How do I tell amanda a tape is not onsite?
Hello, I'm using amanda and all is OK. But, now I want to implement level null dumps to be made say every first monday of the month (piece of cake in crontab). From the Status Update for July 2007 I learned to simply say amanda config force to get a level null dump for all hosts and disks. After such a level null dump is made, I must figure out a way to know which tapes were used, I must set those tapes to no-reuse (both inside a script), and then physically move them away to some other place (off site). Although the tapes are still in the Amanda-database, and they cannot be re-used for dumping (both are desireable), I would like a way to tell amrecover that those tapes are off site without too much fiddling around with setdate. Any ideas? Gerrit
Re: How do I tell amanda a tape is not onsite?
Hi,
Gerrit A. Smit -TI- schrieb:
I would like a way to tell amrecover that
those tapes are off site without too much fiddling around with setdate.
After your amdump you still can run amstatus. There you see the tapes amanda
used. This you can use for and automatic setting to no-reuse.
Save the script below and make it executable for amanda. When you start your
weekly backup, start amdump like
amdump {SetName} ; Set-Tapes-To-no-reuse.sh
- Set-Tapes-To-no-reuse.sh --
#!/bin/bash
# Setname (configure this for your need or $1 for a parameter you start
# the script with)
SET=KMS
# Label string
LSTR=`amgetconf $SET labelstr | sed -e 's/[\^\$\]//g'`
# Get tapes
TAPELIST=`amstatus $SET | egrep $LSTR | awk '{ print $9 }'`
# Set tape to no-reuse
for TAPE in $TAPELIST ; do
amamdin $SET no-reuse $TAPE
done
exit 0
-
Regards
Marc
--
Marc Muehlfeld (Leitung Systemadministration)
Zentrum fuer Humangenetik und Laboratoriumsmedizin Dr. Klein und Dr. Rost
Lochhamer Str. 29 - D-82152 Martinsried
Telefon: +49(0)89/895578-0 - Fax: +49(0)89/895578-78
http://www.medizinische-genetik.de
Re: How do I tell amanda a tape is not onsite?
Gerrit A. Smit wrote: I would like a way to tell amrecover that those tapes are off site without too much fiddling around with setdate. This question remains unsolved, I think. By telling Amanda not to re-use a tape, she will refrain from using that tape for dumping, but IMHO this doen't change anything for other operations. amrecover will still use the tape for reading when needed according to the set time, and I want to be able to prevent that for tapes which are off site. Thank you for your script, but it doesn't address the bottom line of my message. Gerrit Marc Muehlfield wrote: After your amdump you still can run amstatus. There you see the tapes amanda used. This you can use for and automatic setting to no-reuse.
Re: How do I tell amanda a tape is not onsite?
Gerrit A. Smit -TI- schrieb: By telling Amanda not to re-use a tape, she will refrain from using that tape for dumping, but IMHO this doen't change anything for other operations. amrecover will still use the tape for reading when needed according to the set time, and I want to be able to prevent that for tapes which are off site. Why? If you don't want to have the full dumps seen by amrecovery why don't you create a separate set for it? -- Marc Muehlfeld (Leitung Systemadministration) Zentrum fuer Humangenetik und Laboratoriumsmedizin Dr. Klein und Dr. Rost Lochhamer Str. 29 - D-82152 Martinsried Telefon: +49(0)89/895578-0 - Fax: +49(0)89/895578-78 http://www.medizinische-genetik.de
Re: Status Update for July 2007
On Mon, Aug 06, 2007 at 10:09:48AM -0500, Dustin J. Mitchell wrote: The July Monthly Status Update is available on the wiki at http://wiki.zmanda.com/index.php/Monthly_Status_Updates/July_2007 As always, feedback and comments are welcome and encouraged. Thank you. This is very useful. -- Charles Curley /\ASCII Ribbon Campaign Looking for fine software \ /Respect for open standards and/or writing? X No HTML/RTF in email http://www.charlescurley.com/ \No M$ Word docs in email Key fingerprint = CE5C 6645 A45A 64E4 94C0 809C FFF6 4C48 4ECD DFDB pgp5MFlvIfLCI.pgp Description: PGP signature
Re: How do I tell amanda a tape is not onsite?
