Re: anybody USING the krb5 version?

2013-06-20 Thread sunkan 

Quoting Debra S Baddorf badd...@fnal.gov:


The fix I just sent is much more elegant than I originally mentioned.
I'm actually using the provided  (symbol or variable)  to set the user
back to the proper  client login  (ie the non prived user)  that you  
specified

in your setup configuration files and/or  compilation.

Deb Baddorf
Fermilab



Looks good so far, it compiled without issues and amcheck works now.
I will be going on vacation now, but will report back results when it  
has run through a proper backup.


/Andreas

Re: Unknown S3 error with Swift S3 (Openstack)

2013-06-20 Thread Stratos Zolotas 
It seems that something is confusing the authentication.

My setup has the Swift proxy and the Keystone authentication service
on different servers.

Now i have this error:

$ amlabel DailySet1 DailySet1-1 slot 1
Reading label...
Error reading volume label: s3_open2 failed: This server could not
verify that you are authorized to access the document you requested.
Either you supplied the wrong credentials (e.g., bad password), or
your browser does not understand how to supply the credentials
required.

 Authentication required (Unauthorized) (HTTP 401)
Not writing label.

amanda.conf is:

org DailySet1
infofile /srv/amanda/state/curinfo
logdir /srv/amanda/state/log
indexdir /srv/amanda/state/index
dumpuser amandabackup
mailto 

define tapetype S3 {
comment S3 Bucket
length 100 gigabytes # Bucket size
}

device_property S3_SUBDOMAIN no
device_property S3_SSL ON#
Curl needs to have S3 Certification Authority (Verisign today)

# in its CA list. If connection fails, try setting this no NO
device_property S3_STORAGE_CLASS STANDARD
device-property SSL_CA_INFO /etc/amanda/.ca-bundle
device-property S3_HOST swift-proxy-url:443

device-property VERBOSE YES
device-property S3_SERVICE_PATH /v2.0/tokens
device-property LEOM on
device-property STORAGE_API SWIFT-2.0
device-property USERNAME amanda
device-property PASSWORD xxx
device-property TENANT_NAME x
device-property TENANT_ID x

tpchanger 
chg-multi:s3:xx-backups/DailySet1/slot-{01,02,03,04,05,06,07,08,09,10}
# Number of tapes in your tapecycle
changerfile  s3-statefile
# Amanda will create this file
tapetype S3

define dumptype simple-gnutar-remote {
auth ssh
ssh_keys /etc/amanda/MyConfig/ssh-key
compress none
program GNUTAR
}

holdingdisk hd1 {
directory /srv/amanda/holding
use 200 gbytes
chunksize 1 mbyte
}


log now has this:

