Re: Solaris ACLs
Talking of snapshots, FreeBSD 5.x can do this too with the -L flag to dump. Can someone remind me of how to generate a specific backup type (in amanda.conf) that passes the -L flag to dump on the remote system. Ta -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Jon LaBadie wrote: big snip As Solaris also can do FS snapshots, the OP should be informed of that feature. Not amanda specific, but neat. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support.
mixed full / incremental backup...
Hi all,... Since people around here still are stuck wanting to have a friday-full/rest-of-the-week-incremental backup strategy, I read through http://www.backupcentral.com/amanda-19.html created two amanda configurations with the same disklist for full and for incremental backup, labeled my tapes and tested the whole mess. About the full backup, things work pretty fine. However, trying to run the incremental setup always leaves me with an error mail such as below: *** A TAPE ERROR OCCURRED: [label Back06 or new tape not found in rack]. Some dumps may have been left in the holding disk. This is strange - tape Back06 actually _is_ inside the changer and labeled correctly. FAILURE AND STRANGE DUMP SUMMARY: larger than tape, -1 KB, skipping incremental] localhost work/04 lev 1 FAILED [dump larger than tape, -1 KB, skipping incremental] localhost project lev 1 FAILED [dump larger than tape] This is what always uses to show up in those situations - dump larger than tape for all the dle's I used to set up. I doubt that because the full dump itself fits on tape rather well. Can anyone point me where to put my eyes to get this fixed? amanda.conf of the incremental setup is included. TIA, have a fine day everyone. Kris -- Kristian Rink -- Programmierung/Systembetreuung planConnect GmbH * Strehlener Str. 12 - 14 * 01069 Dresden 0176 24472771 * [EMAIL PROTECTED] amanda.conf Description: Binary data
Re: mixed full / incremental backup...
Hi, Kristian, on Dienstag, 09. März 2004 at 09:41 you wrote to amanda-users: *** A TAPE ERROR OCCURRED: [label Back06 or new tape not found in rack]. Some dumps may have been left in the holding disk. KR This is strange - tape Back06 actually _is_ inside the changer and KR labeled correctly. Does amcheck run through fine ? Is Back06 in your tapelist? FAILURE AND STRANGE DUMP SUMMARY: larger than tape, -1 KB, skipping incremental] localhost work/04 lev 1 FAILED [dump larger than tape, -1 KB, skipping incremental] localhost project lev 1 FAILED [dump larger than tape] KR This is what always uses to show up in those situations - dump KR larger than tape for all the dle's I used to set up. I doubt that KR because the full dump itself fits on tape rather well. At first let me tell you that you should not use localhost in your DLEs. Use the fully qualified hostname (FQDN) instead. localhost bites you at recovery time. 2. The message does not say that localhost:work/04 does not fit on tape. It says that the size of the whole dump (~ all DLEs) is larger than your tape. KR Can anyone point me where to put my eyes to get this fixed? KR amanda.conf of the incremental setup is included. And the disklist? -- best regards, Stefan Stefan G. Weichinger mailto:[EMAIL PROTECTED]
Re: mixed full / incremental backup...
Hi Stefan, ...and at first, thanks for your reply. On Tue, 9 Mar 2004 10:02:59 +0100 Stefan G. Weichinger [EMAIL PROTECTED] wrote: KR This is strange - tape Back06 actually _is_ inside the changer KR and labeled correctly. Does amcheck run through fine ? Is Back06 in your tapelist? I got that fixed in the meantime finding out that the tape was unloaded to a slot this amanda-setup is not intended to use. Entirely my fault... KR doubt that because the full dump itself fits on tape rather KR well. At first let me tell you that you should not use localhost in your DLEs. Use the fully qualified hostname (FQDN) instead. localhost bites you at recovery time. Okay, thanks for the hint. Anyhow, I am just running amanda to back up files from this one host; is the naming likely to get me into trouble even this way? 2. The message does not say that localhost:work/04 does not fit on tape. It says that the size of the whole dump (~ all DLEs) is larger than your tape. Hmmm, okay, but even this seems to be strange while the full dump doesn't complain about this and just moves anything found in the file area to tape... KR Can anyone point me where to put my eyes to get this fixed? KR amanda.conf of the incremental setup is included. And the disklist? see attachment. :) Basically, I split up the base directory of our document management system into several smaller chunks because it won't take long for the tree to not fit on a single tape anymore... Thanks / bye, Kris -- Kristian Rink -- Programmierung/Systembetreuung planConnect GmbH * Strehlener Str. 12 - 14 * 01069 Dresden 0176 24472771 * [EMAIL PROTECTED] disklist Description: Binary data
Re: mixed full / incremental backup...
