Amanda (*nix backup solution)

Configuring

FIXME

Server

FIXME

Server with tape library

FIXME

Client

FIXME

Firewall need to know bases

FIXME

Running amanda

FIXME

Labelling tapes

FIXME

Creating dumps

FIXME

FAQ/Troubleshooting

FIXME

Taken from the OLD tnt

restart inetd after installation of amanda-clients

(from lowkey)

12.5 Types of backup

Meta: Full, incremental, differential, network, dump, level 0–9,

There are different kinds of backups, the following lists some of them:

Full Full backup means backing up everything.

Incremental Incremental backup means backing up everything that has changed since last full backup.

Differential Differential seems to be another name for incremental.

Network Network backup usually means backing up a client to a backup server, this means the client sends the files to the server and the server writes them to backup medium.

Dump Dump backups are not ordinary file by file backups. The whole disk partition or file system is “dumped” to the backup medium as is. This means it is also necessary to restore the whole partition or file system at one go. The dump backup may be a disk image, which means it must be restored to a similar disk with same disk geometry and bad blocks in same places. Watch out for this.

Level 0 – 9 Level 0 to 9 backups are a finer grained version of incremental backups. Level N backup means backing up everything that has changed since a same or lower lever backup.

Meta: Check the backup can be restored, with original file owners, permissions and timestamps.

To be useful, you must be able to restore the backup. Very often not only the contents of file are important, but their time stamps, permissions and owners. Check that you can restore the backup so that all these are preserved.

#Amanda Backup Software Configuration & Installation

#May 31, 2002 && June 23, 2002 && July 01, 2002 #Steve Bertrand #Assuming Amanda 2.2.4 on FreeBSD 4.5 #Replace 'ee' with your favorite ascii editor

## ## Variables ## 'amandaserver'=servername that the tape drive is attached to

##################### #Configure the tape server #####################

### Create the accounts # ee /etc/group # Add the 'backup' group # adduser 'amanda'

### Add amanda to the operators group # ee /etc/group # make the operator line look like this: # operator:*:gid:root,amanda

### Create non-rewind tape device # cd /dev # Find out the name of the tape device file using dmesg | more # My example: # dmesg | grep SONY (output=sa0) # ./MAKEDEV sa0 (created nrsa0, which is the non-rewind device)

### cd to your tar.gz directory, then: # tar -xzvf amanda.x.x.x.tar.gz # cd amanda.x.x.x

### Review –with-tape-server, –with-config and all –without-* options of configure script. Also, –with-samba-user=username to back up windows drives. ### The following will work in a pinch: # ./configure –with-user=amanda –with-group=backup # make # make install # ee /etc/services

# verified listing of:
# Amanda 10080/udp
# Amadaidx 10082/tcp
# Amidxtape 10083/tcp

# ee /etc/inetd.conf

# added lines:
## For clients:
# amanda dgram udp wait amanda /PATH/libexec/amandad amandad
## For Tape Host:
# amandaidx stream tcp nowait amanda /PATH/libexec/amindexd amindexd
# amidxtape stream tcp nowait amanda /PATH/libexec/amidxtaped

amidxtaped

### Setup your configuration # mkdir -v /usr/local/etc/amanda/'configdir' # chown amanda /usr/local/etc/amanda/'configdir' # chown amanda:backup /usr/local/etc/amanda/northnet # cp /DOWNLOADDIR/example/amanda.conf /usr/local/etc/amanda/'configdir'

### Next there is one of 2 choices: # cp /DOWNLOADDIR/example/disklist /usr/local/etc/amanda/'configdir' ## or, if you know what you are doing (if not, do the above command): # touch /usr/local/amanda/'configdir'/disklist

### Edit the amanda.conf file # cd /usr/local/etc/amanda/'configdir' # ee amanda.conf

# change org to 'configdir'
# comment out anything to do with changers (unless one is in use)
# change labelstr from "^DailySet1[0-9][0-9]*$" to

“^'configdir'[0-9][0-9]*$”

# set tapedev to /dev/rmt/'defined' # defined by creating new device

from original tape unit

# set the holding disks (use - number to use all but that)
# add the 'tapetype' and define it at the bottom of the config file
# tapetype definitions are found on the amanda website
# change infofile from DailySet1 to 'configdir'
# change logdir from DailySet1 to 'configdir'
# change indexdir from DailySet1 to 'configdir'
# set the holding disks ( a negative number will use all but that)
# set your tapetype in the tapetype definitions(settings at

www.amanda.org)

# add 'index yes' to the dump-type definition you will use

(comp-user, comp-root for me)

### Edit the disklist file # add all options of each backup in format: 'host slice backup_type'

### Create, and give amanda write on her own dir's, and the backup dir # mkdir -pv /usr/adm/amanda/'configdir' # chown amanda:backup /usr/adm # chmod -R 700 /usr/adm # mkdir -v /'dump_directory' #Place to dump the backups before they hit tape # chown amanda:backup /'dump_directory' # chmod 700 /'dump_directory'

### If you didn't use the 'adduser' script to create the amanda user, ### you'd better create her home dir now!! (verify it doesn't exist first!!!) # mkdir /home/amanda # chown amanda:backup /home/amanda

### Set up authorization file # cd /home/amanda # ee .amandahosts

# add user/server pair as follows (eg.):
# baini.northnetworks.ca root

### Check the configuration # amcheck -sc 'configdir' # to check for configuration errors —fix them, then proceed

# some error resolutions listed at EOF

### Label Tapes, then check for availability # amlabel 'configdir' 'labelstr'[0-9][0-9] # eg. amlabel northnet northnet01

### Check that your tape took the label # more tapelist (assuming you are already in the 'configdir' directory)

### To rewind tapes # mt -f /dev/'tapedev' (/dev/rmt/nrsa0) rewind

### When recovering data, you may need to rewind your tape first. See above line.

### File Locations # configure options file = /usr/local/share/config.site or # /usr/local/etc/config.site

############################# #Configuring Clients ###############################

### Install amanda as above, but append the –with-portrange=xxxx,xxxx to configure. No configuration of the .conf files is required.

