<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <head> <meta content="text/html; charset=ISO-8859-1" http-equiv="Content-Type"> </head> <body bgcolor="#ffffff" text="#000000"> On 05/14/2012 03:48 PM, Robinson Tiemuqinke wrote: <blockquote cite="mid:1337024908.7149.YahooMailNeo@web160701.mail.bf1.yahoo.com" type="cite"> <div style="color: rgb(0, 0, 0); background-color: rgb(255, 255, 255); font-family: times new roman,new york,times,serif; font-size: 12pt;"> <div>Hi Dmitri, Rich and all,</div> <div><br> </div> <div> I am a newbie to Redhat IPA, It looks like pretty cool compared with other solutions I've tried before. Thanks a lot for this great product! :)</div> <div><br> </div> <div> But there are still some things I needs your help. My main question is: How to restore the IPA setup with a daily machine-level IPA Replica backup?</div> <div><br> </div> <div> Please let me explain my IPA setup background and backup/restore goals trying to reach:</div> <div><br> </div> <div> I'm running IPA 2.1.3 on Redhat Enterprise 6.2. The IPA master is setup with Dogtag CA system. It is installed first. Then two IPA replicas are installed -- with '--setup-ca' options -- for load balancing and failover purposes.</div> <div><br> </div> <div> To describe my problems/objectives, I'll name the IPA Master as machine A, IPA replicas as B and C. and now I've one more extra IPA replica 'D' (virtual machine) setup ONLY for backup purposes.</div> <div> </div> <div> The setup looks like the following, A is the configuration Hub. B,C,D are siblings.</div> <div><br> </div> <div> A</div> <div> / | \ </div> <div> B C D</div> <div><br> </div> <div> The following are the steps I backup IPA setups and LDAP backends daily -- it is a whole machine-level backup (through virtual machine D).</div> <div><br> </div> <div>1, First, IPA replica D is backed up daily. The backup happens like this: </div> <div><br> </div> <div> 1.1 on IP replica D, run 'service IPA stop'. Then run 'shutdown -h <D>'. On the Hypervisor which holds virtual machine D, do a daily backup of the whole virtual disk that D is on. </div> <div> 1.2 turn on the IP replica D again.</div> <div> 1.3 after virtual machine D is up, on D optionally run a 'ipa-replica-manage --force-sync --from <A>' to sync the IPA databases forcibly.</div> <div><br> </div> <div>Now comes to restore part, which is pretty confusing to me. I've tried several times, and every times it comes this or that kinds of issues and so I am wondering that correct steps/ineraction of IPA Master/replicas are the king :(</div> <div><br> </div> <div> 2, case #1, A is broken, like disc failure, and then re-imaged after several days.</div> <div><br> </div> <div> 2.1 How to rebuild the IPA Master/Hub A after A is re-imaged, with the daily backup from IPA replica D?<br> </div> <div> 2.2 do I have to check some files on A into subversion immediately after A was initially installed?</div> <div> 2.3 Please describe the steps. I'll follow exactly and report the results.</div> <div><br> </div> <div>3, case #2, A is working, but either B, or C is broken.</div> <div><br> </div> <div> 3.1 It looks that I don't need the daily backup of D to kick in, is that right?</div> <div> 3.2 What are the correct steps on A; and B after it is re-imaged?</div> <div> 3.3 Please describe the steps. I'll follow exactly and report the results.</div> <div><br> </div> <div>4, case #3, If some un-expected IPA changes happens on A -- like all users are deleted by human mistakes --, and even worse, all the changes are propagated to B and C in minutes.</div> <div><br> </div> <div> 4.1 How can I recover the IPA setup from daily backup from D?</div> <div> 4.2 which IPA master/replicas I should recover first? IPA master A, or IPA replicas B/C? and then how to recover others left one by one?</div> <div> 4.3 Do I have to disconnect replication agreement of B,C,D from A first? </div> <div> 4.4 Please describe the steps. I'll follow exactly and report the results.</div> <div><br> </div> <div> I've heard something about tombstone records too, Not sure whether the problem still exists in 2.1.3, or 2.2.0(on 6.3Beta)? If so, How can I avoid it with correct recovery steps/interactions.</div> <div><br> </div> <div>Thanks a lot. </div> <div><br> </div> <div>--Gelen.</div> </div> </blockquote> <br> I can explain it conceptually. Rob is probably best to define the exact sequence and commands.<br> <br> If you A is broken you reinstall it, make it connect to D and init (force sync) A from D. Now you have a new A.<br> <br> If B or C dies you just re-install B or C and init from A.<br> <br> If you lost a lot of data I suggest you start a saved D instance and force-sync A from it and then force sync B and C from A.<br> <pre class="moz-signature" cols="72">-- Thank you, Dmitri Pal Sr. Engineering Manager IPA project, Red Hat Inc. ------------------------------- Looking to carve out IT costs? <a class="moz-txt-link-abbreviated" href="http://www.redhat.com/carveoutcosts/">www.redhat.com/carveoutcosts/</a> </pre> </body> </html>