Amanda and Encryption

[Chad Morland]

I was wondering if it is possible to encrypt the traffic that amanda
sends over a network. I have data that I need to backup and some of the
data will have to travel over the public internet. Because this data
contains sensitive information I do not want the data to be sent
unencrypted. Has anyone configured amanda to use SSL/TLS or even SSH?
Thanks.

-CM

Strange Backup Reports?

[Chad Morland]

Hi,
I am trying to backup approx 25 Gb of data to a Quantum DLT7000 tape
unit. I have configured an amanda backup server and the client.
Currently amcheck show no problems found and backups do take place. The
oddities begin when I check the report that is sent to me after amanda
has completed it's backup. Amanda's report shows that only 3605 Mb are
backed up. When I check with amrecover, I can see that the files I
backed up are indexed. Can someone please explain why I am getting such
a low number reported back to me by amanda when I am attempting to
backup such a large amount of data? Is there a way to check the actual
size of the backup on the tape? I am using FreeBSD for both my client
and server. I have included some important files below. Thanks in
advance.


-Chad Morland

Backup Report

These dumps were to tape DailySet1-1.
The next tape Amanda expects to use is: DailySet1-1.


STATISTICS:
  Total   Full  Daily
      
Estimate Time (hrs:min)0:04
Run Time (hrs:min) 0:11
Dump Time (hrs:min)0:08   0:08   0:00
Output Size (meg)3605.0< 3605.0<0.0
Original Size (meg)  3605.0< 3605.0 <   0.0
Avg Compressed Size (%) -- -- --
Filesystems Dumped1  1  0
Avg Dump Rate (k/s)  8106.7 8106.7--

Tape Time (hrs:min)0:08   0:08   0:00
Tape Size (meg)  3605.0 3605.00.0
Tape Used (%)  11.6   11.60.0
Filesystems Taped 1  1  0
Avg Tp Write Rate (k/s)  8099.8 8099.8--


NOTES:
  taper: tape DailySet1-1 kb 3691552 fm 1 [OK]


DUMP SUMMARY:
 DUMPER STATSTAPER STATS
HOSTNAME DISKL ORIG-KB OUT-KB COMP% MMM:SS  KB/s MMM:SS
KB/s
-- - ---
-
backup.inque -/filedumps 0 36915203691520   --7:358106.7
7:368099.8

(brought to you by Amanda version 2.4.2p2)




amanda.conf
--
org "DailySet1" # your organization name for reports
mailto "[EMAIL PROTECTED]"   # space separated list of operators at
your site
dumpuser "amanda"   # the user to run dumps under
inparallel 4# maximum dumpers that will run in parallel (max
63)
# this maximum can be increased at compile-time,
# modifying MAX_DUMPERS in server-src/driverio.h
netusage  6000 Kbps # maximum net bandwidth for Amanda, in KB per
sec
dumpcycle 1 day # the number of days in the normal dump cycle
runspercycle 5 # the number of amdump runs in dumpcycle days
# (4 weeks * 5 amdump runs per week -- just
weekdays)
tapecycle 1 tapes   # the number of tapes in rotation
# 4 weeks (dumpcycle) times 5 tapes per week
(just
# the weekdays) plus a few to handle errors that
# need amflush and so we do not overwrite the
full
# backups performed at the beginning of the
previous
# cycle
bumpsize 20 Mb  # minimum savings (threshold) to bump level 1 ->
2
bumpdays 1  # minimum days at each level
bumpmult 4  # threshold = bumpsize * bumpmult^(level-1)
etimeout 7200   # number of seconds per filesystem for
estimates.
dtimeout 7200   # number of idle seconds before a dump is
aborted.
ctimeout 30 # maximum number of seconds that amcheck waits
# for each client host
tapebufs 20
runtapes 1  # number of tapes to be used in a single run of
amdump
tapedev "/dev/nrsa0"# the no-rewind tape device to be used
rawtapedev "/dev/rsa0"  # the raw device to be used (ftape only)
changerdev "/dev/null"
tapetype DLT-IV # what kind of tape it is (see tapetypes below)
labelstr "^DailySet1-[0-9][0-9]*$"  # label constraint regex: all
tapes must match

