On Thu, 2011-09-29 at 20:55 +0000, Steven Jones wrote:
> Hi,
> Backing up
> I cant find anything in the documentation discussing backing up and 
> recovering IPA/ldap?....in the past I seem to recall the FDS/389 suggested 
> exporting the data which was then backed up.....I think there was a gui to do 
> that....
> So even if its a case of now its easy just backup /var/lib/dirsrv and nothing 
> more is needed, it should say so IMHO.
> Restoring
> Is there a restore process?  so with FDS/389 you would import the exported 
> file.

I would do a full system backup and recovery if necessary, IPA uses
multiple components and just backing up DS data is not sufficient for a
full restore. There are configuration files, certificate stores keytabs
in the filesystem too.

One way to do disaster recovery is also to have a VM join as a replica
and then regularly take full snapshots of the VM. From there disaster
recovery is as simple as reviving the VM from the last goo snapshot and
then reinstalling and making replicas from it.

Note that if you use selfsing CA you must backup the CA cert/store from
the first master a replica does not have that info.
If you instead use the full CA with dogtag make sure you also configure
the snapshotted VM to be a CA replica too.


Simo Sorce * Red Hat, Inc * New York

Freeipa-users mailing list

Reply via email to