# cat amlabel.20130620111031.debug
Thu Jun 20 11:10:31 2013: thd-0x1da6200: amlabel: pid 10078 ruid 63998
euid 63998 version 3.3.3: start at Thu Jun 20 11:10:31 2013
Thu Jun 20 11:10:31 2013: thd-0x1da6200: amlabel: Arguments: DailySet1
DailySet1-1 slot 1
Thu Jun 20 11:10:32 2013: thd-0x1da6200: amlabel: pid 10078 ruid 63998
euid 63998 version 3.3.3: rename at Thu Jun 20 11:10:32 2013
Thu Jun 20 11:10:32 2013: thd-0x1da6200: amlabel: Using state file:
/etc/amanda/DailySet1/s3-statefile
Thu Jun 20 11:10:32 2013: thd-0x1da6200: amlabel: S3 driver using
bucket 'x-backups', prefix 'DailySet1/slot-01'
Thu Jun 20 11:10:32 2013: thd-0x1da6200: amlabel: Create 1 threads
Thu Jun 20 11:10:32 2013: thd-0x1da6200: amlabel: About to connect()
to swift-proxy-url port 443 (#0)
Thu Jun 20 11:10:32 2013: thd-0x1da6200: amlabel:   Trying
xx.xx.xx.xx...
Thu Jun 20 11:10:32 2013: thd-0x1da6200: amlabel: connected
Thu Jun 20 11:10:32 2013: thd-0x1da6200: amlabel: successfully set
certificate verify locations:
Thu Jun 20 11:10:32 2013: thd-0x1da6200: amlabel:   CAfile:
/etc/amanda/x.ca-bundle
Thu Jun 20 11:10:32 2013: thd-0x1da6200: amlabel:   CApath:
/etc/ssl/certs
Thu Jun 20 11:10:32 2013: thd-0x1da6200: amlabel: SSLv3, TLS
handshake, Client hello (1):
Thu Jun 20 11:10:32 2013: thd-0x1da6200: amlabel: SSLv3, TLS
handshake, Server hello (2):
Thu Jun 20 11:10:32 2013: thd-0x1da6200: amlabel: SSLv3, TLS
handshake, CERT (11):
Thu Jun 20 11:10:32 2013: thd-0x1da6200: amlabel: SSLv3, TLS
handshake, Server key exchange (12):
Thu Jun 20 11:10:32 2013: thd-0x1da6200: amlabel: SSLv3, TLS
handshake, Server finished (14):
Thu Jun 20 11:10:32 2013: thd-0x1da6200: amlabel: SSLv3, TLS
handshake, Client key exchange (16):
Thu Jun 20 11:10:32 2013: thd-0x1da6200: amlabel: SSLv3, TLS change
cipher, Client hello (1):
Thu Jun 20 11:10:32 2013: thd-0x1da6200: amlabel: SSLv3, TLS
handshake, Finished (20):
Thu Jun 20 11:10:33 2013: thd-0x1da6200: amlabel: SSLv3, TLS change
cipher, Client hello (1):
Thu Jun 20 11:10:33 2013: thd-0x1da6200: amlabel: SSLv3, TLS
handshake, Finished (20):
Thu Jun 20 11:10:33 2013: thd-0x1da6200: amlabel: SSL connection using
DHE-RSA-AES256-SHA
Thu Jun 20 11:10:33 2013: thd-0x1da6200: amlabel: Server certificate:
Thu Jun 20 11:10:33 2013: thd-0x1da6200: amlabel:subject:
OU=Domain Control Validated; OU=EssentialSSL Wildcard;
CN=*.xxx.com
Thu Jun 20 11:10:33 2013: thd-0x1da6200: amlabel:start date:
2013-05-08 00:00:00 GMT
Thu Jun 20 11:10:33 2013: thd-0x1da6200: amlabel:expire date:
2015-05-08 23:59:59 GMT
Thu Jun 20 11:10:33 2013: thd-0x1da6200: amlabel:
subjectAltName: xxx..com matched
Thu Jun 20 11:10:33 2013: thd-0x1da6200: amlabel:issuer: C=GB;
ST=Greater Manchester; L=Salford; O=COMODO CA Limited; CN=EssentialSSL
CA
Thu Jun 20 11:10:33 2013: thd-0x1da6200: amlabel:SSL
certificate verify ok.
Thu Jun 20 11:10:33 2013: thd-0x1da6200: amlabel: Hdr Out: POST
/v2.0/tokens

Re: Unknown S3 error with Swift S3 (Openstack)

2013-06-20 Thread Jean-Louis Martineau 

On 06/20/2013 07:27 AM, Stratos Zolotas wrote:

It seems that something is confusing the authentication.

My setup has the Swift proxy and the Keystone authentication service
on different servers.


Do you tried to set S3-HOST to the keystone server?
and/or set the PROXY device-property?

man amanda-devices

Jean-Louis

Re: 7zip instead of tar?

2013-06-20 Thread Jean-Louis Martineau 

On 06/19/2013 10:37 PM, Schlacta, Christ wrote:


Is it possible,  or even better, supported to use .7z instead of .tar 
for the backup archive format? I know .7z gets incredible compression 
rates and provides the archive layer functionality as well, and 
includes an encryption mechanism as well.




7zip is not supported, but it should not be difficult to write a wrapper 
for it, that's why we have the application-api.


Jean-Louis

Re: Unknown S3 error with Swift S3 (Openstack)

2013-06-20 Thread Stratos Zolotas 
No it is not working. I think it means an http proxy, not a swift
proxy. It is trying to connect to S3_HOST through the PROXY, that it
is not the case.

s3cmd for example don't need the keystone server. You just connect to
the swift proxy, the swift proxy asks the the auth server (keystone)
for authentication and it passes you on.

I think i'm missing something here or something is not implemented
right on swift support on amanda.

As you can see on the previous message, the swift proxy responds with
the uri of the keystone server, but amanda is not sending something
right (or it is miss-configured).

On Thu, Jun 20, 2013 at 2:43 PM, Jean-Louis Martineau
martin...@zmanda.com wrote:
 On 06/20/2013 07:27 AM, Stratos Zolotas wrote:

 It seems that something is confusing the authentication.

 My setup has the Swift proxy and the Keystone authentication service
 on different servers.


 Do you tried to set S3-HOST to the keystone server?
 and/or set the PROXY device-property?

 man amanda-devices

 Jean-Louis