Marc Muehlfeld wrote: Gerrit A. Smit wrote: By telling Amanda not to re-use a tape, she will refrain from using that tape for dumping, but IMHO this doesn't change anything for other operations. amrecover will still use the tape for reading when needed according to the set time, and I want to be able to prevent that for tapes which are off site. The user should be able to decide whether to use a tape which is off site. Why? Because it would not be helpfull for people restoring files if they are told to mount a tape (with a level 0 dump) which is e.g. a one hour drive away. Sure they won't like that. They could be better off with an older level 0 dump which is on site. If you don't want to have the full dumps seen by amrecovery why don't you create a separate set for it? Having a separate set means having a separate configuration, right? Or can I have more than one set of tapes in the same configuration? I am looking for means to have 1 set of tapes for all purposes. Which also means that the number of tapes needed for a full dump is part of the total number of tapes in a set, and so it can get bigger or smaller as needed. Users don't have to bother about a different configuration. This might seem strange, but I still want to give it a try. They only remaining point is the use of amrecover with this setup. Gerrit
Re: How do I tell amanda a tape is not onsite?
On Tue, Aug 07, 2007 at 12:47:27PM +0200, Gerrit A. Smit -TI- wrote: Gerrit A. Smit wrote: I would like a way to tell amrecover that those tapes are off site without too much fiddling around with setdate. This question remains unsolved, I think. By telling Amanda not to re-use a tape, she will refrain from using that tape for dumping, but IMHO this doen't change anything for other operations. amrecover will still use the tape for reading when needed according to the set time, and I want to be able to prevent that for tapes which are off site. Thank you for your script, but it doesn't address the bottom line of my message. You are asking for how to do a capability not currently in amanda. Perhaps time to add it to the wishlist. Off the top of my head, there are 4 states for a tape in amanda: usable - never been used usable - recorded not usable - recorded (index still valid?) not in the database There is no differentiation in the second or third catagory as to location or availability for recovery. -- Jon H. LaBadie [EMAIL PROTECTED] JG Computing 4455 Province Line Road(609) 252-0159 Princeton, NJ 08540-4322 (609) 683-7220 (fax)
Re: How do I tell amanda a tape is not onsite?
Gerrit A. Smit -TI- schrieb: If you don't want to have the full dumps seen by amrecovery why don't you create a separate set for it? Having a separate set means having a separate configuration, right? Not a full separate configuration. In ~/KDD/amanda.conf (KDD is one of my two sets) I have all set specific information (diskfile, dumpcycle, indexdir, tapetype, Changer Configuration,...) and also in the end a include statement, where I include a ~/Global/global-amanda.conf with all other parameters, I use in both sets (holding disk, tapetype definitions, dumptype definitions,...). For my second set I just copied the KDD/amanda.conf to KMS/amanda.conf and changed the parameters. So most settings remain inside the global configuration file and e.g. new holdingdisks or other global parameters have only to be configured at one place. The disklist file you can define by a symlink or having the same parameter in both set specific amanda.conf Or can I have more than one set of tapes in the same configuration? What do you mean with one set of tapes in the same configuration? I am looking for means to have 1 set of tapes for all purposes. Which also means that the number of tapes needed for a full dump is part of the total number of tapes in a set, and so it can get bigger or smaller as needed. Users don't have to bother about a different configuration. Here I use a separate set for off-site full dumps since 5 years. Works fine. And all administrators who restore had no problem with that. Just looking at their calender. If the day they wanna restore was the full-dump-day then they have to choose the second set. Also it's easy to see what kind of backup is on a tape if you have different sets. Here I use different colors for the barcode lables too. This might seem strange, but I still want to give it a try. They only remaining point is the use of amrecover with this setup. I think, you can't switch amrecover to not seeing/showing the tapes. Mabye by manipulating the database files. But I'm sure, you don't want this! I think the easiest way is to use a different set. -- Marc Muehlfeld (Leitung Systemadministration) Zentrum fuer Humangenetik und Laboratoriumsmedizin Dr. Klein und Dr. Rost Lochhamer Str. 29 - D-82152 Martinsried Telefon: +49(0)89/895578-0 - Fax: +49(0)89/895578-78 http://www.medizinische-genetik.de
Re: How do I tell amanda a tape is not onsite?
