[Freeipa-users] Re: freeIPA backup

2018-06-25 Thread hedrick--- via FreeIPA-users 
If you do some searches, you can find some perl scripts that will do things 
like compare two LDIF files to see what changed.

> On Jun 25, 2018, at 2:19:16 PM, Alfredo De Luca via FreeIPA-users 
>  wrote:
> 
> ok thanks. but can I have a different IP address but same hostname? this is 
> to check if everything works
> 
> /Alfredo
> 
> On Mon, 25 Jun 2018, 18:24 ,  > wrote:
> Yes. Edit /etc/hosts and add your IP address and hostname. Edit /etc/hostname 
> to put your hostname.
> 
> That works for me.
> 
> You should probably make sure that you have iptables on the production 
> systems to reject connections from the ip address of your copy. Otherwise you 
> run the danger of having an out of date copy giving you out of date data.
> 
>> On Jun 25, 2018, at 11:31 AM, Alfredo De Luca > > wrote:
>> 
>> ​Hi Hedrick. 
>> Jus a quick one. If i want to restore a full backup IPA in a different host 
>> (just for test purpose) can I change the IP address but have the same 
>> hostname/FQDN? 
>> 
>> Alfredo
>> ​
>> 
>> On Sat, Jun 23, 2018 at 5:54 PM > > wrote:
>> There is actually documentation supporting my view: 
>> https://www.freeipa.org/page/Backup_and_Restore 
>>  Look particularly at the 
>> section "Why snapshot and not backup and restore scripts?"
>> 
>> The difference is that they suggest stopping a replica before making a 
>> snapshot, while we snapshot a running system. I’ve done this with a variety 
>> of databases and other applications. My claim is that a point in time 
>> snapshot should be safe for any software that is designed to survive a 
>> crash, because a point in time snapshot is no harder to recover from than a 
>> crash. We have multiple snapshots, in case we can’t use one of them. But 
>> I’ve never seen that happen. 
>> 
>> We always run complex software systems such a ipa in a VM.
>> 
>>> On Jun 23, 2018, at 11:28:37 AM, Alfredo De Luca >> > wrote:
>>> 
>>> Thanks Charles. Out IPA is a VM too on Openstack but for some reasons they 
>>> said it's not good to take snapshots and rely on that for backups... I ll 
>>> investigate further tho... cause my idea was exactly that. Snapshots
>>> 
>>> 
>>> Thanks for sharing.
>>> 
>>> On Fri, Jun 22, 2018 at 4:34 PM Charles Hedrick >> > wrote:
>>> Our IPA servers are VMs. We do backups of snapshots, either through VMware 
>>> or when the image is on a Netapp, through a Netapp snapshot. That 
>>> guarantees that you have all the pieces in a consistent state. I’ve never 
>>> had to restore a production server, but I have started copies of one of the 
>>> backups to do experiments that I didn’t want to do on a production system. 
>>> I’ve never had an issue starting from a backup, though I need to do some 
>>> changes so the system thinks it has the same hostname as the original one.
>>> 
 On Jun 11, 2018, at 9:10 AM, Alfredo De Luca via FreeIPA-users 
 >>> > wrote:
 
 Hi all. 
 What's the best procedure/practice  to periodically perform a backup on a 
 single freeipa server with CA? 
 
 Cheers
 
 -- 
 Alfredo
 
 ___
 FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org 
 
 To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org 
 
 Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html 
 
 List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines 
 
 List Archives: 
 https://lists.fedoraproject.org/archives/list/freeipa-users@lists.fedorahosted.org/message/KKKIFFZZQS4V562HUWYYR6FHGEA4KOYL/
  
 
>>> 
>>> 
>>> 
>>> -- 
>>> Alfredo
>>> 
>> 
>> 
>> 
>> -- 
>> Alfredo
>> 
> 
> ___
> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
> To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
> Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives: 
> https://lists.fedoraproject.org/archives/list/freeipa-users@lists.fedorahosted.org/message/TW5LN5LFE5ZFNP2JP6WTV6CKBERMKGSE/

___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-condu

[Freeipa-users] Re: freeIPA backup

2018-06-25 Thread hedrick--- via FreeIPA-users 
Yes. If you put a mapping between the new IP address and hostname in 
/etc/hosts, lookups will use that in preference to the usual one. If you also 
put the hostname in /etc/hostname and reboot, together those things should make 
the system believe it has the hostname of your actual server.


