Erinn Looney-Triggs wrote:
On 12/27/2011 04:01 PM, Craig T wrote:
Hi,

Is there a hot backup technique for IPA? From my reading the best solution is 
to setup a replication server then shut the replication server down and do a 
backup?

cya

Craig

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users



Yeah this seems to be a bit of a problem. I am currently working through
the same thing and all I can find is advice like, "back everything up",
because there are files used by IPA all over the place. That seems a bit
ridiculous to me, so I am trying to piece together what it really does,
and what files are really needed.

One part I have found so far is the hot backups for the directory
servers (note the plural, PKI has its own instance). You need to use the
db2bak.pl (not the db2bak script which requires dirsrv to be stopped)
script to do a hot backup of the directory server. The general idea can
be found in these docs here:

http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/9.0/html/Administration_Guide/Populating_Directory_Databases-Backing_Up_and_Restoring_Data.html


Under section 4.3.1.2. Unfortunately, those docs are wrong about how to
run the db2bak.pl script, so to figure that out you have to read here:

http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/9.0/html/Configuration_Command_and_File_Reference/Perl_Scripts.html#Perl_Scripts-db2bak.pl_Create_backup_of_database


So far that is all I have, just remember to back up both your domain
instance of the LDAP db, as well as the PKI instance. You can then
easily copy those backup files, using your backup tool of choice. As
well as taking a copy of /etc/dirsrv/ and all it contains.

-Erinn

This covers just one piece of IPA. There are also config files, SSL certificates, etc, for many different services.

Backing up is easy. Restoring to a new bare metal machine and having it actually work is hard. Better to back up too much than too little.

rob

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to