Marc Muehlfeld wrote: Gerrit A. Smit -TI- schrieb: If you don't want to have the full dumps seen by amrecovery why don't you create a separate set for it? Having a separate set means having a separate configuration, right? Not a full separate configuration. In ~/KDD/amanda.conf (KDD is one of my two sets) I have all set specific information (diskfile, dumpcycle, indexdir, tapetype, Changer Configuration,...) and also in the end a include statement, where I include a ~/Global/global-amanda.conf with all other parameters, I use in both sets (holding disk, tapetype definitions, dumptype definitions,...). For my second set I just copied the KDD/amanda.conf to KMS/amanda.conf and changed the parameters. So most settings remain inside the global configuration file and e.g. new holdingdisks or other global parameters have only to be configured at one place. The disklist file you can define by a symlink or having the same parameter in both set specific amanda.conf Or can I have more than one set of tapes in the same configuration? What do you mean with one set of tapes in the same configuration? I am looking for means to have 1 set of tapes for all purposes. Which also means that the number of tapes needed for a full dump is part of the total number of tapes in a set, and so it can get bigger or smaller as needed. Users don't have to bother about a different configuration. Here I use a separate set for off-site full dumps since 5 years. Works fine. And all administrators who restore had no problem with that. Just looking at their calender. If the day they wanna restore was the full-dump-day then they have to choose the second set. Also it's easy to see what kind of backup is on a tape if you have different sets. Here I use different colors for the barcode lables too. This might seem strange, but I still want to give it a try. They only remaining point is the use of amrecover with this setup. I think, you can't switch amrecover to not seeing/showing the tapes. Mabye by manipulating the database files. But I'm sure, you don't want this! I think the easiest way is to use a different set. Well, just about everyone but the folks at zmanda have chimed in on this one (they are in the Pacific Time Zone, so they might be showing up in an hour or so ;-) ). A couple of comments: Forcing full doesn't seem to me to be the best way for off site archives. For one thing, that would end up making your incrementals dependent on your off site archive if forcing was the only change you made to do it. Then your incrementals for the next few days are fairly useless if you don't want to run off site to get that archive tape. As far as marking tapes off site and having that stored somewhere by amanda, there is a suggestion (aka bug) posted by me on SourceForge for physical tape tracking. Integrating that into options for amrecover would be a further feature tied in to that. It isn't necessarily an easy addition in part because of the user logic that would have to be ironed out. In my opinion, a sysadmin is in a need to know position when doing a recover. You need to know what tapes can be used for recovery, which are the most recent, etc. amrecover will assume the most recent full and subsequent incrementals. If you have forced all the fulls onto one tape and then put that tape off site as an archive, then you need to be aware of that and tell amrecover to use a previous date. It will, of course, tell you the specific tapes it needs based on the options you give it. As mentioned by a couple of others, probably the cleanest solution is an alternate configuration. I have an archive configuration. It is essentially a clone of my daily configuration. However, and this is a critical point, I didn't want it to interfere with my regular daily run of fulls and incrementals. So, I modified the dump types to not record the dump date (in /etc/dumpdates for me, in /usr/local/var/amanda/gnutar-lists for those using gnutar). This allows me to run a separate full backup easily at the end of semesters and put it off site without affecting my regular daily cycle. Since I run a five day cycle in a week, I have the weekend free to run an archive if I want to. My archive configuration has a dumpcycle 90 days, runspercycle 1, tapecycle 5 tapes. With runspercycle 1, force is not required. Keeps things clean and goes with the flow of amanda's inherent logic. ;-) --- Chris Hoogendyk - O__ Systems Administrator c/ /'_ --- Biology Geology Departments (*) \(*) -- 140 Morrill Science Center ~~ - University of Massachusetts, Amherst [EMAIL PROTECTED] --- Erdös 4
