Amanda, the open source archiving software is currently in version 2.5.2p1. The good news I want to deliver upfront is: i managed to get it working! And so can you! But I want you to save you a lot of pain I went though. So here is how I did it.
Besides having a butt-ugly logo, Amanda is the most popular archiving open source software. I use it for almost 3 years now starting with release 2.4.5. That one installed fine and the documentation matched the actual code. No longer so.
Doc rot has set in and the documentation is some major changes behind the current version. Not only that, but documentation seems to be smeared over the amanda wiki.
The biggest challenge for me always was the authentication amanda uses. In the 2.4.5 days amanda did basically lack authentication. From 2.5 onwards new methods like bsd, bsdudp, bsdtcp, ssh and kerberos have been added. While I never tried kerberos, I experimented (and cursed) all the others. I never got the bsd* thingies to work, nor do I really know what they do. The documentation is silent on this. Maybe I just lack some context here.
Anyway: bsd and bsdudp I got so far that a client received requests from the dump program, but was unable to send any answer back. Leading to a timeout error on the dump server. bsdtcp was not working at all. My xinetd got freaked out over too many connection attempts and shut down the amanda daemon. Even 500 allowed attempts per second were not enough. Maybe this is a bug in my xinetd, but I could not find anything on the net.
So I configure ssh, since I know at least how that protocol works and what security implications there are. The documentation on ssh setup in amanda is quite verbose, but unfortunately forgets to mention exactly which users need to authorize their keys on the network. So, here is how it works:
Usually, you set up the user amanda
on your tape server and all backup clients and she is the one running the dumps. So all client machines amanda accounts need to authorize the server amanda's ssh key (including the server itself, if your server wants to backup itself). Easy.
Now, when you want to do recovery, you run amrecover
and that program wants to run as root (for obvious reasons). Do you now expect that running amrecover on your backup server should work just like that? Not so. Even if you are on the tape server, amrecover wants to ssh using the amanda account. Since amrecover runs under root, this means that the amanda user on the tape server needs to authorize the root ssh key from *any* machine you want to run amrecover on. Ok?
If you follow this procedure, you should have amanda up and running quite quickly. Also, if you go for the ssh mode, you want to disregard all amanda documentation about xinetd and services. ssh mode does not need all that.
Hope this helps.
Technorati Tags: configuration, amanda, ssh