Hi, Kristian,
on Dienstag, 09. März 2004 at 10:24 you wrote to amanda-users:
At first let me tell you that you should not use localhost in
your DLEs. Use the fully qualified hostname (FQDN) instead.
localhost bites you at recovery time.
KR Okay, thanks for the hint. Anyhow, I am just running amanda to back
KR up files from this one host; is the naming likely to get me into
KR trouble even this way?
amrecover will not work as expected.
2. The message does not say that localhost:work/04 does not fit on
tape. It says that the size of the whole dump (~ all DLEs) is
larger than your tape.
KR Hmmm, okay, but even this seems to be strange while the full dump
KR doesn't complain about this and just moves anything found in the
KR file area to tape...
And the disklist?
KR see attachment. :) Basically, I split up the base directory of our
KR document management system into several smaller chunks because it
KR won't take long for the tree to not fit on a single tape anymore...
You have in your disklist:
localhost work/04 /backup/PlanC3/bf381/docs/work {
I am not sure but I would not use something like work/04 as diskname.
Edit to something like:
my.host.my.domain work04 /backup/PlanC3/bf381/docs/work {
(get rid of the / in work/04).
--
Does any DLE run through here?
Show us your AMANDA email report ...
--
best regards,
Stefan
Stefan G. Weichinger
mailto:[EMAIL PROTECTED]
Re: mixed full / incremental backup...
Hi again,...
On Tue, 9 Mar 2004 10:52:02 +0100
Stefan G. Weichinger [EMAIL PROTECTED] wrote:
KR Okay, thanks for the hint. Anyhow, I am just running amanda to
KR back up files from this one host; is the naming likely to get
KR me into trouble even this way?
amrecover will not work as expected.
Hmm, this is not a good thing, so I will change this.
[disklist]
You have in your disklist:
localhost work/04 /backup/PlanC3/bf381/docs/work {
I am not sure but I would not use something like work/04 as
diskname.
The diskfile is the same for the incremental and the full backup,
and running the full backup works as expected with the same dle's...
At least I'll modify the hostname there to have this fixed.
Show us your AMANDA email report ...
(see attached...)
Cheers,
Kris
--
Kristian Rink -- Programmierung/Systembetreuung
planConnect GmbH * Strehlener Str. 12 - 14 * 01069 Dresden
0176 24472771 * [EMAIL PROTECTED]
planConnect_AMANDA_MAIL_REPORT_FOR_March_9,_2004
Description: Binary data
Re: mixed full / incremental backup...
Hi, Kristian,
on Dienstag, 09. März 2004 at 10:57 you wrote to amanda-users:
You have in your disklist:
localhost work/04 /backup/PlanC3/bf381/docs/work {
I am not sure but I would not use something like work/04 as
diskname.
KR The diskfile is the same for the incremental and the full backup,
KR and running the full backup works as expected with the same dle's...
KR At least I'll modify the hostname there to have this fixed.
Ok ...
Show us your AMANDA email report ...
KR (see attached...)
You don't use a holding-disk for root-tar, so it has to fail when
there is no tape ...
I would edit this:
define dumptype root-tar {
program GNUTAR
comment Root partitions dumped with tar
options no-compress, index, no-full
priority high
}
to this:
define dumptype root-tar {
program GNUTAR
comment Root partitions dumped with tar
compress none
index yes
strategy nofull
priority high
}
Wrong syntax there ...
Doesn't amcheck complain ??
