[Freeipa-users] Disaster Recovery Best Practices?
Dmitri Pal
dpal at redhat.com
Fri Apr 20 19:23:52 UTC 2012
On 04/20/2012 11:47 AM, Rich Megginson wrote:
> On 04/20/2012 08:46 AM, Brian Cook wrote:
>>
>> On Apr 16, 2012, at 12:40 PM, Dmitri Pal wrote:
>>
>>>> 2) What is everyone else doing to prepare IPA for a DR? I've read
>>>> that the best way to do it is to turn off the IPA services on a
>>>> replica and then back that replica up. I also read that this will
>>>> miss some important files that only exist on the master.
>>>
>>> That is the case when you use selfsigned cert but the preferred and
>>> default configuration is not with the self-signed certs. It was in the
>>> past but not any more. Currently when you install IPA and then replicas
>>> there is no difference between master and replicas (if you installed CA
>>> on the replica) so picking any one and recycling is possible. You won't
>>> loose anything.
>>
>> Can 389DS produce a full 'backup' in an LDIF of schema / objects
>> while running?
>
> While running - yes
>
> Here is a document that describes 389 database management:
> http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/9.0/html/Administration_Guide/Populating_Directory_Databases.html
>
> Schema files can just be copied/tarred from /etc/dirsrv/slapd-*/schema
>
> The real question is - how does this work with IPA?
>
The problem is that there are config files, certificates in the NSS
database that also need to be backed up to be able to restore the system.
It is easy to just stand up a new replica instead of the lost one than
to collect data and then try to restore.
>>
>> -Brian
>>
>>
>> _______________________________________________
>> Freeipa-users mailing list
>> Freeipa-users at redhat.com
>> https://www.redhat.com/mailman/listinfo/freeipa-users
>
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IPA project,
Red Hat Inc.
-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20120420/9a08c119/attachment.htm>
More information about the Freeipa-users
mailing list