Re: ssh tunneling from wherever
On Mon, Aug 06, 2007 at 11:29:40PM -0400, Steve Newcomb wrote: Any clues to offer? I've never tried this, but I think you should take a look at the SSH documentation for port forwarding. Run on the client, ssh -l 10080:server:port server 'sleep 7000' means that connections to port port on server should be forwarded to port 10080 on the client. Making port=10080 means that port 10080 is forwarded, but of course with auth-ssh Amanda doesn't listen at all. If you want to use auth-ssh inside this SSH tunnel (which seems redundant), you'll need to convince SSH to connect to the client on port port, hostname 'localhost'. It would probably be more sensible to switch to bsdtcp authentication for this client, and select some otherwise-unused port on the server. Then just point your DLE to localhost:port with auth bsdtcp, and you should be OK. All in all, it sounds like a lot of work, unless this is a months-long conference :) Dustin -- Dustin J. Mitchell Storage Software Engineer, Zmanda, Inc. http://www.zmanda.com/
Re: ssh tunneling from wherever
On Tue, 7 Aug 2007, Dustin J. Mitchell wrote: All in all, it sounds like a lot of work, unless this is a months-long conference :) Which is why it would be really nice to have a different triggering method for performing backups on roaming laptops. Something that begins with the laptop calling in to the server and saying Yoo-hoo! I'm over here. Can you please back me up now? Then the server can do the backup to holding disk and then flush to tape next time a regular scheduled config run is made. -Mitch
Amanda client on SCO Openserver
Hello all, I have a problem when trying to compile amanda 2.5.2p1 on an SCO Openserver 5.0.7. I have made it through about 25 years with only having to compile from a tarball a hand full of times, so I am not very knowledgeble in this area. Questions: 1. Is SCO Openserver 5.0.7 a supported OS? I can find very little discussion on the Internet. 2. If it is not supported will it work anyway? 3. Any advice on configuration options? My configuration...make fails with Making all in gnulib make[1]: Entering directory `/u/tmp/amanda-2.5.2p1-20070606/gnulib' make all-am make[2]: Entering directory `/u/tmp/amanda-2.5.2p1-20070606/gnulib' /bin/bash ../libtool --tag=CC --mode=link gcc -Wall -W -Wparentheses -Wmissing-prototypes -Wstrict-prototypes -Wmissing-declarations -Wformat -Wsign-compare -Wno-error -D_GNU_SOURCE-o libgnu.la lock.lo asnprintf.lo printf-args.lo printf-parse.lo vasnprintf.lo -lm -lreadline -ltermcap -lsocket -lnsl -lresolv -lintl -lsocket false cru .libs/libgnu.a .libs/lock.o .libs/asnprintf.o .libs/printf-args.o .libs/printf-parse.o .libs/vasnprintf.o make[2]: *** [libgnu.la] Error 1 make[2]: Leaving directory `/u/tmp/amanda-2.5.2p1-20070606/gnulib' make[1]: *** [all] Error 2 make[1]: Leaving directory `/u/tmp/amanda-2.5.2p1-20070606/gnulib' make: *** [all-recursive] Error 1 I use the following for the configure command #define CONFIGURE_COMMAND './configure' '--program-prefix=' '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc' '--datadir=/usr/share' '--includedir=/usr/include' '--libdir=/usr/lib' '--libexecdir=/usr/lib/amanda' '--localstatedir=/var/lib' '--enable-shared' '--disable-static' '--disable-dependency-tracking' '--with-config=DailySet1' '--with-gnutar-listdir=/var/lib/amanda/gnutar-lists' '--with-dumperdir=/usr/lib/amanda/dumperdir' '--with-user=amanda' '--with-group=backup' '--with-tmpdir=/var/log/amanda' '--without-server' Any help will be very appreciated. Regards, -- Kenneth Berry Systems Engineer / System Administrator Micro Beef Technologies P.O. Box 9262 Amarillo, Texas 79105 806-372-2369 [EMAIL PROTECTED] The information contained in or attached to this e-mail message is intended only for the confidential use of the named individual(s) above. If you are not the named recipient of this message you are hereby notified that you have received this document and its attachments in error and that review, dissemination, or copying of this message is prohibited. If you have received this message in error, please notify Micro Beef Technologies immediately. Thank you.