--
best regards,
Stefan
Stefan G. Weichinger
mailto:[EMAIL PROTECTED]
Re: Solaris 8 and L200
On Tue, 9 Mar 2004 at 9:40am, Geoff Swavley wrote I currently use CHS with solaris (all versions 2.6 - 2.8) ... but as I have been discussing with the list I only have binaries to run it in 32bit mode. I can keep you posted Glenn on what I change to . I have had a quick look at MTX and I am still trying to find chg-scsi! chg-scsi is the direct SCSI changer script that is part of amanda. -- Joshua Baker-LePain Department of Biomedical Engineering Duke University
Re: Solaris 8 and L200
Joshua Baker-LePain wrote: On Tue, 9 Mar 2004 at 9:40am, Geoff Swavley wrote I currently use CHS with solaris (all versions 2.6 - 2.8) ... but as I have been discussing with the list I only have binaries to run it in 32bit mode. I can keep you posted Glenn on what I change to . I have had a quick look at MTX and I am still trying to find chg-scsi! chg-scsi is the direct SCSI changer script that is part of amanda. -- Joshua Baker-LePain Department of Biomedical Engineering Duke University Doh -- geoffs :-) -- Geoff Swavley Email : [EMAIL PROTECTED] UNIX Sys Admin Snail : Level 8, 10 Valentine Ave, Support and Network Operations Parramatta NSW 2150 Dept of Land and Water Conservation Sydney Australia Phone : 61-2-98957125 http://www.radx.net/~geoffs Fax : 61-2-98957086 Mobile: 61-425-224475 / 61-2-83004475 Home : 61-2-83389510 -- Modern art is what happens when painters stop looking at women and persuade themselves they have a better idea. - John Ciardi
Re: Solaris 8 and L200
Great! I got MTX installed and I can move the tapes around like I want to. That is working perfectly so far. Now, when I'm trying to use Amanda I am still getting errors, I'm not sure where the errors are: %amverify DailySet1 Tape changer is /usr/local/etc/amanda/mtx-changer... 1 slot... Verify summary to root Defects file is /tmp/amanda/amverify.9432/defects amverify DailySet1 Tue Mar 9 09:24:42 EST 2004 Loading current slot... ** Error loading slot current amtape: could not load slot mtx-changer:: Can't get changer parameters; Result was Request Sense: Long Report=yes mtx: Request Sense: Valid Residual=no mtx: Request Sense: Error Code=0 (Unknown?!) mtx: Request Sense: Sense Key=No Sense mtx: Request Sense: FileMark=no mtx: Request Sense: EOM=no mtx: Request Sense: ILI=no mtx: Request Sense: Additional Sense Code = 00 mtx: Request Sense: Additional Sense Qualifier = 00 mtx: Request Sense: BPV=no mtx: Request Sense: Error in CDB=no mtx: Request Sense: SKSV=no INQUIRY command Failed Errors found: amtape: could not load slot mtx-changer:: Can't get changer parameters; Result was Request Sense: Long Report=yes mtx: Request Sense: Valid Residual=no mtx: Request Sense: Error Code=0 (Unknown?!) mtx: Request Sense: Sense Key=No Sense mtx: Request Sense: FileMark=no mtx: Request Sense: EOM=no mtx: Request Sense: ILI=no mtx: Request Sense: Additional Sense Code = 00 mtx: Request Sense: Additional Sense Qualifier = 00 mtx: Request Sense: BPV=no mtx: Request Sense: Error in CDB=no mtx: Request Sense: SKSV=no INQUIRY command Failed Any ideas why I'm getting this now? Christoph Scheeder wrote: Hi, first: please keep this task on the list, it gives other people the posibility to jump in and correct me if i tell you something wrong I guess this is a scsi-tapechanger, correct? then you have a few possibilities to get the robot moving: chg-scsi, mtx, and possibly more, i don't know all the free available tools to make tape robots move, espacialy for solaris as i am using linux on all my servers and i opperate my tapechanger all with chg-scsi. so now we are at the point where one of the solaris-people here on the list should jump in to help you further, but the need a little more info on your problem likthe exact type of your changer, which version of amanda you use, if you compiled it your self etc. Christoph Glenn Zenker schrieb: Thanks, that is a big help! I'll switch to another script and see what happens. Do you know if Amanda can move the robot?? Currently, the only software we have works through a webpage. Thanks, Glenn Christoph Scheeder wrote: Hi, You have configured amanda to use chg-multi as changer script. i don't think this is what you want. chg-multi is used with multiple tapedrives to form a virtual tape-robot. use one of the other chg-scripts, depending on which software you use to move your robot. Christoph Glenn Zenker schrieb: I have amanda installed when I run the following command as the user amanda /usr/local/sbin/amverify DailySet1 0 I get this: Tapes: Errors found: amtape: could not load slot 1: chg-multi: slot is empty amverify DailySet1 Thu Mar 4 13:18:52 EST 2004 Loading 1 slot... ** Error loading slot 1 amtape: could not load slot 1: chg-multi: slot is empty If anyone can lend a hand with how they configured their L200, that would be greatly appreciated.