holdingdisk hd1 {
comment "main holding disk"
directory "/dumps/amanda"   # where the holding disk is
use -100 Mb # how much space can we use on it
chunksize 1 Gb  # size of chunk if you want big dump to be
}

infofile "/usr/adm/amanda/DailySet1/curinfo"# database DIRECTORY
logdir   "/usr/adm/amanda/DailySet1"# log directory
indexdir "/usr/adm/amanda/DailySet1/index"  # index directory

define tapetype DLT-IV {
comment "DLT-IV 35 GB"
length 31000 mbytes
filemark 1000 kbytes
speed 5000 kbytes
}

define dumptype global {
comment "Global definitions"
index yes
}

define dumptype always-full {
global
program "GNUTAR"
comment "Full 

Re: Quick Multiple Tape Question

[Chad Morland]

> On Tuesday 22 October 2002 18:04, Chad Morland wrote:
> >I am trying to backup a 100G file onto tape. I am wondering if I
> > can use amanda for this. Will it span the archive across more
> > than one tape? I am using a DLT 7000 drive. If not, what are you
> > recommendations?
>
> Yikes!  For that, you will have to locate a drive and tape format
> that will hold it in one tape.  Or, you have to use a split/join
> utility to break it up into tapable sized pieces that are each an
> independant file to the filesystem.
>
> Amanda cannot span one file across more than one tape, and because
> of the potentials for a disaster in such things as re-ordering the
> tapes on recovery, or any one of the other things that Mr. Murphy
> is famous for, it isn't likely that amanda ever will have that
> ability programmed in.
>
> --
> Cheers, Gene
> AMD K6-III@500mhz 320M
> Athlon1600XP@1400mhz  512M
> 99.18% setiathome rank, not too shabby for a WV hillbilly

I find that very strange considering that tar, dump and several other
backup utilities support this. Amanda developers don't want to add this
just for the sake of having it? I know I am not the only one that can
find this feature useful. I can keep track of my tapes, and I'm sure it
is not a difficult task for someone who can install, configure and use
Amanda to do the same. Are there any other concrete and real issues for
not including this feature other than operator misuse?

-CM

Re: Quick Multiple Tape Question

[Chad Morland]

> > I find that very strange considering that tar, dump and several
other
> > backup utilities support this. Amanda developers don't want to add
this
>
> Err, *can* dump/tar span a single *file* across tapes?  I'm not sure.
A
> single filesystem -- sure.  But a file?
>

>From the GNU tar manpage:
"Use --multi-volume (-M) on the command line, and then tar will, when it
reaches the end of the tape, prompt for another tape, and continue the
archive. Each tape will have an independent archive, and can be read
without needing the other. (As an exception to this, the *file* that tar
was archiving when it ran out of tape will usually be split between the
two archives.."

When I generate a table of context for my tape it shows that the file
has been continued from X byte so it seems as if it is working.

> Time.  Spanning support has been in the planning stages for a long
time.
> But the core AMANDA developers work very hard on lots of things that
> aren't AMANDA.  If you'd like to get in touch with them and start
coding,
> the contributions would be welcome.
>
> If you're talking about a *filesystem* rather than a file, then AMANDA
can
> handle that easily via multiple disk list entries using tar.
>
> --
> Joshua Baker-LePain
> Department of Biomedical Engineering
> Duke University

Thanks for the clear answer... it's alot easier to stomache that they
don't have the time rather than the desire. Perhaps I can contribute to
this project and finally give back to the world! ;-)

-CM

Quick Multiple Tape Question

[Chad Morland]

I am trying to backup a 100G file onto tape. I am wondering if I can use
amanda for this. Will it span the archive across more than one tape? I
am using a DLT 7000 drive. If not, what are you recommendations?


