[Freeipa-users] Confused/lost at promoting a replica into a master
David Copperfield
cao2dan at yahoo.com
Tue May 1 01:01:49 UTC 2012
Hi Rich and all,
the '-n ipaca' option doesn't work for CA certificate LDAP backend.
[root at ipslave scripts-PEGACLOUDS-COM]# pwd
/var/lib/dirsrv/scripts-PEGACLOUDS-COM
[root at ipaslave scripts-PEGACLOUDS-COM]# ls ../
scripts-PEGACLOUDS-COM slapd-PEGACLOUDS-COM slapd-PKI-IPA
[root at ipaslave scripts-PEGACLOUDS-COM]# ./db2ldif -n ipaca
Exported ldif file: /var/lib/dirsrv/slapd-PEGACLOUDS-COM/ldif/PEGACLOUDS-COM-ipaca-2012_04_30_175927.ldif
...
[30/Apr/2012:17:59:27 -0700] - ERROR: Could not find backend 'ipaca'.
[root at ipaslave scripts-PEGACLOUDS-COM]#
--David
________________________________
From: Rich Megginson <rmeggins at redhat.com>
To: David Copperfield <cao2dan at yahoo.com>
Cc: "freeipa-users at redhat.com" <freeipa-users at redhat.com>
Sent: Monday, April 30, 2012 5:38 PM
Subject: Re: [Freeipa-users] Confused/lost at promoting a replica into a master
On 04/30/2012 05:52 PM, David Copperfield wrote:
Hi Rich and all,
>
>
>
>Thank you a lot for pointing out the place of the scripts.
>
>
>
>The scripts are found at the place specified and trued, they are working great in general, but there are still some places needs help:
>
>
>
>1, there are no manual or help regarding the command options. Not sure where the normal usage could be looked up.
>
>
>[root at ipamaster scripts-PEGACLOUDS-COM]# man db2ldif
>No manual entry for db2ldif
>
>[root at ipamaster scripts-PEGACLOUDS-COM]# ./db2ldif --help
>Usage: db2ldif {-n backend_instance}* | {-s includesuffix}*
> [{-x excludesuffix}*] [-a outputfile]
> [-N] [-r] [-C] [-u] [-U] [-m] [-M] [-1]
>Note: either "-n backend_instance" or "-s includesuffix" is required.
>[root at ipamaster scripts-PEGACLOUDS-COM]#
>
http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/9.0/html/Configuration_Command_and_File_Reference/Command_Line_Scripts.html
In general - you can use the .pl scripts when the server is running,
the non-.pl scripts when the server is down. So, use ldif2db.pl to do an online import.
Also, with ipa, you can use -n userRoot or -n ipaca depending on if
this is the ipa instance or the CA instance.
>
>2, what is the 'official' way increase file descriptors for IPA & 389 Directory server??
>
>
>[root at ipamaster scripts-PEGACLOUDS-COM]# ./db2ldif -s 'dc=pegaclouds,dc=com'
>Exported ldif file:
/var/lib/dirsrv/slapd-PEGACLOUDS-COM/ldif/PEGACLOUDS-COM-pegaclouds-2012_04_30_164542.ldif
>[30/Apr/2012:16:45:42 -0700] -
/etc/dirsrv/slapd-PEGACLOUDS-COM/dse.ldif:
nsslapd-maxdescriptors: nsslapd-maxdescriptors: invalid
value "8192", maximum file descriptors must range from 1 to
1024 (the current process limit). Server will use a setting
of 1024.
>[30/Apr/2012:16:45:42 -0700] - Config Warning: -
nsslapd-maxdescriptors: invalid value "8192", maximum file
descriptors must range from 1 to 1024 (the current process
limit). Server will use a setting of 1024.
>...
>
db2ldif doesn't use file descriptors in the same way as the server
does when it is using them to listen and service incoming
connections - just ignore that message
>
>3, the ldif2db command will abort when IPA(Directory Server) is running.
>
>
>
> I have to stop IPA first, then run ldif2db, and fireup IPA at the end. It may not be a bad thing to avoid potential data base corruption. But please confirm whether this is a feature or a bug.
>
>
>
>[root at ipamaster scripts-PEGACLOUDS-COM]# ./ldif2db -s 'dc=pegaclouds,dc=com' -i /var/lib/dirsrv/slapd-PEGACLOUDS-COM/ldif/PEGACLOUDS-COM-pegaclouds-2012_04_30_163506.ldif
>importing data ...
>...
>[30/Apr/2012:16:50:00 -0700] - Backend Instance: userRoot
>[30/Apr/2012:16:50:00 -0700] - Unable to import the database
because it is being used by another slapd process.
>[30/Apr/2012:16:50:00 -0700] - Shutting down due to possible
conflicts with other slapd processes
>
Use ldif2db.pl
>
>Thanks.
>
>
>--David
>
>
>
>
>________________________________
> From: Rich Megginson <rmeggins at redhat.com>
>To: David Copperfield <cao2dan at yahoo.com>
>Cc: E Deon Lackey <dlackey at redhat.com>; "freeipa-users at redhat.com" <freeipa-users at redhat.com>
>Sent: Monday, April 30, 2012 4:23 PM
>Subject: Re: [Freeipa-users] Confused/lost at promoting a replica into a master
>
>
>On 04/30/2012 04:58 PM, David Copperfield wrote:
>Hi,
>>
>>>
>>
>>> Currently, there is no disaster recovery or backup information. There are a couple of RFEs open to develop this information. My understanding (and this is something that
>>> Dmitri or one of the engineers can
explain better) is that the best thing to do
is to back up the DS instances using db2ldif
and then spin up a new server/replica
instance and
>>> import the backed up data using
ldif2db.
>>
>>Thanks for pointing out a way to do partial
backup/restore.
>>
>>But the command db2ldif, or its sibling
command ldif2db can not be located on IPA
master/replica.
>look in /var/lib/dirsrv/scripts-YOURDOMAIN-YOURTLD
>
>
>The IPA servers only install 389-ds-base and 389-ds-base-libs RPMs. and the two commands doesn't show up anywhere.
>>
>>Could anyone elaborate how to use the two
template commands, or please point me to the
document or http link(s) is enough. Thanks a
lot.
>>
>>
>>[root at ipamaster script-templates]# rpm -qa | grep 389
>>389-ds-base-1.2.9.14-1.el6_2.2.x86_64
>>389-ds-base-libs-1.2.9.14-1.el6_2.2.x86_64
>>
>>[root at ipamaster script-templates]# rpm -ql
389-ds-base 389-ds-base-libs | grep -P
'db2ldif|ldif2db'
>>/usr/share/dirsrv/script-templates/template-db2ldif
>>/usr/share/dirsrv/script-templates/template-db2ldif.pl
>>/usr/share/dirsrv/script-templates/template-ldif2db
>>/usr/share/dirsrv/script-templates/template-ldif2db.pl
>>[root at ipamaster script-templates]#
>>
>>--David
>>
>>
>>
>>
>>_______________________________________________
Freeipa-users mailing list Freeipa-users at redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20120430/f4e2dd1b/attachment.htm>
More information about the Freeipa-users
mailing list