[Freeipa-users] Disaster Recovery Best Practices?
Brian Cook
bcook at redhat.com
Fri Apr 20 23:28:58 UTC 2012
My question was more along the lines of object level recovery. If you can keep regular backups of the objects (as LDIF) than you can restore a piece of that LDIF if someone accidentally deletes a large group or something along those lines.
-Brian
On Apr 20, 2012, at 12:23 PM, Dmitri Pal wrote:
> On 04/20/2012 11:47 AM, Rich Megginson wrote:
>>
>> On 04/20/2012 08:46 AM, Brian Cook wrote:
>>>
>>>
>>> On Apr 16, 2012, at 12:40 PM, Dmitri Pal wrote:
>>>
>>>>> 2) What is everyone else doing to prepare IPA for a DR? I've read
>>>>> that the best way to do it is to turn off the IPA services on a
>>>>> replica and then back that replica up. I also read that this will
>>>>> miss some important files that only exist on the master.
>>>>
>>>> That is the case when you use selfsigned cert but the preferred and
>>>> default configuration is not with the self-signed certs. It was in the
>>>> past but not any more. Currently when you install IPA and then replicas
>>>> there is no difference between master and replicas (if you installed CA
>>>> on the replica) so picking any one and recycling is possible. You won't
>>>> loose anything.
>>>
>>> Can 389DS produce a full 'backup' in an LDIF of schema / objects while running?
>>
>> While running - yes
>>
>> Here is a document that describes 389 database management:
>> http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/9.0/html/Administration_Guide/Populating_Directory_Databases.html
>>
>> Schema files can just be copied/tarred from /etc/dirsrv/slapd-*/schema
>>
>> The real question is - how does this work with IPA?
>>
> The problem is that there are config files, certificates in the NSS database that also need to be backed up to be able to restore the system.
> It is easy to just stand up a new replica instead of the lost one than to collect data and then try to restore.
>
>
>>>
>>> -Brian
>>>
>>>
>>> _______________________________________________
>>> Freeipa-users mailing list
>>> Freeipa-users at redhat.com
>>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>
>
>
> --
> Thank you,
> Dmitri Pal
>
> Sr. Engineering Manager IPA project,
> Red Hat Inc.
>
>
> -------------------------------
> Looking to carve out IT costs?
> www.redhat.com/carveoutcosts/
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20120420/b8edde3c/attachment.htm>
More information about the Freeipa-users
mailing list