<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<br>
-----BEGIN PGP SIGNED MESSAGE-----<br>
Hash: SHA1<br>
<br>
<br>
On 27/06/12 22:25, Steven Jones wrote:<br>
<span style="white-space: pre;">> Hi,<br>
><br>
> I have successfully restored IPA servers from an ldif...more
times than I care to recall in the last 2 months. In fact at one
stage I took an ldif from the replica and used it to restore the
master....so it seems pretty robust.</span><br>
<br>
If you're about on irc at all tomorrow I may pick your brains about
your experiences. I kind of ruined my test environment this
afternoon. I had to redeploy about 15 virtualized guests on my tiny
microserver at home. That took quite a while ;-)<br>
<span style="white-space: pre;">><br>
> In terms of filling with water, depends on how long for but
the physical parts of the hds ie platters and arms should survive
that.....electronics might as well.....in which case swapping one
half (I assume you have a raid1) to a new box and syncing it might
work....then drop out the old disk and slot in a new one...same
with fire / smoke damage. NB One of the recommended ways to put
out a fire in a server room is water misting using de-mineralised
water....</span><br>
<br>
I was merely giving a radical scenario in jest. My main purpose is
to produce an IPA 'specifc' backup/restore procedure that doesn't
rely on other technologies. Starting with a similar goal to
restoring an AD system state backup for example.<br>
<br>
Dale<br>
<br>
<span style="white-space: pre;">><br>
> 1 to 4 looks OK to me....something I want to fully try.<br>
><br>
> There are some interesting tech like gluster which give you a
distributed raid1....Im wondering on using virtualisation and
gluster together...IPA for your scenario would be very small 1
core and 2gb....not much disk use....use kvm and gluster might
work well. The second machine could be a reasonable spec'd
desktop....like <$2k should be good enough....<br>
><br>
> I have a single Esxi machine at home, when I get the chance
and buy a second one then I want to try something along the above
lines...the idea is to avoid having a NAS and that expense....so 2
ESXi boxes running a gluster node on each and then the rest of the
VMware guests inside gluster's "disk". Another way might be
rsyncing the ldif over ssh to a remote site......maybe even email
it to say google....it shouldnt be very big, ours is 400k at the
moment.<br>
><br>
> regards<br>
><br>
> Steven Jones<br>
><br>
> Technical Specialist - Linux RHCE<br>
><br>
> Victoria University, Wellington, NZ<br>
><br>
> 0064 4 463 6272<br>
><br>
> ________________________________________<br>
> From: <a class="moz-txt-link-abbreviated" href="mailto:freeipa-users-bounces@redhat.com">freeipa-users-bounces@redhat.com</a>
[<a class="moz-txt-link-abbreviated" href="mailto:freeipa-users-bounces@redhat.com">freeipa-users-bounces@redhat.com</a>] on behalf of Dale Macartney
[<a class="moz-txt-link-abbreviated" href="mailto:dale@themacartneyclan.com">dale@themacartneyclan.com</a>]<br>
> Sent: Wednesday, 27 June 2012 11:27 p.m.<br>
> To: <a class="moz-txt-link-rfc2396E" href="mailto:freeipa-users@redhat.com"><freeipa-users@redhat.com></a><br>
> Subject: [Freeipa-users] IPA Backup / Restore - Everyone's
favourite problem child!<br>
><br>
> Howdy all<br>
><br>
> We have had quite alot of discussions on the list about this
process but<br>
> I'd like to get some documentation together so we are all
speaking the<br>
> same language.<br>
><br>
> So last night I wrote a script to backup IPA based on the
below article.<br>
><br>
> <a class="moz-txt-link-freetext" href="https://access.redhat.com/knowledge/solutions/67800">https://access.redhat.com/knowledge/solutions/67800</a><br>
><br>
> This is fine and dandy. I have an easy way where I end up
with a config<br>
> tarball, an LDIF export of Dogtag and an LDIF export of LDAP.<br>
><br>
><br>
> Now my question is "how on earth am I meant to restore it?<br>
><br>
><br>
> My test scenario is as follows. And you'll have to humour me
a bit with<br>
> my imagination.<br>
><br>
> Background: Customer has a very small environment. Single IPA
server<br>
> installation on a physical server. Several member servers and
clients<br>
> all pointing to that one server for IPA / CA and DNS.<br>
><br>
> Incident: A very unhappy employee has just been fired for
being a<br>
> naughty boy and decided, for revenge to test how water tight
the server<br>
> was by filling the chassis with 5 litres of water.<br>
><br>
> Result: Server is no longer happy either. A new server
deployment is<br>
> required to replace old server.<br>
><br>
> Thoughts for restoration:<br>
><br>
> My thinking was, to build a replacement server with all
dependency<br>
> packages and then:<br>
><br>
> 1. restore config files in order to start IPA services<br>
> 2. restore LDAP ldif file to ensure LDAP data was correct<br>
> 3. restore Dogtag ldig file to ensure Dogtag data was
correct.<br>
> 4. restart IPA services to bring things back online smoothly.<br>
><br>
> Of course Steps 2-4 didn't happen as they DEFINITELY were not
happy to<br>
> co-operate.<br>
><br>
> I'm trying to get to a stage, where we have a method or
procedure for<br>
> simple restoration. Once we have the ability to restore
everything, then<br>
> we can move beyond that, and restore individual components.