Re: Amanda client on SCO Openserver
On Tue, Aug 07, 2007 at 02:23:01PM -0500, Kenneth Berry wrote: 1. Is SCO Openserver 5.0.7 a supported OS? I can find very little discussion on the Internet. If you didn't get a warning beginning with * This machine, target type , is not known to be fully supported by this configure script. If the ... when you configured, then someone, somewhere, has once compiled Amanda on SCO Openserver. 2. If it is not supported will it work anyway? Probably, but it may take some tweaking.. 3. Any advice on configuration options? I've not touched a SCO machine, so I can't help you there. My configuration...make fails with Making all in gnulib make[1]: Entering directory `/u/tmp/amanda-2.5.2p1-20070606/gnulib' make all-am make[2]: Entering directory `/u/tmp/amanda-2.5.2p1-20070606/gnulib' /bin/bash ../libtool --tag=CC --mode=link gcc -Wall -W -Wparentheses -Wmissing-prototypes -Wstrict-prototypes -Wmissing-declarations -Wformat -Wsign-compare -Wno-error -D_GNU_SOURCE-o libgnu.la lock.lo asnprintf.lo printf-args.lo printf-parse.lo vasnprintf.lo -lm -lreadline -ltermcap -lsocket -lnsl -lresolv -lintl -lsocket false cru .libs/libgnu.a .libs/lock.o .libs/asnprintf.o .libs/printf-args.o .libs/printf-parse.o .libs/vasnprintf.o make[2]: *** [libgnu.la] Error 1 make[2]: Leaving directory `/u/tmp/amanda-2.5.2p1-20070606/gnulib' make[1]: *** [all] Error 2 make[1]: Leaving directory `/u/tmp/amanda-2.5.2p1-20070606/gnulib' make: *** [all-recursive] Error 1 I'm not even sure how to interpret that. However, the Makefile in that directory (gnulib) is actually not written by us -- gnulib is a set of low-level utilities provided to make cross-platform compatibility easier, and pretty much comes with everything, including a Makefile. Unless a SCO user speaks up here (come out, come out, lurkers!), I think your best bet is to look for general advice on compiling from source, particularly relating to gnulib. Sorry I can't be more help.. Dustin -- Dustin J. Mitchell Storage Software Engineer, Zmanda, Inc. http://www.zmanda.com/
Re: Amanda client on SCO Openserver
I have not heard from anyone with SCO experience yet. I have not had time to search for the warning message yet. I will report my findings later. Kenneth On Tue, 2007-08-07 at 15:04 -0500, Dustin J. Mitchell wrote: On Tue, Aug 07, 2007 at 02:23:01PM -0500, Kenneth Berry wrote: 1. Is SCO Openserver 5.0.7 a supported OS? I can find very little discussion on the Internet. If you didn't get a warning beginning with * This machine, target type , is not known to be fully supported by this configure script. If the ... when you configured, then someone, somewhere, has once compiled Amanda on SCO Openserver. 2. If it is not supported will it work anyway? Probably, but it may take some tweaking.. 3. Any advice on configuration options? I've not touched a SCO machine, so I can't help you there. My configuration...make fails with Making all in gnulib make[1]: Entering directory `/u/tmp/amanda-2.5.2p1-20070606/gnulib' make all-am make[2]: Entering directory `/u/tmp/amanda-2.5.2p1-20070606/gnulib' /bin/bash ../libtool --tag=CC --mode=link gcc -Wall -W -Wparentheses -Wmissing-prototypes -Wstrict-prototypes -Wmissing-declarations -Wformat -Wsign-compare -Wno-error -D_GNU_SOURCE-o libgnu.la lock.lo asnprintf.lo printf-args.lo printf-parse.lo vasnprintf.lo -lm -lreadline -ltermcap -lsocket -lnsl -lresolv -lintl -lsocket false cru .libs/libgnu.a .libs/lock.o .libs/asnprintf.o .libs/printf-args.o .libs/printf-parse.o .libs/vasnprintf.o make[2]: *** [libgnu.la] Error 1 make[2]: Leaving directory `/u/tmp/amanda-2.5.2p1-20070606/gnulib' make[1]: *** [all] Error 2 make[1]: Leaving directory `/u/tmp/amanda-2.5.2p1-20070606/gnulib' make: *** [all-recursive] Error 1 I'm not even sure how to interpret that. However, the Makefile in that directory (gnulib) is actually not written by us -- gnulib is a set of low-level utilities provided to make cross-platform compatibility easier, and pretty much comes with everything, including a Makefile. Unless a SCO user speaks up here (come out, come out, lurkers!), I think your best bet is to look for general advice on compiling from source, particularly relating to gnulib. Sorry I can't be more help.. Dustin -- Kenneth Berry Systems Engineer / System Administrator Micro Beef Technologies P.O. Box 9262 Amarillo, Texas 79105 806-372-2369 [EMAIL PROTECTED] The information contained in or attached to this e-mail message is intended only for the confidential use of the named individual(s) above. If you are not the named recipient of this message you are hereby notified that you have received this document and its attachments in error and that review, dissemination, or copying of this message is prohibited. If you have received this message in error, please notify Micro Beef Technologies immediately. Thank you.
