Re: amanda client on updated debian-9.8
Am 05.03.19 um 18:54 schrieb Stefan G. Weichinger: > Am 04.03.19 um 12:35 schrieb Stefan G. Weichinger: > >> amanda-client host runs docker.service >> >> amdump starts, estimates ok, dump proceeds ... hangs at ~99% >> >> If I stop docker.service, amdump finishes OK. > > Addon: if I stop the portainer container, amdump works OK ... > > Solved that with 2 cronjobs now, would be cooler with some > pre/post-hook, right? can the script-api hooks simply call a "systemctl stop some.service" or do the scripts have to be perl-scripts with specific properties?
Re: amanda client on updated debian-9.8
Am 04.03.19 um 12:35 schrieb Stefan G. Weichinger: > amanda-client host runs docker.service > > amdump starts, estimates ok, dump proceeds ... hangs at ~99% > > If I stop docker.service, amdump finishes OK. Addon: if I stop the portainer container, amdump works OK ... Solved that with 2 cronjobs now, would be cooler with some pre/post-hook, right?
Re: amanda client on updated debian-9.8
Am 26.02.19 um 16:44 schrieb Charles Curley: > On Tue, 26 Feb 2019 13:56:35 +0100 > "Stefan G. Weichinger" wrote: > >> Do I understand correctly: >> >> with "auth ssh" amanda only uses ssh for auth and transport of data? >> >> So port 22 per default? > > Correct, unless you specify otherwise. I still see this behavior: amanda-client host runs docker.service amdump starts, estimates ok, dump proceeds ... hangs at ~99% If I stop docker.service, amdump finishes OK. All with ssh-auth enabled ... so where is the blocking? I assume I have to do debug logs ...
Re: amanda client on updated debian-9.8
Hi, On Wed, Feb 27, 2019 at 08:13:17AM +0100, Stefan G. Weichinger wrote: > Am 26.02.19 um 16:26 schrieb Jose M Calhariz: > > > > My plan is for Debian 11, current is 9, to make ssh authentication > > the default. I will not disable bsd authentication, only harder to > > setup. > > > > In attach is the Readme.Debian that I have created. > > thanks > > What I wonder and what IMO is not explicitly clear from the docs: > > does the client have to be able to login into backupuser@server as > well? Only when you want to run amrecover on the client. Because of the security issues I have it disabled 99,9% of the time. > > And additionally I still wonder what docker does that makes amdump > hang at 99,99% > Kind regards Jose M Calhariz -- -- Se vives de acordo com as leis da natureza, nunca seras pobre; se vives de acordo com as opinioes alheias, nunca seras rico. -- Seneca signature.asc Description: PGP signature
Re: amanda client on updated debian-9.8
Am 26.02.19 um 16:26 schrieb Jose M Calhariz: > > My plan is for Debian 11, current is 9, to make ssh authentication > the default. I will not disable bsd authentication, only harder to > setup. > > In attach is the Readme.Debian that I have created. thanks What I wonder and what IMO is not explicitly clear from the docs: does the client have to be able to login into backupuser@server as well? And additionally I still wonder what docker does that makes amdump hang at 99,99%
Re: amanda client on updated debian-9.8
On Tue, 26 Feb 2019 13:56:35 +0100 "Stefan G. Weichinger" wrote: > Do I understand correctly: > > with "auth ssh" amanda only uses ssh for auth and transport of data? > > So port 22 per default? Correct, unless you specify otherwise. -- "When we talk of civilization, we are too apt to limit the meaning of the word to its mere embellishments, such as arts and sciences; but the true distinction between it and barbarism is, that the one presents a state of society under the protection of just and well-administered law, and the other is left to the chance government of brute force." - The Rev. James White, Eighteen Christian Centuries, 1889 Key fingerprint = CE5C 6645 A45A 64E4 94C0 809C FFF6 4C48 4ECD DFDB https://charlescurley.com
Re: amanda client on updated debian-9.8
My plan is for Debian 11, current is 9, to make ssh authentication the default. I will not disable bsd authentication, only harder to setup. In attach is the Readme.Debian that I have created. Kind regards Jose M Calhariz On Mon, Feb 25, 2019 at 07:48:03AM +0100, Stefan G. Weichinger wrote: > Am 25.02.19 um 00:08 schrieb Jose M Calhariz: > > On Thu, Feb 21, 2019 at 04:50:25PM +0100, Stefan G. Weichinger > > wrote: > >> > >> does anyone see estimates fail on a updated Debian 9.8 amanda > >> client server? > >> > >> update: seems that my new docker daemon on the client closes the > >> iptables for amanda > >> > >> does anyone have a snippet for me? > >> > >> I read > >> https://wiki.zmanda.com/index.php/How_To:Set_Up_iptables_for_Amanda > >> and loaded that module without success so far. > >> > >> connection is coming in, estimate starts, but results seem not > >> get