Re: Solaris 8 and L200
On Tue, 9 Mar 2004 at 9:24am, Glenn Zenker wrote Great! I got MTX installed and I can move the tapes around like I want to. That is working perfectly so far. Loading current slot... ** Error loading slot current amtape: could not load slot mtx-changer:: Can't get changer parameters; Result was Request Sense: Long Report=yes mtx: Request Sense: Valid Residual=no mtx: Request Sense: Error Code=0 (Unknown?!) mtx: Request Sense: Sense Key=No Sense mtx: Request Sense: FileMark=no mtx: Request Sense: EOM=no mtx: Request Sense: ILI=no mtx: Request Sense: Additional Sense Code = 00 mtx: Request Sense: Additional Sense Qualifier = 00 mtx: Request Sense: BPV=no mtx: Request Sense: Error in CDB=no mtx: Request Sense: SKSV=no INQUIRY command Failed Amanda doesn't use mtx directly. The changer script you want is chg-zd-mtx, which is by default installed into /usr/local/libexec. There are instructions in the script itself on how to create the config file. -- Joshua Baker-LePain Department of Biomedical Engineering Duke University
Re: Solaris ACLs
On Tue, Mar 09, 2004 at 12:33:55AM -0500, Jon LaBadie wrote: On Mon, Mar 08, 2004 at 06:35:49PM -0600, Frank Smith wrote: Someone on the sage-members list is looking for free backup software that met his listed requirements, and I was about to reply with Amanda, but I wasn't sure about his requirement #5 (below) pertaining to Solaris ACLs. Will Amanda actually do what he wants? ... The man page doesn't mention ACL's, but I suspect it will That was supposed to say ufsdump man page but the internet gremlin deleted the command name :) have to preserve them. Tar/gnutar of course will not. However, if Shilly's 'star' can be made to work, it claims to preserve Solaris ACL's (and not affect atime). If ufsdump is used the normal caveats apply, exclude/include don't work, only entire file systems which must fit on tape, ... As Solaris also can do FS snapshots, the OP should be informed of that feature. Not amanda specific, but neat. -- Jon H. LaBadie [EMAIL PROTECTED] JG Computing 4455 Province Line Road(609) 252-0159 Princeton, NJ 08540-4322 (609) 683-7220 (fax) End of included message -- Jon H. LaBadie [EMAIL PROTECTED] JG Computing 4455 Province Line Road(609) 252-0159 Princeton, NJ 08540-4322 (609) 683-7220 (fax)
client with private address
I want to backup a client on a private network 10.160.32, but amanda seems to be looking for a DNS to resolve the IP, and then do a reverse lookup on the IP to get the hostname. Is there a way to do this without setting up a DNS for 10.160.32? I wish amanda would just believe the address that I put in disklist instead of double-checking with a DNS. Does she not trust me? Am I not trustworthy? I guess I'll pick at the docs for gethostbyaddr and gethostbyname calls to see if there is any way to modify their behavior, or if there is a different routine that I could plug in that would check /etc/hosts first, or something like that. --jonathan
Re: client with private address
Nevermind--I just added the address of the server to /etc/hosts on the client and that fixed the problem. Some very useful information in man gethostbyname and man gethostbyaddr /etc/host.conf may be consulted for the res order for those two calls. The default is to check bind first, but you can override that by putting order hosts, bind in /etc/host.conf. At least that's how it works on some flavors of Linux. Jonathan Dill wrote: I want to backup a client on a private network 10.160.32, but amanda seems to be looking for a DNS to resolve the IP, and then do a reverse lookup on the IP to get the hostname. Is there a way to do this without setting up a DNS for 10.160.32? I wish amanda would just believe the address that I put in disklist instead of double-checking with a DNS. Does she not trust me? Am I not trustworthy? I guess I'll pick at the docs for gethostbyaddr and gethostbyname calls to see if there is any way to modify their behavior, or if there is a different routine that I could plug in that would check /etc/hosts first, or something like that. --jonathan
tar error after index creation?
