I can join now as its 10am Thursday here...as I dont know when tomorrow is for you....
regards Steven Jones Technical Specialist - Linux RHCE Victoria University, Wellington, NZ 0064 4 463 6272 ________________________________ From: [email protected] [[email protected]] on behalf of Dale Macartney [[email protected]] Sent: Thursday, 28 June 2012 9:45 a.m. To: [email protected] Subject: Re: [Freeipa-users] IPA Backup / Restore - Everyone's favourite problem child! -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 27/06/12 22:25, Steven Jones wrote: > Hi, > > I have successfully restored IPA servers from an ldif...more times than I > care to recall in the last 2 months. In fact at one stage I took an ldif from > the replica and used it to restore the master....so it seems pretty robust. If you're about on irc at all tomorrow I may pick your brains about your experiences. I kind of ruined my test environment this afternoon. I had to redeploy about 15 virtualized guests on my tiny microserver at home. That took quite a while ;-) > > In terms of filling with water, depends on how long for but the physical > parts of the hds ie platters and arms should survive that.....electronics > might as well.....in which case swapping one half (I assume you have a raid1) > to a new box and syncing it might work....then drop out the old disk and slot > in a new one...same with fire / smoke damage. NB One of the recommended ways > to put out a fire in a server room is water misting using de-mineralised > water.... I was merely giving a radical scenario in jest. My main purpose is to produce an IPA 'specifc' backup/restore procedure that doesn't rely on other technologies. Starting with a similar goal to restoring an AD system state backup for example. Dale > > 1 to 4 looks OK to me....something I want to fully try. > > There are some interesting tech like gluster which give you a distributed > raid1....Im wondering on using virtualisation and gluster together...IPA for > your scenario would be very small 1 core and 2gb....not much disk use....use > kvm and gluster might work well. The second machine could be a reasonable > spec'd desktop....like <$2k should be good enough.... > > I have a single Esxi machine at home, when I get the chance and buy a second > one then I want to try something along the above lines...the idea is to avoid > having a NAS and that expense....so 2 ESXi boxes running a gluster node on > each and then the rest of the VMware guests inside gluster's "disk". Another > way might be rsyncing the ldif over ssh to a remote site......maybe even > email it to say google....it shouldnt be very big, ours is 400k at the moment. > > regards > > Steven Jones > > Technical Specialist - Linux RHCE > > Victoria University, Wellington, NZ > > 0064 4 463 6272 > > ________________________________________ > From: > [email protected]<mailto:[email protected]> > [[email protected]<mailto:[email protected]>] > on behalf of Dale Macartney > [[email protected]<mailto:[email protected]>] > Sent: Wednesday, 27 June 2012 11:27 p.m. > To: <[email protected]><mailto:[email protected]> > Subject: [Freeipa-users] IPA Backup / Restore - Everyone's favourite problem > child! > > Howdy all > > We have had quite alot of discussions on the list about this process but > I'd like to get some documentation together so we are all speaking the > same language. > > So last night I wrote a script to backup IPA based on the below article. > > https://access.redhat.com/knowledge/solutions/67800 > > This is fine and dandy. I have an easy way where I end up with a config > tarball, an LDIF export of Dogtag and an LDIF export of LDAP. > > > Now my question is "how on earth am I meant to restore it? > > > My test scenario is as follows. And you'll have to humour me a bit with > my imagination. > > Background: Customer has a very small environment. Single IPA server > installation on a physical server. Several member servers and clients > all pointing to that one server for IPA / CA and DNS. > > Incident: A very unhappy employee has just been fired for being a > naughty boy and decided, for revenge to test how water tight the server > was by filling the chassis with 5 litres of water. > > Result: Server is no longer happy either. A new server deployment is > required to replace old server. > > Thoughts for restoration: > > My thinking was, to build a replacement server with all dependency > packages and then: > > 1. restore config files in order to start IPA services > 2. restore LDAP ldif file to ensure LDAP data was correct > 3. restore Dogtag ldig file to ensure Dogtag data was correct. > 4. restart IPA services to bring things back online smoothly. > > Of course Steps 2-4 didn't happen as they DEFINITELY were not happy to > co-operate. > > I'm trying to get to a stage, where we have a method or procedure for > simple restoration. Once we have the ability to restore everything, then > we can move beyond that, and restore individual components. E.g OU / > User / Group Data. > > Any takers for this one? Will be on IRC today if anyone fancies having a > bun fight for bouncing ideas. > > Dale > > > > > _______________________________________________ > Freeipa-users mailing list > [email protected]<mailto:[email protected]> > https://www.redhat.com/mailman/listinfo/freeipa-users -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJP637pAAoJEAJsWS61tB+qKBMQAJ8zHCH6ysobN3R13QtrNzso 7RxyhnLF3KG2zpEkICTAYwuwT1uGoqjqc7z5z2ypV/77k7VvMu3ejDWm3i8RvD8A n0g43bcY4rA6Jk2Z/JVYc/aPIQqqRdbgx80eK3R8Hi1g0xv0NWVRw3yHiwwKEY27 PpH6zXzjAhsSc/QAlZ6Z9C9jOc4Juxy4KD0N93fcApJAEM5RRJ48+MoXeB1OdkwR Z6Ze+xU8IYM0DSlbgV/VOji7BVGv8adnoLToGuD0DQ//w5JiaY6Zn8Rk7iMtW1f3 yZ/dkILzaMhspzUKUoBSVKSsUebLsdKo8BxbPZS7IhF2KzClwjntxAU22O0kcaZ5 y7jXr9Pr4hpYY5BQxsvnTlLmZ41yD47LzhENmzTwdHfzNaeYC63YjsAgF9FOuZ8K 4h6F8D80bBH0hyHLGFlWw/tUql5U69H0UiC6fkzyuteeAk+ADI95e161s0uhFNM4 dzIVH16OIEcn+n1Bgwd4jL2ZyYi86o/XFNlv3Ui0vs9ovXPuZM2m1Q6l6oRJhjZW iXiXAliNKBf6MlpuWa8e9kBHIpRrxgFl0MjgWTpeRtscx7KfHjIBOvTysfz56jlY +KqRPWQBeZCIsZe5i80opRnWqG9uHckbVf30AIl1yUO7CNBvQkFWvX6R1e9Y1W1d oMqlcQYYwnhmkPsmRFpK =lZXt -----END PGP SIGNATURE-----
_______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
