On 04/20/2012 11:47 AM, Rich Megginson wrote:
> On 04/20/2012 08:46 AM, Brian Cook wrote:
>> On Apr 16, 2012, at 12:40 PM, Dmitri Pal wrote:
>>>> 2) What is everyone else doing to prepare IPA for a DR?  I've read
>>>> that the best way to do it is to turn off the IPA services on a
>>>> replica and then back that replica up.  I also read that this will
>>>> miss some important files that only exist on the master. 
>>> That is the case when you use selfsigned cert but the preferred and
>>> default configuration is not with the self-signed certs. It was in the
>>> past but not any more. Currently when you install IPA and then replicas
>>> there is no difference between master and replicas (if you installed CA
>>> on the replica) so picking any one and recycling is possible. You won't
>>> loose anything. 
>> Can 389DS produce a full 'backup' in an LDIF of schema / objects
>> while running?
> While running - yes
> Here is a document that describes 389 database management:
> http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/9.0/html/Administration_Guide/Populating_Directory_Databases.html
> Schema files can just be copied/tarred from /etc/dirsrv/slapd-*/schema
> The real question is - how does this work with IPA?
The problem is that there are config files, certificates in the NSS
database that also need to be backed up to be able to restore the system.
It is easy to just stand up a new replica  instead of the lost one than
to collect data and then try to restore.

>> -Brian
>> _______________________________________________
>> Freeipa-users mailing list
>> Freeipa-users@redhat.com
>> https://www.redhat.com/mailman/listinfo/freeipa-users

Thank you,
Dmitri Pal

Sr. Engineering Manager IPA project,
Red Hat Inc.

Looking to carve out IT costs?

Freeipa-users mailing list

Reply via email to