> On Jun 25, 2018, at 2:19:16 PM, Alfredo De Luca via FreeIPA-users 
>  wrote:
> 
> ok thanks. but can I have a different IP address but same hostname? this is 
> to check if everything works
> 
> /Alfredo
> 
> On Mon, 25 Jun 2018, 18:24 ,  > wrote:
> Yes. Edit /etc/hosts and add your IP address and hostname. Edit /etc/hostname 
> to put your hostname.
> 
> That works for me.
> 
> You should probably make sure that you have iptables on the production 
> systems to reject connections from the ip address of your copy. Otherwise you 
> run the danger of having an out of date copy giving you out of date data.
> 
>> On Jun 25, 2018, at 11:31 AM, Alfredo De Luca > > wrote:
>> 
>> ​Hi Hedrick. 
>> Jus a quick one. If i want to restore a full backup IPA in a different host 
>> (just for test purpose) can I change the IP address but have the same 
>> hostname/FQDN? 
>> 
>> Alfredo
>> ​
>> 
>> On Sat, Jun 23, 2018 at 5:54 PM > > wrote:
>> There is actually documentation supporting my view: 
>> https://www.freeipa.org/page/Backup_and_Restore 
>>  Look particularly at the 
>> section "Why snapshot and not backup and restore scripts?"
>> 
>> The difference is that they suggest stopping a replica before making a 
>> snapshot, while we snapshot a running system. I’ve done this with a variety 
>> of databases and other applications. My claim is that a point in time 
>> snapshot should be safe for any software that is designed to survive a 
>> crash, because a point in time snapshot is no harder to recover from than a 
>> crash. We have multiple snapshots, in case we can’t use one of them. But 
>> I’ve never seen that happen. 
>> 
>> We always run complex software systems such a ipa in a VM.
>> 
>>> On Jun 23, 2018, at 11:28:37 AM, Alfredo De Luca >> > wrote:
>>> 
>>> Thanks Charles. Out IPA is a VM too on Openstack but for some reasons they 
>>> said it's not good to take snapshots and rely on that for backups... I ll 
>>> investigate further tho... cause my idea was exactly that. Snapshots
>>> 
>>> 
>>> Thanks for sharing.
>>> 
>>> On Fri, Jun 22, 2018 at 4:34 PM Charles Hedrick >> > wrote:
>>> Our IPA servers are VMs. We do backups of snapshots, either through VMware 
>>> or when the image is on a Netapp, through a Netapp snapshot. That 
>>> guarantees that you have all the pieces in a consistent state. I’ve never 
>>> had to restore a production server, but I have started copies of one of the 
>>> backups to do experiments that I didn’t want to do on a production system. 
>>> I’ve never had an issue starting from a backup, though I need to do some 
>>> changes so the system thinks it has the same hostname as the original one.
>>> 
 On Jun 11, 2018, at 9:10 AM, Alfredo De Luca via FreeIPA-users 
 >>> > wrote:
 
 Hi all. 
 What's the best procedure/practice  to periodically perform a backup on a 
 single freeipa server with CA? 
 
 Cheers
 
 -- 
 Alfredo
 
 ___
 FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org 
 
 To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org 
 
 Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html 
 
 List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines 
 
 List Archives: 
 https://lists.fedoraproject.org/archives/list/freeipa-users@lists.fedorahosted.org/message/KKKIFFZZQS4V562HUWYYR6FHGEA4KOYL/
  
 
>>> 
>>> 
>>> 
>>> -- 
>>> Alfredo
>>> 
>> 
>> 
>> 
>> -- 
>> Alfredo
>> 
> 
> ___
> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
> To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
> Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives: 
> https://lists.fedoraproject.org/archives/list/freeipa-users@lists.fedorahosted.org/message/TW5LN5LFE5ZFNP2JP6WTV6CKBERMKGSE/

___
FreeIPA-users mailing list -- free

[Freeipa-users] Re: freeIPA backup

2018-06-25 Thread Alfredo De Luca via FreeIPA-users 
ok thanks. but can I have a different IP address but same hostname? this is
to check if everything works

/Alfredo

On Mon, 25 Jun 2018, 18:24 ,  wrote:

