Wednesday, January 20, 2016

How to install and configure Bacula Backup Server on Centos


Bacula is an open source network backup solution that allows you create backups and perform data recovery of your computer systems. It is very flexible and robust, which makes it, while slightly cumbersome to configure, suitable for backups in many situations. A backup system is an important component in most server infrastructures, as recovering from data loss is often a critical part of disaster recovery plans.

In this tutorial, we will show you how to install and configure the server components of Bacula on a CentOS 7 server. We will configure Bacula to perform a weekly job that creates a local backup (i.e. a backup of its own host). This, by itself, is not a particularly compelling use of Bacula, but it will provide you with a good starting point for creating backups of your other servers, i.e. the backup clients. The next tutorial in this series will cover creating backups of your other, remote, servers by installing and configuring the Bacula client, and configuring the Bacula server.

Prerequisites:
You must have superuser (sudo) access on a CentOS 7 server. Also, the server will require adequate disk space for all of the backups that you plan on retaining at any given time.
If you are using DigitalOcean, you should enable Private Networking on your Bacula server, and all of your client servers that are in the same datacenter region. This will allow your servers to use private networking when performing backups, reducing network overhead.
We will configure Bacula to use the private FQDN of our servers, e.g. bacula.example.com. If you don't have a DNS setup, use the appropriate IP addresses instead. If you don't have private networking enabled, replace all network connection information in this tutorial with network addresses that are reachable by servers in question (e.g. public IP addresses or VPN tunnels).
The last assumption is that SELinux is disabled or you are able to troubleshoot SELinux-related issues on your own.
Let's get started by looking at an overview of Bacula's components.

Bacula Component Overview:
Although Bacula is composed of several software components, it follows the server-client backup model; to simplify the discussion, we will focus more on the backup server and the backup clients than the individual Bacula components. Still, it is important to have cursory knowledge of the various Bacula components, so we will go over them now.
A Bacula server, which we will also refer to as the "backup server", has these components:


  • Bacula Director (DIR): Software that controls the backup and restore operations that are performed by the File and Storage daemons
  • Storage Daemon (SD): Software that performs reads and writes on the storage devices used for backups
  • Catalog: Services that maintain a database of files that are backed up. The database is stored in an SQL database such as MySQL or PostgreSQL
  • Bacula Console: A command-line interface that allows the backup administrator to interact with, and control, Bacula Director

Note: The Bacula server components don't need to run on the same server, but they all work together to provide the backup server functionality.

A Bacula client, i.e. a server that will be backed up, runs the File Daemon (FD) component. The File Daemon is software that provides the Bacula server (the Director, specifically) access to the data that will be backed up. We will also refer to these servers as "backup clients" or "clients".
As we noted in the introduction, we will configure the backup server to create a backup of its own filesystem. This means that the backup server will also be a backup client, and will run the File Daemon component.

Let's get started with the installation.

Install Bacula and MySQL

Bacula uses an SQL database, such as MySQL or PostreSQL, to manage its backups catalog. We will use MariaDB, a drop-in replacement for MySQL, in this tutorial.

Install the Bacula and MariaDB Server packages with yum:

sudo yum install -y bacula-director bacula-storage bacula-console bacula-client mariadb-server

When the installation is complete, we need to start MySQL with the following command:
sudo systemctl start mariadb

Now that MySQL (MariaDB) is installed and running, let's create the Bacula database user and tables, with these scripts:

/usr/libexec/bacula/grant_mysql_privileges

/usr/libexec/bacula/create_mysql_database -u root

/usr/libexec/bacula/make_mysql_tables -u bacula

Next, we want to run a simple security script that will remove some dangerous defaults and lock down access to our database system a little bit. Start the interactive script by running:

sudo mysql_secure_installation

The prompt will ask you for your current root password. Since you just installed MySQL, you most likely won’t have one, so leave it blank by pressing enter. Then the prompt will ask you if you want to set a root password. Go ahead and hit Enter, and set the password. For the rest of the questions, you should simply hit the Enter key through each prompt to accept the default values. This will remove some sample users and databases, disable remote root logins, and load these new rules so that MySQL immediately respects the changes we have made.

Now we need to set the password for the Bacula database user.

Enter the MySQL console, as the root MySQL user:
mysql -u root -p

Enter the MySQL root password, that you just set, at the prompt.

Now set the password for the Bacula database user. Use this command, but replace the highlighted "baculadbpassword" with strong password:

UPDATE mysql.user SET Password=PASSWORD('bacula_db_password') WHERE User='bacula';

FLUSH PRIVILEGES;

Once you're done here, exit the MySQL prompt:
exit

Enable MariaDB to start on boot. Use the following command to do so:
sudo systemctl enable mariadb

Set Bacula to Use MySQL Library

By default, Bacula is set to use the PostgreSQL library. Because we are using MySQL, we need to set it to use the MySQL library instead.

Run this command:
sudo alternatives --config libbaccats.so

You will see the following prompt. Enter 1 (MySQL):
Output

There are 3 programs which provide 'libbaccats.so'.
  Selection    Command
-----------------------------------------------
   1           /usr/lib64/libbaccats-mysql.so
   2           /usr/lib64/libbaccats-sqlite3.so
*+ 3           /usr/lib64/libbaccats-postgresql.so

Enter to keep the current selection[+], or type selection number: 1
The Bacula server (and client) components are now installed. Let's create the backup and restore directories.

Create Backup and Restore Directories
Bacula needs a backup directory—for storing backup archives—and restore directory—where restored files will be placed. If your system has multiple partitions, make sure to create the directories on one that has sufficient space.

Let's create new directories for both of these purposes:
sudo mkdir -p /bacula/backup /bacula/restore

We need to change the file permissions so that only the bacula process (and a superuser) can access these locations:

sudo chown -R bacula:bacula /bacula

sudo chmod -R 700 /bacula

Now we're ready to configure the Bacula Director.

Configure Bacula Director

Bacula has several components that must be configured independently in order to function correctly. The configuration files can all be found in the /etc/bacula directory.

We'll start with the Bacula Director.