a client disappeared
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Debian etch, VERSION=Amanda-2.5.1p1 One of the two clients on the DMZ has stopped responding to the server on the LAN -- both amcheck and amdump. diff says .amandahosts is identical on the 2 DMZ machines, and stat shows amcheck causing the file's access time to change on the working host, but not on the other; user backup (.deb install) can read .amandahosts; tcpdump shows udp:10080 packets from the server getting to both of them and responses from the working host but not the other; amcheck says log.slsware.dmz: selfcheck request failed: timeout waiting for ACK; the backup reports say the results from that machine are missing. The line in inetd is amanda dgram udp wait backup /usr/sbin/tcpd /usr/lib/amanda/amandad (the same on both hosts). I think inetd is working because it runs TFTP, and both the router and the PIX can write their configs to the net. (I don't know how to fire off a UDP server by remote control, but the access time of /usr/lib/amanda/amandad changes when I run amcheck). Other services on that machine work (DNS, TFTP, syslog, SSH, NTP, etc.). Nagios says all is well there (it doesn't check amandad). The PIX is between the LAN and the DMZ, but there's nothing in the PIX' log about blocking anything having to do with this. The ACL says the server can access anything, and allowing any host on the LAN to access anything makes no difference. The iptables packet filter shows nothing blocked, besides, disabling it makes no difference. selfcheck, sendsize, and sendbackup files stopped appearing in /var/log/amanda/client/sls/ directory on the dead machine. And I've reinstalled the client software. Somebody please point out the obvious thing I'm overlooking -- this has been making me crazy for 3 days now... - -- Glenn English [EMAIL PROTECTED] -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGuPSa04yQfZbbTLYRAmLvAJwKpAqW5ux+NlCeOKjuh5DNTjnS3ACgtdsO qs7+gWhNKhzeXOt14G+h1lg= =BHQ4 -END PGP SIGNATURE-
Re: a client disappeared
On Tue, Aug 07, 2007 at 04:39:24PM -0600, Glenn English wrote: One of the two clients on the DMZ has stopped responding to the server on the LAN -- both amcheck and amdump. A few things to check: - forward or reverse DNS doesn't work for the server or the client. - firewall on the client changed Dustin -- Dustin J. Mitchell Storage Software Engineer, Zmanda, Inc. http://www.zmanda.com/
Re: a client disappeared
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Dustin J. Mitchell wrote: A few things to check: - forward or reverse DNS doesn't work for the server or the client. Hadn't thought of that. But unfortunately, it works perfectly. - firewall on the client changed It did change, but it's the same as on the other client, there's no record of anything being blocked, I can see packets getting there with tcpdump, and disabling the packet filter doesn't change anything. - -- Glenn English [EMAIL PROTECTED] -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGuQL004yQfZbbTLYRAuQsAKCg80ZAwHNuuU9LjOsXI9Mb7VnkAQCdEshP W/sWyloVIBxNcoTzpxuZEI8= =/iiQ -END PGP SIGNATURE-
Re: a client disappeared
Glenn English wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Dustin J. Mitchell wrote: A few things to check: - forward or reverse DNS doesn't work for the server or the client. Hadn't thought of that. But unfortunately, it works perfectly. - firewall on the client changed It did change, but it's the same as on the other client, there's no record of anything being blocked, I can see packets getting there with tcpdump, and disabling the packet filter doesn't change anything. A few more ideas to check: Have you tried running the command in your inetd.conf, such as /usr/local/libexec/amandad on the command line as your backup user? You might have permissions issues or missing libraries that prevents it from running. If it works on the command line, try restarting inetd, and also check the system logs to see if inetd has trouble starting it. Frank -- Frank Smith [EMAIL PROTECTED] Sr. Systems Administrator Voice: 512-374-4673 Hoover's Online Fax: 512-374-4501
Re: a client disappeared
