On Sun, Mar 01, 2009 at 07:28:32PM -0700, John Hein wrote:
> Charles Curley wrote at 18:54 -0700 on Mar 1, 2009:
> > On Sun, Mar 01, 2009 at 05:49:20PM -0700, John Hein wrote:
> > > man amrecover (see -s & -t). I don't know if there is a run-time
> > > configuration option for these (I didn't see one after a quick read
> > > of the man pages) - if so, -o would be of no help.
> >
> > Those set the index and tape servers, respectively. Supposedly, you
> > can also do that with environmental variables. I tried environmental
> > variables, and they didn't work.
>
> Indeed, and the code seems to agree with the man page...
>
> recover-src/amrecover.c: server_name = getenv("AMANDA_SERVER");
> recover-src/amrecover.c: tape_server_name =
> getenv("AMANDA_TAPE_SERVER");
>
> I believe it has worked for me in the past.
The problem is that amrecover is using the name "localhost" for the
host it is running on, not for the tape or index server. So those may
have worked correctly.
The problem was that there was no line for localhost in the server's
.amandahosts file. Once I added one, it worked, but only for amrecover
on the server. I conjecture that the server looks up the name that
amrecover uses, and it had better agree with the IP address where the
request comes from. Which in this case it would only do if the request
came from the same machine.
>
>
> > I mean that amrecover should work on the client.
>
> Yes, it does work on the client.
>
>
> > > If you are asking if most people configure amanda that way, I'd say
> > > probably not, but who knows - I can say that I don't. If you want,
> > > you can take it up with the debian/ubuntu packager. FWIW, the default
> > > in the configure script if you don't specify --with-index-server is
> > > `uname -n`.
> >
> > Which in a precompiled package would give you the host name of the
> > build machine, rather useless for the rest of the universe.
>
> Which is perhaps why they might override that with 'localhost'. If I
> were the packager, I'd probably pick some host name that you could
> define as a good CNAME (or additional A record) in DNS, like 'backup',
> but there's a risk of picking something that will clash for someone
> out there.
Now you'd have to muck with your DNS every time you wanted to change
which client could restore.
> Having it overridable in amanda.conf would be good for this
> issue. If it really is not, then it might make a simple project
> for someone.
Or amanda-client.conf. Otherwise, (not having looked at the source) I
agree.
>
>
> > How about having it call the OS to enquire, and providing an option
> > to override? But that has its own security problems.
>
> Inquire what? DNS? Some LDAP map? I think -s & -t should work as
> a way to override - not sure why they didn't for you.
I think they worked just fine. What I need is a way, short of
compilation, to tell the client what its host is. In my case, on
dragon, the client, I would have liked to set something like:
my_host_name = dragon
> I don't see a security issue since the server can decide which
> client hosts to allow (except perhaps for spoofing issues, but if
> you have problems with that, amanda may be the least of your
> worries).
Spoofing is what I had in mind. Your comment about Amanda being the
least of one's worries in that case is well taken. I agree.
--
Charles Curley /"\ ASCII Ribbon Campaign
Looking for fine software \ / Respect for open standards
and/or writing? X No HTML/RTF in email
http://www.charlescurley.com / \ No M$ Word docs in email
Key fingerprint = CE5C 6645 A45A 64E4 94C0 809C FFF6 4C48 4ECD DFDB
signature.asc
Description: Digital signature
|