Open the Bacula Director configuration file in your favorite text editor. We'll use vi:
sudo vi /etc/bacula/bacula-dir.conf

Configure Director Resource

Find the Director resource, and configure it to listen on 127.0.0.1 (localhost), by adding the DirAddressline shown here:

bacula-dir.conf — Add Director DirAddress

Director {                            # define myself
  Name = bacula-dir
  DIRport = 9101                # where we listen for UA connections
  QueryFile = "/etc/bacula/query.sql"
  WorkingDirectory = "/var/spool/bacula"
  PidDirectory = "/var/run"
  Maximum Concurrent Jobs = 1
  Password = "@@DIR_PASSWORD@@"         # Console password
  Messages = Daemon
  DirAddress = 127.0.0.1
}

Now move on to the rest of the file.

Configure Local Jobs

A Bacula job is used to perform backup and restore actions. Job resources define the details of what a particular job will do, including the name of the Client, the FileSet to back up or restore, among other things.

Here, we will configure the jobs that will be used to perform backups of the local filesystem.
In the Director configuration, find the Job resource with a name of "BackupClient1" (search for "BackupClient1"). Change the value of Name to "BackupLocalFiles", so it looks like this:

bacula-dir.conf — Rename BackupClient1 job
Job {
  Name = "BackupLocalFiles"
  JobDefs = "DefaultJob"
}

Next, find the Job resource that is named "RestoreFiles" (search for "RestoreFiles"). In this job, you want to change two things: update the value of Name to "RestoreLocalFiles", and the value of Where to "/bacula/restore". It should look like this:

bacula-dir.conf — Rename RestoreFiles job
Job {
  Name = "RestoreLocalFiles"
  Type = Restore
  Client=BackupServer-fd
  FileSet="Full Set"
  Storage = File
  Pool = Default
  Messages = Standard
  Where = /bacula/restore
}

This configures the RestoreLocalFiles job to restore files to /bacula/restore, the directory we created earlier.

Configure File Set

A Bacula FileSet defines a set of files or directories to include or exclude files from a backup selection, and are used by jobs.
Find the FileSet resource named "Full Set" (it's under a comment that says, "# List of files to be backed up"). Here we will make three changes: (1) Add the option to use gzip to compress our backups, (2) change the include File from /usr/sbin to /, and (3) add File = /bacula under the Exclude section. With the comments removed, it should look like this:

bacula-dir.conf — Update "Full Set" FileSet

FileSet {
  Name = "Full Set"
  Include {
    Options {
      signature = MD5
      compression = GZIP
    }   
File = /
}
  Exclude {
    File = /var/lib/bacula
    File = /proc
    File = /tmp
    File = /.journal
    File = /.fsck
    File = /bacula
  }
}

Let's go over the changes that we made to the "Full Set" FileSet. First, we enabled gzip compression when creating a backup archive. Second, we are including /, i.e. the root partition, to be backed up. Third, we are excluding /bacula because we don't want to redundantly back up our Bacula backups and restored files.

Note: If you have partitions that are mounted within /, and you want to include those in the FileSet, you will need to include additional File records for each of them.

Keep in mind that if you always use broad FileSets, like "Full Set", in your backup jobs, your backups will require more disk space than if your backup selections are more specific. For example, a FileSet that only includes your customized configuration files and databases might be sufficient for your needs, if you have a clear recovery plan that details installing required software packages and placing the restored files in the proper locations, while only using a fraction of the disk space for backup archives.

Configure Storage Daemon Connection

In the Bacula Director configuration file, the Storage resource defines the Storage Daemon that the Director should connect to. We'll configure the actual Storage Daemon in just a moment.
Find the Storage resource, and replace the value of Address, localhost, with the private FQDN (or private IP address) of your backup server. It should look like this (substitute the highlighted word):
bacula-dir.conf — Update Storage Address

Storage {
  Name = File
# Do not use "localhost" here
  Address = backup_server_private_FQDN                # N.B. Use a fully qualified name here
  SDPort = 9103
  Password = "@@SD_PASSWORD@@"
  Device = FileStorage
  Media Type = File
}

This is necessary because we are going to configure the Storage Daemon to listen on the private network interface, so remote clients can connect to it.

Configure Catalog Connection

In the Bacula Director configuration file, the Catalog resource defines where the Database that the Director should use and connect to.
Find the Catalog resource named "MyCatalog" (it's under a comment that says "Generic catalog service"), and update the value of dbpassword so it matches the password you set for the bacula MySQL user:

bacula-dir.conf — Update Catalog dbpassword
# Generic catalog service
Catalog {
  Name = MyCatalog
# Uncomment the following line if you want the dbi driver
# dbdriver = "dbi:postgresql"; dbaddress = 127.0.0.1; dbport =
  dbname = "bacula"; dbuser = "bacula"; dbpassword = "bacula_db_password"
}

This will allow the Bacula Director to connect to the MySQL database.

Configure Pool

A Pool resource defines the set of storage used by Bacula to write backups. We will use files as our storage volumes, and we will simply update the label so our local backups get labeled properly.
Find the Pool resource named "File" (it's under a comment that says "# File Pool definition"), and add a line that specifies a Label Format. It should look like this when you're done:
bacula-dir.conf — Update Pool:

# File Pool definition
Pool {
  Name = File
  Pool Type = Backup
  Label Format = Local-
  Recycle = yes                       # Bacula can automatically recycle Volumes
  AutoPrune = yes                     # Prune expired volumes
  Volume Retention = 365 days         # one year
  Maximum Volume Bytes = 50G          # Limit Volume size to something reasonable
  Maximum Volumes = 100               # Limit number of Volumes in Pool
}

Save and exit. You're finally done configuring the Bacula Director.

Check Director Configuration:

Let's verify that there are no syntax errors in your Director configuration file:
sudo bacula-dir -tc /etc/bacula/bacula-dir.conf

If there are no error messages, your bacula-dir.conf file has no syntax errors.
Next, we'll configure the Storage Daemon.

Configure Storage Daemon

Our Bacula server is almost set up, but we still need to configure the Storage Daemon, so Bacula knows where to store backups.
Open the SD configuration in your favorite text editor. We'll use vi:
sudo vi /etc/bacula/bacula-sd.conf

Configure Storage Resource

Find the Storage resource. This defines where the SD process will listen for connections. Add theSDAddress parameter, and assign it to the private FQDN (or private IP address) of your backup server:

bacula-sd.conf — update SDAddress

Storage {                             # definition of myself
  Name = BackupServer-sd
  SDPort = 9103                  # Director's port
  WorkingDirectory = "/var/lib/bacula"
  Pid Directory = "/var/run/bacula"
  Maximum Concurrent Jobs = 20
  SDAddress = backup_server_private_FQDN
}

Configure Storage Device

Next, find the Device resource named "FileStorage" (search for "FileStorage"), and update the value ofArchive Device to match your backups directory:
bacula-sd.conf — update Archive Device

Device {
  Name = FileStorage
  Media Type = File
  Archive Device = /bacula/backup
  LabelMedia = yes;                   # lets Bacula label unlabeled media
  Random Access = Yes;
  AutomaticMount = yes;               # when device opened, read it
  RemovableMedia = no;
  AlwaysOpen = no;
}

Save and exit.