> Yes. Edit /etc/hosts and add your IP address and hostname. Edit
> /etc/hostname to put your hostname.
>
> That works for me.
>
> You should probably make sure that you have iptables on the production
> systems to reject connections from the ip address of your copy. Otherwise
> you run the danger of having an out of date copy giving you out of date
> data.
>
> On Jun 25, 2018, at 11:31 AM, Alfredo De Luca 
> wrote:
>
> ​Hi Hedrick.
> Jus a quick one. If i want to restore a full backup IPA in a different
> host (just for test purpose) can I change the IP address but have the same
> hostname/FQDN?
>
> Alfredo
> ​
>
> On Sat, Jun 23, 2018 at 5:54 PM  wrote:
>
>> There is actually documentation supporting my view:
>> https://www.freeipa.org/page/Backup_and_Restore Look particularly at the
>> section "Why snapshot and not backup and restore scripts?"
>>
>> The difference is that they suggest stopping a replica before making a
>> snapshot, while we snapshot a running system. I’ve done this with a variety
>> of databases and other applications. My claim is that a point in time
>> snapshot should be safe for any software that is designed to survive a
>> crash, because a point in time snapshot is no harder to recover from than a
>> crash. We have multiple snapshots, in case we can’t use one of them. But
>> I’ve never seen that happen.
>>
>> We always run complex software systems such a ipa in a VM.
>>
>> On Jun 23, 2018, at 11:28:37 AM, Alfredo De Luca <
>> alfredo.del...@gmail.com> wrote:
>>
>> Thanks Charles. Out IPA is a VM too on Openstack but for some reasons
>> they said it's not good to take snapshots and rely on that for backups... I
>> ll investigate further tho... cause my idea was exactly that. Snapshots
>>
>>
>> Thanks for sharing.
>>
>> On Fri, Jun 22, 2018 at 4:34 PM Charles Hedrick 
>> wrote:
>>
>>> Our IPA servers are VMs. We do backups of snapshots, either through
>>> VMware or when the image is on a Netapp, through a Netapp snapshot. That
>>> guarantees that you have all the pieces in a consistent state. I’ve never
>>> had to restore a production server, but I have started copies of one of the
>>> backups to do experiments that I didn’t want to do on a production system.
>>> I’ve never had an issue starting from a backup, though I need to do some
>>> changes so the system thinks it has the same hostname as the original one.
>>>
>>> On Jun 11, 2018, at 9:10 AM, Alfredo De Luca via FreeIPA-users <
>>> freeipa-users@lists.fedorahosted.org> wrote:
>>>
>>> Hi all.
>>> What's the best procedure/practice  to periodically perform a backup on
>>> a single freeipa server with CA?
>>>
>>> Cheers
>>>
>>> --
>>> *Alfredo*
>>>
>>> ___
>>> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
>>> To unsubscribe send an email to
>>> freeipa-users-le...@lists.fedorahosted.org
>>> Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
>>> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
>>> List Archives:
>>> https://lists.fedoraproject.org/archives/list/freeipa-users@lists.fedorahosted.org/message/KKKIFFZZQS4V562HUWYYR6FHGEA4KOYL/
>>>
>>>
>>>
>>
>> --
>> *Alfredo*
>>
>>
>>
>
> --
> *Alfredo*
>
>
>
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/freeipa-users@lists.fedorahosted.org/message/TW5LN5LFE5ZFNP2JP6WTV6CKBERMKGSE/

[Freeipa-users] Re: freeIPA backup

2018-06-25 Thread hedrick--- via FreeIPA-users 
Yes. Edit /etc/hosts and add your IP address and hostname. Edit /etc/hostname 
to put your hostname.

That works for me.

You should probably make sure that you have iptables on the production systems 
to reject connections from the ip address of your copy. Otherwise you run the 
danger of having an out of date copy giving you out of date data.