Hi folks,
Can someone help me understand what happened here? One of my AMANDA
clients is a Solaris 8 box that happens to have a rather large partition
containing user mailboxes and shell accounts. It accounts for about
half of all my nightly backup data, so I noticed this morning when
backups finished hours earlier than usual. The partition is about 35
GB, with approximately half that amount changing on any given run. This
morning's run called for a level-3, which from past runs would probably
have been about 16 GB.
It looks like tar got some sort of error right off the bat. Here is the
last bit of the sendbackup debug for this partition:
sendbackup-gnutar: time 0.957: doing level 3 dump from date: 2004-03-08
13:49:34 GMT
sendbackup: time 0.965: spawning /usr/local/libexec/runtar in pipeline
sendbackup: argument list: gtar --create --file - --directory /disk8
--one-file-system --listed-incremental
/usr/local/var/amanda/gnutar-lists/flanders_dev_md_dsk_d0_3.new --sparse
--ignore-failed-read --totals --exclude-from
/tmp/amanda/sendbackup._dev_md_dsk_d0.20040309064111.exclude .
sendbackup-gnutar: time 0.975: /usr/local/libexec/runtar: pid 8176
sendbackup: time 0.978: started index creator: /usr/local/bin/tar -tf -
2/dev/null | sed -e 's/^\.//'
sendbackup: time 57.283: 124: strange(?): gtar:
./home/2000/25b/beckyjo1: Cannot savedir: No such file or directory
sendbackup: time 61.318: index created successfully
sendbackup: time 61.323: error [/usr/local/bin/tar got signal 11]
sendbackup: time 61.324: pid 8170 finish time Tue Mar 9 06:42:11 2004
This partition failed to back up-- nothing was left in the server's
holding disk and it was noted failed in the mail report. What I don't
understand is if the strange error is related to the signal 11
error. FYI, /usr/local/bin/tar is GNU tar 1.13.19 from the SunFreeware
SMCtar package. The client is running amanda-2.4.4p1 built from
source.
I don't know if it's relevant, but my dumptype is high-tar:
define dumptype high-tar {
program GNUTAR
comment partitions dumped with tar
options no-compress, index, exclude-list /etc/amanda/exclude.gtar
priority high
}
Any insight would be appreciated.
Thanks!
Eric
Re: client with private address
Am Dienstag, 9. März 2004 20:11 schrieben Sie: I want to backup a client on a private network 10.160.32, but amanda I think, that an ipv4 address has four address parts, you have only three. seems to be looking for a DNS to resolve the IP, and then do a reverse lookup on the IP to get the hostname. Is there a way to do this without setting up a DNS for 10.160.32? I wish amanda would just believe the address that I put in disklist instead of double-checking with a DNS. Does she not trust me? Am I not trustworthy? I guess I'll pick at the docs for gethostbyaddr and gethostbyname calls to see if there is any way to modify their behavior, or if there is a different routine that I could plug in that would check /etc/hosts first, or something like that. --jonathan Johnny
sudden backup failure
