<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
On 04/30/2012 06:47 PM, David Copperfield wrote:
<blockquote
cite="mid:1335833224.18868.YahooMailNeo@web125704.mail.ne1.yahoo.com"
type="cite">
<div style="color: rgb(0, 0, 0); background-color: rgb(255, 255,
255); font-family: times new roman,new york,times,serif;
font-size: 12pt;">
<div><span>Hi Rich,</span></div>
<div><span><br>
</span></div>
<div><span>Thanks. Those are really helpful. <br>
</span></div>
<div><br>
<span></span></div>
<div><span>Though I think I've to learn the underlying 389
Directory Server part and become an expert as well. :)</span></div>
</div>
</blockquote>
<br>
Shouldn't be necessary, long term. The goal of IPA is to hide most
of those 389-ish things from you.<br>
<br>
<blockquote
cite="mid:1335833224.18868.YahooMailNeo@web125704.mail.ne1.yahoo.com"
type="cite">
<div style="color:#000; background-color:#fff; font-family:times
new roman, new york, times, serif;font-size:12pt">
<div><br>
<span></span></div>
<div><span>--David<br>
</span></div>
<div><br>
</div>
<div style="font-family: times new roman, new york, times,
serif; font-size: 12pt;">
<div style="font-family: times new roman, new york, times,
serif; font-size: 12pt;">
<div dir="ltr"> <font face="Arial" size="2">
<hr size="1"> <b><span style="font-weight:bold;">From:</span></b>
Rich Megginson <a class="moz-txt-link-rfc2396E" href="mailto:rmeggins@redhat.com"><rmeggins@redhat.com></a><br>
<b><span style="font-weight: bold;">To:</span></b> David
Copperfield <a class="moz-txt-link-rfc2396E" href="mailto:cao2dan@yahoo.com"><cao2dan@yahoo.com></a> <br>
<b><span style="font-weight: bold;">Cc:</span></b>
<a class="moz-txt-link-rfc2396E" href="mailto:freeipa-users@redhat.com">"freeipa-users@redhat.com"</a>
<a class="moz-txt-link-rfc2396E" href="mailto:freeipa-users@redhat.com"><freeipa-users@redhat.com></a> <br>
<b><span style="font-weight: bold;">Sent:</span></b>
Monday, April 30, 2012 5:38 PM<br>
<b><span style="font-weight: bold;">Subject:</span></b>
Re: [Freeipa-users] Confused/lost at promoting a replica
into a master<br>
</font> </div>
<br>
<div id="yiv187461959">
<div> On 04/30/2012 05:52 PM, David Copperfield wrote:
<blockquote type="cite">
<div style="color:rgb(0, 0,
0);background-color:rgb(255, 255,
255);font-family:times new roman, new york, times,
serif;font-size:12pt;">
<div><span>Hi Rich and all,<br>
</span></div>
<div><span><br>
</span></div>
<div><span>Thank you a lot for pointing out the
place of the scripts. <br>
</span></div>
<div><span><br>
</span></div>
<div><span>The scripts are found at the place
specified and trued, they are working great in
general, but there are still some places needs
help:<br>
</span></div>
<div><br>
<span></span></div>
<div><span>1, there are no manual or help regarding
the command options. Not sure where the normal
usage could be looked up.</span></div>
<div><br>
<span></span></div>
<div><span>[root@ipamaster scripts-PEGACLOUDS-COM]#
man db2ldif</span><br>
<span>No manual entry for db2ldif</span></div>
<div><br>
<span>[root@ipamaster scripts-PEGACLOUDS-COM]#
./db2ldif --help</span><br>
<span>Usage: db2ldif {-n backend_instance}* | {-s
includesuffix}*</span><br>
<span> [{-x excludesuffix}*] [-a
outputfile]</span><br>
<span> [-N] [-r] [-C] [-u] [-U] [-m]
[-M] [-1]</span><br>
<span>Note: either "-n backend_instance" or "-s
includesuffix" is required.</span><br>
<span>[root@ipamaster scripts-PEGACLOUDS-COM]# </span><br>
</div>
</div>
</blockquote>
<a class="moz-txt-link-freetext" href="http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/9.0/html/Configuration_Command_and_File_Reference/Command_Line_Scripts.html">http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/9.0/html/Configuration_Command_and_File_Reference/Command_Line_Scripts.html</a><br>
<br>
In general - you can use the .pl scripts when the server
is running, the <a moz-do-not-send="true"
