Red Hat

Hi All

I configured Amanda in our LAN and it is working perfectly
When i changed configuration for Encryption it is not working ....and giving an error like this
/etc/amanda/template.d/dumptypes", line 394: dumptype parameter expected
"/etc/amanda/template.d/dumptypes", line 401: dumptype parameter expected
"/etc/amanda/template.d/dumptypes", line 408: dumptype parameter expected
"/etc/amanda/template.d/dumptypes", line 416: dumptype parameter expected
errors processing config file at /usr/sbin/amgetconf line 297.

Is there any one having any document for confguring Amanda with Assymmetric Encryption

ie, amanda configuration with /usr/sbin/amcrypt-ossl-asym script
I want to encrypt date by using public key encryption



Thanks & Regs
Pran

First off, listing error messages that reference a line of your amanda configuration are pretty useless without context. Please show the block of lines centered around the line referred to in the error message. Quite often a simple typo or syntax error throws off the scanning and you get an error that refers to an adjacent line and is otherwise uninterpretable. Since you had a working configuration and made changes, you should know exactly which lines are at fault. If you post it, someone might spot the error.

There is a document here How To:Set up data encryption - The Open Source Backup Wiki (Amanda, MySQL Backup, BackupPC) that might help. Also, the man page, which is online here amcrypt-ossl-asym.

org "DailySet1" # your organization name for reports
mailto "praveen.kv@rrap-software.com" # space separated list of operators at your site
dumpcycle 1week # the number of days in the normal dump cycle
runspercycle 5 # the number of amdump runs in dumpcycle days
tapecycle 12 # the number of tapes in rotation
runtapes 1 # number of tapes to be used in a single run of amdump
tpchanger "chg-disk" # the tape-changer glue script
tapedev "file://data/amanda/vtapes/DailySet1/" # the no-rewind tape device
changerfile "/etc/amanda/DailySet1/changer.conf" # tape changer configuration parameter file
changerdev "/dev/null" # tape changer configuration parameter device
tapetype HARDDISK # what kind of tape it is
labelstr "DailySet1" # label constraint regex: all tapes must match
dtimeout 1800 # number of idle seconds before a dump is aborted
ctimeout 30 # max number of secconds amcheck waits for each client
etimeout 300 # number of seconds per filesystem for estimates
define dumptype global {
comment "Global definitions"
auth "bsdtcp"
}
#define dumptype encrypt-fast {
# root-tar
# comment "fast client compression and server symmetric encryption, dumped with tar"
# compress client fast
# encrypt server
# server_encrypt "/usr/sbin/amcrypt"
# server_decrypt_option "-d"
#}

#define dumptype gui-base {
# global
# program "GNUTAR"
# comment "gui base dumptype dumped with tar"
# compress none
# index yes
#}

#define dumptype encrypt-simple {
# root-tar
# comment "client simple symmetric encryption, dumped with tar"
# encrypt client
# compress fast
# client_encrypt "/usr/sbin/amcryptsimple"
# client_decrypt_option "-d"
#}


define dumptype server-encrypt-fast { //while using this am getting above mentioned error
global
program "GNUTAR"
comment "dump with fast client compression and server openssl asymmetric encryption"
compress client fast
encrypt server
index
server_encrypt "/usr/sbin/amcrypt-ossl-asym"
server_decrypt_option "-d"
priority medium
}



This is mine amanda.conf file ,My question is How i can configure Amanda for both Comperssion and Asymmetric Backup.

I checked above mentioned links , i got some information but i want the exact configuration statement for defining dump type in amanda.conf for public key encryption.

Thanks Regs
Praveen

Please guide me ....I am not getting any doc from google....for me it is too important ......



Thanks & Regs
Pran(praveen)

I don't have much time right now. I'll try to help, but you have to help yourself as well. You obviously changed more than just adding encryption when you modified your working system. You deleted other things from the configuration as well, rather than just adding something. I believe it is those deletions that are causing the specific errors you are getting. The error messages point to a specific line number in /etc/amanda/template.d/dumptypes. Look at that and see what it is referring to.

Did you keep a copy of your working system? Since you say it was working, you must have backups, right? Also, typically, when you radically edit a configuration file, you copy it first. For example, `cp -p amanda.conf amanda.conf.backup` before doing `vi amanda.conf`. So, look at your backup and get back things you deleted, or just recover the whole thing and then add the encryption without deleting anything.

Hi for normal compressed backup it is working ---now .but i want configure amanda for asymmetric encryption (public key ) .Is there any one have the documentation for this. I searched lot and in the above mentioned link it is explaining the encryption and commands,but i need the entries for the amanda.conf .


for normal compressed backup

define dumptype gui-base {
global
program "GNUTAR"
comment "gui base dumptype dumped with tar"
compress yes
index yes
}

we can configure like this ....so i need the same for asymmetric encryption
what changes i need to do in amanda.conf

Thanks & Regs
pran

OK, since you now seem to be back to something that works, change only one thing at a time so that testing and debugging is easier.

When you change your amanda.conf, start by making a copy amanda.conf.works. Then don't delete or comment out anything, just add the lines as you had before to define the dumptype server-encrypt-fast (they look correct). I presume the "//while using this" is commentary you added here for the forum. It should not be in the amanda.conf file.

After you change amanda.conf, run `amcheck DailySet1`. Maybe even wait a day and let your backups run to see that you didn't break anything. Then change one of the entries in your disklist to use dumptype server-encrypt-fast (presuming everything else is configured).

Note that all the setup for encryption and your key management have to be done very carefully and tested at each stage. If you mess it up or lose your key, you will not be able to recover encrypted backups. Go back to the wiki page and the man page for amcrypt-ossl-asym(8) and check all your details.