Verify Storage Daemon Configuration
Let's verify that there are no syntax errors in your Storage Daemon configuration file:
sudo bacula-sd -tc /etc/bacula/bacula-sd.conf

If there are no error messages, your bacula-sd.conf file has no syntax errors.
We've completed the Bacula configuration. We're ready to restart the Bacula server components.

Set Bacula Component Passwords

Each Bacula component, such as the Director, SD, and FD, have passwords that are used for inter-component authentication—you probably noticed placeholders while going through the configuration files. It is possible to set these passwords manually but, because you don't actually need to know these passwords, we'll run commands to generate random passwords and insert them into the various Bacula configuration files.

These commands generate and set the Director password. The bconsole connects to the Director, so it needs the password too:

DIR_PASSWORD=`date +%s | sha256sum | base64 | head -c 33`

sudo sed -i "s/@@DIR_PASSWORD@@/${DIR_PASSWORD}/" /etc/bacula/bacula-dir.conf

sudo sed -i "s/@@DIR_PASSWORD@@/${DIR_PASSWORD}/" /etc/bacula/bconsole.conf

These commands generate and set the Storage Daemon password. The Director connects to the SD, so it needs the password too:

SD_PASSWORD=`date +%s | sha256sum | base64 | head -c 33`

sudo sed -i "s/@@SD_PASSWORD@@/${SD_PASSWORD}/" /etc/bacula/bacula-sd.conf

sudo sed -i "s/@@SD_PASSWORD@@/${SD_PASSWORD}/" /etc/bacula/bacula-dir.conf

These commands generate and set the local File Daemon (the Bacula client software) password. The Director connects to this FD, so it needs the password too:

FD_PASSWORD=`date +%s | sha256sum | base64 | head -c 33`

sudo sed -i "s/@@FD_PASSWORD@@/${FD_PASSWORD}/" /etc/bacula/bacula-dir.conf

sudo sed -i "s/@@FD_PASSWORD@@/${FD_PASSWORD}/" /etc/bacula/bacula-fd.conf

Now we're ready to start our Bacula components!

Start Bacula Components

Start the Bacula Director, Storage Daemon, and local File Daemon with these commands:

sudo systemctl start bacula-dir

sudo systemctl start bacula-sd

sudo systemctl start bacula-fd


If they all started correctly, run these commands so they start automatically on boot:

sudo systemctl enable bacula-dir

sudo systemctl enable bacula-sd

sudo systemctl enable bacula-fd

Let's test that Bacula works by running a backup job.

Test Backup Job

We will use the Bacula Console to run our first backup job. If it runs without any issues, we will know that Bacula is configured properly.
Now enter the Console with this command:

sudo bconsole

This will take you to the Bacula Console prompt, denoted by a * prompt.

Create a Label
Begin by issuing a label command:
label

You will be prompted to enter a volume name. Enter any name that you want:
Enter new Volume name:

MyVolume
Then select the pool that the backup should use. We'll use the "File" pool that we configured earlier, by entering "2":

Select the Pool (1-3):
2

Manually Run Backup Job
Bacula now knows how we want to write the data for our backup. We can now run our backup to test that it works correctly:

run

You will be prompted to select which job to run. We want to run the "BackupLocalFiles" job, so enter "1" at the prompt:

Select Job resource (1-3):
1

At the "Run Backup job" confirmation prompt, review the details, then enter "yes" to run the job:
yes

Check Messages and Status

After running a job, Bacula will tell you that you have messages. The messages are output generated by running jobs.

Check the messages by typing:
messages

The messages should say "No prior Full backup Job record found", and that the backup job started. If there are any errors, something is wrong, and they should give you a hint as to why the job did not run.

Another way to see the status of the job is to check the status of the Director. To do this, enter this command at the bconsole prompt:

status director

If everything is working properly, you should see that your job is running. Something like this:
Output — status director (Running Jobs)

Running Jobs:
Console connected at 09-Apr-15 12:16
 JobId Level   Name                       Status
=============================================================
     3 Full    BackupLocalFiles.2015-04-09_12.31.41_06 is running


When your job completes, it will move to the "Terminated Jobs" section of the status report, like this:
Output — status director (Terminated Jobs)

Terminated Jobs:
 JobId  Level    Files      Bytes   Status   Finished        Name
===============================================================
     3  Full    161,124    877.5 M  OK       09-Apr-15 12:34 BackupLocalFiles

The "OK" status indicates that the backup job ran without any problems. Congratulations! You have a backup of the "Full Set" of your Bacula server.

The next step is to test the restore job.

Test Restore Job

Now that a backup has been created, it is important to check that it can be restored properly. Therestore command will allow us restore files that were backed up.

Run Restore All Job

To demonstrate, we'll restore all of the files in our last backup:
restore all

A selection menu will appear with many different options, which are used to identify which backup set to restore from. Since we only have a single backup, let's "Select the most recent backup"—select option 5:

Select item (1-13):
5

Because there is only one client, the Bacula server, it will automatically be selected.

The next prompt will ask which FileSet you want to use. Select "Full Set", which should be 2:

Select FileSet resource (1-2):
2

This will drop you into a virtual file tree with the entire directory structure that you backed up. This shell-like interface allows for simple commands to mark and unmark files to be restored.

Because we specified that we wanted to "restore all", every backed up file is already marked for restoration. Marked files are denoted by a leading * character.

If you would like to fine-tune your selection, you can navigate and list files with the "ls" and "cd" commands, mark files for restoration with "mark", and unmark files with "unmark". A full list of commands is available by typing "help" into the console.

