« Previous 1 2 3 4 Next »
Network backups with Amanda
Auntie Amanda
Setting up Authorization
The amandad
daemon only accepts instructions from computers that you previously added to a list of trusted systems. This list is stored in the .amandahosts
text file, which is located in the home directory of Amanda user amanda
. On Ubuntu, the /var/backups/.amandahosts
file is only a symbolic link to the /etc/amanda-hosts
file. Other distributions use the same or a similar pattern.
First check to see whether .amandahosts
exists somewhere on the backup server. If not, create a new copy in the home directory of the amanda
user. Then, open .amandahosts
as the amanda
user with a text editor – on Ubuntu, type
sudo -u amanda vi /var/backups/.amandahosts
The content should now look like the following:
localhost amanda client.example.com root amindexd amidxtaped
The first line lets you restore backups on the server. The second line give the root user on the client machine access to the services needed for the restore: amindexd
and amidxtaped
. In the same way, working on the client machine, you need to allow access from the server. Open the appropriate .amandahosts
file. The contents should include the following two lines, the second of which gives the server access to the client:
localhost amanda server.example.com amanda
Checking the Backup
After creating all the configuration files, amcheck
checks for content problems and typos (Figure 1). You must call this program as the amanda
user, as in sudo -u amanda
:
$ sudo -u amanda amcheck ADMINExample
The actual backup runs the amdump
program, which – like amcheck
– simply expects the configuration name as a parameter, and which you also run as the amanda
user:
$ sudo -u amanda amdump ADMINExample
The tool does not output any information to the console. Only the return value tells you whether the backup was successful. The amreport
tool (Figure 2) provides a detailed report:
$ sudo -u amanda amreport ADMINExample
You can use Cron to activate Amanda at regular intervals. Add amdump
to your crontab
, along with its co-worker amcheck
, which will check the available disk space.
If necessary, amcheck
and amdump
send email to the administrator. amcheck
reports errors, and amdump
delivers a report. To send an email message, you only need to add the mailto
setting to the amanda.conf
configuration file:
mailto "admin-atat-example.com"
For amcheck
, you should also specify the -m
option:
amcheck -m ADMINExample
Connecting via SSH
Instead of the TCP connection, the backup server can log in to the client using SSH, use SSH to create a dump file, and finally copy it to the server. This series of steps removes the need to configure inetd
or xinetd
. In amanda.conf
, create a dumptype
section as follows:
define dumptype simple-gnutar-ssh { auth "ssh" ssh_keys "/etc/amanda/Example/ssh-key" client-username "amanda" compress none program "GNUTAR" }
Log on to the client using SSH with user name amanda
. (You need to authorize SSH: auth "ssh"
.) Amanda then creates a backup on the client using tar
and without compression (compress none
). This approach only works under the following conditions:
- The Amanda user
amanda
must be able to log in to the client and must therefore have a login shell. - Amanda cannot prompt for a passphrase. The login to the client must thus rely on either the SSH agent or a certificate exchange.
Doing without a passphrase can lead to security problems. For instructions on how to set up SSH appropriately, see the Zamanda wiki [5].
ssh_keys
then points to the file with the private key in the dumptype
section. Finally, Amanda also needs SSH support. If you install the backup program via your distribution's package manager, the default configuration should already support SSH. As an alternative to the SSH connection, you can use a use a VPN tunnel.
« Previous 1 2 3 4 Next »
Buy this article as PDF
(incl. VAT)