On 04/30/2012 07:01 PM, David Copperfield wrote:
Hi Rich and all,
the '-n ipaca' option doesn't work for CA certificate LDAP backend.
[root@ipslave scripts-PEGACLOUDS-COM]# pwd
/var/lib/dirsrv/scripts-PEGACLOUDS-COM
[root@ipaslave scripts-PEGACLOUDS-COM]# ls ../
scripts-PEGACLOUDS-COM slapd-PEGACLOUDS-COM slapd-PKI-IPA
[root@ipaslave scripts-PEGACLOUDS-COM]# ./db2ldif -n ipaca
Exported ldif file:
/var/lib/dirsrv/slapd-PEGACLOUDS-COM/ldif/PEGACLOUDS-COM-ipaca-2012_04_30_175927.ldif
...
[30/Apr/2012:17:59:27 -0700] - ERROR: Could not find backend 'ipaca'.
[root@ipaslave scripts-PEGACLOUDS-COM]#
Right. Sorry, forgot to mention that the CA instance puts its scripts
in the "standard" place under /usr/lib64/dirsrv/slapd-PKI-IPA
--David
------------------------------------------------------------------------
*From:* Rich Megginson <rmegg...@redhat.com>
*To:* David Copperfield <cao2...@yahoo.com>
*Cc:* "freeipa-users@redhat.com" <freeipa-users@redhat.com>
*Sent:* Monday, April 30, 2012 5:38 PM
*Subject:* Re: [Freeipa-users] Confused/lost at promoting a replica
into a master
On 04/30/2012 05:52 PM, David Copperfield wrote:
Hi Rich and all,
Thank you a lot for pointing out the place of the scripts.
The scripts are found at the place specified and trued, they are
working great in general, but there are still some places needs help:
1, there are no manual or help regarding the command options. Not
sure where the normal usage could be looked up.
[root@ipamaster scripts-PEGACLOUDS-COM]# man db2ldif
No manual entry for db2ldif
[root@ipamaster scripts-PEGACLOUDS-COM]# ./db2ldif --help
Usage: db2ldif {-n backend_instance}* | {-s includesuffix}*
[{-x excludesuffix}*] [-a outputfile]
[-N] [-r] [-C] [-u] [-U] [-m] [-M] [-1]
Note: either "-n backend_instance" or "-s includesuffix" is required.
[root@ipamaster scripts-PEGACLOUDS-COM]#
http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/9.0/html/Configuration_Command_and_File_Reference/Command_Line_Scripts.html
In general - you can use the .pl scripts when the server is running,
the non-.pl <http://non-.pl> scripts when the server is down. So, use
ldif2db.pl <http://ldif2db.pl> to do an online import.
Also, with ipa, you can use -n userRoot or -n ipaca depending on if
this is the ipa instance or the CA instance.
2, what is the 'official' way increase file descriptors for IPA & 389
Directory server??
[root@ipamaster scripts-PEGACLOUDS-COM]# ./db2ldif -s
'dc=pegaclouds,dc=com'
Exported ldif file:
/var/lib/dirsrv/slapd-PEGACLOUDS-COM/ldif/PEGACLOUDS-COM-pegaclouds-2012_04_30_164542.ldif
[30/Apr/2012:16:45:42 -0700] -
/etc/dirsrv/slapd-PEGACLOUDS-COM/dse.ldif: nsslapd-maxdescriptors:
nsslapd-maxdescriptors: invalid value "8192", maximum file
descriptors must range from 1 to 1024 (the current process limit).
Server will use a setting of 1024.
[30/Apr/2012:16:45:42 -0700] - Config Warning: -
nsslapd-maxdescriptors: invalid value "8192", maximum file
descriptors must range from 1 to 1024 (the current process limit).
Server will use a setting of 1024.
...
db2ldif doesn't use file descriptors in the same way as the server
does when it is using them to listen and service incoming connections
- just ignore that message
3, the ldif2db command will abort when IPA(Directory Server) is running.
I have to stop IPA first, then run ldif2db, and fireup IPA at the
end. It may not be a bad thing to avoid potential data base
corruption. But please confirm whether this is a feature or a bug.
[root@ipamaster scripts-PEGACLOUDS-COM]# ./ldif2db -s
'dc=pegaclouds,dc=com' -i
/var/lib/dirsrv/slapd-PEGACLOUDS-COM/ldif/PEGACLOUDS-COM-pegaclouds-2012_04_30_163506.ldif
importing data ...
...
[30/Apr/2012:16:50:00 -0700] - Backend Instance: userRoot
[30/Apr/2012:16:50:00 -0700] - Unable to import the database because
it is being used by another slapd process.
[30/Apr/2012:16:50:00 -0700] - Shutting down due to possible
conflicts with other slapd processes
Use ldif2db.pl
Thanks.
--David
------------------------------------------------------------------------
*From:* Rich Megginson <rmegg...@redhat.com> <mailto:rmegg...@redhat.com>
*To:* David Copperfield <cao2...@yahoo.com> <mailto:cao2...@yahoo.com>
*Cc:* E Deon Lackey <dlac...@redhat.com> <mailto:dlac...@redhat.com>;
"freeipa-users@redhat.com" <mailto:freeipa-users@redhat.com>
<freeipa-users@redhat.com> <mailto:freeipa-users@redhat.com>
*Sent:* Monday, April 30, 2012 4:23 PM
*Subject:* Re: [Freeipa-users] Confused/lost at promoting a replica
into a master
On 04/30/2012 04:58 PM, David Copperfield wrote:
Hi,
>
> Currently, there is no disaster recovery or backup information.
There are a couple of RFEs open to develop this information. My
understanding (and this is something that
> Dmitri or one of the engineers can explain better) is that the
best thing to do is to back up the DS instances using db2ldif and
then spin up a new server/replica instance and
> import the backed up data using ldif2db.
Thanks for pointing out a way to do partial backup/restore.
But the command db2ldif, or its sibling command ldif2db can not be
located on IPA master/replica.
look in /var/lib/dirsrv/scripts-YOURDOMAIN-YOURTLD
The IPA servers only install 389-ds-base and 389-ds-base-libs RPMs.
and the two commands doesn't show up anywhere.
Could anyone elaborate how to use the two template commands, or
please point me to the document or http link(s) is enough. Thanks a lot.
[root@ipamaster script-templates]# rpm -qa | grep 389
389-ds-base-1.2.9.14-1.el6_2.2.x86_64
389-ds-base-libs-1.2.9.14-1.el6_2.2.x86_64
[root@ipamaster script-templates]# rpm -ql 389-ds-base
389-ds-base-libs | grep -P 'db2ldif|ldif2db'
/usr/share/dirsrv/script-templates/template-db2ldif
/usr/share/dirsrv/script-templates/template-db2ldif.pl
/usr/share/dirsrv/script-templates/template-ldif2db
/usr/share/dirsrv/script-templates/template-ldif2db.pl
[root@ipamaster script-templates]#
--David
_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com <mailto:Freeipa-users@redhat.com>
https://www.redhat.com/mailman/listinfo/freeipa-users
_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users