May 2023 Archives

Fri May 5 15:14:45 +07 2023

Some issues with Amanda

24 March 2023

>  I have had Amanda running for over a decade, yesterday I had no issue at
>  all but last night, my backups for Ubuntu machines started crashing
>  consistently with the error:
>  strange(?): runtar: error [runtar invalid option: -]
>
> The just-released amanda package upgrade seems to have a regression for
> GNUTAR DLEs; see:
> https://bugs.launchpad.net/debian/+source/amanda/+bug/2012536/

See amanda.conf for the workaround.

======================================================================

2 May 2023 (reported to amanda-hackers@amanda.org on 5 May 2023)

I recentrly had amrecover that hanged because amidxtaped would die with
the following message in amidxtaped.log:

Tue May 2 12:38:48 2023: thd-0x802e95800: amidxtaped: warning: Use of
uninitialized value $str in pattern match (m//) at
/usr/local/lib/perl5/site_perl/Amanda/DB/Catalog.pm line 764.

Tue May 2 12:38:48 2023: thd-0x802e95800: amidxtaped: warning: Use of
uninitialized value $s in concatenation (.) or string at
/usr/local/lib/perl5/site_perl/Amanda/DB/Catalog.pm line 764.

Tue May 2 12:38:48 2023: thd-0x802e95800: amidxtaped: critical (fatal):
'' at /usr/local/lib/perl5/site_perl/Amanda/DB/Catalog.pm line 764.

amidxtaped: '' at /usr/local/lib/perl5/site_perl/Amanda/DB/Catalog.pm
line 764.

Digging into Catalog.pm, I managed to identify the log file that was
causing the error and the specific line in the log file is:

DONE taper WARNING driver Taper protocol error

Modify /usr/local/lib/perl5/site-perl/Amanda/DB/Catalog.pm to print
the name of the file. 

Posted by Olivier | Permanent link | File under: administration, backup

Tue May 2 12:26:10 +07 2023

About firewall certificate

Let's Encrypt does not do IP certificate. The redirection in the firewall works with the IP address (redirecting the traffic for authentication to https://a.b.c.d:112081, this mechanism cannot be changed, it is set inside an executable that does not have source file) so it is not possible to set a certified certificate for the firewall.

Also, I did try to install a certificate manually and completely messed up the firewall to the point that Apache was not starting, so there was no more web administration interface no Captive Portal.

I had to restore the following files from backup:

  • /DB/_DB.002/etc/ssl/certs/admin_user.pem
  • /DB/_DB.002/etc/ssl/certs/crl.pem
  • /DB/_DB.002/etc/ssl/certs/fireall.cs.ait.ac.th_host.pem
  • /DB/_DB.002/etc/ssl/certs/imported_Certs/04.pem

This is assuming that we are using the profile 2 and that the certificate installed is 4.

Do not mess manually with the certificates.

Even with no Apache and no Active Portal, the firewall filtering was active.


Posted by Olivier | Permanent link | File under: administration, firewall, backup