{ claus.conrad }

Backing up FreeBSD jails using Amanda

đź“… Dec 26, 2013
⌛ 4 minutes

Some notes about how I set up Amanda server and clients to back up jails on a FreeBSD host.

While looking for open-source backup solutions for jails on a FreeBSD box, I came across Amanda and Bacula. At first glance Amanda seemed easier to configure, so I tried to install it from ports. There were some hiccups, especially with regards to permissions and missing directories, so I documented the steps I needed to get it running below.

Amanda uses a server/client architecture, although not in the traditional sense where an application is running all the time. The “Amanda server” is the box that runs and keeps the backups, a process that can be scheduled using cron. Amanda “clients” are the machines that have data that needs to be backed up. It is entirely possible to run the server and client on the same device (VM, jail, etc.). In the configuration described here I am running Amanda server in one jail and an Amanda client in another jail.

On the Amanda server

  1. If this is the first time using pkg on the server, install it:

    sudo pkg
    Shell

    Press “Y” to confirm.

  2. Here I am building amanda-server from ports because I plan on using S3 functionality in amanda-server, which is not enabled in the binary packages. If you don’t need S3 (or don’t know what it is), feel free to save some time by skipping to “To install binaries” below.

  3. Install portmaster:

    sudo pkg install portmaster
    Shell

  4. Install amanda-server:

    sudo portmaster --packages-build misc/amanda-server
    Shell

  5. Follow the prompts, most settings should be self-explanatory.

  6. Install amcrypt:

    sudo portmaster --packages-build security/aespipe
    Shell

  7. Install pinentry-curses:

    sudo portmaster -P security/pinentry-curses
    Shell

  8. To install binaries, use this command instead of those containing portmaster above:

    sudo pkg install amanda-server aespipe pinentry-curses
    Shell

  9. Enable sendmail, so Amanda can mail backup reports:

    sudo echo 'sendmail_enable="YES"' >> /etc/rc.conf
    Shell

  10. Start sendmail:

    sudo service sendmail start
    Shell

On the Amanda clients

  1. If this is the first time using pkg on the server, install it:

    sudo pkg
    Shell

    Press “Y” to confirm.

  2. Install amanda-client, amcrypt and pinentry-curses:

    pkg install amanda-client aespipe pinentry-curses
    Shell

On the Amanda server

  1. Amanda has been around for a long time, so it calls disk backups for “virtual tapes”. Create a directory for these files:

    sudo mkdir -p /data/amanda/vtape/DailySet1
sudo chown amanda:amanda /data/amanda/vtape/DailySet1
sudo chmod -R 750 /data/amanda/vtape/DailySet1
    Shell

  2. Create configuration directory:

    sudo mkdir -p /usr/local/etc/amanda
sudo chown -R amanda:amanda /usr/local/etc/amanda
    Shell

  3. Create var directory:

    sudo mkdir -p /usr/local/var/lib/amanda
sudo chown -R amanda:amanda /usr/local/var/lib/amanda
    Shell

  4. Assign a shell to user amanda:

    sudo chsh -s /bin/csh amanda
    Shell

  5. Change to the amanda user:

    sudo su - amanda
    Shell

  6. Create public/private key pair to access clients:

    ssh-keygen -t rsa
    Shell

    Press Enter at all prompts to create it without a passphrase.

  7. Create a vtape configuration:

    amserverconfig DailySet1 --template harddisk --tapedev  /data/amanda/vtape/DailySet1 --mailto EMAIL_RECIPIENT_GOES_HERE --dumpcycle  1week --runspercycle 5 --tapecycle 12 --runtapes 1
    Shell

  8. Add hosts configuration file:

    touch /usr/local/var/lib/amanda/.amandahosts
    Shell

On the Amanda clients

  1. Assign a shell to user amanda:

    sudo chsh -s /bin/csh amanda
    Shell

  2. Append or copy ~/.ssh/id_rsa.pub from server to ~/.ssh/authorized_keys on clients

  3. Create directories/files and assign permissions:

    sudo mkdir -p /usr/local/var/lib/amanda
sudo touch /usr/local/var/lib/amanda/.amandahosts
sudo mkdir -p /usr/local/etc/amanda
sudo mkdir -p /usr/local/var/amanda/gnutar-lists
sudo chown -R amanda:amanda /usr/local/etc/amanda
sudo chown -R amanda:amanda /usr/local/var/lib/amanda
sudo chown -R amanda:amanda /usr/local/var/amanda
    Shell

  4. Create /etc/fstab file:

    sudo touch /etc/fstab
    Shell

Amanda server

  1. Change to the amanda user:

    sudo su - amanda
    Shell

  2. Add a client (backup job):
    In this example, I am backing up the directory /var/www from the client - replace as necessary.

    amaddclient --config DailySet1 --client CLIENT_HOSTNAME_GOES_HERE --diskdev /var/www --dumptype comp-user-tar
    Shell

  3. Edit the file /usr/local/etc/amanda/DailySet1/amanda.conf:

    vi /usr/local/etc/amanda/DailySet1/amanda.conf
    Shell

    Find this section (line):

    define dumptype global {

    In the section, change:

    auth "bsdtcp"

    to:

    auth "ssh"

  4. Test configuration:

    amcheck DailySet1
    Shell

    Fix any problems before continuing.

  5. Initiate the first full backup:

    amdump DailySet1
    Shell

  6. Check that a backup summary is received by e-mail.

  7. Automate this backup using cron:

    crontab -e
    Shell

    Add this line to the file to run backups daily Monday through Friday at 1 AM:

    0 1 * * 1-5 /usr/local/sbin/amdump DailySet1

That’s it, you should now receive a daily mail shortly after 1AM, informing you of a successful backup of /var/www from the client to the server. The first report (hopefully received during the test run above) should be about a full backup and the next couple of reports will only do an incremental backup, with a new full backup every week (as specified in the vtape configuration command).

Some other opensource backup solutions that should work on FreeBSD:

Older Manjaro Openbox right-click menu as root
Newer Using BackupPC to archive backups via...