[Freeipa-users] Confused/lost at promoting a replica into a master

Rich Megginson rmeggins at redhat.com
Tue May 1 00:38:28 UTC 2012 

On 04/30/2012 05:52 PM, David Copperfield wrote:
> Hi Rich and all,
>
> Thank you a lot for pointing out the place of the scripts.
>
> The scripts are found at the place specified and trued, they are 
> working great in general, but there are still some places needs help:
>
> 1, there are no manual or help regarding the command options. Not sure 
> where the normal usage could be looked up.
>
> [root at ipamaster scripts-PEGACLOUDS-COM]# man db2ldif
> No manual entry for db2ldif
>
> [root at ipamaster scripts-PEGACLOUDS-COM]# ./db2ldif --help
> Usage: db2ldif {-n backend_instance}* | {-s includesuffix}*
>                [{-x excludesuffix}*] [-a outputfile]
>                [-N] [-r] [-C] [-u] [-U] [-m] [-M] [-1]
> Note: either "-n backend_instance" or "-s includesuffix" is required.
> [root at ipamaster scripts-PEGACLOUDS-COM]#
http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/9.0/html/Configuration_Command_and_File_Reference/Command_Line_Scripts.html

In general - you can use the .pl scripts when the server is running, the 
non-.pl scripts when the server is down.  So, use ldif2db.pl to do an 
online import.

Also, with ipa, you can use -n userRoot or -n ipaca depending on if this 
is the ipa instance or the CA instance.
>
> 2, what is the 'official' way increase file descriptors for IPA & 389 
> Directory server??
>
> [root at ipamaster scripts-PEGACLOUDS-COM]# ./db2ldif -s 
> 'dc=pegaclouds,dc=com'
> Exported ldif file: 
> /var/lib/dirsrv/slapd-PEGACLOUDS-COM/ldif/PEGACLOUDS-COM-pegaclouds-2012_04_30_164542.ldif
> [30/Apr/2012:16:45:42 -0700] - 
> /etc/dirsrv/slapd-PEGACLOUDS-COM/dse.ldif: nsslapd-maxdescriptors: 
> nsslapd-maxdescriptors: invalid value "8192", maximum file descriptors 
> must range from 1 to 1024 (the current process limit).  Server will 
> use a setting of 1024.
> [30/Apr/2012:16:45:42 -0700] - Config Warning: - 
> nsslapd-maxdescriptors: invalid value "8192", maximum file descriptors 
> must range from 1 to 1024 (the current process limit).  Server will 
> use a setting of 1024.
> ...

db2ldif doesn't use file descriptors in the same way as the server does 
when it is using them to listen and service incoming connections - just 
ignore that message

>
> 3, the ldif2db command will abort when IPA(Directory Server) is running.
>
>  I have to stop IPA first, then run ldif2db, and fireup IPA at the 
> end. It may not be a bad thing to avoid potential data base 
> corruption. But please confirm whether this is a feature or a bug.
>
> [root at ipamaster scripts-PEGACLOUDS-COM]# ./ldif2db -s 
> 'dc=pegaclouds,dc=com' -i 
> /var/lib/dirsrv/slapd-PEGACLOUDS-COM/ldif/PEGACLOUDS-COM-pegaclouds-2012_04_30_163506.ldif 
>
> importing data ...
> ...
> [30/Apr/2012:16:50:00 -0700] - Backend Instance: userRoot
> [30/Apr/2012:16:50:00 -0700] - Unable to import the database because 
> it is being used by another slapd process.
> [30/Apr/2012:16:50:00 -0700] - Shutting down due to possible conflicts 
> with other slapd processes

Use ldif2db.pl

>
> Thanks.
>
> --David
>
> ------------------------------------------------------------------------
> *From:* Rich Megginson <rmeggins at redhat.com>
> *To:* David Copperfield <cao2dan at yahoo.com>
> *Cc:* E Deon Lackey <dlackey at redhat.com>; "freeipa-users at redhat.com" 
> <freeipa-users at redhat.com>
> *Sent:* Monday, April 30, 2012 4:23 PM
> *Subject:* Re: [Freeipa-users] Confused/lost at promoting a replica 
> into a master
>
> On 04/30/2012 04:58 PM, David Copperfield wrote:
>> Hi,
>>
>> >
>> > Currently, there is no disaster recovery or backup information. 
>> There are a couple of RFEs open to develop this information. My 
>> understanding (and this is something that
>> > Dmitri or one of the engineers can explain better) is that the best 
>> thing to do is to back up the DS instances using db2ldif and then 
>> spin up a new server/replica instance and
>> > import the backed up data using ldif2db.
>>
>> Thanks for pointing out a way to do partial backup/restore.
>>
>> But the command db2ldif, or its sibling command ldif2db can not be 
>> located on IPA master/replica.
>
> look in /var/lib/dirsrv/scripts-YOURDOMAIN-YOURTLD
>
>> The IPA servers only install 389-ds-base and 389-ds-base-libs RPMs. 
>> and the two commands doesn't show up anywhere.
>>
>> Could anyone elaborate how to use the two template commands, or 
>> please point me to the document or http link(s) is enough. Thanks a lot.
>>
>> [root at ipamaster script-templates]# rpm -qa | grep 389
>> 389-ds-base-1.2.9.14-1.el6_2.2.x86_64
>> 389-ds-base-libs-1.2.9.14-1.el6_2.2.x86_64
>>
>> [root at ipamaster script-templates]# rpm -ql 389-ds-base 
>> 389-ds-base-libs | grep -P 'db2ldif|ldif2db'
>> /usr/share/dirsrv/script-templates/template-db2ldif
>> /usr/share/dirsrv/script-templates/template-db2ldif.pl
>> /usr/share/dirsrv/script-templates/template-ldif2db
>> /usr/share/dirsrv/script-templates/template-ldif2db.pl
>> [root at ipamaster script-templates]#
>>
>> --David
>>
>>
>>
>> _______________________________________________
>> Freeipa-users mailing list
>> Freeipa-users at redhat.com  <mailto:Freeipa-users at redhat.com>
>> https://www.redhat.com/mailman/listinfo/freeipa-users
>
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20120430/199a92c7/attachment.htm>

More information about the Freeipa-users mailing list