I can join now as its 10am Thursday here...as I dont know when tomorrow is for 
you....



regards

Steven Jones

Technical Specialist - Linux RHCE

Victoria University, Wellington, NZ

0064 4 463 6272

________________________________
From: freeipa-users-boun...@redhat.com [freeipa-users-boun...@redhat.com] on 
behalf of Dale Macartney [d...@themacartneyclan.com]
Sent: Thursday, 28 June 2012 9:45 a.m.
To: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] IPA Backup / Restore - Everyone's favourite 
problem child!


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


On 27/06/12 22:25, Steven Jones wrote:
> Hi,
>
> I have successfully restored IPA servers from an ldif...more times than I 
> care to recall in the last 2 months. In fact at one stage I took an ldif from 
> the replica and used it to restore the master....so it seems pretty robust.

If you're about on irc at all tomorrow I may pick your brains about your 
experiences. I kind of ruined my test environment this afternoon. I had to 
redeploy about 15 virtualized guests on my tiny microserver at home. That took 
quite a while ;-)
>
> In terms of filling with water, depends on how long for but the physical 
> parts of the hds ie platters and arms should survive that.....electronics 
> might as well.....in which case swapping one half (I assume you have a raid1) 
> to a new box and syncing it might work....then drop out the old disk and slot 
> in a new one...same with fire / smoke damage. NB One of the recommended ways 
> to put out a fire in a server room is water misting using de-mineralised 
> water....

I was merely giving a radical scenario in jest. My main purpose is to produce 
an IPA 'specifc' backup/restore procedure that doesn't rely on other 
technologies. Starting with a similar goal to restoring an AD system state 
backup for example.

Dale

>
> 1 to 4 looks OK to me....something I want to fully try.
>
> There are some interesting tech like gluster which give you a distributed 
> raid1....Im wondering on using virtualisation and gluster together...IPA for 
> your scenario would be very small 1 core and 2gb....not much disk use....use 
> kvm and gluster might work well. The second machine could be a reasonable 
> spec'd desktop....like <$2k should be good enough....
>
> I have a single Esxi machine at home, when I get the chance and buy a second 
> one then I want to try something along the above lines...the idea is to avoid 
> having a NAS and that expense....so 2 ESXi boxes running a gluster node on 
> each and then the rest of the VMware guests inside gluster's "disk". Another 
> way might be rsyncing the ldif over ssh to a remote site......maybe even 
> email it to say google....it shouldnt be very big, ours is 400k at the moment.
>
> regards
>
> Steven Jones
>
> Technical Specialist - Linux RHCE
>
> Victoria University, Wellington, NZ
>
> 0064 4 463 6272
>
> ________________________________________
> From: 
> freeipa-users-boun...@redhat.com<mailto:freeipa-users-boun...@redhat.com> 
> [freeipa-users-boun...@redhat.com<mailto:freeipa-users-boun...@redhat.com>] 
> on behalf of Dale Macartney 
> [d...@themacartneyclan.com<mailto:d...@themacartneyclan.com>]
> Sent: Wednesday, 27 June 2012 11:27 p.m.
> To: <freeipa-users@redhat.com><mailto:freeipa-users@redhat.com>
> Subject: [Freeipa-users] IPA Backup / Restore - Everyone's favourite problem 
> child!
>
> Howdy all
>
> We have had quite alot of discussions on the list about this process but
> I'd like to get some documentation together so we are all speaking the
> same language.
>
> So last night I wrote a script to backup IPA based on the below article.
>
> https://access.redhat.com/knowledge/solutions/67800
>
> This is fine and dandy. I have an easy way where I end up with a config
> tarball, an LDIF export of Dogtag and an LDIF export of LDAP.
>
>
> Now my question is "how on earth am I meant to restore it?
>
>
> My test scenario is as follows. And you'll have to humour me a bit with
> my imagination.
>
> Background: Customer has a very small environment. Single IPA server
> installation on a physical server. Several member servers and clients
> all pointing to that one server for IPA / CA and DNS.
>
> Incident: A very unhappy employee has just been fired for being a
> naughty boy and decided, for revenge to test how water tight the server
> was by filling the chassis with 5 litres of water.
>
> Result: Server is no longer happy either. A new server deployment is
> required to replace old server.
>
> Thoughts for restoration:
>
> My thinking was, to build a replacement server with all dependency
> packages and then:
>
> 1. restore config files in order to start IPA services
> 2. restore LDAP ldif file to ensure LDAP data was correct
> 3. restore Dogtag ldig file to ensure Dogtag data was correct.
> 4. restart IPA services to bring things back online smoothly.
>
> Of course Steps 2-4 didn't happen as they DEFINITELY were not happy to
> co-operate.
>
> I'm trying to get to a stage, where we have a method or procedure for
> simple restoration. Once we have the ability to restore everything, then
> we can move beyond that, and restore individual components. E.g OU /
> User / Group Data.
>
> Any takers for this one? Will be on IRC today if anyone fancies having a
> bun fight for bouncing ideas.
>
> Dale
>
>
>
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users@redhat.com<mailto:Freeipa-users@redhat.com>
> https://www.redhat.com/mailman/listinfo/freeipa-users

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJP637pAAoJEAJsWS61tB+qKBMQAJ8zHCH6ysobN3R13QtrNzso
7RxyhnLF3KG2zpEkICTAYwuwT1uGoqjqc7z5z2ypV/77k7VvMu3ejDWm3i8RvD8A
n0g43bcY4rA6Jk2Z/JVYc/aPIQqqRdbgx80eK3R8Hi1g0xv0NWVRw3yHiwwKEY27
PpH6zXzjAhsSc/QAlZ6Z9C9jOc4Juxy4KD0N93fcApJAEM5RRJ48+MoXeB1OdkwR
Z6Ze+xU8IYM0DSlbgV/VOji7BVGv8adnoLToGuD0DQ//w5JiaY6Zn8Rk7iMtW1f3
yZ/dkILzaMhspzUKUoBSVKSsUebLsdKo8BxbPZS7IhF2KzClwjntxAU22O0kcaZ5
y7jXr9Pr4hpYY5BQxsvnTlLmZ41yD47LzhENmzTwdHfzNaeYC63YjsAgF9FOuZ8K
4h6F8D80bBH0hyHLGFlWw/tUql5U69H0UiC6fkzyuteeAk+ADI95e161s0uhFNM4
dzIVH16OIEcn+n1Bgwd4jL2ZyYi86o/XFNlv3Ui0vs9ovXPuZM2m1Q6l6oRJhjZW
iXiXAliNKBf6MlpuWa8e9kBHIpRrxgFl0MjgWTpeRtscx7KfHjIBOvTysfz56jlY
+KqRPWQBeZCIsZe5i80opRnWqG9uHckbVf30AIl1yUO7CNBvQkFWvX6R1e9Y1W1d
oMqlcQYYwnhmkPsmRFpK
=lZXt
-----END PGP SIGNATURE-----

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to