E.g OU /<br>
> User / Group Data.<br>
><br>
> Any takers for this one? Will be on IRC today if anyone
fancies having a<br>
> bun fight for bouncing ideas.<br>
><br>
> Dale<br>
><br>
><br>
><br>
><br>
> _______________________________________________<br>
> Freeipa-users mailing list<br>
> <a class="moz-txt-link-abbreviated" href="mailto:Freeipa-users@redhat.com">Freeipa-users@redhat.com</a><br>
> <a class="moz-txt-link-freetext" href="https://www.redhat.com/mailman/listinfo/freeipa-users">https://www.redhat.com/mailman/listinfo/freeipa-users</a></span><br>
<br>
-----BEGIN PGP SIGNATURE-----<br>
Version: GnuPG v1.4.12 (GNU/Linux)<br>
Comment: Using GnuPG with Mozilla - <a class="moz-txt-link-freetext" href="http://enigmail.mozdev.org/">http://enigmail.mozdev.org/</a><br>
<br>
iQIcBAEBAgAGBQJP637pAAoJEAJsWS61tB+qKBMQAJ8zHCH6ysobN3R13QtrNzso<br>
7RxyhnLF3KG2zpEkICTAYwuwT1uGoqjqc7z5z2ypV/77k7VvMu3ejDWm3i8RvD8A<br>
n0g43bcY4rA6Jk2Z/JVYc/aPIQqqRdbgx80eK3R8Hi1g0xv0NWVRw3yHiwwKEY27<br>
PpH6zXzjAhsSc/QAlZ6Z9C9jOc4Juxy4KD0N93fcApJAEM5RRJ48+MoXeB1OdkwR<br>
Z6Ze+xU8IYM0DSlbgV/VOji7BVGv8adnoLToGuD0DQ//w5JiaY6Zn8Rk7iMtW1f3<br>
yZ/dkILzaMhspzUKUoBSVKSsUebLsdKo8BxbPZS7IhF2KzClwjntxAU22O0kcaZ5<br>
y7jXr9Pr4hpYY5BQxsvnTlLmZ41yD47LzhENmzTwdHfzNaeYC63YjsAgF9FOuZ8K<br>
4h6F8D80bBH0hyHLGFlWw/tUql5U69H0UiC6fkzyuteeAk+ADI95e161s0uhFNM4<br>
dzIVH16OIEcn+n1Bgwd4jL2ZyYi86o/XFNlv3Ui0vs9ovXPuZM2m1Q6l6oRJhjZW<br>
iXiXAliNKBf6MlpuWa8e9kBHIpRrxgFl0MjgWTpeRtscx7KfHjIBOvTysfz56jlY<br>
+KqRPWQBeZCIsZe5i80opRnWqG9uHckbVf30AIl1yUO7CNBvQkFWvX6R1e9Y1W1d<br>
oMqlcQYYwnhmkPsmRFpK<br>
=lZXt<br>
-----END PGP SIGNATURE-----<br>
<br>
</body>
</html>