When you are finished making your restore selection, proceed by typing:
done

Confirm that you would like to run the restore job:

OK to run? (yes/mod/no):
Yes

Check Messages and Status

As with backup jobs, you should check the messages and Director status after running a restore job.
Check the messages by typing:

messages

There should be a message that says the restore job has started or was terminated with an "Restore OK" status. If there are any errors, something is wrong, and they should give you a hint as to why the job did not run.

Again, checking the Director status is a great way to see the state of a restore job:
status director

When you are finished with the restore, type exit to leave the Bacula Console:
exit

Verify Restore

To verify that the restore job actually restored the selected files, you can look in the /bacula/restoredirectory (which was defined in the "RestoreLocalFiles" job in the Director configuration):

sudo ls -la /bacula/restore

You should see restored copies of the files in your root file system, excluding the files and directories that were listed in the "Exclude" section of the "RestoreLocalFiles" job. If you were trying to recover from data loss, you could copy the restored files to their appropriate locations.

Delete Restored Files

You may want to delete the restored files to free up disk space. To do so, use this command:
sudo -u root bash -c "rm -rf /bacula/restore/*"

Note that you have to run this rm command as root, as many of the restored files are owned by root.

Conclusion

You now have a basic Bacula setup that can backup and restore your local file system. The next step is to add your other servers as backup clients so you can recover them, in case of data loss.

Bacula has been successfully installed and configured. You can now add clients, jobs and volumes by updating the bacula config files. Alternatively you can use webmin to make the work more simple. It is quite easier then updating the config files manually.

Manage Bacula with Webmin

Webmin is a web-based interface for system administration for Unix. Using any modern web browser, you can setup user accounts, Apache, DNS, file sharing and much more.
Download and install the latest version of webmin from here.

wget http://sourceforge.net/projects/webadmin/files/webmin/1.770/webmin-1.770.tar.gz/download

tar zxvf webmin-1.7.tar.gz

cd webmin-1.770/

./setup.sh

Access Webmin

Now you can login through webmin by “//http://server-ip-address:10000” or “http://domain-name:10000/”.


Next step will show you how to add your other, remote servers as Bacula clients: 

Organize Bacula Director Configuration (Server)

On your Bacula Server, perform this section once.

When setting up your Bacula Server, you may have noticed that the configuration files are excessively long. We'll try and organize the Bacula Director configuration a bit, so it uses separate files to add new configuration such as jobs, file sets, and pools.

Let's create a directory to help organize the Bacula configuration files:
sudo mkdir /etc/bacula/conf.d

Then open the Bacula Director configuration file:
sudo vi /etc/bacula/bacula-dir.conf

At the end of the file add, this line:
bacula-dir.conf — Add to end of file

@|"find /etc/bacula/conf.d -name '*.conf' -type f -exec echo @{} \;"

Save and exit. This line makes the Director look in the /etc/bacula/conf.d directory for additional configuration files to append. That is, any .conf file added in there will be loaded as part of the configuration.

Add RemoteFile Pool

We want to add an additional Pool to our Bacula Director configuration, which we'll use to configure our remote backup jobs.

Open the conf.d/pools.conf file:
sudo vi /etc/bacula/conf.d/pools.conf

Add the following Pool resource:
conf.d/pools.conf — Add Pool resource

Pool {
  Name = RemoteFile
  Pool Type = Backup
  Label Format = Remote-
  Recycle = yes                       # Bacula can automatically recycle Volumes
  AutoPrune = yes                     # Prune expired volumes
  Volume Retention = 365 days         # one year
    Maximum Volume Bytes = 50G          # Limit Volume size to something reasonable
  Maximum Volumes = 100               # Limit number of Volumes in Pool
}

Save and exit. This defines a "RemoteFile" pool, which we will use by the backup job that we'll create later. Feel free to change any of the parameters to meet your own needs.

We don't need to restart Bacula Director just yet, but let's verify that its configuration doesn't have any errors in it:

sudo bacula-dir -tc /etc/bacula/bacula-dir.conf

If there are no errors, you're ready to continue on to the Bacula Client setup.
Install and Configure Bacula Client

Perform this section on any Client Host that you are adding to your Bacula setup.
Then install the bacula-client package:

sudo yum install bacula-client

This installs the Bacula File Daemon (FD), which is often referred to as the "Bacula client".

Configure Client

Before configuring the client File Daemon, you will want to look up the following information, which will be used throughout the remainder of this tutorial:

Client hostname:: Our example will use "ClientHost"

Client Private FQDN: We'll refer to this as "client_private_FQDN", which may look likeclienthost.private.example.com

Bacula Server hostname: Our example will use "BackupServer"
Your actual setup will vary from the example, so be sure to make substitutions where appropriate.
We will need to set a password, that will allow the Bacula Director to connect, in the File Daemon configuration. Let's generate a random password now (or you can skip this step and make up your own password):

date +%s | sha256sum | base64 | head -c 33 ; echo

You will want to copy the output, as you will use it in the next step.

Open the File Daemon configuration:
sudo vi /etc/bacula/bacula-fd.conf

We need to change a few items and save some information that we will need for our server configuration.

Begin by finding the Director resource that is named "ClientHost-dir". As the Bacula Director that we want to control this Client is located on the Bacula Server, change the "Name" parameter to the hostname of your backup server followed by "-dir". Also, replace the existing password with the one you generated in the previous step. It should look something like this after being updated:
bacula-fd.conf — Update Director Name and Password

Director {
  Name = BackupServer-dir
  Password = "Y2Q5ODUyMWM0YTFhYjA3NTcwYmU5OTA4Y"
}

Be sure to keep the password handy. It will be used in the Backup Server's Director configuration, which we will set in an upcoming step, to connect to your Client's File Daemon.

Next, we need to adjust one parameter in the FileDaemon resource. We will change the FDAddressparameter to match the private FQDN of our client machine. The Name parameter should already be populated correctly with the client file daemon name. The resource should looks something like this (substitute the actual FQDN or IP address):

bacula-fd.conf — Update Name and Add FDAddress
FileDaemon {                          # this is me
  Name = ClientHost-fd
  FDAddress = client_private_ip
  FDport = 9102                  # where we listen for the director
  WorkingDirectory = /var/spool/bacula
  Pid Directory = /var/run
  Maximum Concurrent Jobs = 20
}

We also need to configure this daemon to pass its log messages to the Backup Server. Find the Messages resource and change the director parameter to match your backup server's hostname with a "-dir" suffix. It should look something like this:

bacula-fd.conf — Update director
Messages {
  Name = Standard
  director =  BackupServer-dir = all, !skipped, !restored
}

Save the file and exit. Your File Daemon (Bacula Client) is now configured to listen for connections over the private network.