target="_blank" href="http://non-.pl">non-.pl</a>
scripts when the server is down. So, use <a
moz-do-not-send="true" target="_blank"
href="http://ldif2db.pl">ldif2db.pl</a> to do an
online import.<br>
<br>
Also, with ipa, you can use -n userRoot or -n ipaca
depending on if this is the ipa instance or the CA
instance.<br>
<blockquote type="cite">
<div style="color:rgb(0, 0,
0);background-color:rgb(255, 255,
255);font-family:times new roman, new york, times,
serif;font-size:12pt;">
<div><span></span><span><br>
</span></div>
<div><span>2, what is the 'official' way increase
file descriptors for IPA & 389 Directory
server??</span></div>
<div><br>
<span></span></div>
<div><span>[root@ipamaster scripts-PEGACLOUDS-COM]#
./db2ldif -s 'dc=pegaclouds,dc=com'</span></div>
<div><span>Exported ldif file:
/var/lib/dirsrv/slapd-PEGACLOUDS-COM/ldif/PEGACLOUDS-COM-pegaclouds-2012_04_30_164542.ldif<br>
[30/Apr/2012:16:45:42 -0700] -
/etc/dirsrv/slapd-PEGACLOUDS-COM/dse.ldif:
nsslapd-maxdescriptors: nsslapd-maxdescriptors:
invalid value "8192", maximum file descriptors
must range from 1 to 1024 (the current process
limit). Server will use a setting of 1024.<br>
[30/Apr/2012:16:45:42 -0700] - Config Warning: -
nsslapd-maxdescriptors: invalid value "8192",
maximum file descriptors must range from 1 to
1024 (the current process limit). Server will
use a setting of 1024.<br>
...<br>
</span></div>
</div>
</blockquote>
<br>
db2ldif doesn't use file descriptors in the same way as
the server does when it is using them to listen and
service incoming connections - just ignore that message<br>
<br>
<blockquote type="cite">
<div style="color:rgb(0, 0,
0);background-color:rgb(255, 255,
255);font-family:times new roman, new york, times,
serif;font-size:12pt;">
<div><span><br>
</span></div>
<div>3, the ldif2db command will abort when
IPA(Directory Server) is running. <br>
</div>
<div><br>
</div>
<div> I have to stop IPA first, then run ldif2db,
and fireup IPA at the end. It may not be a bad
thing to avoid potential data base corruption. But
please confirm whether this is a feature or a bug.<br>
<span></span></div>
<div><br>
<span></span></div>
<div><span>[root@ipamaster scripts-PEGACLOUDS-COM]#
./ldif2db -s 'dc=pegaclouds,dc=com' -i
/var/lib/dirsrv/slapd-PEGACLOUDS-COM/ldif/PEGACLOUDS-COM-pegaclouds-2012_04_30_163506.ldif
<br>
importing data ...<br>
...<br>
[30/Apr/2012:16:50:00 -0700] - Backend Instance:
userRoot<br>
[30/Apr/2012:16:50:00 -0700] - Unable to import
the database because it is being used by another
slapd process.<br>
[30/Apr/2012:16:50:00 -0700] - Shutting down due
to possible conflicts with other slapd processes<br>
</span></div>
</div>
</blockquote>
<br>
Use ldif2db.pl<br>
<br>
<blockquote type="cite">
<div
style="color:#000;background-color:#fff;font-family:times
new roman, new york, times, serif;font-size:12pt;">
<div><br>
</div>
<div>Thanks.</div>
<div><br>
</div>
<div>--David<br>
<span></span></div>
<div><span></span></div>
<div><br>
</div>
<div style="font-family:times new roman, new york,
times, serif;font-size:12pt;">
<div style="font-family:times new roman, new york,
times, serif;font-size:12pt;">
<div dir="ltr"> <font face="Arial" size="2">
<hr size="1"> <b><span
style="font-weight:bold;">From:</span></b>
Rich Megginson <a moz-do-not-send="true"
rel="nofollow"
class="yiv187461959moz-txt-link-rfc2396E"
ymailto="mailto:rmeggins@redhat.com"
target="_blank"
href="mailto:rmeggins@redhat.com"><rmeggins@redhat.com></a><br>
<b><span style="font-weight:bold;">To:</span></b>
David Copperfield <a moz-do-not-send="true"
rel="nofollow"
class="yiv187461959moz-txt-link-rfc2396E"
ymailto="mailto:cao2dan@yahoo.com"
target="_blank"
href="mailto:cao2dan@yahoo.com"><cao2dan@yahoo.com></a>
<br>
<b><span style="font-weight:bold;">Cc:</span></b>
E Deon Lackey <a moz-do-not-send="true"
rel="nofollow"
class="yiv187461959moz-txt-link-rfc2396E"
