On 04/20/2012 11:47 AM, Rich Megginson wrote: > On 04/20/2012 08:46 AM, Brian Cook wrote: >> >> On Apr 16, 2012, at 12:40 PM, Dmitri Pal wrote: >> >>>> 2) What is everyone else doing to prepare IPA for a DR? I've read >>>> that the best way to do it is to turn off the IPA services on a >>>> replica and then back that replica up. I also read that this will >>>> miss some important files that only exist on the master. >>> >>> That is the case when you use selfsigned cert but the preferred and >>> default configuration is not with the self-signed certs. It was in the >>> past but not any more. Currently when you install IPA and then replicas >>> there is no difference between master and replicas (if you installed CA >>> on the replica) so picking any one and recycling is possible. You won't >>> loose anything. >> >> Can 389DS produce a full 'backup' in an LDIF of schema / objects >> while running? > > While running - yes > > Here is a document that describes 389 database management: > http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/9.0/html/Administration_Guide/Populating_Directory_Databases.html > > Schema files can just be copied/tarred from /etc/dirsrv/slapd-*/schema > > The real question is - how does this work with IPA? > The problem is that there are config files, certificates in the NSS database that also need to be backed up to be able to restore the system. It is easy to just stand up a new replica instead of the lost one than to collect data and then try to restore.
>> >> -Brian >> >> >> _______________________________________________ >> Freeipa-users mailing list >> Freeipafirstname.lastname@example.org >> https://www.redhat.com/mailman/listinfo/freeipa-users > -- Thank you, Dmitri Pal Sr. Engineering Manager IPA project, Red Hat Inc. ------------------------------- Looking to carve out IT costs? www.redhat.com/carveoutcosts/
_______________________________________________ Freeipa-users mailing list Freeipaemail@example.com https://www.redhat.com/mailman/listinfo/freeipa-users