Chris Cruft

Spent some time looking into backup solutions for Linux.  Generally, this market seems to be skewed towards shareware/commercial products instead of the typical Linux GPL-licensed products.  Here are a few of the products I found:

Bacula

Storix

Amanda

Arkeia

Free for sites using a maximum of 50GB: http://www.arkeia.com/asb/nocost/

06/05/2005, 11:42

Well, amanda is not only free, but also included in Fedora Core 3!  So I installed it this afternoon:

#yum –y install amanda

#yum –y install amanda-server

#yum –y install amanda-client

All three need to be installed separately as the amanda system appears to be very modular and client-server.  Even though Bacula seems to be a more user-friendly solution, I can’t currently invest in installing it.  Not only is the RPM not included in Fedora, a SQL server like MySQL is recommended when using Bacula.  I’ll get there some day…

Tape command options:

mt densities

Shows available tape densities (also sets compression for DLT drives)

mt status

Shows current tape status

mt tell

Shows current block

mt eject

Ejects the current tape

mt defcompression

Sets the default compression (used on each tape mount)

mt compression

Sets the compression mode.  NB: Despite the mt documentation, this seems to work with the Exabyte Mammoth drive (8900).  There is no feedback, but amanda sees the drive as compressed or not depending on this switch.

How about the stinit command?  More research needed.  Here is some great info on backup -to be further investigated:

http://umbc7.umbc.edu/~jack/course/backups.html

http://tariqnazir.tripod.com/backup.htm

http://surf.ap.seikei.ac.jp/~nakano/dump-restore/dump-restore-mini-HOWTO.en.html

Interesting note: sometime recently, perhaps after the upgrade to Fedora Core 4, it seems that the permissions on the tape device (/dev/nst0) changed to 600 -in other words, no write permissions for the device’s group (disk).  Since this was the mechanism by which the amanda user got rights to write, it is not shocking that amanda has been whining for the past several days:

*** A TAPE ERROR OCCURRED: [writing label: tape is write protected].

I modified the permissions on the tape device and ran amflush to squirt the pending dumps to tape.  But I still had errors.  Based on the front-panel LEDs, the drive is constantly resetting itself.  I’ve got problems!

After a lot of twiddling and diddling, I have managed to get named working together on suzuki, ducati and my Netware 4.2 server. Most of the issues seemed to be related to the security entries in /etc/named.conf. There are a billion little details (like chroot’ed directories, default incompatibilities in BIND 9 that prevent working with BIND 8 (and Netware’s DNS implementation), etc. Key to getting the Netware server to work as a secondary DNS server to ducati’s BIND 9 primary was the transfer-format directive:

server 192.168.1.10 {

transfer-format one-answer;

};

Also had to twiddle the following two files to get a safe, personal key.

/etc/rndc.conf

/etc/rndc.key

Some guiding principles can be found here:

http://tldp.org/HOWTO/DNS-HOWTO.html

And here is an excellent reference on the options allowed in the /etc/named.conf file:

http://www.zytrax.com/books/dns/ch7/hkpng.html

http://publib16.boulder.ibm.com/pseries/en_US/files/aixfiles/named.conf.htm

Only one remaining problem: suzuki does not permit queries from anything but the local host.  Did I enable the firewall on suzuki?  Or do I have a permissions problem?

The daemon crond has been enhanced since my days of Unix. It searches for crontab files in new locations and understands a new “user” argument in the crontab job scheduling lines. As a convention in Fedora (and apparently Debian and probably Red Hat), the system crontab (/etc/crontab) now runs a script to execute all programs in directories like /etc/cron.hourly and /etc/cron.monthly at the appropriate time. This convention makes it convenient to add a new cron job as long as it adheres to the typical hourly/daily/weekly/monthly scheduling.

As always, cron’s behavior at DST changes is poorly defined. On my FC3 system, I found documentation that indicates that it is normal to have zero or multiple runs of a job normally expected to run once in the witching hour of DST. Online, I found documentation that indicates cron attempts to guess your intentions by using a three-hour tolerance around daily jobs. Seems flaky to me. I still don’t understand why cron does not have an explicit means of recording the user’s intentions in this regard.

Secondly, there is a new facility to run jobs periodically with a “catch-up” capability. The anacron utility tracks execution times and can therefore run jobs when starting that “should have been run earlier.” While designed for systems that are only run sporadically, it has the potential to complement standard cron behavior very nicely.

I configured and started the NTP server ntpd. Some useful commands are:

• ntpd The NTP server daemon
• ntpdq The basic server query tool
• ntpstat Simple status check program

I can see things are working reasonably well with the following command:

# ntpq -c peers

I have also made the necessary changes to the configuration file (/etc/ntp.conf) to ensure that other nodes on the local network can use ducati’s NTP services. This includes the following:

Windows XP

Standard Microsoft XP NTP Client

Netware 4.2

SNTP.NLM version 1.6

This is the configuration parameters that allows these local clients to connect:

restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap

I am sure that I have more work to do to correctly define the security keys. I have changed the key file -but I am not sure where to configure the key index so that the client (ntpq) can communicate with the server.

I configured and started vsftpd and sshd on suzuki and ducati.  Both are working as advertised.  Traditional FTP services are served by vsftpd but it is highly configurable for a more secure implementation.  Telnet, a notoriously insecure remote console client/server app, has been replaced with ssh.  Good riddance.  It is a little tough to forego the standard telnet client on every platform in the world, but so far I have found a client for every platform I use:

Palm

Windows (PuTTY)