-CM

Re: SUN DLT config

[Chad Morland]

To quote the post where i got these values:

"Hey, I just finished the tapetype program using amanda 2.4.2p2 on a
quantum SDLT-220 drive. The tape type is a standard SDLT1 which holds
220/110. Here is the tapetype information... it took me 2.5 days to run"

I am assuming that this poster did what you are referring to.



-CM
- Original Message -
From: "Paul T. Root" <[EMAIL PROTECTED]>
To: "Chad Morland" <[EMAIL PROTECTED]>
Cc: "Steven Law" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Sent: Thursday, October 24, 2002 12:08 PM
Subject: Re: SUN DLT config


> There is also a program that runs through the
> entire tape and figures out what's best. I thought
> it was in the contrib, but I can't find it. Or
> the name of it for that matter.
>
> Paul.
>
>
> Chad Morland wrote:
> > define tapetype SDLT1-220

> > comment "quantum super DLT1-220/110"
> > length 102882 mbytes
> > filemark 508 kbytes
> > speed 2119 kps
> > }
> >
> >
> >
> > -CM
> > - Original Message -
> > From: "Steven Law" <[EMAIL PROTECTED]>
> > To: <[EMAIL PROTECTED]>
> > Sent: Thursday, October 24, 2002 11:38 AM
> > Subject: SUN DLT config
> >
> >
> >
> >>Hello everyone,
> >>
> >>I'm trying to find the best configuration for a new tape drive I
have
> >>recently purchased. It's a single drive SUN SDLT 220. Can anyone
help
> >>me out ?
> >>
> >>Regards
> >>Steve Law
> >>--
> >>Computing Officer
> >>School of Mathematics, Edinburgh University.
> >>Phone: 0131 650 5037 , Email: [EMAIL PROTECTED]
> >>Home Page: http://www.maths.ed.ac.uk/~steve
> >>
> >>
> >>
> >
> >
> >
>
> --
> Paul T. Root CCSA, CCSE, CCNA
> Qwest Communications PAG: +1 (877) 693-7155
> 600 Stinson Blvd, Flr 1S WRK: +1 (612) 664-3385
> Minneapolis, MN  55413 FAX: +1 (612) 664-4778
>
>

Re: SUN DLT config

[Chad Morland]

define tapetype SDLT1-220 { 
comment "quantum super DLT1-220/110"
length 102882 mbytes
filemark 508 kbytes
speed 2119 kps
}



-CM
- Original Message - 
From: "Steven Law" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, October 24, 2002 11:38 AM
Subject: SUN DLT config


> 
> Hello everyone,
> 
> I'm trying to find the best configuration for a new tape drive I have
> recently purchased. It's a single drive SUN SDLT 220. Can anyone help
> me out ?
> 
> Regards
> Steve Law
> --
> Computing Officer 
> School of Mathematics, Edinburgh University.
> Phone: 0131 650 5037 , Email: [EMAIL PROTECTED]
> Home Page: http://www.maths.ed.ac.uk/~steve
> 
> 
> 

disk offline

[Chad Morland]

I am having some problems getting amanda to run. I have used amanda
before and this is the first time that I have encountered this problem.
I followed the instuctions from the backup and recovery chapter and
amcheck is not reporting any problems. However, when I run amdump I get
the following sent to me in the report about 30 seconds after running
the command:

backup. /backup lev 0 FAILED [disk /backup offline on
backup.domain.com?] (I have also tried using the device
[/dev/vinum/striped])

and further down:

NOTES:
  planner: Adding new disk torbackup.inquent.com:/backup.
  driver: WARNING: got empty schedule from planner
  taper: tape DailySet11 kb 0 fm 0 [OK]

My backup partition is a 430G striped vinum partition on FreeBSD. I have
followed everything that is in the FAQ on this subject but nothing seems
to be solving it. Anyone have any ideas on how to solve this?