> On Jun 25, 2018, at 11:31 AM, Alfredo De Luca  
> wrote:
> 
> ​Hi Hedrick. 
> Jus a quick one. If i want to restore a full backup IPA in a different host 
> (just for test purpose) can I change the IP address but have the same 
> hostname/FQDN? 
> 
> Alfredo
> ​
> 
> On Sat, Jun 23, 2018 at 5:54 PM  > wrote:
> There is actually documentation supporting my view: 
> https://www.freeipa.org/page/Backup_and_Restore 
>  Look particularly at the 
> section "Why snapshot and not backup and restore scripts?"
> 
> The difference is that they suggest stopping a replica before making a 
> snapshot, while we snapshot a running system. I’ve done this with a variety 
> of databases and other applications. My claim is that a point in time 
> snapshot should be safe for any software that is designed to survive a crash, 
> because a point in time snapshot is no harder to recover from than a crash. 
> We have multiple snapshots, in case we can’t use one of them. But I’ve never 
> seen that happen. 
> 
> We always run complex software systems such a ipa in a VM.
> 
>> On Jun 23, 2018, at 11:28:37 AM, Alfredo De Luca > > wrote:
>> 
>> Thanks Charles. Out IPA is a VM too on Openstack but for some reasons they 
>> said it's not good to take snapshots and rely on that for backups... I ll 
>> investigate further tho... cause my idea was exactly that. Snapshots
>> 
>> 
>> Thanks for sharing.
>> 
>> On Fri, Jun 22, 2018 at 4:34 PM Charles Hedrick > > wrote:
>> Our IPA servers are VMs. We do backups of snapshots, either through VMware 
>> or when the image is on a Netapp, through a Netapp snapshot. That guarantees 
>> that you have all the pieces in a consistent state. I’ve never had to 
>> restore a production server, but I have started copies of one of the backups 
>> to do experiments that I didn’t want to do on a production system. I’ve 
>> never had an issue starting from a backup, though I need to do some changes 
>> so the system thinks it has the same hostname as the original one.
>> 
>>> On Jun 11, 2018, at 9:10 AM, Alfredo De Luca via FreeIPA-users 
>>> >> > wrote:
>>> 
>>> Hi all. 
>>> What's the best procedure/practice  to periodically perform a backup on a 
>>> single freeipa server with CA? 
>>> 
>>> Cheers
>>> 
>>> -- 
>>> Alfredo
>>> 
>>> ___
>>> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org 
>>> 
>>> To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org 
>>> 
>>> Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html 
>>> 
>>> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines 
>>> 
>>> List Archives: 
>>> https://lists.fedoraproject.org/archives/list/freeipa-users@lists.fedorahosted.org/message/KKKIFFZZQS4V562HUWYYR6FHGEA4KOYL/
>>>  
>>> 
>> 
>> 
>> 
>> -- 
>> Alfredo
>> 
> 
> 
> 
> -- 
> Alfredo
> 

___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/freeipa-users@lists.fedorahosted.org/message/LYQEENMBGTXK7OEHR2IYDVSAEXQ66VNJ/

[Freeipa-users] Re: freeIPA backup

2018-06-25 Thread Alfredo De Luca via FreeIPA-users 
​Hi Hedrick.
Jus a quick one. If i want to restore a full backup IPA in a different host
(just for test purpose) can I change the IP address but have the same
hostname/FQDN?

Alfredo
​

On Sat, Jun 23, 2018 at 5:54 PM  wrote:

> There is actually documentation supporting my view:
> https://www.freeipa.org/page/Backup_and_Restore Look particularly at the
> section "Why snapshot and not backup and restore scripts?"
>
> The difference is that they suggest stopping a replica before making a
> snapshot, while we snapshot a running system. I’ve done this with a variety
> of databases and other applications. My claim is that a point in time
> snapshot should be safe for any software that is designed to survive a
> crash, because a point in time snapshot is no harder to recover from than a
> crash. We have multiple snapshots, in case we can’t use one of them. But
> I’ve never seen that happen.
>
> We always run complex software systems such a ipa in a VM.
>
> On Jun 23, 2018, at 11:28:37 AM, Alfredo De Luca 
> wrote:
>
> Thanks Charles. Out IPA is a VM too on Openstack but for some reasons they
> said it's not good to take snapshots and rely on that for backups... I ll
> investigate further tho... cause my idea was exactly that. Snapshots
>
>
> Thanks for sharing.
>
> On Fri, Jun 22, 2018 at 4:34 PM Charles Hedrick 
> wrote:
>
>> Our IPA servers are VMs. We do backups of snapshots, either through
>> VMware or when the image is on a Netapp, through a Netapp snapshot. That
>> guarantees that you have all the pieces in a consistent state. I’ve never
>> had to restore a production server, but I have started copies of one of the
>> backups to do experiments that I didn’t want to do on a production system.
>> I’ve never had an issue starting from a backup, though I need to do some
>> changes so the system thinks it has the same hostname as the original one.
>>
>> On Jun 11, 2018, at 9:10 AM, Alfredo De Luca via FreeIPA-users <
>> freeipa-users@lists.fedorahosted.org> wrote:
>>
>> Hi all.
>> What's the best procedure/practice  to periodically perform a backup on a
>> single freeipa server with CA?
>>
>> Cheers
>>
>> --
>> *Alfredo*
>>
>> ___
>> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
>> To unsubscribe send an email to
>> freeipa-users-le...@lists.fedorahosted.org
>> Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
>> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
>> List Archives:
>> https://lists.fedoraproject.org/archives/list/freeipa-users@lists.fedorahosted.org/message/KKKIFFZZQS4V562HUWYYR6FHGEA4KOYL/
>>
>>
>>
>
> --
> *Alfredo*
>
>
>

