For each of the databases, you may get significant improvements by adding
additional indexes. The comments in the Bacula make_xxx_tables give some
-indications as to what indexes may be appropriate.
+indications as to what indexes may be appropriate. Please see below
+for specific instructions on checking indexes.
For MySQL, what seems to be very important is to use the examine the
my.cnf file. You may obtain significant performances by switching to
{http://www.postgresql.org/docs/faqs.FAQ.html#3.3}.
+\subsection*{Performance Issues Indexes}
+\index[general]{Database Performance Issues Indexes}
+\index[general]{Performance!Database}
+\addcontentsline{toc}{subsection}{Database Performance Issues Indexes}
+One of the most important considerations for improving performance on
+the Bacula database is to ensure that it has all the appropriate indexes.
+Several users have reported finding that their database did not have
+all the indexes in the default configuration. In addition, you may
+find that because of your own usage patterns, you need additional indexes.
+
+The most important indexes for performance are the three indexes on the
+{\bf File} table. The first index is on {\bf FileId} and is automatically
+made because it is the unique key used to access the table. The other
+two are the JobId index and the (Filename, PathId) index. If these Indexes
+are not present, your peformance may suffer a lot.
+
+\subsubsection*{PostgreSQL Indexes}
+On PostgreSQL, you can check to see if you have the proper indexes using
+the following commands:
+
+\footnotesize
+\begin{verbatim}
+psql bacula
+select * from pg_indexes where tablename='file';
+\end{verbatim}
+\normalsize
+
+If you do not see output that indicates that all three indexes
+are created, you can create the two additional indexes using:
+
+\footnotesize
+\begin{verbatim}
+psql bacula
+CREATE INDEX file_jobid_idx on file (jobid);
+CREATE INDEX file_fp_idx on file (filenameid, pathid);
+\end{verbatim}
+\normalsize
+
+\subsubsection*{MySQL Indexes}
+On MySQL, you can check if you have the proper indexes by:
+
+\footnotesize
+\begin{verbatim}
+mysql bacula
+show index from File;
+\end{verbatim}
+\normalsize
+
+If the indexes are not present, especially the JobId index, you can
+create them with the following commands:
+
+\footnotesize
+\begin{verbatim}
+mysql bacula
+CREATE INDEX file_jobid_idx on File (JobId);
+CREATE INDEX file_jpf_idx on File (Job, FilenameId, PathId);
+\end{verbatim}
+\normalsize
+
+\subsubsection*{SQLit Indexes}
+On SQLite, you can check if you have the proper indexes by:
+
+\footnotesize
+\begin{verbatim}
+sqlite <path>bacula.db
+select * from sqlite_master where type='index' and tbl_name='File';
+\end{verbatim}
+\normalsize
+
+If the indexes are not present, especially the JobId index, you can
+create them with the following commands:
+
+\footnotesize
+\begin{verbatim}
+mysql bacula
+CREATE INDEX file_jobid_idx on File (JobId);
+CREATE INDEX file_jpf_idx on File (Job, FilenameId, PathId);
+\end{verbatim}
+\normalsize
+
\subsection*{Compacting Your PostgreSQL Database}
list nextvol job=\lt{}job-name\gt{}
+ list nextvol job=\lt{}job-name\gt{} days=nnn
+
+
+
\end{verbatim}
\normalsize
of what Volume will be used but not a definitive answer. In addition,
this command may have certain side effect because it runs through the
same algorithm as a job, which means it may automatically purge or
- recycle a Volume.
+ recycle a Volume. By default, the job specified must run within the
+ next two days or no volume will be found. You can, however, use the
+ {\bf days=nnn} specification to specify up to 50 days. For example,
+ if on Friday, you want to see what Volume will be needed on Monday,
+ for job MyJob, you would use {\bf list nextvol job=MyJob days=3}.
If you wish to add specialized commands that list the contents of the
catalog, you can do so by adding them to the {\bf query.sql} file.
The process of getting a certificate that is signed by a CA is quite a bit
more complicated. You can purchase one from quite a number of PKI vendors, but
-that is not at all necessary for use with Bacula. To get a CA signed
+that is not at all necessary for use with Bacula.
+
+To get a CA signed
certificate, you will either need to find a friend that has setup his own CA
or to become a CA yourself, and thus you can sign all your own certificates.
