« Previous 1 2 3 4 Next »
Network backups with Amanda
Auntie Amanda
Setting up Authorization
The amandad daemon only accepts instructions from computers that you previously added to a list of trusted systems. This list is stored in the .amandahosts text file, which is located in the home directory of Amanda user amanda. On Ubuntu, the /var/backups/.amandahosts file is only a symbolic link to the /etc/amanda-hosts file. Other distributions use the same or a similar pattern.
First check to see whether .amandahosts exists somewhere on the backup server. If not, create a new copy in the home directory of the amanda user. Then, open .amandahosts as the amanda user with a text editor – on Ubuntu, type
sudo -u amanda vi /var/backups/.amandahosts
The content should now look like the following:
localhost amanda client.example.com root amindexd amidxtaped
The first line lets you restore backups on the server. The second line give the root user on the client machine access to the services needed for the restore: amindexd and amidxtaped. In the same way, working on the client machine, you need to allow access from the server. Open the appropriate .amandahosts file. The contents should include the following two lines, the second of which gives the server access to the client:
localhost amanda server.example.com amanda
Checking the Backup
After creating all the configuration files, amcheck checks for content problems and typos (Figure 1). You must call this program as the amanda user, as in sudo -u amanda:
Figure 1: The NOTEs are not errors, but only references to data generated during the first backup run. In this case, Amanda needs to back up the computer with the IP address 192.168.1.102.
$ sudo -u amanda amcheck ADMINExample
The actual backup runs the amdump program, which – like amcheck – simply expects the configuration name as a parameter, and which you also run as the amanda user:
$ sudo -u amanda amdump ADMINExample
The tool does not output any information to the console. Only the return value tells you whether the backup was successful. The amreport tool (Figure 2) provides a detailed report:
Figure 2: The backup of the /etc directory on the computer at 192.168.1.102 was successful on Ubuntu 16.04.
$ sudo -u amanda amreport ADMINExample
You can use Cron to activate Amanda at regular intervals. Add amdump to your crontab, along with its co-worker amcheck, which will check the available disk space.
If necessary, amcheck and amdump send email to the administrator. amcheck reports errors, and amdump delivers a report. To send an email message, you only need to add the mailto setting to the amanda.conf configuration file:
mailto "admin-atat-example.com"
For amcheck, you should also specify the -m option:
amcheck -m ADMINExample
Connecting via SSH
Instead of the TCP connection, the backup server can log in to the client using SSH, use SSH to create a dump file, and finally copy it to the server. This series of steps removes the need to configure inetd or xinetd. In amanda.conf, create a dumptype section as follows:
define dumptype simple-gnutar-ssh {
auth "ssh"
ssh_keys "/etc/amanda/Example/ssh-key"
client-username "amanda"
compress none
program "GNUTAR"
}Log on to the client using SSH with user name amanda. (You need to authorize SSH: auth "ssh".) Amanda then creates a backup on the client using tar and without compression (compress none). This approach only works under the following conditions:
- The Amanda user
amandamust be able to log in to the client and must therefore have a login shell. - Amanda cannot prompt for a passphrase. The login to the client must thus rely on either the SSH agent or a certificate exchange.
Doing without a passphrase can lead to security problems. For instructions on how to set up SSH appropriately, see the Zamanda wiki [5].
ssh_keys then points to the file with the private key in the dumptype section. Finally, Amanda also needs SSH support. If you install the backup program via your distribution's package manager, the default configuration should already support SSH. As an alternative to the SSH connection, you can use a use a VPN tunnel.
« Previous 1 2 3 4 Next »
Buy this article as PDF
(incl. VAT)
Buy ADMIN Magazine
US / Canada
UK / Australia
Related content
-
Flexible backup for large-scale environments
Bacula is a powerful open source backup solution for large environments that offers automation, extension modules, and commercial support. -
Exploring the Relax and Recoverbackup and rescue system
Relax and Recover (ReaR) generates an appropriate rescue image from a running system and also acts as a migration tool. -
Cloud protection with Windows Azure Backup
Microsoft offers the Windows Azure Backup service, which lets you back up data from servers in the cloud. This removes the need for your own infrastructure, and the service alleviates privacy concerns by using continuous encryption. -
Free Enterprise Backup with Bareos
Available on almost all platforms, the open source backup software Bacula is popular with many administrators – now the Bareos fork is poised to expand its leading role.
-
New features in the Bareos Bacula fork
Available on almost all platforms, the open source backup software Bacula is popular with many administrators – now the Bareos fork is poised to expand its leading role.