-CM

Re: disk offline

[Chad Morland]

Error from sendsize*debug:
runtar: error [must be invoked by operator]

However, amanda is in my operator group.
torbackup# id amanda
uid=1000(amanda) gid=1000(amanda) groups=1000(amanda), 5(operator)

And the from amandad*.debug:

(Environment variables cut out)
Amanda 2.4 REQ HANDLE 000-00360708 SEQ 1035907903
SECURITY USER amanda
SERVICE noop
OPTIONS features=feff9f00;


sending nack:

Amanda 2.4 NAK HANDLE 000-00360708 SEQ 1035907903
ERROR unknown service: noop


-CM
- Original Message -
From: "Joshua Baker-LePain" <[EMAIL PROTECTED]>
To: "Chad Morland" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Tuesday, October 29, 2002 3:08 PM
Subject: Re: disk offline


> On Tue, 29 Oct 2002 at 2:39pm, Chad Morland wrote
>
> > backup. /backup lev 0 FAILED [disk /backup offline on
> > backup.domain.com?] (I have also tried using the device
> > [/dev/vinum/striped])
> >
> *snip*
> >
> > My backup partition is a 430G striped vinum partition on FreeBSD. I
have
> > followed everything that is in the FAQ on this subject but nothing
seems
> > to be solving it. Anyone have any ideas on how to solve this?
>
> What's in /tmp/amandad*debug and /tmp/sendsize*debug on backup?  Can
you
> access the device *as the amanda user*?
>
> --
> Joshua Baker-LePain
> Department of Biomedical Engineering
> Duke University
>
>

Re: Encrypted Files on Tape

[Chad Morland]

I have found this link useful in setting up encrypted backups.

http://security.uchicago.edu/tools/gpg-amanda/


-CM
- Original Message -
From: "Nicki Messerschmidt, Linksystem Muenchen GmbH"
<[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, March 07, 2003 8:13 AM
Subject: Re: Encrypted Files on Tape


> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Nicki Messerschmidt wrote:
> > is there any known method to encrypt the data, before writing it to
> > tape? I thought of something like "gpg -c" which does a symmetric
> > encryption, but if I do this then I won't be able to use amrecover
> > any more. Has anyone a good idea for this problem?
> One could use something like this:
> # Create empty file
> dd if=/dev/zero of=testfile bs=1024 count=1024
>
> # Compress it with zlib Routine (-z 9) and encrypt it with a password
> # from $PASSWORDFILE
> cat testfile | gpg --passphrase-fd 3 -z 9 --no-tty -c -
3<$PASSWORDFILE
> >testfile.gpg
>
> # Decompress and decrypt with a password from $PASSWORDFILE
> cat testfile.gpg | gpg --output - --passphrase-fd 3 --no-tty --decrypt
> - - 3<$PASSWORDFILE > test
>
> This works and gpg can handle STD(IN|OUT). But how do I implement this
> into amanda? And is there a possibility that I have to enter the
> password when I want to recover some files?
>
>
> Thanks in advance,
> Nicki
>
> - --
> Linksystem Muenchen GmbH  [EMAIL PROTECTED]
> Schloerstrasse 10   http://www.link-m.de
> 80634 Muenchen  Tel. 089 / 890 518-0
> We make the Net work.   Fax 089 / 890 518-77
>
> -BEGIN PGP SIGNATURE-
> Version: PGPfreeware 6.5.3 for non-commercial use 
> Comment: Keys at: https://www.link-m.de/pgp
>
> iQA/AwUBPmiM3+s1nPm17iBDEQL7KQCeNbN7tdhMVfF3znHL9U5HT3qrd0EAoKQH
> lNDAUuKuy0QnS+bgsrBCcTsL
> =rZHz
> -END PGP SIGNATURE-
>
>