[Freeipa-users] ipa restore from backup on another host
Rob Crittenden
rcritten at redhat.com
Fri Jul 29 18:48:24 UTC 2016
Rakesh Rajasekharan wrote:
> Hi,
>
> I would like to restore IPA from a backup taken on another host.
>
> My use case is to create a new QA environment and dont want to go over
> the process of recreating all the users.
>
> I tried to restore IPA from the backup taken in my first environment .
> But, that failed with hostname difference issues.
>
> Is there a way to get this working.
Not easily. A backup has the original hostname all over the place: in
keytabs, SSL certificates, configuration files, etc.
You could do it by naming the QA environment the same as the production
host but yeah, that'd be confusing (and dangerous).
There is probably a way to do it manually, by pulling apart the backup,
grabbing the ldif, massaging it just so and importing it. There may be
other configuration changes too to match the running environment. But
lots of things _still_ wouldn't work without extra effort: you'd have a
separate CA, Kerberos master key, etc. So, for example, none of the
entries you imported via the LDIF would work with Kerberos because
they'd be signed by the wrong master key (the one from production).
Maybe that's ok.
It might be death by a thousand cuts as you run into corner case after
corner case.
If you're ok with a snapshot in time you could install the QA system as
a replica of production, then remove the replication agreement, leaving
it standalone. You'd need to do this for the CA as well, and probably
after the fact configure a DNA range for new entries.
rob
More information about the Freeipa-users
mailing list