-- 
*Alfredo*
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/freeipa-users@lists.fedorahosted.org/message/74LL3P7EOIMG3NYM2OC6QUXH5YSYRY3G/

[Freeipa-users] Re: freeIPA backup

2018-06-25 Thread Charles Hedrick via FreeIPA-users 
Our IPA servers are VMs. We do backups of snapshots, either through VMware or 
when the image is on a Netapp, through a Netapp snapshot. That guarantees that 
you have all the pieces in a consistent state. I’ve never had to restore a 
production server, but I have started copies of one of the backups to do 
experiments that I didn’t want to do on a production system. I’ve never had an 
issue starting from a backup, though I need to do some changes so the system 
thinks it has the same hostname as the original one.

> On Jun 11, 2018, at 9:10 AM, Alfredo De Luca via FreeIPA-users 
>  wrote:
> 
> Hi all. 
> What's the best procedure/practice  to periodically perform a backup on a 
> single freeipa server with CA? 
> 
> Cheers
> 
> -- 
> Alfredo
> 
> ___
> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
> To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
> Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives: 
> https://lists.fedoraproject.org/archives/list/freeipa-users@lists.fedorahosted.org/message/KKKIFFZZQS4V562HUWYYR6FHGEA4KOYL/

___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/freeipa-users@lists.fedorahosted.org/message/KY2ALWKU57FVP5VDGO6Z4U35NEM4LU6S/

[Freeipa-users] Re: freeIPA backup

2018-06-23 Thread hedrick--- via FreeIPA-users 
There is actually documentation supporting my view: 
https://www.freeipa.org/page/Backup_and_Restore 
 Look particularly at the 
section "Why snapshot and not backup and restore scripts?"

The difference is that they suggest stopping a replica before making a 
snapshot, while we snapshot a running system. I’ve done this with a variety of 
databases and other applications. My claim is that a point in time snapshot 
should be safe for any software that is designed to survive a crash, because a 
point in time snapshot is no harder to recover from than a crash. We have 
multiple snapshots, in case we can’t use one of them. But I’ve never seen that 
happen. 

We always run complex software systems such a ipa in a VM.

> On Jun 23, 2018, at 11:28:37 AM, Alfredo De Luca  
> wrote:
> 
> Thanks Charles. Out IPA is a VM too on Openstack but for some reasons they 
> said it's not good to take snapshots and rely on that for backups... I ll 
> investigate further tho... cause my idea was exactly that. Snapshots
> 
> 
> Thanks for sharing.
> 
> On Fri, Jun 22, 2018 at 4:34 PM Charles Hedrick  > wrote:
> Our IPA servers are VMs. We do backups of snapshots, either through VMware or 
> when the image is on a Netapp, through a Netapp snapshot. That guarantees 
> that you have all the pieces in a consistent state. I’ve never had to restore 
> a production server, but I have started copies of one of the backups to do 
> experiments that I didn’t want to do on a production system. I’ve never had 
> an issue starting from a backup, though I need to do some changes so the 
> system thinks it has the same hostname as the original one.
> 
>> On Jun 11, 2018, at 9:10 AM, Alfredo De Luca via FreeIPA-users 
>> > > wrote:
>> 
>> Hi all. 
>> What's the best procedure/practice  to periodically perform a backup on a 
>> single freeipa server with CA? 
>> 
>> Cheers
>> 
>> -- 
>> Alfredo
>> 
>> ___
>> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org 
>> 
>> To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org 
>> 
>> Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html 
>> 
>> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines 
>> 
>> List Archives: 
>> https://lists.fedoraproject.org/archives/list/freeipa-users@lists.fedorahosted.org/message/KKKIFFZZQS4V562HUWYYR6FHGEA4KOYL/
>>  
>> 
> 
> 
> 
> -- 
> Alfredo
> 

___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/freeipa-users@lists.fedorahosted.org/message/WKCIBF5OZGA4MIEZZY5JCLMT3CXHIFN7/

[Freeipa-users] Re: freeIPA backup

2018-06-23 Thread Alfredo De Luca via FreeIPA-users 
Thanks Charles. Out IPA is a VM too on Openstack but for some reasons they
said it's not good to take snapshots and rely on that for backups... I ll
investigate further tho... cause my idea was exactly that. Snapshots


Thanks for sharing.