### Create a 'backup' group # ee /etc/group # add to this file: backup:*:gid:

### Create the 'amanda' and choose 'backup' as her group # adduser

### Add amanda to the operators group # ee /etc/group

# append ',amanda' to the line 'operators'

### Verify that the following is true:

# amanda dgram udp wait amanda /PATH/libexec/amandad amandad appears

in /etc/inetd.conf

# Amanda 10080/udp appears in /etc/services

### Verify that 10080 appears as a UDP hole in the firewall to the client

### Verify that 10080 as UDP and 10082, 10083 as TCP appear as holes in the firewall to server

w### Verify that ports xxxx-xxxx (specified to configure) are punched through the firewall

### On the client, give the server's amanda user access rights # echo “'amandaserver'.domain.com amanda” > /home/amanda/.amandahosts

### Add the backup directory on the new client to the tape server ### ### Were on the tape server now # cd 'configdir' # ee disklist

# addline:
# client_pc.domain.com /partition backuptype
## My example:
# diana.northnetworks.ca /usr comp-user
## For Windows drives:
# amanda //winbox/drive backuptype

### For Windows clients, you must specify the share password # ee /etc/amandapass

# addline:
# //winbox/drive	password

### Back on the client ### Verify data ports are open

# make sure that amanda data ports are open on the server
# these ports are default 1000-2000

### Validate new clients # su amanda -c “amcheck 'configdir'”

########################## #Misc ##########################

# Debug dir is normally /tmp/amanda # sendbackup* files in debug dir will tell you about problems connecting data transfer ports on the clients

########################### #Possible problems ###########################

### During amrecover 'configdir' # No index found for host.

# verify 'servername user' are included in .amandahosts
# verify /usr/adm/amanda/'configdir'/index/'servername' exists
# ensure 'index yes' is written into the backup type definition

### 'servername' hostlookup failed

# verify proper reverse-dns lookup on host

### After amdump 'configdir' # Can't switch to incremental dump (this will appear in run mailings)

# tape won't overwrite, full dump not yet performed.  Put in a new

tape and retry

## After amdump 'configdir' from remote clients # Time out errors

### verify holes punched out in firewall
## If using nmap, scan the client:
# nmap -sU -p U:10080 client_pc.domain.com
## Then scan the server
# nmap -sU -p U:10080 server_pc.domain.com
#nmap -sF -p 10082 server_pc.domain.com
#nmap -sF -p 10083 server_pc.domain.com

### Can't connect to Windows share with 'amcheck' or 'amdump' # Ensure that the correct sharename/password is listed in /etc/amandapass. # The default user amanda uses to back up winboxes is 'amanda'. # To change this, recompile amanda and give –with-samba-user='username'

OLD

On host:

/etc/hosts.allow: amandad: backupserver

/etc/amandahosts: backupserver backup

firewall: INPUT -p udp -s backupserver –dport 10080 -j ACCEPT

On backupserver: INPUT -p tcpd

input -p udp -d backupserver –sport 10080 -j ACCEPT

#-A input -p udp –dport 0:1024 -j ACCEPT #-A input -p udp –dport 0:1024 -j ACCEPT #-A input -p udp –dport 0:1024 -j ACCEPT #-A input -p udp –dport 0:1024 -j ACCEPT

Running an Amanda server from behind a firewall, to clients outside it, can be a bit tricky.

Amanda uses quite a few ports for communications. The general sequence is: 1) The server makes a start backup request on port 10080 to the client. 2) The client forks an amandad process, which then attempts to contact the server on a random udp port. 3) The server opens 2 or 3 random TCP sockets back to the client per dumper process. (one for data, one for messages and one for index, if indexing is enabled.) 4) data starts shuffling.

The problem with a firewall is step 2. Since most firewalls are set up to allow any outgoing traffic, the others steps usually have no problems. But that random UDP port back in to the server is usually blocked. This causes a symptom of “timeout waiting ack” in /tmp/amanda/amandad.debug on the client.

The solution is to use two of the configure directives. configure –with-portrange=xxx,yyy will restrict your tcp ports to the given range. This is standard functionality as of 2.4.1.

However this will NOT restrict that UDP port at all. you need to d/l the 2.4.2beta from the snapshots site (as of this writing 2.4.2 is still beta test) configure 2.4.2 with the new –with-udpportrange=xxx,yyy directive.

You must pick ports under 1024 or amanda will complain of “insecure ports used” those ports should of course not conflict with other services listed in /etc/services. ( I suggest 850-854 or 859)

Ypu must also open your firewall up to both UDP and TCP ports, in the range you specified, from your clients to your server.

Hope this helps! mark@globalcenter.net.au

linux/amanda.txt · Last modified: 2009/05/25 00:35 (external edit)
CC Attribution-Share Alike 4.0 International
Driven by DokuWiki Recent changes RSS feed Valid CSS Valid XHTML 1.0 ipv6 ready