back to the tape server > >> > >> > > > > I would start using ssh authentication instead of old bsd. Is what > > I use in my setups and most probably would work with your docker > > daemon. > > > > I have written documentation on how to setup it and would like > > beta tester to read it. > > good suggestion, thanks! Will try that asap. > > And sure, show us the howto > > > > -- -- Se vives de acordo com as leis da natureza, nunca seras pobre; se vives de acordo com as opinioes alheias, nunca seras rico. -- Seneca Notes on making amanda-client work on a Debian system To get indexing (or specifically amrecover) to work right two things need to be done: 1. If you're using tcpd, make sure to edit the server's /etc/hosts.allow and allow all client machines into the daemon amandad 2. Edit the server(s) ~backup/.amandahosts and add an entry like: " root" As always: for more complex setups consult the manpages and available documentation in /usr/share/doc/amanda-common ;-) - - - - - To make a client work using SSH transport do: Copy the contents of id_rsa_amanda.pub from backup@amanda-server into ~backup/.ssh/authorized_keys mkdir -p ~backup/.ssh echo -n 'from="XXX.XXX.XXX.XXX",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,command="/usr/lib/amanda/amandad -auth=ssh amdump" ' >> ~backup/.ssh/authorized_keys cat id_rsa_amanda.pub >> ~backup/.ssh/authorized_keys Edit the autorized_keys to replace XXX.XXX.XXX.XXX with the IP of the backup server. Change the shell of the backup account to /bin/bash. chsh -s /bin/bash backup Test in the server that "amcheck $CONF -c $CLIENT" works -- Jose M Calhariz , Fri, 14 Jul 2017 11:53:08 +0100 signature.asc Description: PGP signature
Re: amanda client on updated debian-9.8
Am 25.02.19 um 20:15 schrieb Stefan G. Weichinger: >> dump runs but hangs at 99,99% ... oh my. > > I get data timeout for that one test DLE. > > And I assume it will be the same for the other DLEs tonight. > > I now stopped docker .. reran amdump, and it is through successfully > within minutes. > > So there still seems to be some conflict. We will stop docker while amdump for now. Do I understand correctly: with "auth ssh" amanda only uses ssh for auth and transport of data? So port 22 per default? I'd be happy to resolve this.
Re: amanda client on updated debian-9.8
Am 25.02.19 um 19:11 schrieb Stefan G. Weichinger: > Am 25.02.19 um 17:51 schrieb Stefan G. Weichinger: > >>> another client dumps fine via ssh already >>> >>> do all clients have to have ssh-access to the server as well? >> >> estimate calcsize does not work with ssh for me >> >> estimate server ... starts dumping after the estimate. > > dump runs but hangs at 99,99% ... oh my. I get data timeout for that one test DLE. And I assume it will be the same for the other DLEs tonight. I now stopped docker .. reran amdump, and it is through successfully within minutes. So there still seems to be some conflict.
Re: amanda client on updated debian-9.8
Am 25.02.19 um 17:51 schrieb Stefan G. Weichinger: >> another client dumps fine via ssh already >> >> do all clients have to have ssh-access to the server as well? > > estimate calcsize does not work with ssh for me > > estimate server ... starts dumping after the estimate. dump runs but hangs at 99,99% ... oh my.
Re: amanda client on updated debian-9.8
Am 25.02.19 um 17:09 schrieb Stefan G. Weichinger: > Am 25.02.19 um 16:36 schrieb Charles Curley: >> On Mon, 25 Feb 2019 08:12:21 +0100 >> "Stefan G. Weichinger" wrote: >> >>> on my way. amcheck ok, amdump not. seems to still run via inetd. >>> >>> I assume I should disable inetd on the client ... does not help so >>> far. Digging further ;-) >> >> Once you shift over to ssh, you no longer need inetd for Amanda. You >> may need it for other things, though. > > disabled inetd > > amcheck works > > amdump not yet > > seems as if the estimates aren't getting reported back > > another client dumps fine via ssh already > > do all clients have to have ssh-access to the server as well? estimate calcsize does not work with ssh for me estimate server ... starts dumping after the estimate. nice
Re: amanda client on updated debian-9.8
Am 25.02.19 um 16:36 schrieb Charles Curley: > On Mon, 25 Feb 2019 08:12:21 +0100 > "Stefan G. Weichinger" wrote: > >> on my way. amcheck ok, amdump not. seems to still run via inetd. >> >> I assume I should disable inetd on the client ... does not help so >> far. Digging further ;-) > > Once you shift over to ssh, you no longer need inetd for Amanda. You > may need it for other things, though. disabled inetd amcheck works amdump not yet seems as if the estimates aren't getting reported back another client dumps fine via ssh already do all clients have to have ssh-access to the server as well?
