Erinn Looney-Triggs wrote:
On 12/27/2011 04:01 PM, Craig T wrote:

Is there a hot backup technique for IPA? From my reading the best solution is 
to setup a replication server then shut the replication server down and do a 



Freeipa-users mailing list

Yeah this seems to be a bit of a problem. I am currently working through
the same thing and all I can find is advice like, "back everything up",
because there are files used by IPA all over the place. That seems a bit
ridiculous to me, so I am trying to piece together what it really does,
and what files are really needed.

One part I have found so far is the hot backups for the directory
servers (note the plural, PKI has its own instance). You need to use the (not the db2bak script which requires dirsrv to be stopped)
script to do a hot backup of the directory server. The general idea can
be found in these docs here:

Under section Unfortunately, those docs are wrong about how to
run the script, so to figure that out you have to read here:

So far that is all I have, just remember to back up both your domain
instance of the LDAP db, as well as the PKI instance. You can then
easily copy those backup files, using your backup tool of choice. As
well as taking a copy of /etc/dirsrv/ and all it contains.


This covers just one piece of IPA. There are also config files, SSL certificates, etc, for many different services.

Backing up is easy. Restoring to a new bare metal machine and having it actually work is hard. Better to back up too much than too little.


Freeipa-users mailing list

Reply via email to