The book OpenSSL by John Viega, Matt Mesier \& Pravir Chandra from O'Reilly
The above script will ask you a number of questions. You may simply answer
each of them by entering a return, or if you wish you may enter your own data.
-An alternative is to generate your self-signed certificates with TinyCA,
-which has a very nice Graphical User Interface. TinyCA can be found at
+Note, however, that self-signed certificates will only work for the
+outgoing end of connections. For example, in the case of the Director
+making a connection to a File Daemon, the File Daemon may be configured to
+allow self-signed certifictes, but the certificate being sed by the
+Director must be signed by a certificate that is explicitly trusted on the
+File Daemon end.
+
+This is neccessary to prevent ``man in the middle'' attacks from tools such
+as \elink{ettercap}{http://ettercap.sourceforge.net/}. Essentially, if the
+Director does not verify that it is talking to a trusted remote endpoint,
+it can be tricked into talking to a malicious 3rd party who is relaying and
+capturing all traffic by presenting its own certificates to the Director
+and File Daemons. The only way to prevent this is by using trusted
+certificates, so that the man in the middle is incapable of spoofing the
+connection using his own.
+
+To get a trusted certificate (CA or Certificate Authority signed
+certificate), you will either need to purchase certificates signed by a
+commercial CA or find a friend that has setup his own CA or become a CA
+yourself, and thus you can sign all your own certificates. The book
+OpenSSL by John Viega, Matt Mesier \& Pravir Chandra from O'Reilly explains
+how to do it, or you can read the documentation provided in the Open-source
+PKI Book project at Source Forge: \elink{
+http://ospkibook.sourceforge.net/docs/OSPKI-2.4.7/OSPKI-html/ospki-book.htm}
+{http://ospkibook.sourceforge.net/docs/OSPKI-2.4.7/OSPKI-html/ospki-book.htm}.
+Note, this link may change.
+
+The program TinyCA has a very nice Graphical User Interface
+that allows you to easily setup and maintain your own CA.
+TinyCA can be found at
\elink{http://tinyca.sm-zone.net/}{http://tinyca.sm-zone.net/}.
}
\end{verbatim}
\normalsize
-
-
-1.38.3 (11 December 2005)
+1.38.3 (12 December 2005)
For each of the databases, you may get significant improvements by adding
additional indexes. The comments in the Bacula make_xxx_tables give some
-indications as to what indexes may be appropriate.
+indications as to what indexes may be appropriate. Please see below
+for specific instructions on checking indexes.
For MySQL, what seems to be very important is to use the examine the
my.cnf file. You may obtain significant performances by switching to
{http://www.postgresql.org/docs/faqs.FAQ.html#3.3}.
+\subsection*{Performance Issues Indexes}
+\index[general]{Database Performance Issues Indexes}
+\index[general]{Performance!Database}
+\addcontentsline{toc}{subsection}{Database Performance Issues Indexes}
+One of the most important considerations for improving performance on
+the Bacula database is to ensure that it has all the appropriate indexes.
+Several users have reported finding that their database did not have
+all the indexes in the default configuration. In addition, you may
+find that because of your own usage patterns, you need additional indexes.
+
+The most important indexes for performance are the three indexes on the
+{\bf File} table. The first index is on {\bf FileId} and is automatically
+made because it is the unique key used to access the table. The other
+two are the JobId index and the (Filename, PathId) index. If these Indexes
+are not present, your peformance may suffer a lot.
