capability wouldn't be available until much later. Not only
366 is there the question of Windows sites, most
367 Solaris/HP/IRIX, etc, shops can't currently run Gtk programs
368 without installing lots of stuff admins are very wary about.
369 Real sysadmins will always use the command line anyway, and
370 the user who's doing an interactive restore or backup of his
371 own files will in most cases be on a Windows machine running
375 Item 9: Add SSL to daemon communications.
377 What: This provides for secure communications between the daemons.
379 Why: This would allow doing backup across the Internet without
380 privacy concerns (or with much less concern).
382 Notes: The vast majority of near term potential users will be backing up
383 a single site over a LAN and, correctly or not, they probably
384 won't be concerned with security, at least not enough to go to
385 the trouble to set up keys, etc. to screw things down. We suspect
386 that many users genuinely interested in multi-site backup
387 already run some form of VPN software in their internetwork
388 connections, and are willing to delegate security to that layer.
391 Item 10: Define definitive tape format.
394 What: Define that definitive tape format that will not change
395 for the next millennium.
397 Why: Stability, security.
399 Notes: See notes for item 11 below.
402 Item 11: New daemon communication protocol.
404 What: The current daemon to daemon protocol is basically an ASCII
405 printf() and sending the buffer. On the receiving end, the
406 buffer is sscanf()ed to unpack it. The new scheme would
407 be a binary format that allows quick packing and unpacking
408 of any data type with named fields.
410 Why: Using binary packing would be faster. Named fields will permit
411 error checking to ensure that what is sent is what the
412 receiver really wants.
414 Notes: These are internal improvements in the interest of the
415 long-term stability and evolution of the program. On the one
416 hand, the sooner they're done, the less code we have to rip
417 up when the time comes to install them. On the other hand, they
418 don't bring an immediately perceptible benefit to potential
419 users. Item 10 and possibly item 11 should be deferred until Bacula
420 is well established with a growing user community more or
421 less happy with the feature set. At that time, it will make a
422 good "next generation" upgrade in the interest of data
428 ======================================================
430 It is somewhat like a Full save becomes an incremental since
431 the Base job (or jobs) plus other non-base files.
433 - New BaseFile table that contains:
434 JobId, BaseJobId, FileId (from Base).
435 i.e. for each base file that exists but is not saved because
436 it has not changed, the File daemon sends the JobId, BaseId,
437 and FileId back to the Director who creates the DB entry.
438 - To initiate a Base save, the Director sends the FD
439 the FileId, and full filename for each file in the Base.
440 - When the FD finds a Base file, he requests the Director to
441 send him the full File entry (stat packet plus MD5), or
442 conversely, the FD sends it to the Director and the Director
443 says yes or no. This can be quite rapid if the FileId is kept
444 by the FD for each Base Filename.
445 - It is probably better to have the comparison done by the FD
446 despite the fact that the File entry must be sent across the
448 - An alternative would be to send the FD the whole File entry
449 from the start. The disadvantage is that it requires a lot of
450 space. The advantage is that it requires less communications
452 - The Job record must be updated to indicate that one or more
454 - At end of Job, FD returns:
455 1. Count of base files/bytes not written to tape (i.e. matches)
456 2. Count of base file that were saved i.e. had changed.
457 - No tape record would be written for a Base file that matches, in the
458 same way that no tape record is written for Incremental jobs where
459 the file is not saved because it is unchanged.
460 - On a restore, all the Base file records must explicitly be
461 found from the BaseFile tape. I.e. for each Full save that is marked
462 to have one or more Base Jobs, search the BaseFile for all occurrences
464 - An optimization might be to make the BaseFile have:
470 This would avoid the need to explicitly fetch each File record for
471 the Base job. The Base Job record will be fetched to get the
472 VolSessionId and VolSessionTime.
473 =========================================================
475 ==========================================================
477 For each Incremental job that is run, there may be files that
478 were found but not saved because they were locked (this applies
479 only to Windows). Such a system could send back to the Director
480 a list of Unsaved files.
482 - New UnSavedFiles table that contains:
486 - Then in the next Incremental job, the list of Unsaved Files will be
487 feed to the FD, who will ensure that they are explicitly chosen even
488 if standard date/time check would not have selected them.
489 =============================================================
493 =============================================================
495 Request For Comments For File Backup Options
498 Subject: File Backup Options
501 A few days ago, a Bacula user who is backing up to file volumes and
502 using compression asked if it was possible to suppress compressing
503 all .gz files since it was a waste of CPU time. Although Bacula
504 currently permits using different options (compression, ...) on
505 a directory by directory basis, it cannot do it on a file by
506 file basis, which is clearly what was desired.
508 Proposed Implementation:
509 To solve this problem, I propose the following:
511 - Add a new Director resource type called FileOptions.
513 - The FileOptions resource will have records for all
514 options that can currently be specified on the Include record
515 (in a FileSet). Examples below.
517 - The FileOptions resource will permit an exclude option as well
518 as a number of additional options.
520 - The heart of the FileOptions resource is the ability to
521 supply any number of ApplyTo records which specify POSIX
522 regular expressions. These ApplyTo regular expressions are
523 applied to the fully qualified filename (path and all). If
524 one matches, then the FileOptions will be used.
526 - When an ApplyTo specification matches an included file, the
527 options specified in the FileOptions resource will override
528 the default options specified on the Include record.