Check that your configuration file has the correct syntax with the following command:
sudo bacula-fd -tc /etc/bacula/bacula-fd.conf

If the command returns no output, the configuration file has valid syntax. Restart the file daemon to use the new settings:
sudo systemctl restart bacula-fd

Then run the following command to start the Bacula File Daemon automatically on boot:

sudo systemctl enable bacula-fd

Let's set up a directory that the Bacula Server can restore files to. Create the file structure and lock down the permissions and ownership for security with the following commands:

sudo mkdir -p /bacula/restore

sudo chown -R bacula:bacula /bacula

sudo chmod -R 700 /bacula

The client machine is now configured correctly. Next, we will configure the Backup Server to be able to connect to the Bacula Client.

Add FileSets (Server)

A Bacula FileSet defines a set of files or directories to include or exclude files from a backup selection, and are used by backup jobs on the Bacula Server.

If you followed the prerequisite tutorial, which sets up the Bacula Server components, you already have a FileSet called "Full Set". If you want to run Backup jobs that include almost every file on your Backup Clients, you can use that FileSet in your jobs. You may find, however, that you often don't want or need to have backups of everything on a server, and that a subset of data will suffice.
Being more selective in which files are included in a FileSet will decrease the amount of disk space and time, required by your Backup Server, to run a backup job. It can also make restoration simpler, as you won't need to sift through the "Full Set" to find which files you want to restore.
We will show you how to create new FileSet resources, so that you can be more selective in what you back up.

On your Bacula Server, open a file called filesets.conf, in the Bacula Director configuration directory we created earlier:

sudo vi /etc/bacula/conf.d/filesets.conf

Create a FileSet resource for each particular set of files that you want to use in your backup jobs. In this example, we'll create a FileSet that only includes the home and etc directories:
filesets.conf — Add Home and Etc FileSet

FileSet {
  Name = "Home and Etc"
  Include {
    Options {
      signature = MD5
      compression = GZIP
    }
    File = /home
    File = /etc
  }
  Exclude {
    File = /home/bacula/not_important
  }
}

There are a lot of things going on in this file, but here are a few details to keep in mind:
The FileSet Name must be unique

Include any files or partitions that you want to have backups of
Exclude any files that you don't want to back up, but were selected as a result of existing within an included file


You can create multiple FileSets if you wish. Save and exit, when you are finished.

Now we're ready to create backup job that will use our new FileSet.

Add Client and Backup Job to Bacula Server

Now we're ready to add our Client to the Bacula Server. To do this, we must configure the Bacula Director with new Client and Job resources.

Open the conf.d/clients.conf file:
sudo vi /etc/bacula/conf.d/clients.conf

Add Client Resource
A Client resource configures the Director with the information it needs to connect to the Client Host. This includes the name, address, and password of the Client's File Daemon.
Paste this Client resource definition into the file. Be sure to substitute in your Client hostname, private FQDN, and password (from the Client's bacula-fd.conf), where highlighted:

conf.d/clients.conf — Add Client resource

Client {
  Name = ClientHost-fd
  Address = client_private_FQDN
  FDPort = 9102
  Catalog = MyCatalog
  Password = "Y2Q5ODUyMWM0YTFhYjA3NTcwYmU5OTA4Y"          # password for Remote FileDaemon
  File Retention = 30 days            # 30 days
  Job Retention = 6 months            # six months
  AutoPrune = yes                     # Prune expired Jobs/Files
}

You only need to do this once for each Client.

Create a backup job:

A Backup job, which must have a unique name, defines the details of which Client and which data should be backed up.

Next, paste this backup job into the file, substituting the Client hostname for the highlighted text:

conf.d/clients.conf — Add Backup job resource
Job {
  Name = "BackupClientHost"
  JobDefs = "DefaultJob"
  Client = ClientHost-fd
  Pool = RemoteFile
  FileSet="Home and Etc"
}

This creates a backup job called "BackupClientHost", which will back up the home and etc directories of the Client Host, as defined in the "Home and Etc" FileSet. It will use the settings specified in the "DefaultJob" JobDefs and "RemoteFile" Pool resources, which are both defined in the main bacula-dir.conf file. By default, jobs that specify JobDefs = "DefaultJob" will run weekly.
Save and exit when you are done.

Verify Director Configuration

Let's verify that there are no syntax errors in your Director configuration file:
sudo bacula-dir /etc/bacula/bacula-dir.conf

If you are returned to the shell prompt, there are no syntax errors in your Bacula Director's configuration files.

Restart Bacula Director
To put the configuration changes that you made into effect, restart Bacula Director:
sudo systemctl restart bacula-dir

Now your Client, or remote host, is configured to be backed up by your Bacula Server.
Test Client Connection

We should verify that the Bacula Director can connect to the Bacula Client.
On your Bacula Server, enter the Bacula Console:
sudo bconsole

status client

Select Client resource: ClientHost-fd

The defined Client resources are:
     1: BackupServer-fd
     2: ClientHost-fd

Select Client (File daemon) resource (1-2): 2

The Client's File Daemon status should return immediately. If it doesn't, and there is a connection error, there is something wrong with the configuration of the Bacula Server or of the Client's File Daemon.

Test Backup Job

Let's run the backup job to make sure it works.

On the Bacula Server, while still in the Console, use this command:
run

You will be prompted to select which Job to run. Select the one we created earlier, e.g. "4. BackupClientHost":

Select Job resource: BackupClientHost

The defined Job resources are:
     1: BackupLocalFiles
     2: BackupCatalog
     3: RestoreLocalFiles
     4: BackupClientHost

Select Job resource (1-4): 4

At the confirmation prompt, enter "yes":

Confirmation prompt:
OK to run? (yes/mod/no): yes

Check Messages and Status

After running a job, Bacula will tell you that you have messages. The messages are output generated by running jobs.

Check the messages by typing:
messages

The messages should say "No prior Full backup Job record found", and that the backup job started. If there are any errors, something is wrong, and they should give you a hint as to why the job did not run.

Another way to see the status of the job is to check the status of the Director. To do this, enter this command at the bconsole prompt:
status director

If everything is working properly, you should see that your job is running or terminated with an "OK" status.

