[Freeipa-users] IPA Backup / Restore - Everyone's favourite problem child!

Dale Macartney dale at themacartneyclan.com
Wed Jun 27 21:45:15 UTC 2012


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


On 27/06/12 22:25, Steven Jones wrote:
> Hi,
>
> I have successfully restored IPA servers from an ldif...more times
than I care to recall in the last 2 months. In fact at one stage I took
an ldif from the replica and used it to restore the master....so it
seems pretty robust.

If you're about on irc at all tomorrow I may pick your brains about your
experiences. I kind of ruined my test environment this afternoon. I had
to redeploy about 15 virtualized guests on my tiny microserver at home.
That took quite a while ;-)
>
> In terms of filling with water, depends on how long for but the
physical parts of the hds ie platters and arms should survive
that.....electronics might as well.....in which case swapping one half
(I assume you have a raid1) to a new box and syncing it might
work....then drop out the old disk and slot in a new one...same with
fire / smoke damage. NB One of the recommended ways to put out a fire in
a server room is water misting using de-mineralised water....

I was merely giving a radical scenario in jest. My main purpose is to
produce an IPA 'specifc' backup/restore procedure that doesn't rely on
other technologies. Starting with a similar goal to restoring an AD
system state backup for example.

Dale

>
> 1 to 4 looks OK to me....something I want to fully try.
>
> There are some interesting tech like gluster which give you a
distributed raid1....Im wondering on using virtualisation and gluster
together...IPA for your scenario would be very small 1 core and
2gb....not much disk use....use kvm and gluster might work well. The
second machine could be a reasonable spec'd desktop....like <$2k should
be good enough....
>
> I have a single Esxi machine at home, when I get the chance and buy a
second one then I want to try something along the above lines...the idea
is to avoid having a NAS and that expense....so 2 ESXi boxes running a
gluster node on each and then the rest of the VMware guests inside
gluster's "disk". Another way might be rsyncing the ldif over ssh to a
remote site......maybe even email it to say google....it shouldnt be
very big, ours is 400k at the moment.
>
> regards
>
> Steven Jones
>
> Technical Specialist - Linux RHCE
>
> Victoria University, Wellington, NZ
>
> 0064 4 463 6272
>
> ________________________________________
> From: freeipa-users-bounces at redhat.com
[freeipa-users-bounces at redhat.com] on behalf of Dale Macartney
[dale at themacartneyclan.com]
> Sent: Wednesday, 27 June 2012 11:27 p.m.
> To: <freeipa-users at redhat.com>
> Subject: [Freeipa-users] IPA Backup / Restore - Everyone's favourite
problem child!
>
> Howdy all
>
> We have had quite alot of discussions on the list about this process but
> I'd like to get some documentation together so we are all speaking the
> same language.
>
> So last night I wrote a script to backup IPA based on the below article.
>
> https://access.redhat.com/knowledge/solutions/67800
>
> This is fine and dandy. I have an easy way where I end up with a config
> tarball, an LDIF export of Dogtag and an LDIF export of LDAP.
>
>
> Now my question is "how on earth am I meant to restore it?
>
>
> My test scenario is as follows. And you'll have to humour me a bit with
> my imagination.
>
> Background: Customer has a very small environment. Single IPA server
> installation on a physical server. Several member servers and clients
> all pointing to that one server for IPA / CA and DNS.
>
> Incident: A very unhappy employee has just been fired for being a
> naughty boy and decided, for revenge to test how water tight the server
> was by filling the chassis with 5 litres of water.
>
> Result: Server is no longer happy either. A new server deployment is
> required to replace old server.
>
> Thoughts for restoration:
>
> My thinking was, to build a replacement server with all dependency
> packages and then:
>
> 1. restore config files in order to start IPA services
> 2. restore LDAP ldif file to ensure LDAP data was correct
> 3. restore Dogtag ldig file to ensure Dogtag data was correct.
> 4. restart IPA services to bring things back online smoothly.
>
> Of course Steps 2-4 didn't happen as they DEFINITELY were not happy to
> co-operate.
>
> I'm trying to get to a stage, where we have a method or procedure for
> simple restoration. Once we have the ability to restore everything, then
> we can move beyond that, and restore individual components. E.g OU /
> User / Group Data.
>
> Any takers for this one? Will be on IRC today if anyone fancies having a
> bun fight for bouncing ideas.
>
> Dale
>
>
>
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJP637pAAoJEAJsWS61tB+qKBMQAJ8zHCH6ysobN3R13QtrNzso
7RxyhnLF3KG2zpEkICTAYwuwT1uGoqjqc7z5z2ypV/77k7VvMu3ejDWm3i8RvD8A
n0g43bcY4rA6Jk2Z/JVYc/aPIQqqRdbgx80eK3R8Hi1g0xv0NWVRw3yHiwwKEY27
PpH6zXzjAhsSc/QAlZ6Z9C9jOc4Juxy4KD0N93fcApJAEM5RRJ48+MoXeB1OdkwR
Z6Ze+xU8IYM0DSlbgV/VOji7BVGv8adnoLToGuD0DQ//w5JiaY6Zn8Rk7iMtW1f3
yZ/dkILzaMhspzUKUoBSVKSsUebLsdKo8BxbPZS7IhF2KzClwjntxAU22O0kcaZ5
y7jXr9Pr4hpYY5BQxsvnTlLmZ41yD47LzhENmzTwdHfzNaeYC63YjsAgF9FOuZ8K
4h6F8D80bBH0hyHLGFlWw/tUql5U69H0UiC6fkzyuteeAk+ADI95e161s0uhFNM4
dzIVH16OIEcn+n1Bgwd4jL2ZyYi86o/XFNlv3Ui0vs9ovXPuZM2m1Q6l6oRJhjZW
iXiXAliNKBf6MlpuWa8e9kBHIpRrxgFl0MjgWTpeRtscx7KfHjIBOvTysfz56jlY
+KqRPWQBeZCIsZe5i80opRnWqG9uHckbVf30AIl1yUO7CNBvQkFWvX6R1e9Y1W1d
oMqlcQYYwnhmkPsmRFpK
=lZXt
-----END PGP SIGNATURE-----

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20120627/23dc8aef/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0xB5B41FAA.asc
Type: application/pgp-keys
Size: 5790 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20120627/23dc8aef/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0xB5B41FAA.asc.sig
Type: application/pgp-signature
Size: 543 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20120627/23dc8aef/attachment.sig>


More information about the Freeipa-users mailing list