530 - Include records will be modified to permit referencing one or
531 more FileOptions resources. The FileOptions will be used
532 in the order listed on the Include record and the first
533 one that matches will be applied.
535 - Options (or specifications) currently supplied on the Include
536 record will be deprecated (i.e. removed in a later version a
537 year or so from now).
539 - The Exclude record will be deprecated as the same functionality
540 can be obtained by using an Exclude = yes in the FileOptions.
543 The following records can appear in the FileOptions resource. An
544 asterisk preceding the name indicates a feature not currently
548 - Compression= (GZIP, ...)
549 - Signature= (MD5, SHA1, ...)
551 - OneFs= (yes/no) - remain on one filesystem
552 - Recurse= (yes/no) - recurse into subdirectories
553 - Sparse= (yes/no) - do sparse file backup
554 - *Exclude= (yes/no) - exclude file from being saved
555 - *Reader= (filename) - external read (backup) program
556 - *Plugin= (filename) - read/write plugin module
559 - verify= (ipnougsamc5) - verify options
562 - replace= (always/ifnewer/ifolder/never) - replace options currently
564 - *Writer= (filename) - external write (restore) program
568 Currently options specifying compression, MD5 signatures, recursion,
569 ... of a FileSet are supplied on the Include record. These will now
570 all be collected into a FileOptions resource, which will be
571 specified on the Include in place of the options. Multiple FileOptions
572 may be specified. Since the FileOptions contain regular expressions
573 that are applied to the full filename, this will give the ability
574 to specify backup options on a file by file basis to whatever level
583 Include = compression=GZIP signature=MD5 {
592 Include = FileOptions=Opts {
603 That's a lot more to do the same thing, but it gives the ability to
604 apply options on a file by file basis. For example, suppose you
605 want to compress all files but not any file with extensions .gz or .Z.
606 You could do so as follows:
610 Include = FileOptions=NoCompress FileOptions=Opts {
618 ApplyTo = /*.?*/ # matches all files
623 # Note multiple ApplyTos are ORed
624 ApplyTo = /*.gz/ # matches .gz files */
625 ApplyTo = /*.Z/ # matches .Z files */
628 Now, since the NoCompress FileOptions is specified first on the
629 Include line, any *.gz or *.Z file will have an MD5 signature computed,
630 but will not be compressed. For all other files, the NoCompress will not
631 match, so the Opts options will be used which will include GZIP
635 - Is it necessary to provide some means of ANDing regular expressions
636 and negation? (not currently planned)
638 e.g. ApplyTo = /*.gz/ && !/big.gz/
640 - I see that Networker has a "null" module which, if specified, does not
641 backup the file, but does make an record of the file in the catalog
642 so that the catalog will reflect an exact picture of the filesystem.
643 The result is that the file can be "seen" when "browsing" the save
644 sets, but it cannot be restored.
646 Is this really useful? Should it be implemented in Bacula?
649 After implementing the above, the user will be able to specify
650 on a file by file basis (using regular expressions) what options are
651 applied for the backup.
652 ====================================
654 Done: (see kernsdone for more)
655 - Add EOM records? No, not at this time. The current system works and
657 - Add VolumeUseDuration and MaximumVolumeJobs to Pool db record and
659 - Add VOLUME_CAT_INFO to the EOS tape record (as
660 well as to the EOD record). -- No, not at this time.
661 - Put MaximumVolumeSize in Director (MaximumVolumeJobs, MaximumVolumeFiles,
663 - Enhance schedule to have 1stSat, ...
664 - Make sure catalog doesn't keep growing.
665 - On I/O error, write EOF, then try to write again ? No, keep it simple.
666 - Figure out how compress everything except .gz,... files.
667 Implement FileOptions.
668 - Put Bacula version somewhere in Job stream, probably Start Session Labels.
669 - Fix start/end blocks for File devices
670 - Make Job err if WriteBootstrap fails.
671 - Test that mod of restore options works.
672 - Test that week position schedule code works.
673 - Make BSR accept count (total files to be restored).
674 - Add code to fast seek to proper place on tape/file when doing Restore.
675 - Replace popen() and pclose() -- fail safe and timeout, no SIG dep.
676 - Add code to put VolFile in bsr for restore command.
677 - Volumes can be listed multiple times in Restore volume list.
678 - Add watchdog timeout for child processes start_child_timer()
680 - Get rid of bscan.c:534 error message (one time only).
681 - Print some statistics when get EOF on device in bscan -- feedback
682 to let user know it is working.
683 - DateWritten field on tape may be wrong.
684 - Ensure that restore of differential jobs works (check SQL).
685 - Count number of ignored messages in bscan and print when first SOS is found.
686 - Test that EndFile/Block are correctly updated at end of tape
687 (in view of new block reading code).
688 - Test watchdog child timer code.
689 - Test new BSR code (mostly done).
690 - Work more on how to to a Bacula restore beginning with
691 just a Bacula tape and a boot floppy (bare metal recovery).
692 - Restore options (overwrite, overwrite if older,
693 overwrite if newer, never overwrite, ...)
694 - Fill all fields in Vol/Job Header -- ensure that everything
695 needed is written to tape. Think about restore to Catalog
696 from tape. Client record needs improving.
697 - Implement ./configure --with-client-only
698 - Finish up static linking
699 - that restore options work in FD