Network backups with Amanda

Auntie Amanda

Setting up Authorization

The amandad daemon only accepts instructions from computers that you previously added to a list of trusted systems. This list is stored in the .amandahosts text file, which is located in the home directory of Amanda user amanda. On Ubuntu, the /var/backups/.amandahosts file is only a symbolic link to the /etc/amanda-hosts file. Other distributions use the same or a similar pattern.

First check to see whether .amandahosts exists somewhere on the backup server. If not, create a new copy in the home directory of the amanda user. Then, open .amandahosts as the amanda user with a text editor – on Ubuntu, type

sudo -u amanda vi /var/backups/.amandahosts

The content should now look like the following:

localhost amanda
client.example.com root amindexd amidxtaped

The first line lets you restore backups on the server. The second line give the root user on the client machine access to the services needed for the restore: amindexd and amidxtaped. In the same way, working on the client machine, you need to allow access from the server. Open the appropriate .amandahosts file. The contents should include the following two lines, the second of which gives the server access to the client:

localhost amanda
server.example.com amanda

Checking the Backup

After creating all the configuration files, amcheck checks for content problems and typos (Figure 1). You must call this program as the amanda user, as in sudo -u amanda:

Figure 1: The NOTEs are not errors, but only references to data generated during the first backup run. In this case, Amanda needs to back up the computer with the IP address 192.168.1.102.
$ sudo -u amanda amcheck ADMINExample

The actual backup runs the amdump program, which – like amcheck – simply expects the configuration name as a parameter, and which you also run as the amanda user:

$ sudo -u amanda amdump ADMINExample

The tool does not output any information to the console. Only the return value tells you whether the backup was successful. The amreport tool (Figure 2) provides a detailed report:

Figure 2: The backup of the /etc directory on the computer at 192.168.1.102 was successful on Ubuntu 16.04.
$ sudo -u amanda amreport ADMINExample

You can use Cron to activate Amanda at regular intervals. Add amdump to your crontab, along with its co-worker amcheck, which will check the available disk space.

If necessary, amcheck and amdump send email to the administrator. amcheck reports errors, and amdump delivers a report. To send an email message, you only need to add the mailto setting to the amanda.conf configuration file:

mailto "admin-atat-example.com"

For amcheck, you should also specify the -m option:

amcheck -m ADMINExample

Connecting via SSH

Instead of the TCP connection, the backup server can log in to the client using SSH, use SSH to create a dump file, and finally copy it to the server. This series of steps removes the need to configure inetd or xinetd. In amanda.conf, create a dumptype section as follows:

define dumptype simple-gnutar-ssh {
  auth "ssh"
  ssh_keys "/etc/amanda/Example/ssh-key"
  client-username "amanda"
  compress none
  program "GNUTAR"
}

Log on to the client using SSH with user name amanda. (You need to authorize SSH: auth "ssh".) Amanda then creates a backup on the client using tar and without compression (compress none). This approach only works under the following conditions:

  • The Amanda user amanda must be able to log in to the client and must therefore have a login shell.
  • Amanda cannot prompt for a passphrase. The login to the client must thus rely on either the SSH agent or a certificate exchange.

Doing without a passphrase can lead to security problems. For instructions on how to set up SSH appropriately, see the Zamanda wiki [5].

ssh_keys then points to the file with the private key in the dumptype section. Finally, Amanda also needs SSH support. If you install the backup program via your distribution's package manager, the default configuration should already support SSH. As an alternative to the SSH connection, you can use a use a VPN tunnel.

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy ADMIN Magazine

SINGLE ISSUES
 
SUBSCRIPTIONS
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

comments powered by Disqus