On 01/04/2012 01:29 PM, Erinn Looney-Triggs wrote:
> On 01/04/2012 09:24 AM, Rob Crittenden wrote:
>> Erinn Looney-Triggs wrote:
>>> On 12/27/2011 04:01 PM, Craig T wrote:
>>>> Hi,
>>>> Is there a hot backup technique for IPA? From my reading the best
>>>> solution is to setup a replication server then shut the replication
>>>> server down and do a backup?
>>>> cya
>>>> Craig
>>>> _______________________________________________
>>>> Freeipa-users mailing list
>>>> Freeipa-users@redhat.com
>>>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>> Yeah this seems to be a bit of a problem. I am currently working through
>>> the same thing and all I can find is advice like, "back everything up",
>>> because there are files used by IPA all over the place. That seems a bit
>>> ridiculous to me, so I am trying to piece together what it really does,
>>> and what files are really needed.
>>> One part I have found so far is the hot backups for the directory
>>> servers (note the plural, PKI has its own instance). You need to use the
>>> db2bak.pl (not the db2bak script which requires dirsrv to be stopped)
>>> script to do a hot backup of the directory server. The general idea can
>>> be found in these docs here:
>>> http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/9.0/html/Administration_Guide/Populating_Directory_Databases-Backing_Up_and_Restoring_Data.html
>>> Under section Unfortunately, those docs are wrong about how to
>>> run the db2bak.pl script, so to figure that out you have to read here:
>>> http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/9.0/html/Configuration_Command_and_File_Reference/Perl_Scripts.html#Perl_Scripts-db2bak.pl_Create_backup_of_database
>>> So far that is all I have, just remember to back up both your domain
>>> instance of the LDAP db, as well as the PKI instance. You can then
>>> easily copy those backup files, using your backup tool of choice. As
>>> well as taking a copy of /etc/dirsrv/ and all it contains.
>>> -Erinn
>> This covers just one piece of IPA. There are also config files, SSL
>> certificates, etc, for many different services.
>> Backing up is easy. Restoring to a new bare metal machine and having it
>> actually work is hard. Better to back up too much than too little.
>> rob
> Yeah folks, that is why I say "one part". I am pointing out how to deal
> with one, and only one, piece of your setup. If I had unlimited storage
> I would back everything up all the time, forever, because more is better
> than less.

You probably just need to backup one system out of the ring of the servers.
It depend upon your requirements and how much activity happens in
between the backups.

> -Erinn
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users@redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users

Thank you,
Dmitri Pal

Sr. Engineering Manager IPA project,
Red Hat Inc.

Looking to carve out IT costs?

Freeipa-users mailing list

Reply via email to