[Freeipa-users] Hot Backup Solution for IPA 2.x?
Rob Crittenden
rcritten at redhat.com
Wed Jan 4 18:24:31 UTC 2012
Erinn Looney-Triggs wrote:
> On 12/27/2011 04:01 PM, Craig T wrote:
>> Hi,
>>
>> Is there a hot backup technique for IPA? From my reading the best solution is to setup a replication server then shut the replication server down and do a backup?
>>
>> cya
>>
>> Craig
>>
>> _______________________________________________
>> Freeipa-users mailing list
>> Freeipa-users at redhat.com
>> https://www.redhat.com/mailman/listinfo/freeipa-users
>
>
>
> Yeah this seems to be a bit of a problem. I am currently working through
> the same thing and all I can find is advice like, "back everything up",
> because there are files used by IPA all over the place. That seems a bit
> ridiculous to me, so I am trying to piece together what it really does,
> and what files are really needed.
>
> One part I have found so far is the hot backups for the directory
> servers (note the plural, PKI has its own instance). You need to use the
> db2bak.pl (not the db2bak script which requires dirsrv to be stopped)
> script to do a hot backup of the directory server. The general idea can
> be found in these docs here:
>
> http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/9.0/html/Administration_Guide/Populating_Directory_Databases-Backing_Up_and_Restoring_Data.html
>
>
> Under section 4.3.1.2. Unfortunately, those docs are wrong about how to
> run the db2bak.pl script, so to figure that out you have to read here:
>
> http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/9.0/html/Configuration_Command_and_File_Reference/Perl_Scripts.html#Perl_Scripts-db2bak.pl_Create_backup_of_database
>
>
> So far that is all I have, just remember to back up both your domain
> instance of the LDAP db, as well as the PKI instance. You can then
> easily copy those backup files, using your backup tool of choice. As
> well as taking a copy of /etc/dirsrv/ and all it contains.
>
> -Erinn
This covers just one piece of IPA. There are also config files, SSL
certificates, etc, for many different services.
Backing up is easy. Restoring to a new bare metal machine and having it
actually work is hard. Better to back up too much than too little.
rob
More information about the Freeipa-users
mailing list