I have successfully restored IPA servers from an ldif...more times than I care 
to recall in the last 2 months.  In fact at one stage I took an ldif from the 
replica and used it to restore the master....so it seems pretty robust.

In terms of filling with water, depends on how long for but the physical parts 
of the hds ie platters and arms should survive that.....electronics might as 
well.....in which case swapping one half (I assume you have a raid1) to a new 
box and syncing it might work....then drop out the old disk and slot in a new 
one...same with fire / smoke damage.  NB One of the recommended ways to put out 
a fire in a server room is water misting using de-mineralised water....

1 to 4 looks OK to me....something I want to fully try.

There are some interesting tech like gluster which give you a distributed 
raid1....Im wondering on using virtualisation and gluster together...IPA for 
your scenario would be very small 1 core and 2gb....not much disk use....use 
kvm and gluster might work well.  The second machine could be a reasonable 
spec'd desktop....like <$2k should be good enough....

I have a single Esxi machine at home, when I get the chance and buy a second 
one then I want to try something along the above lines...the idea is to avoid 
having a NAS and that expense....so 2 ESXi boxes running a gluster node on each 
and then the rest of the VMware guests inside gluster's "disk".   Another way 
might be rsyncing the ldif over ssh to a remote site......maybe even email it 
to say google....it shouldnt be very big, ours is 400k at the moment.


Steven Jones

Technical Specialist - Linux RHCE

Victoria University, Wellington, NZ

0064 4 463 6272

From: freeipa-users-boun...@redhat.com [freeipa-users-boun...@redhat.com] on 
behalf of Dale Macartney [d...@themacartneyclan.com]
Sent: Wednesday, 27 June 2012 11:27 p.m.
To: <freeipa-users@redhat.com>
Subject: [Freeipa-users] IPA Backup / Restore - Everyone's favourite problem    

Hash: SHA1

Howdy all

We have had quite alot of discussions on the list about this process but
I'd like to get some documentation together so we are all speaking the
same language.

So last night I wrote a script to backup IPA based on the below article.


This is fine and dandy. I have an easy way where I end up with a config
tarball, an LDIF export of Dogtag and an LDIF export of LDAP.

Now my question is "how on earth am I meant to restore it?

My test scenario is as follows. And you'll have to humour me a bit with
my imagination.

Background: Customer has a very small environment. Single IPA server
installation on a physical server. Several member servers and clients
all pointing to that one server for IPA / CA and DNS.

Incident: A very unhappy employee has just been fired for being a
naughty boy and decided, for revenge to test how water tight the server
was by filling the chassis with 5 litres of water.

Result: Server is no longer happy either. A new server deployment is
required to replace old server.

Thoughts for restoration:

My thinking was, to build a replacement server with all dependency
packages and then:

1. restore config files in order to start IPA services
2. restore LDAP ldif file to ensure LDAP data was correct
3. restore Dogtag ldig file to ensure Dogtag data was correct.
4. restart IPA services to bring things back online smoothly.

Of course Steps 2-4 didn't happen as they DEFINITELY were not happy to

I'm trying to get to a stage, where we have a method or procedure for
simple restoration. Once we have the ability to restore everything, then
we can move beyond that, and restore individual components. E.g OU /
User / Group Data.

Any takers for this one? Will be on IRC today if anyone fancies having a
bun fight for bouncing ideas.


Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/


Freeipa-users mailing list

Reply via email to