Hi, My backups have been working fine for quite some time. In the past few days I've had failures and don't know where to start looking. If I run amcheck -s Daily the output looks ok. If I run it without the '-s' this is my amcheck debug file. amcheck: debug 1 pid 3709 ruid 200 euid 0: start at Tue Mar 9 15:19:58 2004 amcheck: dgram_bind: socket bound to 0.0.0.0.875 amcheck-clients: dgram_recv: recvfrom() failed: Connection refused amcheck-clients: time 0.072: no feature set from host dpburn2.wmi.com amcheck-clients: time 0.117: no feature set from host dpburn3.wmi.com amcheck-clients: time 0.205: no feature set from host wmi0.wmi.com amcheck-clients: time 0.258: no feature set from host yoda.wmi.com changer: got exit: 0 str: 71 99 1 changer_query: changer return was 99 1 changer_query: searchable = 0 changer_find: looking for Daily003 changer is searchable = 0 changer: got exit: 0 str: 71 /dev/nst0 amcheck-clients: dgram_recv: recvfrom() failed: Connection refused amcheck-clients: dgram_recv: recvfrom() failed: Connection refused amcheck: pid 3709 finish time Tue Mar 9 15:20:28 2004 I still get incomplete dumps on the local host. If you need more info I can post it. Any hints/insights/pointers would be greatly appreciated. Thanks. -- Joel Coltoff I was gratified to be able to answer promptly, and I did. I said I didn't know. -- Mark Twain
Re: client with private address
A common shorthand for specifying a Class C subnet is to leave off the 4th number, basically the same thing as 10.160.32.0, 10.160.32.0/24, or 10.160.32.0/255.255.255.0 etc. On Tue, 2004-03-09 at 15:26, Hans-Christian Armingeon wrote: Am Dienstag, 9. März 2004 20:11 schrieben Sie: I want to backup a client on a private network 10.160.32, but amanda I think, that an ipv4 address has four address parts, you have only three. -- Jonathan Dill [EMAIL PROTECTED] jfdill.com
Re: sudden backup failure
sounds like your .amandahosts file has been fiddled with or is missing (failing that the user amanda .rhosts file). Joel Coltoff wrote: Hi, My backups have been working fine for quite some time. In the past few days I've had failures and don't know where to start looking. If I run amcheck -s Daily the output looks ok. If I run it without the '-s' this is my amcheck debug file. amcheck: debug 1 pid 3709 ruid 200 euid 0: start at Tue Mar 9 15:19:58 2004 amcheck: dgram_bind: socket bound to 0.0.0.0.875 amcheck-clients: dgram_recv: recvfrom() failed: Connection refused amcheck-clients: time 0.072: no feature set from host dpburn2.wmi.com amcheck-clients: time 0.117: no feature set from host dpburn3.wmi.com amcheck-clients: time 0.205: no feature set from host wmi0.wmi.com amcheck-clients: time 0.258: no feature set from host yoda.wmi.com changer: got exit: 0 str: 71 99 1 changer_query: changer return was 99 1 changer_query: searchable = 0 changer_find: looking for Daily003 changer is searchable = 0 changer: got exit: 0 str: 71 /dev/nst0 amcheck-clients: dgram_recv: recvfrom() failed: Connection refused amcheck-clients: dgram_recv: recvfrom() failed: Connection refused amcheck: pid 3709 finish time Tue Mar 9 15:20:28 2004 I still get incomplete dumps on the local host. If you need more info I can post it. Any hints/insights/pointers would be greatly appreciated. Thanks. -- Joel Coltoff I was gratified to be able to answer promptly, and I did. I said I didn't know. -- Mark Twain -- geoffs :-) -- Geoff Swavley Email : [EMAIL PROTECTED] UNIX Sys Admin Snail : Level 8, 10 Valentine Ave, Support and Network Operations Parramatta NSW 2150 Dept of Infrastructure, PlanningSydney Australia and Natural Resources Phone : 61-2-98957125 http://www.radx.net/~geoffs Fax : 61-2-98957086 Mobile: 61-422-002005 Home : 61-2-96593637 -- Be wary of the man who urges an action in which he himself incurs no risk. - Setanti, Joaquin de
Re: mixed full / incremental backup...
