[Freeipa-users] Disaster Recovery Best Practices?
Rich Megginson
rmeggins at redhat.com
Sat Apr 21 01:15:14 UTC 2012
On 04/20/2012 05:28 PM, Brian Cook wrote:
> My question was more along the lines of object level recovery. If you
> can keep regular backups of the objects (as LDIF) than you can restore
> a piece of that LDIF if someone accidentally deletes a large group or
> something along those lines.
The 389 db2ldif.pl can take LDIF snapshots while the server is running.
>
> -Brian
>
>
> On Apr 20, 2012, at 12:23 PM, Dmitri Pal wrote:
>
>> On 04/20/2012 11:47 AM, Rich Megginson wrote:
>>> On 04/20/2012 08:46 AM, Brian Cook wrote:
>>>>
>>>> On Apr 16, 2012, at 12:40 PM, Dmitri Pal wrote:
>>>>
>>>>>> 2) What is everyone else doing to prepare IPA for a DR? I've read
>>>>>> that the best way to do it is to turn off the IPA services on a
>>>>>> replica and then back that replica up. I also read that this will
>>>>>> miss some important files that only exist on the master.
>>>>>
>>>>> That is the case when you use selfsigned cert but the preferred and
>>>>> default configuration is not with the self-signed certs. It was in the
>>>>> past but not any more. Currently when you install IPA and then
>>>>> replicas
>>>>> there is no difference between master and replicas (if you
>>>>> installed CA
>>>>> on the replica) so picking any one and recycling is possible. You
>>>>> won't
>>>>> loose anything.
>>>>
>>>> Can 389DS produce a full 'backup' in an LDIF of schema / objects
>>>> while running?
>>>
>>> While running - yes
>>>
>>> Here is a document that describes 389 database management:
>>> http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/9.0/html/Administration_Guide/Populating_Directory_Databases.html
>>>
>>> Schema files can just be copied/tarred from /etc/dirsrv/slapd-*/schema
>>>
>>> The real question is - how does this work with IPA?
>>>
>> The problem is that there are config files, certificates in the NSS
>> database that also need to be backed up to be able to restore the system.
>> It is easy to just stand up a new replica instead of the lost one
>> than to collect data and then try to restore.
>>
>>
>>>>
>>>> -Brian
>>>>
>>>>
>>>> _______________________________________________
>>>> Freeipa-users mailing list
>>>> Freeipa-users at redhat.com
>>>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>>
>>
>>
>> --
>> Thank you,
>> Dmitri Pal
>>
>> Sr. Engineering Manager IPA project,
>> Red Hat Inc.
>>
>>
>> -------------------------------
>> Looking to carve out IT costs?
>> www.redhat.com/carveoutcosts/
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20120420/866c24cd/attachment.htm>
More information about the Freeipa-users
mailing list