<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <head> <meta content="text/html; charset=ISO-8859-1" http-equiv="Content-Type"> </head> <body bgcolor="#ffffff" text="#000000"> On 12/28/2011 12:34 PM, Erinn Looney-Triggs wrote: <blockquote cite="mid:4EFB532F.8030902@gmail.com" type="cite"> <pre wrap="">On 12/27/2011 04:01 PM, Craig T wrote: </pre> <blockquote type="cite"> <pre wrap="">Hi, Is there a hot backup technique for IPA? From my reading the best solution is to setup a replication server then shut the replication server down and do a backup? cya Craig _______________________________________________ Freeipa-users mailing list <a class="moz-txt-link-abbreviated" href="mailto:Freeipa-users@redhat.com">Freeipa-users@redhat.com</a> <a class="moz-txt-link-freetext" href="https://www.redhat.com/mailman/listinfo/freeipa-users">https://www.redhat.com/mailman/listinfo/freeipa-users</a> </pre> </blockquote> <pre wrap=""> Yeah this seems to be a bit of a problem. I am currently working through the same thing and all I can find is advice like, "back everything up", because there are files used by IPA all over the place. That seems a bit ridiculous to me, so I am trying to piece together what it really does, and what files are really needed. One part I have found so far is the hot backups for the directory servers (note the plural, PKI has its own instance). You need to use the db2bak.pl (not the db2bak script which requires dirsrv to be stopped) script to do a hot backup of the directory server. The general idea can be found in these docs here: <a class="moz-txt-link-freetext" href="http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/9.0/html/Administration_Guide/Populating_Directory_Databases-Backing_Up_and_Restoring_Data.html">http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/9.0/html/Administration_Guide/Populating_Directory_Databases-Backing_Up_and_Restoring_Data.html</a> Under section 4.3.1.2. Unfortunately, those docs are wrong about how to run the db2bak.pl script, so to figure that out you have to read here: <a class="moz-txt-link-freetext" href="http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/9.0/html/Configuration_Command_and_File_Reference/Perl_Scripts.html#Perl_Scripts-db2bak.pl_Create_backup_of_database">http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/9.0/html/Configuration_Command_and_File_Reference/Perl_Scripts.html#Perl_Scripts-db2bak.pl_Create_backup_of_database</a> So far that is all I have, just remember to back up both your domain instance of the LDAP db, as well as the PKI instance. You can then easily copy those backup files, using your backup tool of choice. As well as taking a copy of /etc/dirsrv/ and all it contains. -Erinn </pre> <pre wrap=""> <fieldset class="mimeAttachmentHeader"></fieldset> _______________________________________________ Freeipa-users mailing list <a class="moz-txt-link-abbreviated" href="mailto:Freeipa-users@redhat.com">Freeipa-users@redhat.com</a> <a class="moz-txt-link-freetext" href="https://www.redhat.com/mailman/listinfo/freeipa-users">https://www.redhat.com/mailman/listinfo/freeipa-users</a></pre> </blockquote> <br> There are other things like certificates in the NSS database or Kerberso keys in the keytab that you also need to be worried about. There is more than just saving DS instances. You also need to save configuration files.<br> The point is that there is a lot of development doing on and a lot of the parts of the system are touched. We are not ready to create a list of the things IPA touched to get it safely backed up. This is why we recommend other techniques at the moment.<br> <br> <pre class="moz-signature" cols="72">-- Thank you, Dmitri Pal Sr. Engineering Manager IPA project, Red Hat Inc. ------------------------------- Looking to carve out IT costs? <a class="moz-txt-link-abbreviated" href="http://www.redhat.com/carveoutcosts/">www.redhat.com/carveoutcosts/</a> </pre> </body> </html>