Perform Restore

The first time you set up a new Bacula Client, you should test that the restore works properly.
If you want to perform a restore, use the restore command at the Bacula Console:
restore all

A selection menu will appear with many different options, which are used to identify which backup set to restore from. Since we only have a single backup, let's "Select the most recent backup"—

select option 5:
Select item (1-13):
5

Then you must specify which Client to restore. We want to restore the remote host that we just set up, e.g. "ClientHost-fd":
Select the Client: ClientHost-fd

Defined Clients:
     1: BackupServer-fd
     2: ClientHost-fd

Select the Client (1-2): 2

This will drop you into a virtual file tree with the entire directory structure that you backed up. This shell-like interface allows for simple commands to mark and unmark files to be restored.

Because we specified that we wanted to "restore all", every backed up file is already marked for restoration. Marked files are denoted by a leading * character.

If you would like to fine-tune your selection, you can navigate and list files with the "ls" and "cd" commands, mark files for restoration with "mark", and unmark files with "unmark". A full list of commands is available by typing "help" into the console.

When you are finished making your restore selection, proceed by typing:
done

Confirm that you would like to run the restore job:
OK to run? (yes/mod/no):
Yes

Check Messages and Status
As with backup jobs, you should check the messages and Director status after running a restore job.
Check the messages by typing:

messages

There should be a message that says the restore job has started or was terminated with an "Restore OK" status. If there are any errors, something is wrong, and they should give you a hint as to why the job did not run.

Again, checking the Director status is a great way to see the state of a restore job:
status director

When you are finished with the restore, type exit to leave the Bacula Console:
exit

If everything worked properly, your restored files will be on your Client host, in the /bacula/restoredirectory. If you were simply testing the restore process, you should delete the contents of that directory.

Conclusion
You now have a Bacula Server that is backing up files from a remote Bacula Client. Be sure to review and revise your configuration until you are certain that you are backing up the correct FileSets, on a schedule that meets your needs. 

The next thing you should do is repeat the relevant sections of this tutorial for any additional CentOS 7 servers that you want to back up.


Monday, October 12, 2015

How to change network interface name from Enp0s3 to Eth0 on CentOS 7

 CentOS 7 Change Network Interface Name From Enp0s3 To Eth0

CentOS 7 Change Network Interface Name

Step1
# issue the ifconfig command to check the current network interface information, type:
# yum install net-tools









[root@localhost Desktop]$sudo ifconfig
enp0s3: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
inet 192.168.42.129  netmask 255.255.255.0  broadcast 192.168.42.255
inet6 fe80::20c:29ff:fec7:25ae  prefixlen 64  scopeid 0x20<link>
ether 00:0c:29:c7:25:ae  txqueuelen 1000  (Ethernet)
RX packets 200948  bytes 253071365 (241.3 MiB)
RX errors 0  dropped 0  overruns 0  frame 0
TX packets 56043  bytes 3420351 (3.2 MiB)
TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0


Step2
# edit “/etc/sysconfig/grub” configuration file using “vim” command:
before:






[root@localhost Desktop]$sudo vim /etc/sysconfig/grub
GRUB_DEFAULT=saved
GRUB_DISABLE_SUBMENU=true
GRUB_TERMINAL_OUTPUT="console"
GRUB_CMDLINE_LINUX="rd.lvm.lv=centos/swap vconsole.font=latarcyrheb-sun16 rd.lvm.lv=centos/root crashkernel=auto  vconsole.keymap=us rhgb quiet"
GRUB_DISABLE_RECOVERY="true"

then searching for “GRUB_CMDLINE_LINUX” line  and appending the following content “net.ifnames=0 biosdevname=0“, just like the below:


GRUB_CMDLINE_LINUX="rd.lvm.lv=centos/swap vconsole.font=latarcyrheb-sun16 rd.lvm.lv=centos/root crashkernel=auto  vconsole.keymap=us rhgb quiet net.ifnames=0 biosdevname=0"

Step3
# Using “grub2-mkconfig” command to re-generate a new grub configuration file, type:
>








[root@localhost Desktop]$sudo grub2-mkconfig  -o /boot/grub2/grub.cfg
Generating grub configuration file ...
Found linux image: /boot/vmlinuz-3.10.0-123.el7.x86_64
Found initrd image: /boot/initramfs-3.10.0-123.el7.x86_64.img
Warning: Please don't use old title `CentOS Linux, with Linux 3.10.0-123.el7.x86_64' for GRUB_DEFAULT, use `Advanced options for CentOS Linux CentOS Linux, with Linux 3.10.0-123.el7.x86_64' (for versions before 2.00) or `gnulinux-advanced-dbedd8fa-5d86-4ea0-8551-8444a48cd44f nulinux-3.10.0-123.el7.x86_64-advanced-dbedd8fa-5d86-4ea0-8551-8444a48cd44f' (for 2.00 or later)
Found linux image: /boot/vmlinuz-0-rescue-3303e35a730a41e3b4e99b544acea205
Found initrd image: /boot/initramfs-0-rescue-3303e35a730a41e3b4e99b544acea205.img
done

Step4
#   Rename “Enp” network file using”mv”command, type:

$sudo mv /etc/sysconfig/network-scripts/ifcfg-enp0s3  /etc/sysconfig/network-scripts/ifcfg-eth0

Step5
# Edit “/etc/sysconfig/network-scripts/ifcfg-eth0 ” configuration file and set the value of “Name” field to “eth0″.


















# vim /etc/sysconfig/network-scripts/ifcfg-eth0
TYPE=Ethernet
BOOTPROTO=dhcp
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
<strong>NAME=eth0</strong>
UUID=5ae10208-855b-41af-99e7-0673d3792d15
ONBOOT=yes
HWADDR=00:0C:29:C7:25:AE
PEERDNS=yes
PEERROUTES=yes
IPV6_PEERDNS=yes
IPV6_PEERROUTES=yes
Step6
# reboot system, after rebooting system, using “ifconfig” command check network interface information again.









[root@localhost Desktop]# ifconfig
eth0: flags=4163 UP,BROADCAST,RUNNING,MULTICAST  mtu 1500
inet 192.168.42.129  netmask 255.255.255.0  broadcast 192.168.42.255
inet6 fe80::20c:29ff:fec7:25ae  prefixlen 64  scopeid 0x20
ether 00:0c:29:c7:25:ae  txqueuelen 1000  (Ethernet)
RX packets 49  bytes 5285 (5.1 KiB)
RX errors 0  dropped 0  overruns 0  frame 0
TX packets 76  bytes 8540 (8.3 KiB)
TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
done….

