Tertiary Media is a "backup of a backup" that provides an extra layer of protection for essential data. One way to use tertiary media is to produce off-site copies of backups that are kept on-site for recovery from hardware failure and user errors: if a disaster destroys the office, having offsite copies of backups can save your business.
Vaulting is a licensed feature and requires a license to be installed on the Amanda server. When the license is installed on the Amanda server, you can configure Vault jobs from Zmanda Management Console (Amanda Enterprise 3.3.4 or later version is required).
Amanda provides the amvault (8)utility to create a copy of an existing backup run (identified by date and timestamp). In the context of amvault, the existing source backup is referred to as "secondary media," and the target is the tertiary media.
Usually Amazon S3 or tapes are used as tertiary media for disk (vtape) backups. It is important to make Virtual Tape size (specified in the ZMC Backup Where page) matches the tape size or S3 volume size.
Amvault makes one-to-one copies of each piece of media used in a backup run
The syntax for amvault is:
amvault [-o Amanda.conf_options] backup_set src-run-timestamp changer label-template
Amanda.conf_options can be any of the options described in amanda.conf (5).
Backup_set is the name of the source backup set.
src-run-timestamp is the timestamp of the backup run you wish to copy. Specify lastest uses the most recent run.
changer is the name of the changer to use as defined by amanda.conf (5).
label-template specifies the string used to prefix the tertiary backup media labels. The string should contain some number of contiguous % characters, which will be replaced with a generated number. Be sure to specify enough %characters that you do not run out of tape labels. Example: DailySet1-%%%
For example, to produce a tertiary backup of MyBackupSet to changer MyChanger with label prefixes of "off-site-N" for the tertiary backup media, you would enter the following command:
amvault MyBackupSet latest MyChanger off-site-%%%
The amvault (8) man page describes these options in more detail.
When you use amrecover(8) against a backup set, Amanda looks for secondary backup media to restore from first. If none is found, it automatically looks for tertiary media to restore from.
If you want to vault backup runs from a backup set to tapes in S3, one must set up an S3 vaulting changer. Such a changer is set up per backup set and is created with a definition such as the one below by adding this to the backup set's amanda.conf file which is located in its configuration directory, /etc/amanda/<backup_set_name>/. Here is an example of a 6-tape S3 changer:
define changer S3_vaulting_changer {
tpchanger "chg-multi:s3:<unique_bucket_name>/<backup_set_name>/slot-{01,02,03,04,05,06}"
device_property "BLOCK_SIZE" "2097152"
device_property "SSL_CA_INFO" "/opt/zmanda/amanda/common/share/curl/curl-ca-bundle.crt"
device_property "S3_ACCESS_KEY" "<access_key>" # Your S3 Access Key
device_property "S3_SECRET_KEY" "<secret_key>" # Your S3 Secret Key
device_property "S3_SSL" "on"
device_property "BLOCK_SIZE" "2097152"
device_property "S3_STORAGE_CLASS" "STANDARD"
device_property "S3_BUCKET_LOCATION" ""
changerfile "S3_vaulting_changer_statefile" # Amanda will create this file
}
<unique_bucket_name> should be replaced with a unique S3 bucket name. Every bucket name on S3 must be unique. The AE Console creates a random string combined with your backup set name to create this. You can specify what you want but it must be a unique bucket name among all S3 users.
<backup_set_name> should be replaced with the name of your backup set
<access_key> should be replaced with your S3 account access key
<secret_key>" should be replaced with your S3 account secret key
S3 bucket location can be one of the following and should not later be changed:
Region Location Constraint
----------------------------------- -------------------
US Standard (none required)
US-West (Northern California) Region us-west-1
EU (Ireland) Region EU
Asia Pacific (Singapore) Region ap-southeast-1
Asia Pacific (Tokyo) Region ap-northeast-1
This is an example of a 6-tape changer, "..../slot-{01,02,03,04,05,06}". As many can be added as needed.
To vault the last backup to an S3 tape with label "daily-vault-000" (number will increment each time), run as the amandabackup user on the backup server (again, for backup set "daily"):
$ amvault <backup_set_name> latest S3_vaulting_changer daily-vault-%%%
If you want to vault a specific backup run, you can replace "latest" with the backup run's 14 digit date/time stamp, YYYYMMDDHHMMSS. For example,
$ amvault <backup_set_name> 20110512104839 S3_vaulting_changer daily-vault-%%%
See "man amvault" for more info. You can add amvault to crontab file to perform vaulting on a schedule.