ymailto="mailto:dlackey@redhat.com"
target="_blank"
href="mailto:dlackey@redhat.com"><dlackey@redhat.com></a>;
<a moz-do-not-send="true" rel="nofollow"
class="yiv187461959moz-txt-link-rfc2396E"
ymailto="mailto:freeipa-users@redhat.com"
target="_blank"
href="mailto:freeipa-users@redhat.com">"freeipa-users@redhat.com"</a>
<a moz-do-not-send="true" rel="nofollow"
class="yiv187461959moz-txt-link-rfc2396E"
ymailto="mailto:freeipa-users@redhat.com"
target="_blank"
href="mailto:freeipa-users@redhat.com"><freeipa-users@redhat.com></a>
<br>
<b><span style="font-weight:bold;">Sent:</span></b>
Monday, April 30, 2012 4:23 PM<br>
<b><span style="font-weight:bold;">Subject:</span></b>
Re: [Freeipa-users] Confused/lost at
promoting a replica into a master<br>
</font> </div>
<br>
<div id="yiv187461959">
<div> On 04/30/2012 04:58 PM, David
Copperfield wrote:
<blockquote type="cite">
<div style="color:rgb(0, 0,
0);background-color:rgb(255, 255,
255);font-family:times new roman, new
york, times, serif;font-size:12pt;">Hi,<br>
<br>
><br>
<div style="font-family:times new roman,
new york, times,
serif;font-size:12pt;">
<div style="font-family:times new
roman, new york, times,
serif;font-size:12pt;">
<div id="yiv187461959">
<div> > Currently, there is no
disaster recovery or backup
information. There are a couple
of RFEs open to develop this
information. My understanding
(and this is something that <br>
> Dmitri or one of the
engineers can explain better) is
that the best thing to do is to
back up the DS instances using
db2ldif and then spin up a new
server/replica instance and <br>
> import the backed up data
using ldif2db.<br>
<br>
Thanks for pointing out a way to
do partial backup/restore.<br>
<br>
But the command db2ldif, or its
sibling command ldif2db can not
be located on IPA
master/replica.</div>
</div>
</div>
</div>
</div>
</blockquote>
<br>
look in
/var/lib/dirsrv/scripts-YOURDOMAIN-YOURTLD<br>
<br>
<blockquote type="cite">
<div
style="color:#000;background-color:#fff;font-family:times
new roman, new york, times,
serif;font-size:12pt;">
<div style="font-family:times new roman,
new york, times,
serif;font-size:12pt;">
<div style="font-family:times new
roman, new york, times,
serif;font-size:12pt;">
<div id="yiv187461959">
<div>The IPA servers only install
389-ds-base and 389-ds-base-libs
RPMs. and the two commands
doesn't show up anywhere. <br>
<br>
Could anyone elaborate how to
use the two template commands,
or please point me to the
document or http link(s) is
enough. Thanks a lot.<br>
<br>
<div style="margin-left:40px;">[root@ipamaster
script-templates]# rpm -qa |
grep 389<br>
389-ds-base-1.2.9.14-1.el6_2.2.x86_64<br>
389-ds-base-libs-1.2.9.14-1.el6_2.2.x86_64<br>
<br>
[root@ipamaster
script-templates]# rpm -ql
389-ds-base 389-ds-base-libs |
grep -P 'db2ldif|ldif2db'<br>
/usr/share/dirsrv/script-templates/template-db2ldif<br>
/usr/share/dirsrv/script-templates/template-db2ldif.pl<br>
/usr/share/dirsrv/script-templates/template-ldif2db<br>
/usr/share/dirsrv/script-templates/template-ldif2db.pl<br>
[root@ipamaster
script-templates]# <br>
</div>
<br>
--David<br>
<br>
</div>
</div>
</div>
</div>
</div>
<br>
<fieldset
class="yiv187461959mimeAttachmentHeader"></fieldset>
<br>
<pre>_______________________________________________
Freeipa-users mailing list
<a moz-do-not-send="true" rel="nofollow" class="yiv187461959moz-txt-link-abbreviated" ymailto="mailto:Freeipa-users@redhat.com" target="_blank" href="mailto:Freeipa-users@redhat.com">Freeipa-users@redhat.com</a>
<a moz-do-not-send="true" rel="nofollow" class="yiv187461959moz-txt-link-freetext" target="_blank" href="https://www.redhat.com/mailman/listinfo/freeipa-users">https://www.redhat.com/mailman/listinfo/freeipa-users</a></pre>
</blockquote>
<br>
</div>
</div>
<br>
<br>
</div>
</div>
</div>
</blockquote>
<br>
</div>
</div>
<br>
<br>
</div>
</div>
</div>
</blockquote>
<br>
</body>
</html>