Tuesday, October 6, 2015

Monthly Bandwidth Usage monitoring with Zabbix


Monitoring server's used bandwidth is not something that comes integrated with Zabbix by default.

First of all we deploy vnstat on target server(s).  vnstat is a simple program to monitor network traffic: 

[root@centos ~]# yum install vnstat

Then we need to initialize the vnstat database for the interface we want to monitor bandwidth on. i.e. for eth0 (change this to the interface that you want to monitor!) :

[root@centos ~]# vnstat -u -i eth0

We are done with vnstat . After a while we should be able to start retrieving stats for the given interface. i.e. to get the monthly used bandwidth (you can get daily, hourly ... check man page): 

[root@centos ~]# vnstat –m

eth0  /  monthly
       month        rx      |     tx      |    total    |   avg. rate
    ------------------------+-------------+-------------+---------------
      Nov '14    201.01 GiB |   82.29 GiB |  283.30 GiB |  916.87 kbit/s
      Dec '14    282.30 GiB |  219.39 GiB |  501.69 GiB |    1.57 Mbit/s
      Jan '15    637.36 GiB |  521.07 GiB |    1.13 TiB |    3.63 Mbit/s
      Feb '15    608.20 GiB |  608.40 GiB |    1.19 TiB |    4.22 Mbit/s
      Mar '15    559.96 GiB |  419.99 GiB |  979.95 GiB |    3.07 Mbit/s
      Apr '15    420.36 GiB |  355.42 GiB |  775.78 GiB |    2.51 Mbit/s
      May '15    155.58 GiB |  110.97 GiB |  266.55 GiB |  834.81 kbit/s
      Jun '15    184.76 GiB |  122.08 GiB |  306.84 GiB |  993.05 kbit/s
      Jul '15    288.87 GiB |  143.55 GiB |  432.42 GiB |    1.35 Mbit/s
      Aug '15    268.43 GiB |  266.29 GiB |  534.71 GiB |    1.67 Mbit/s
      Sep '15     93.30 GiB |  235.18 GiB |  328.48 GiB |    1.06 Mbit/s
      Oct '15     15.69 GiB |    6.72 GiB |   22.40 GiB |  419.62 kbit/s
    ------------------------+-------------+-------------+---------------
    estimated     93.79 GiB |   40.18 GiB |  133.97 GiB |


With vnstat in place and correctly working , we move now to creating a Zabbix UserParameter that will retrieve the total bandwidth used in a given month and send it to Zabbix via the Zabbix agent that we have installed in our server. Visit this link for more information on Zabbix UserParameters.

For this we first create a script that will get from vnstat the necessary information (so the total bandwidth used up to now in the current month): 

#!/bin/bash
# Current month total bandwidth in MB
i=$(vnstat --oneline | awk -F\; '{ print $11 }')
bandwidth_number=$(echo $i | awk '{ print $1 }')
bandwidth_unit=$(echo $i | awk '{ print $2 }')
case "$bandwidth_unit" in
KiB)    bandwidth_number_MB=$(echo "$bandwidth_number/1024" | bc)
    ;;
MiB)    bandwidth_number_MB=$bandwidth_number
    ;;
GiB)     bandwidth_number_MB=$(echo "$bandwidth_number*1024" | bc)
    ;;
TiB)    bandwidth_number_MB=$(echo "$bandwidth_number*1024*1024" | bc)
    ;;
esac
echo $bandwidth_number_MB


And now we add the aforementioned  UserParameter to the Zabbix Agent configuration file (in Debian it is located in /etc/zabbix/zabbix_agentd.conf. We add this line under the ####### USER-DEFINED MONITORED PARAMETERS ####### section:
UserParameter=system.monthlybandwidth,/home/zabbix/zabbix_total_month_bandwidth.sh

Please modify the script path and name according to your settings.  Note that the name we have used for this new UserParameter is system.monthlybandwidth . Again, you can customize this according to your needs.

We are mostly done. 

We just need now to go to Zabbix Admin and add the new parameter as an item to the desired server or template. You will want typically to deploy this new parameter to a template so it gets automatically distributed to new servers using this template







Here you can see the definition of the new item with the name of  Bandwidth Month . We have used a multiplier too to convert the final unit to GB.

So now we can check how it looks a graph for one server with this item configured:   



As expected we have a raising line each month from 0 to the total used bandwidth. We will be able to spot sudden rises in bandwidth consumption, max during the period for which we have data ... 

Monday, October 5, 2015

[Docker] x509: certificate signed by unknown authority - Docker

Issue:

# docker run hello-world
Unable to find image 'hello-world:latest' locally
Trying to pull repository docker.io/hello-world ... failed
Get https://index.docker.io/v1/repositories/library/hello-world/images: x509: certificate signed by unknown authority


Solution:

 # echo -n | openssl s_client -connect index.docker.io:443 -showcerts | sed -n -e '/BE-GIN\ CERTIICATE/,/END\ CERTIFICATE/ p'

depth=1 C = IN, ST = Gujarat, L = Ahmedabad, O = Cyberoam, OU = Cyberoam Certificate Authority, CN = Cyberoam SSL CA_C202314364571, emailAddress = support@cyberoam.com
verify error:num=19:self signed certificate in certificate chain
verify return:0
DONE

...and put it in
/usr/share/pki/ca-trust-source/anchors/

# cp cyberoam_ssl_ca.pem /usr/share/pki/ca-trust-source/anchors/

# update-ca-trust extract

# systemctl restart docker

# docker run hello-world

Thursday, September 24, 2015

How to Create Encrypted and Bandwidth-efficient Backups Using ‘Duplicity’ in Linux

Experience shows that you can never be too paranoid about system backups. When it comes to protecting and preserving precious data, it is best to go the extra mile and make sure you can depend on your backups if the need arises.
Create Encrypted Linux File System Backups
Duplicity – Create Encrypted Linux File System Backups
Even today, when some cloud and hosting providers offer automated backups for VPS’s at a relatively low cost, you will do well to create your own backup strategy using your own tools in order to save some money and then perhaps use it to buy extra storage or get a bigger VPS.
Sounds interesting? In this article we will show you how to use a tool called Duplicity to backup and encrypt file and directories. In addition, using incremental backups for this task will help us to save space.
That said, let’s get started.

