[Freeipa-users] Hot Backup Solution for IPA 2.x?
Dmitri Pal
dpal at redhat.com
Wed Jan 4 18:24:00 UTC 2012
On 12/28/2011 12:34 PM, Erinn Looney-Triggs wrote:
> On 12/27/2011 04:01 PM, Craig T wrote:
>> Hi,
>>
>> Is there a hot backup technique for IPA? From my reading the best solution is to setup a replication server then shut the replication server down and do a backup?
>>
>> cya
>>
>> Craig
>>
>> _______________________________________________
>> Freeipa-users mailing list
>> Freeipa-users at redhat.com
>> https://www.redhat.com/mailman/listinfo/freeipa-users
>
>
> Yeah this seems to be a bit of a problem. I am currently working through
> the same thing and all I can find is advice like, "back everything up",
> because there are files used by IPA all over the place. That seems a bit
> ridiculous to me, so I am trying to piece together what it really does,
> and what files are really needed.
>
> One part I have found so far is the hot backups for the directory
> servers (note the plural, PKI has its own instance). You need to use the
> db2bak.pl (not the db2bak script which requires dirsrv to be stopped)
> script to do a hot backup of the directory server. The general idea can
> be found in these docs here:
>
> http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/9.0/html/Administration_Guide/Populating_Directory_Databases-Backing_Up_and_Restoring_Data.html
>
>
> Under section 4.3.1.2. Unfortunately, those docs are wrong about how to
> run the db2bak.pl script, so to figure that out you have to read here:
>
> http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/9.0/html/Configuration_Command_and_File_Reference/Perl_Scripts.html#Perl_Scripts-db2bak.pl_Create_backup_of_database
>
>
> So far that is all I have, just remember to back up both your domain
> instance of the LDAP db, as well as the PKI instance. You can then
> easily copy those backup files, using your backup tool of choice. As
> well as taking a copy of /etc/dirsrv/ and all it contains.
>
> -Erinn
>
>
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
There are other things like certificates in the NSS database or Kerberso
keys in the keytab that you also need to be worried about. There is more
than just saving DS instances. You also need to save configuration files.
The point is that there is a lot of development doing on and a lot of
the parts of the system are touched. We are not ready to create a list
of the things IPA touched to get it safely backed up. This is why we
recommend other techniques at the moment.
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IPA project,
Red Hat Inc.
-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20120104/974b9296/attachment.htm>
More information about the Freeipa-users
mailing list