Re: amanda client on updated debian-9.8
On Mon, 25 Feb 2019 08:12:21 +0100 "Stefan G. Weichinger" wrote: > on my way. amcheck ok, amdump not. seems to still run via inetd. > > I assume I should disable inetd on the client ... does not help so > far. Digging further ;-) Once you shift over to ssh, you no longer need inetd for Amanda. You may need it for other things, though. -- "When we talk of civilization, we are too apt to limit the meaning of the word to its mere embellishments, such as arts and sciences; but the true distinction between it and barbarism is, that the one presents a state of society under the protection of just and well-administered law, and the other is left to the chance government of brute force." - The Rev. James White, Eighteen Christian Centuries, 1889 Key fingerprint = CE5C 6645 A45A 64E4 94C0 809C FFF6 4C48 4ECD DFDB https://charlescurley.com
Re: amanda client on updated debian-9.8
Am 25.02.19 um 07:48 schrieb Stefan G. Weichinger: > Am 25.02.19 um 00:08 schrieb Jose M Calhariz: >> On Thu, Feb 21, 2019 at 04:50:25PM +0100, Stefan G. Weichinger >> wrote: >>> >>> does anyone see estimates fail on a updated Debian 9.8 amanda >>> client server? >>> >>> update: seems that my new docker daemon on the client closes the >>> iptables for amanda >>> >>> does anyone have a snippet for me? >>> >>> I read >>> https://wiki.zmanda.com/index.php/How_To:Set_Up_iptables_for_Amanda >>> and loaded that module without success so far. >>> >>> connection is coming in, estimate starts, but results seem not >>> get back to the tape server >>> >>> >> >> I would start using ssh authentication instead of old bsd. Is what >> I use in my setups and most probably would work with your docker >> daemon. >> >> I have written documentation on how to setup it and would like >> beta tester to read it. > > good suggestion, thanks! Will try that asap. on my way. amcheck ok, amdump not. seems to still run via inetd. I assume I should disable inetd on the client ... does not help so far. Digging further ;-)
Re: amanda client on updated debian-9.8
Am 25.02.19 um 00:08 schrieb Jose M Calhariz: > On Thu, Feb 21, 2019 at 04:50:25PM +0100, Stefan G. Weichinger > wrote: >> >> does anyone see estimates fail on a updated Debian 9.8 amanda >> client server? >> >> update: seems that my new docker daemon on the client closes the >> iptables for amanda >> >> does anyone have a snippet for me? >> >> I read >> https://wiki.zmanda.com/index.php/How_To:Set_Up_iptables_for_Amanda >> and loaded that module without success so far. >> >> connection is coming in, estimate starts, but results seem not >> get back to the tape server >> >> > > I would start using ssh authentication instead of old bsd. Is what > I use in my setups and most probably would work with your docker > daemon. > > I have written documentation on how to setup it and would like > beta tester to read it. good suggestion, thanks! Will try that asap. And sure, show us the howto
Re: amanda client on updated debian-9.8
I'll second Josés comment on the retirement of bsd (on a set of debian machines). I can't remember the specifics, but I see from my RCS comments on the disklist config, that I had to deliberately discontinue using bsd/bsdtcp some time ago. On 24/02/2019 6:08 p.m., Jose M Calhariz wrote: > On Thu, Feb 21, 2019 at 04:50:25PM +0100, Stefan G. Weichinger wrote: >> does anyone see estimates fail on a updated Debian 9.8 amanda client server? >> >> update: seems that my new docker daemon on the client closes the >> iptables for amanda >> >> does anyone have a snippet for me? >> >> I read >> https://wiki.zmanda.com/index.php/How_To:Set_Up_iptables_for_Amanda and >> loaded that module without success so far. >> >> connection is coming in, estimate starts, but results seem not get back >> to the tape server >> >> > I would start using ssh authentication instead of old bsd. Is what I > use in my setups and most probably would work with your docker daemon. > > I have written documentation on how to setup it and would like beta > tester to read it. > > Kind regards > Jose M Calhariz > signature.asc Description: OpenPGP digital signature
Re: amanda client on updated debian-9.8
On Thu, Feb 21, 2019 at 04:50:25PM +0100, Stefan G. Weichinger wrote: > > does anyone see estimates fail on a updated Debian 9.8 amanda client server? > > update: seems that my new docker daemon on the client closes the > iptables for amanda > > does anyone have a snippet for me? > > I read > https://wiki.zmanda.com/index.php/How_To:Set_Up_iptables_for_Amanda and > loaded that module without success so far. > > connection is coming in, estimate starts, but results seem not get back > to the tape server > > I would start using ssh authentication instead of old bsd. Is what I use in my setups and most probably would work with your docker daemon. I have written documentation on how to setup it and would like beta tester to read it. Kind regards Jose M Calhariz -- -- Se vives de acordo com as leis da natureza, nunca seras pobre; se vives de acordo com as opinioes alheias, nunca seras rico. -- Seneca signature.asc Description: PGP signature
Re: amanda client on updated debian-9.8
Am 21.02.19 um 16:50 schrieb Stefan G. Weichinger: > > does anyone see estimates fail on a updated Debian 9.8 amanda client server? > > update: seems that my new docker daemon on the client closes the > iptables for amanda > > does anyone have a snippet for me? as soon as I stop docker (runs with "--iptables=false already), backup works