Installing Duplicity

To install duplicity in Fedora-based distros, you will have to enable the EPEL repository first (you can omit this step if you’re using Fedora itself):
# yum update && yum install epel-release
Then run,
# yum install duplicity
For Debian and derivatives:
# aptitude update && aptitude install duplicity
In theory, many methods for connecting to a file server are supported although only ssh/scp/sftp, local file access, rsyncftp, HSI, WebDAV and Amazon S3 have been tested in practice so far.
Once the installation completes, we will exclusively use sftp in various scenarios, both to back up and to restore the data.
Our test environment consists of a CentOS 7 box (to be backed up) and a Debian 8 machine (backup server).

Creating SSH keys to access remote servers and GPG keys for encryption

Let’s begin by creating the SSH keys in our CentOS box and transfer them to the Debian backup server.
The below commands assumes the sshd daemon is listening on port XXXXX in the Debian server. ReplaceAAA.BBB.CCC.DDD with the actual IP of the remote server.
# ssh-keygen -t rsa
# ssh-copy-id -p XXXXX root@AAA.BBB.CCC.DDD
Then you should make sure that you can connect to the backup server without using a password:
Create SSH Keys
Create SSH Keys
Now we need to create the GPG keys that will be used for encryption and decryption of our data:
# gpg --gen-key
You will be prompted to enter:
  1. Kind of key
  2. Key size
  3. How long the key should be valid
  4. A passphrase
Create GPG Keys
Create GPG Keys
To create the entropy needed for the creation of the keys, you can log on to the server via another terminal window and perform a few tasks or run some commands to generate entropy (otherwise you will have to wait for a long time for this part of the process to finish).
Once the keys have been generated, you can list them as follows:
# gpg --list-keys
List Generated GPG Keys
List Generated GPG Keys
The string highlighted in yellow above is known as the public key ID, and is a requested argument to encrypt your files.

Creating a backup with Duplicity

To start simple, let’s only backup the /var/log directory, with the exception of /var/log/anaconda and/var/log/sa.
Since this is our first backup, it will be a full one. Subsequent runs will create incremental backups (unless we add the full option with no dashes right next to duplicity in the command below):
PASSPHRASE="YourPassphraseHere" duplicity --encrypt-key YourPublicKeyIdHere --exclude /var/log/anaconda --exclude /var/log/sa /var/log scp://root@RemoteServer:XXXXX//backups/centos7
Make sure you don’t miss the double slash in the above command! They are used to indicate an absolute path to a directory named /backups/centos7 in the backup box, and is where the backup files will be stored.
Replace YourPassphraseHereYourPublicKeyIdHere and RemoteServer with the passphrase you entered earlier, the GPG public key ID, and with the IP or hostname of the backup server, respectively.
Your output should be similar to the following image:
Create /var Partition Backup
Create Backup using Duplicity
The image above indicates that a total of 86.3 MB was backed up into a 3.22 MB in the destination. Let’s switch to the backup server to check on our newly created backup:
Confirm Backup File
Confirm Backup File
A second run of the same command yields a much smaller backup size and time:
Compress Backup
Compress Backup

Restoring backups using Duplicity

To successfully restore a file, a directory with its contents, or the whole backup, the destination must not exist (duplicity will not overwrite an existing file or directory). To clarify, let’s delete the cron log in the CentOS box:
# rm -f /var/log/cron
Delete Cron Logs
Delete Cron Logs
The syntax to restore a single file from the remote server is:
# PASSPHRASE="YourPassphraseHere" duplicity --file-to-restore filename sftp://root@RemoteHost//backups/centos7 /where/to/restore/filename
where,
  1. filename is the file to be extracted, with a relative path to the directory that was backed up
  2. /where/to/restore is the directory in the local system where we want to restore the file to.
In our case, to restore the cron main log from the remote backup we need to run:
# PASSPHRASE="YourPassphraseHere" duplicity --file-to-restore cron sftp://root@AAA.BBB.CCC.DDD:XXXXX//backups/centos7 /var/log/cron
The cron log should be restored to the desired destination.
Likewise, feel free to delete a directory from /var/log and restore it using the backup:
# rm -rf /var/log/mail
# PASSPHRASE="YourPassphraseHere" duplicity --file-to-restore mail sftp://root@AAA.BBB.CCC.DDD:XXXXX//backups/centos7 /var/log/mail
In this example, the mail directory should be restored to its original location with all its contents.

Other features of Duplicity

At any time you can display the list of archived files with the following command:
# duplicity list-current-files sftp://root@AAA.BBB.CCC.DDD:XXXXX//backups/centos7
Delete backups older than 6 months:
# duplicity remove-older-than 6M sftp://root@AAA.BBB.CCC.DDD:XXXXX//backups/centos7
Restore myfile inside directory gacanepa as it was 2 days and 12 hours ago:
# duplicity -t 2D12h --file-to-restore gacanepa/myfile sftp://root@AAA.BBB.CCC.DDD:XXXXX//remotedir/backups /home/gacanepa/myfile
In the last command, we can see an example of the usage of the time interval (as specified by -t): a series of pairs where each one consists of a number followed by one of the characters smhDWM, or Y (indicating seconds, minutes, hourse, days, weeks, months, or years respectively).

Wednesday, July 29, 2015

PHP gettext extension missing (Zabbix)

PHP gettext extension missing (PHP configuration parameter --with-gettext)

The getText PHP usage (getText is a set of tools and libraries to help programmers and translators to develop multi-language software), in order to achieve the PHP i18n.

No way, looked under the original extension was not installed gettest when installed php, no way to re-fill

Mainly two aspects cause PHP gettext extension missing (PHP configuration parameter --with-gettext) this error: First, do not add --with-gettext option when compiling PHP
Solutions are as follows:
The installation is a dynamic installation of php gettext extension module in php source file into the /ext /gettext
cd /ext/gettext
/Usr/local/php/bin/phpize
./configure -with-php-config = /usr/local/php/bin/php-config
make && make install
Second, the system lacks gettext-devel tool library, or already compile and install the gettext but could not find a way to compile php
vi /usr/local/php/etc/php.ini
Find extensions option, add the following entry:
extension = "gettext.so"
Here remember to add the path to extensions

restart apache service
That's it.......