On Tue, Mar 09, 2004 at 09:41:56AM +0100, Kristian Rink wrote: Hi all,... Since people around here still are stuck wanting to have a friday-full/rest-of-the-week-incremental backup strategy, I read through ... created two amanda configurations with the same disklist for full and for incremental backup, labeled my tapes and tested the whole mess. About the full backup, things work pretty fine. However, trying to run the incremental setup always leaves me with an error mail such as below: Just a possibility for an alternative arrangement. I'd hate having to maintain two nearly identical configs for a single disklist. What about a single config. Set it up with a long dumpcycle. Use dumptypes that specify always incremental, or no-full, or strategy incr or ??? I.e. something that reduces the possibility of full dumps. Then set things up to force full dumps on Fridays. Use amadmin commands for this. The force could be done with a separate cron job that runs Fridays before the amdump job or by replacing the amdump command with a shell script that says if it is friday, first do an amadmin force. A fancier script could check if is anyother day, was a full dump done more recently than last Thursday, if not do the force. This could handle the situation where the friday dumps were not done but you shouldn't wait for two weeks for the next full dumps. -- Jon H. LaBadie [EMAIL PROTECTED] JG Computing 4455 Province Line Road(609) 252-0159 Princeton, NJ 08540-4322 (609) 683-7220 (fax)
Re: client with private address
--On Tuesday, March 09, 2004 14:11:29 -0500 Jonathan Dill [EMAIL PROTECTED] wrote: I want to backup a client on a private network 10.160.32, but amanda seems to be looking for a DNS to resolve the IP, and then do a reverse lookup on the IP to get the hostname. Is there a way to do this without setting up a DNS for 10.160.32? I wish amanda would just believe the address that I put in disklist instead of double-checking with a DNS. Does she not trust me? Am I not trustworthy? I suspect that Amanda was designed to use hostnames in their disklists and .amandahosts, and names are very easy to spoof, so the lookups are done to verify that the correct host is connecting. I'm sure the code could be modified to not do lookups if given an IP, but having proper DNS has many other benefits than just helping Amanda. I had the same problem when I started backing up multiple sites using a mixture of public, private, and NATed addresses. Setting up multiple DNS servers that could properly forward and reverse everything (returing different addresses depending on where you were) was a bit of a pain, but made life much easier afterwards. Frank I guess I'll pick at the docs for gethostbyaddr and gethostbyname calls to see if there is any way to modify their behavior, or if there is a different routine that I could plug in that would check /etc/hosts first, or something like that. --jonathan -- Frank Smith [EMAIL PROTECTED] Sr. Systems Administrator Voice: 512-374-4673 Hoover's Online Fax: 512-374-4501
Re: mixed full / incremental backup...
Here's a very simple solution: 1. reserve 100 in amanda.conf (or comment out reserve line) 2. leave out the tape during the week (*or change dev to /no/such/tape) 3. run amflush before Friday backups In this case, amanda should try to do degraded mode backups during the week while there is no tape, only incrementals. On Friday, you put a tape in the drive before the backups, and I think it should try to catch up on some full backups. It probably won't give you perfect incr/full separation, but it would be good enough for me. Naturally, you will need sufficient holding disk space. You will have to keep an eye out for messages warning about overwrite last full dump. * do not change tapedev to /dev/null because that activates a test mode where amanda will happily dump all data into the bit bucket rather than decide there is no tape. --jonathan Jon LaBadie wrote: What about a single config. Set it up with a long dumpcycle. Use dumptypes that specify always incremental, or no-full, or strategy incr or ??? I.e. something that reduces the possibility of full dumps.
Re: client with private address
Hi Frank, The documentation for gethostbyaddr and gethostbyname explained how each call goes about looking up addresses. At least under Linux, there were several opportunities to override the default behavior and make the routines consult /etc/hosts first. In my particular case, there are only two private addresses that I need to handle due to the amanda server and client having a direct cross-over connection, for an unrelated purpose. For two IP addresses, it really didn't seem worth it to set up a local DNS with forward and reverse domains. As for address spoofing, there are basically 2 scenarios that I can think of: 1. idiot hacker causes some backup(s) to fail on one night, maybe a DoS, but that's about the extent of it 2. hacker who knows about amanda, and has the right ports open to intercept and capture the stream, possibly to steal sensitive data #2 would probably be loads easier to do with just a run of the mill sniffer that can capture streams, and the activity would be much less likely to be detected. I can't see the benefit of impersonating the amanda server, besides which it would cause loads of errors and send up red flags that something was going on. Not to mention that if your data is all that sensitive, you should really be encrypting the data on the client and not sending it in the clear across the network, and the systems should be behind a tight firewall if not disconnected from the internet altogether. I really can't imagine DNS spoofing being that big of a risk with respect to amanda. Having the addresses hard coded in /etc/hosts and looking at that and not the DNS should be more secure than relying on DNS lookups crossing the network, which could be spoofed. Frank Smith wrote: I suspect that Amanda was designed to use hostnames in their disklists and .amandahosts, and names are very easy to spoof, so the lookups are done to verify that the correct host is connecting. I'm sure the code could be modified to not do lookups if given an IP, but having proper DNS has many other benefits than just helping Amanda.
