Backing up FreeBSD jails using Amanda

Some notes about how I set up Amanda server and clients to back up jails on a FreeBSD host.

While looking for open-source backup solutions for jails on a FreeBSD box, I came across Amanda and Bacula. At first glance Amanda seemed easier to configure, so I tried to install it from ports. There were some hiccups, especially with regards to permissions and missing directories, so I documented the steps I needed to get it running below.

Amanda uses a server/client architecture, although not in the traditional sense where an application is running all the time. The “Amanda server” is the box that runs and keeps the backups, a process that can be scheduled using cron. Amanda “clients” are the machines that have data that needs to be backed up. It is entirely possible to run the server and client on the same device (VM, jail, etc.). In the configuration described here I am running Amanda server in one jail and an Amanda client in another jail.

On the Amanda server

1. If this is the first time using pkg on the server, install it:

   sudo pkg
   

   Press “Y” to confirm.

2. Here I am building amanda-server from ports because I plan on using S3 functionality in amanda-server, which is not enabled in the binary packages. If you don’t need S3 (or don’t know what it is), feel free to save some time by skipping to “To install binaries” below.

3. Install portmaster:

   sudo pkg install portmaster
   

4. Install amanda-server:

   sudo portmaster --packages-build misc/amanda-server
   

5. Follow the prompts, most settings should be self-explanatory.

6. Install amcrypt:

   sudo portmaster --packages-build security/aespipe
   

7. Install pinentry-curses:

   sudo portmaster -P security/pinentry-curses
   

8. To install binaries, use this command instead of those containing portmaster above:

   sudo pkg install amanda-server aespipe pinentry-curses
   

9. Enable sendmail, so Amanda can mail backup reports:

   sudo echo 'sendmail_enable="YES"' >> /etc/rc.conf
   

10. Start sendmail:

    sudo service sendmail start
    

On the Amanda clients

1. If this is the first time using pkg on the server, install it:

   sudo pkg
   

   Press “Y” to confirm.

2. Install amanda-client, amcrypt and pinentry-curses:

   pkg install amanda-client aespipe pinentry-curses
   

On the Amanda server

1. Amanda has been around for a long time, so it calls disk backups for “virtual tapes”. Create a directory for these files:

   sudo mkdir -p /data/amanda/vtape/DailySet1
   sudo chown amanda:amanda /data/amanda/vtape/DailySet1
   sudo chmod -R 750 /data/amanda/vtape/DailySet1
   

2. Create configuration directory:

   sudo mkdir -p /usr/local/etc/amanda
   sudo chown -R amanda:amanda /usr/local/etc/amanda
   

3. Create var directory:

   sudo mkdir -p /usr/local/var/lib/amanda
   sudo chown -R amanda:amanda /usr/local/var/lib/amanda
   

4. Assign a shell to user amanda:

   sudo chsh -s /bin/csh amanda
   

5. Change to the amanda user:

   sudo su - amanda
   

6. Create public/private key pair to access clients:

   ssh-keygen -t rsa
   

   Press Enter at all prompts to create it without a passphrase.

7. Create a vtape configuration:

   amserverconfig DailySet1 --template harddisk --tapedev  /data/amanda/vtape/DailySet1 --mailto EMAIL_RECIPIENT_GOES_HERE --dumpcycle  1week --runspercycle 5 --tapecycle 12 --runtapes 1
   

8. Add hosts configuration file:

   touch /usr/local/var/lib/amanda/.amandahosts
   

On the Amanda clients

1. Assign a shell to user amanda:

   sudo chsh -s /bin/csh amanda
   

2. Append or copy ~/.ssh/id_rsa.pub from server to ~/.ssh/authorized_keys on clients

3. Create directories/files and assign permissions:

   sudo mkdir -p /usr/local/var/lib/amanda
   sudo touch /usr/local/var/lib/amanda/.amandahosts
   sudo mkdir -p /usr/local/etc/amanda
   sudo mkdir -p /usr/local/var/amanda/gnutar-lists
   sudo chown -R amanda:amanda /usr/local/etc/amanda
   sudo chown -R amanda:amanda /usr/local/var/lib/amanda
   sudo chown -R amanda:amanda /usr/local/var/amanda
   

4. Create /etc/fstab file:

   sudo touch /etc/fstab
   

Amanda server

1. Change to the amanda user:

   sudo su - amanda
   

2. Add a client (backup job):
   In this example, I am backing up the directory /var/www from the client - replace as necessary.

   amaddclient --config DailySet1 --client CLIENT_HOSTNAME_GOES_HERE --diskdev /var/www --dumptype comp-user-tar
   

3. Edit the file /usr/local/etc/amanda/DailySet1/amanda.conf:

   vi /usr/local/etc/amanda/DailySet1/amanda.conf
   

   Find this section (line):

   define dumptype global {
   

   In the section, change:

   auth "bsdtcp"
   

   to:

   auth "ssh"
   

4. Test configuration:

   amcheck DailySet1
   

   Fix any problems before continuing.

5. Initiate the first full backup:

   amdump DailySet1
   

6. Check that a backup summary is received by e-mail.

7. Automate this backup using cron:

   crontab -e
   

   Add this line to the file to run backups daily Monday through Friday at 1 AM:

   0 1 * * 1-5 /usr/local/sbin/amdump DailySet1
   

That’s it, you should now receive a daily mail shortly after 1AM, informing you of a successful backup of /var/www from the client to the server. The first report (hopefully received during the test run above) should be about a full backup and the next couple of reports will only do an incremental backup, with a new full backup every week (as specified in the vtape configuration command).

Some other opensource backup solutions that should work on FreeBSD:

• BackupPC (port)
• Bacula (ports: client/server)
• rsnapshot (port)