User Tools

Site Tools


backup:amanda:client_installation_debian6

Amanda client installation (Debian 6)

The Amanda client is installed on remote machines which you'd like to backup. The "server" in this case is the machine which is connected to the tape drive, and is the one responsible for initiating backups.

Download page: http://www.zmanda.com/download-amanda.php

Install

Download

Download Amanda client package for Debian 6: http://www.zmanda.com/download-amanda.php

wget http://www.zmanda.com/downloads/community/Amanda/3.3.1/Debian-6.0/amanda-backup-client_3.3.1-1Debian60_amd64.deb

Install pre-requisites

The Amanda package depends on various other packages, install them before trying to install Amanda:

sudo apt-get update
sudo apt-get install libcurl3 xinetd libssh2-1 libglib2.0-0

Install Amanda

sudo dpkg -i amanda-backup-client_3.3.1-1Debian60_amd64.deb

Configure

Client

SSH keys for backup

The Amanda server will connect to the client as the user amandabackup using SSH. To make this process as seamless as possible, we need to configure password-less authentication using SSH keys. See the Amanda wiki on SSH auth for more details.

In a nutshell, you need to put the server's amdump SSH public key into the client's authorized_keys file. Grab it from the backup server at ~amandabackup/.ssh/id_rsa_amdump.pub and then paste it into the client's ~amandabackup/.ssh/authorized_keys file:

sudo su - amandabackup
vim .ssh/authorized_keys

More security

For more security, prepend the key entry in ~amandabackup/.ssh/authorized_keys with:

from="192.168.5.25",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,command="/usr/libexec/amanda/amandad -auth=ssh amdump" 

This limits the use of this key to the backup server's IP, as well as the amdump command.

amanda-client.conf

Configure the client's /etc/amanda/amanda-client.conf to specify the appropriate server, config, tape, etc:

conf "daily"               # your config name

index_server "192.168.5.25"      # your amindexd server
tape_server  "192.168.5.25"      # your amidxtaped server
tapedev      "amrecover_changer"        # your tape device
                        # if not set, Use configure or ask server.
                        # if set to empty string "", ask server
                        # amrecover will use the changer if set to the value
                        # of 'amrecover_changer' in the server amanda.conf.

#   auth        - authentication scheme to use between server and client.
#                 Valid values are "bsd", "bsdudp", "bsdtcp", "krb5", "local",
#                 "rsh" and "ssh".  
#                 Default: [auth "bsdtcp"]
auth "ssh"

ssh_keys ""                        # your ssh keys file if you use ssh auth

This is used when restoring data on the client (with amrecover). amrecover runs as root, and as such you need to add the client's

Prepare amrecover

The first time you run amrecover it will try to SSH to the server. You need to do this manually to accept the server's fingerprint:

root@odk:~# ssh 192.168.5.25
The authenticity of host '192.168.5.25 (192.168.5.3)' can't be established.
RSA key fingerprint is dc:80:d2:a1:da:16:b8:b5:1e:47:15:16:29:4c:be:89.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.5.25' (RSA) to the list of known hosts.
root@192.168.5.25's password:

root@odk:~# ^C

To connect and type "yes" is enough. Don't bother logging in.

Server

Disk lists

Add the new client's disks to be backed up to the server's disk list, /etc/amanda/taurustest/disklist:

# tparvadb, web server
# must use the custom "ssh" backup type (see amanda.conf)
192.168.5.8     /       ssh-root-tar
192.168.5.8     /var    ssh-root-tar
192.168.5.8     /home   ssh-user-tar

Make sure to use the "ssh" backup types (defined in /etc/amanda/daily/amanda.conf), as the default root-tar and user-tar are for local disks only.

SSH keys for recovery

Because amrecover runs as root, you need to copy root's id_rsa.pub to the server. Grab it from the client at and then paste it into the server's ~amandabackup/.ssh/authorized_keys file:

sudo su - amandabackup
vim .ssh/authorized_keys

More security

For more security, prepend the key entry in ~amandabackup/.ssh/authorized_keys with:

from="192.168.5.8",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,command="/usr/libexec/amanda/amandad -auth=ssh amindexd amidxtaped" 

This limits the use of this key to the client's IP, as well as the recovery-only commands.

Test

amcheck

From the server, make sure the new client can be accessed:

sudo su - amandabackup
amcheck -c daily 192.168.5.8

You should see "0 problems found". This means that the server should be able to backup the client successfully.

amrecover

From the client, make sure the server can be accessed:

sudo su -
amrecover
sethost 192.168.5.8
listdisk

You should be able to use sethost to set the hostname you want to restore. Use listdisk and setdisk to browse any backups for that host.

backup/amanda/client_installation_debian6.txt · Last modified: 2013/07/10 09:19 by aorth