Hi, I have successfully restored IPA servers from an ldif...more times than I care to recall in the last 2 months. In fact at one stage I took an ldif from the replica and used it to restore the master....so it seems pretty robust.
In terms of filling with water, depends on how long for but the physical parts of the hds ie platters and arms should survive that.....electronics might as well.....in which case swapping one half (I assume you have a raid1) to a new box and syncing it might work....then drop out the old disk and slot in a new one...same with fire / smoke damage. NB One of the recommended ways to put out a fire in a server room is water misting using de-mineralised water.... 1 to 4 looks OK to me....something I want to fully try. There are some interesting tech like gluster which give you a distributed raid1....Im wondering on using virtualisation and gluster together...IPA for your scenario would be very small 1 core and 2gb....not much disk use....use kvm and gluster might work well. The second machine could be a reasonable spec'd desktop....like <$2k should be good enough.... I have a single Esxi machine at home, when I get the chance and buy a second one then I want to try something along the above lines...the idea is to avoid having a NAS and that expense....so 2 ESXi boxes running a gluster node on each and then the rest of the VMware guests inside gluster's "disk". Another way might be rsyncing the ldif over ssh to a remote site......maybe even email it to say google....it shouldnt be very big, ours is 400k at the moment. regards Steven Jones Technical Specialist - Linux RHCE Victoria University, Wellington, NZ 0064 4 463 6272 ________________________________________ From: freeipa-users-boun...@redhat.com [freeipa-users-boun...@redhat.com] on behalf of Dale Macartney [d...@themacartneyclan.com] Sent: Wednesday, 27 June 2012 11:27 p.m. To: <freeipa-users@redhat.com> Subject: [Freeipa-users] IPA Backup / Restore - Everyone's favourite problem child! -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Howdy all We have had quite alot of discussions on the list about this process but I'd like to get some documentation together so we are all speaking the same language. So last night I wrote a script to backup IPA based on the below article. https://access.redhat.com/knowledge/solutions/67800 This is fine and dandy. I have an easy way where I end up with a config tarball, an LDIF export of Dogtag and an LDIF export of LDAP. Now my question is "how on earth am I meant to restore it? My test scenario is as follows. And you'll have to humour me a bit with my imagination. Background: Customer has a very small environment. Single IPA server installation on a physical server. Several member servers and clients all pointing to that one server for IPA / CA and DNS. Incident: A very unhappy employee has just been fired for being a naughty boy and decided, for revenge to test how water tight the server was by filling the chassis with 5 litres of water. Result: Server is no longer happy either. A new server deployment is required to replace old server. Thoughts for restoration: My thinking was, to build a replacement server with all dependency packages and then: 1. restore config files in order to start IPA services 2. restore LDAP ldif file to ensure LDAP data was correct 3. restore Dogtag ldig file to ensure Dogtag data was correct. 4. restart IPA services to bring things back online smoothly. Of course Steps 2-4 didn't happen as they DEFINITELY were not happy to co-operate. I'm trying to get to a stage, where we have a method or procedure for simple restoration. Once we have the ability to restore everything, then we can move beyond that, and restore individual components. E.g OU / User / Group Data. Any takers for this one? Will be on IRC today if anyone fancies having a bun fight for bouncing ideas. Dale -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJP6u4RAAoJEAJsWS61tB+q5p4QALg3rGAfh5eDzZPefJPMA9Um UsgPqahHbcwuYFR0t1HlBrbgo4HetEcK95VsOkHJTrqBRIuQTaBYHwoYcVDCgUlS 9HDyNXIqNRyhiJKb2F1Ahyh0lcPs/ZX7xwo0kWIr8CHo57BuPfCSh7YqPoCCLNnI o85S5Xt4fKUbHI1ioOPxV596lPDHgTzRRXLax6BtT5oF/KkB/9gxsc6hq9UIPfbj gjdBGxjd0F1It+gxZ5YAtTsYaAONr8n5yJStChJkC14E2l5xOroCePkx8oIowxCB DyG4ZT/AWWdEqCDohAYBZoIdxJODV30X/NJLekNd2tuOMQR1xbt/fvRJP5Ey2zSC 4yL1CRpQd+9JWrDiIsyeLoi/vnyZE8H5u4srvXdp5yVzNrEWoxGpt+WnfQCoEXTV ygXjRJcVIdkuEL+YKR4tTmuhNvEAOPeqyg/y91MbVMKa+hY+SilZa/LCgUkL8S+F Di1UwwyUvV4OsFCJpdkUrdS+hIYdXURzsQRI895PAZTZH1S1WmN+mPt1PHBRQAmM 3NC8iyQzeIPgyaf6+nuKu+Wr0+31WweVAhfRoWh8TzP05Skx11XZrf8m1HYPX7oh g2e64Ku0L0qGHkTcCQUBPZrfrSZVC23t5Bo4JdSkO1TJBdINYttbKXJf0t+z5pRF RHoSd77BcxF3B929Bi8P =3vaB -----END PGP SIGNATURE----- _______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
