I can join now as its 10am Thursday here...as I dont know when tomorrow is for 


Steven Jones

Technical Specialist - Linux RHCE

Victoria University, Wellington, NZ

0064 4 463 6272

From: freeipa-users-boun...@redhat.com [freeipa-users-boun...@redhat.com] on 
behalf of Dale Macartney [d...@themacartneyclan.com]
Sent: Thursday, 28 June 2012 9:45 a.m.
To: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] IPA Backup / Restore - Everyone's favourite 
problem child!

Hash: SHA1

On 27/06/12 22:25, Steven Jones wrote:
> Hi,
> I have successfully restored IPA servers from an ldif...more times than I 
> care to recall in the last 2 months. In fact at one stage I took an ldif from 
> the replica and used it to restore the master....so it seems pretty robust.

If you're about on irc at all tomorrow I may pick your brains about your 
experiences. I kind of ruined my test environment this afternoon. I had to 
redeploy about 15 virtualized guests on my tiny microserver at home. That took 
quite a while ;-)
> In terms of filling with water, depends on how long for but the physical 
> parts of the hds ie platters and arms should survive that.....electronics 
> might as well.....in which case swapping one half (I assume you have a raid1) 
> to a new box and syncing it might work....then drop out the old disk and slot 
> in a new one...same with fire / smoke damage. NB One of the recommended ways 
> to put out a fire in a server room is water misting using de-mineralised 
> water....

I was merely giving a radical scenario in jest. My main purpose is to produce 
an IPA 'specifc' backup/restore procedure that doesn't rely on other 
technologies. Starting with a similar goal to restoring an AD system state 
backup for example.


> 1 to 4 looks OK to me....something I want to fully try.
> There are some interesting tech like gluster which give you a distributed 
> raid1....Im wondering on using virtualisation and gluster together...IPA for 
> your scenario would be very small 1 core and 2gb....not much disk use....use 
> kvm and gluster might work well. The second machine could be a reasonable 
> spec'd desktop....like <$2k should be good enough....
> I have a single Esxi machine at home, when I get the chance and buy a second 
> one then I want to try something along the above lines...the idea is to avoid 
> having a NAS and that expense....so 2 ESXi boxes running a gluster node on 
> each and then the rest of the VMware guests inside gluster's "disk". Another 
> way might be rsyncing the ldif over ssh to a remote site......maybe even 
> email it to say google....it shouldnt be very big, ours is 400k at the moment.
> regards
> Steven Jones
> Technical Specialist - Linux RHCE
> Victoria University, Wellington, NZ
> 0064 4 463 6272
> ________________________________________
> From: 
> freeipa-users-boun...@redhat.com<mailto:freeipa-users-boun...@redhat.com> 
> [freeipa-users-boun...@redhat.com<mailto:freeipa-users-boun...@redhat.com>] 
> on behalf of Dale Macartney 
> [d...@themacartneyclan.com<mailto:d...@themacartneyclan.com>]
> Sent: Wednesday, 27 June 2012 11:27 p.m.
> To: <freeipa-users@redhat.com><mailto:freeipa-users@redhat.com>
> Subject: [Freeipa-users] IPA Backup / Restore - Everyone's favourite problem 
> child!
> Howdy all
> We have had quite alot of discussions on the list about this process but
> I'd like to get some documentation together so we are all speaking the
> same language.
> So last night I wrote a script to backup IPA based on the below article.
> https://access.redhat.com/knowledge/solutions/67800
> This is fine and dandy. I have an easy way where I end up with a config
> tarball, an LDIF export of Dogtag and an LDIF export of LDAP.
> Now my question is "how on earth am I meant to restore it?
> My test scenario is as follows. And you'll have to humour me a bit with
> my imagination.
> Background: Customer has a very small environment. Single IPA server
> installation on a physical server. Several member servers and clients
> all pointing to that one server for IPA / CA and DNS.
> Incident: A very unhappy employee has just been fired for being a
> naughty boy and decided, for revenge to test how water tight the server
> was by filling the chassis with 5 litres of water.
> Result: Server is no longer happy either. A new server deployment is
> required to replace old server.
> Thoughts for restoration:
> My thinking was, to build a replacement server with all dependency
> packages and then:
> 1. restore config files in order to start IPA services
> 2. restore LDAP ldif file to ensure LDAP data was correct
> 3. restore Dogtag ldig file to ensure Dogtag data was correct.
> 4. restart IPA services to bring things back online smoothly.
> Of course Steps 2-4 didn't happen as they DEFINITELY were not happy to
> co-operate.
> I'm trying to get to a stage, where we have a method or procedure for
> simple restoration. Once we have the ability to restore everything, then
> we can move beyond that, and restore individual components. E.g OU /
> User / Group Data.
> Any takers for this one? Will be on IRC today if anyone fancies having a
> bun fight for bouncing ideas.
> Dale
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users@redhat.com<mailto:Freeipa-users@redhat.com>
> https://www.redhat.com/mailman/listinfo/freeipa-users

Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/


Freeipa-users mailing list

Reply via email to