+
+\subsubsection*{PostgreSQL Indexes}
+On PostgreSQL, you can check to see if you have the proper indexes using
+the following commands:
+
+\footnotesize
+\begin{verbatim}
+psql bacula
+select * from pg_indexes where tablename='file';
+\end{verbatim}
+\normalsize
+
+If you do not see output that indicates that all three indexes
+are created, you can create the two additional indexes using:
+
+\footnotesize
+\begin{verbatim}
+psql bacula
+CREATE INDEX file_jobid_idx on file (jobid);
+CREATE INDEX file_fp_idx on file (filenameid, pathid);
+\end{verbatim}
+\normalsize
+
+\subsubsection*{MySQL Indexes}
+On MySQL, you can check if you have the proper indexes by:
+
+\footnotesize
+\begin{verbatim}
+mysql bacula
+show index from File;
+\end{verbatim}
+\normalsize
+
+If the indexes are not present, especially the JobId index, you can
+create them with the following commands:
+
+\footnotesize
+\begin{verbatim}
+mysql bacula
+CREATE INDEX file_jobid_idx on File (JobId);
+CREATE INDEX file_jpf_idx on File (Job, FilenameId, PathId);
+\end{verbatim}
+\normalsize
+
+\subsubsection*{SQLit Indexes}
+On SQLite, you can check if you have the proper indexes by:
+
+\footnotesize
+\begin{verbatim}
+sqlite <path>bacula.db
+select * from sqlite_master where type='index' and tbl_name='File';
+\end{verbatim}
+\normalsize
+
+If the indexes are not present, especially the JobId index, you can
+create them with the following commands:
+
+\footnotesize
+\begin{verbatim}
+mysql bacula
+CREATE INDEX file_jobid_idx on File (JobId);
+CREATE INDEX file_jpf_idx on File (Job, FilenameId, PathId);
+\end{verbatim}
+\normalsize
+
\subsection*{Compacting Your PostgreSQL Database}
list nextvol job=\lt{}job-name\gt{}
+ list nextvol job=\lt{}job-name\gt{} days=nnn
+
+
+
\end{verbatim}
\normalsize
of what Volume will be used but not a definitive answer. In addition,
this command may have certain side effect because it runs through the
same algorithm as a job, which means it may automatically purge or
- recycle a Volume.
+ recycle a Volume. By default, the job specified must run within the
+ next two days or no volume will be found. You can, however, use the
+ {\bf days=nnn} specification to specify up to 50 days. For example,
+ if on Friday, you want to see what Volume will be needed on Monday,
+ for job MyJob, you would use {\bf list nextvol job=MyJob days=3}.
If you wish to add specialized commands that list the contents of the
catalog, you can do so by adding them to the {\bf query.sql} file.
The process of getting a certificate that is signed by a CA is quite a bit
more complicated. You can purchase one from quite a number of PKI vendors, but
-that is not at all necessary for use with Bacula. To get a CA signed
+that is not at all necessary for use with Bacula.
+
+To get a CA signed
certificate, you will either need to find a friend that has setup his own CA
or to become a CA yourself, and thus you can sign all your own certificates.
The book OpenSSL by John Viega, Matt Mesier \& Pravir Chandra from O'Reilly
The above script will ask you a number of questions. You may simply answer
each of them by entering a return, or if you wish you may enter your own data.
-An alternative is to generate your self-signed certificates with TinyCA,
-which has a very nice Graphical User Interface. TinyCA can be found at
+Note, however, that self-signed certificates will only work for the
+outgoing end of connections. For example, in the case of the Director
+making a connection to a File Daemon, the File Daemon may be configured to
+allow self-signed certifictes, but the certificate being sed by the
+Director must be signed by a certificate that is explicitly trusted on the
+File Daemon end.
+
+This is neccessary to prevent ``man in the middle'' attacks from tools such
+as \elink{ettercap}{http://ettercap.sourceforge.net/}. Essentially, if the
+Director does not verify that it is talking to a trusted remote endpoint,
+it can be tricked into talking to a malicious 3rd party who is relaying and
+capturing all traffic by presenting its own certificates to the Director
+and File Daemons. The only way to prevent this is by using trusted
+certificates, so that the man in the middle is incapable of spoofing the
+connection using his own.
+
+To get a trusted certificate (CA or Certificate Authority signed
+certificate), you will either need to purchase certificates signed by a
+commercial CA or find a friend that has setup his own CA or become a CA
+yourself, and thus you can sign all your own certificates. The book
+OpenSSL by John Viega, Matt Mesier \& Pravir Chandra from O'Reilly explains
+how to do it, or you can read the documentation provided in the Open-source
+PKI Book project at Source Forge: \elink{
+http://ospkibook.sourceforge.net/docs/OSPKI-2.4.7/OSPKI-html/ospki-book.htm}
+{http://ospkibook.sourceforge.net/docs/OSPKI-2.4.7/OSPKI-html/ospki-book.htm}.
+Note, this link may change.
+
+The program TinyCA has a very nice Graphical User Interface
+that allows you to easily setup and maintain your own CA.
+TinyCA can be found at
\elink{http://tinyca.sm-zone.net/}{http://tinyca.sm-zone.net/}.
}
\end{verbatim}
\normalsize
-
-
-1.38.3 (11 December 2005)
+1.38.3 (12 December 2005)
projects / bacula / docs / commitdiff