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Frank Smith wrote: If it works on the command line, try restarting inetd, and also check the system logs to see if inetd has trouble starting it. Bingo! Looks like maybe we had a little update. ps aux | grep inetd said inetd wasn't running. In the startup script directory was something called inetd.dpkg-new -- running it to start inetd did nothing. Copying the inetd startup script from the other DMZ host and running it made amcheck work (and made inetd run). Next question is who was changing the access time on the amandad file, and how was TFTP working without inetd? Nagios and the PIX claim TFTP is still around, and I'm not sure I want to go there... Thanks very much! - -- Glenn English [EMAIL PROTECTED] -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGuREN04yQfZbbTLYRAoRjAKCThRAFGyCihSoknME5aYfmRWgOlACghzZp c+umm745G4tZ64OE9q2ho7I= =65B4 -END PGP SIGNATURE-
Re: ssh tunneling from wherever
Mitch Collinsworth [EMAIL PROTECTED] writes: On Tue, 7 Aug 2007, Dustin J. Mitchell wrote: All in all, it sounds like a lot of work, unless this is a months-long conference :) I agree. Changing a working backup configuration in order to handle a temporarily out-of-town condition is just *not* something I'm willing to do. Which is why it would be really nice to have a different triggering method for performing backups on roaming laptops. Something that begins with the laptop calling in to the server and saying Yoo-hoo! I'm over here. Can you please back me up now? Then the server can do the backup to holding disk and then flush to tape next time a regular scheduled config run is made. This is a nice idea, but, personally, I would be happy simply to establish a tunnel through which the backup will be tranmitted later, at the usual time, in the usual way. In any event, I'm gathering that this is not something that amanda can do right now. Too bad. It's something for you developers to think about, though. -- Steve Steven R. Newcomb, Consultant Coolheads Consulting Co-editor, Topic Maps International Standard (ISO/IEC 13250) Co-editor, draft Topic Maps -- Reference Model (ISO/IEC 13250-5) [EMAIL PROTECTED] http://www.coolheads.com direct: +1 910 363 4032 main: +1 910 363 4033 fax:+1 910 454 8461 268 Bonnet Way Southport, North Carolina 28461 USA (This communication is not private. Since the destruction of the 1978 Foreign Intelligence Surveillance Act by the U.S. Congress on August 5, 2007, no electronic communications of innocent citizens can be hidden from the U.S. government. Shamefully, our own generation, acting on fears promoted by fraudulently-elected rogues, has allowed absolute power (codenamed unitary Executive) to be usurped by those very same rogues. Hail Caesar!)
Re: ssh tunneling from wherever
On 6 Aug 2007, Steve Newcomb wrote: Greetings from the Extreme Markup Languages Conference in Montreal. (Which is a great conference but it's not what this note is about.) Here I am at the Europa hotel with pretty good internet service. Unfortunately, as in most such away-from-home situations, there's no way for our amanda server to contact my machine after midnight to do the usual daily backup. I'd like to do the backup anyway. I was wondering whether I could set up an ssh tunnel at bedtime for the backup to occur later at night, and I came across http://wiki.zmanda.com/index.php/Amanda_and_ssh_tunnels ...which suggested that this is indeed possible to do, but it doesn't account for the fact that our amanda is configured to use ssh. I did what the article said to do (well almost -- what I really did was: ssh -l 10080:server:10080 server 'sleep 7000' ) but when I ran amcheck on the server (using another ssh session) it couldn't find my machine, even though a tunnel presumably existed. Amcheck, running on the server, said it couldn't find my machine at port 22. Whereupon it occurred to me that 10080 is not the same as 22. (We use auth-ssh.) Any clues to offer? Just to make sure I understand what is going on, you have no problem ssh'ing to the machine (as in ssh [EMAIL PROTECTED]) but you are having problems opening a tunnel. I too run tunnels, as in: [EMAIL PROTECTED] ssh 5902:localhost:5901 [EMAIL PROTECTED] Where I am telling it to pass the local (to nassau) port 5901 to 5902 at kushana. Yes, I am running vnc in the above example and I have the same username in both machines. I am lazy! ;) BTW, I do not know if it is important but I do have AllowTcpForwarding enabled in my sshd_config in nassau.
