[Freeipa-users] Hot Backup Solution for IPA 2.x?
Dmitri Pal
dpal at redhat.com
Wed Jan 4 18:41:12 UTC 2012
On 01/04/2012 01:29 PM, Erinn Looney-Triggs wrote:
> On 01/04/2012 09:24 AM, Rob Crittenden wrote:
>> Erinn Looney-Triggs wrote:
>>> On 12/27/2011 04:01 PM, Craig T wrote:
>>>> Hi,
>>>>
>>>> Is there a hot backup technique for IPA? From my reading the best
>>>> solution is to setup a replication server then shut the replication
>>>> server down and do a backup?
>>>>
>>>> cya
>>>>
>>>> Craig
>>>>
>>>> _______________________________________________
>>>> Freeipa-users mailing list
>>>> Freeipa-users at redhat.com
>>>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>>
>>>
>>> Yeah this seems to be a bit of a problem. I am currently working through
>>> the same thing and all I can find is advice like, "back everything up",
>>> because there are files used by IPA all over the place. That seems a bit
>>> ridiculous to me, so I am trying to piece together what it really does,
>>> and what files are really needed.
>>>
>>> One part I have found so far is the hot backups for the directory
>>> servers (note the plural, PKI has its own instance). You need to use the
>>> db2bak.pl (not the db2bak script which requires dirsrv to be stopped)
>>> script to do a hot backup of the directory server. The general idea can
>>> be found in these docs here:
>>>
>>> http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/9.0/html/Administration_Guide/Populating_Directory_Databases-Backing_Up_and_Restoring_Data.html
>>>
>>>
>>>
>>> Under section 4.3.1.2. Unfortunately, those docs are wrong about how to
>>> run the db2bak.pl script, so to figure that out you have to read here:
>>>
>>> http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/9.0/html/Configuration_Command_and_File_Reference/Perl_Scripts.html#Perl_Scripts-db2bak.pl_Create_backup_of_database
>>>
>>>
>>>
>>> So far that is all I have, just remember to back up both your domain
>>> instance of the LDAP db, as well as the PKI instance. You can then
>>> easily copy those backup files, using your backup tool of choice. As
>>> well as taking a copy of /etc/dirsrv/ and all it contains.
>>>
>>> -Erinn
>> This covers just one piece of IPA. There are also config files, SSL
>> certificates, etc, for many different services.
>>
>> Backing up is easy. Restoring to a new bare metal machine and having it
>> actually work is hard. Better to back up too much than too little.
>>
>> rob
> Yeah folks, that is why I say "one part". I am pointing out how to deal
> with one, and only one, piece of your setup. If I had unlimited storage
> I would back everything up all the time, forever, because more is better
> than less.
>
You probably just need to backup one system out of the ring of the servers.
It depend upon your requirements and how much activity happens in
between the backups.
> -Erinn
>
>
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IPA project,
Red Hat Inc.
-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20120104/9a9d79b0/attachment.htm>
More information about the Freeipa-users
mailing list