On Fri, Jun 22, 2018 at 4:34 PM Charles Hedrick 
wrote:

> Our IPA servers are VMs. We do backups of snapshots, either through VMware
> or when the image is on a Netapp, through a Netapp snapshot. That
> guarantees that you have all the pieces in a consistent state. I’ve never
> had to restore a production server, but I have started copies of one of the
> backups to do experiments that I didn’t want to do on a production system.
> I’ve never had an issue starting from a backup, though I need to do some
> changes so the system thinks it has the same hostname as the original one.
>
> On Jun 11, 2018, at 9:10 AM, Alfredo De Luca via FreeIPA-users <
> freeipa-users@lists.fedorahosted.org> wrote:
>
> Hi all.
> What's the best procedure/practice  to periodically perform a backup on a
> single freeipa server with CA?
>
> Cheers
>
> --
> *Alfredo*
>
> ___
> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
> To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
> Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
> https://lists.fedoraproject.org/archives/list/freeipa-users@lists.fedorahosted.org/message/KKKIFFZZQS4V562HUWYYR6FHGEA4KOYL/
>
>
>

-- 
*Alfredo*
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/freeipa-users@lists.fedorahosted.org/message/R2FLWPLV2TGSR3TPRIIM3USDY3Z3NYIA/

[Freeipa-users] Re: freeIPA backup

2018-06-18 Thread Alfredo De Luca via FreeIPA-users 
Thanks heaps.


On Mon, Jun 18, 2018 at 8:16 PM Rob Crittenden  wrote:

> Alfredo De Luca via FreeIPA-users wrote:
> > Hi Tony et all.
> > AFAIK if I perform a full backup, and one day I need to restore it , I
> > can but only on the same machine/FQDN... is that right? So if I destroy
> > the IPA server then create a new one with the same FQDN and options as
> > the first time then I restore it should be fine?
>
> Yes. The same version of IPA is also required.
>
> rob
>
> >
> > Cheers
> > Alfredo
> >
> >
> > On Wed, Jun 13, 2018 at 5:49 PM Alfredo De Luca
> > mailto:alfredo.del...@gmail.com>> wrote:
> >
> > Thanks Tony. Appreciated.
> >
> > I will soon do that.
> > Cheers
> >
> >
> > On Wed, Jun 13, 2018 at 11:10 AM Tony Brian Albers via FreeIPA-users
> >  > > wrote:
> >
> > Hi Alfredo,
> >
> > As Peter says, use ipa-backup. I suggest running it twice a day,
> > but
> > that depends on how many changes you make in FreeIPA.
> >
> > Then, get your backup software to backup /var/lib/ipa/backup
> > some time
> > after you've run ipa-backup. Or, get your backup software to run
> > ipa-backup for you and then back up the destination folder.
> >
> > It's always easier to restore a system from a full backup, but
> > it takes
> > time and demands many full backups which are large in size,
> > demands a
> > lot of storage and stresses your network.
> >
> > I'd run a full backup of the FreeIPA server weekly and
> incrementals
> > twice a day, all of them right after running ipa-backup.
> >
> > HTH
> >
> > /tony
> >
> >
> > On 13/06/18 10:07, Alfredo De Luca via FreeIPA-users wrote:
> > > thanks Peter.
> > > I know that having only one server it's not good thats' why
> > for now I just want to implement a backup/restore  process then
> > one/multiple replicas.
> > >
> > > About a retore... is it better to restore from a full backup
> > rather than only data backup?
> > >
> > >
> > > Cheers
> > > ___
> > > FreeIPA-users mailing list --
> > freeipa-users@lists.fedorahosted.org
> > 
> > > To unsubscribe send an email to
> > freeipa-users-le...@lists.fedorahosted.org
> > 
> > > Fedora Code of Conduct:
> https://getfedora.org/code-of-conduct.html
> > > List Guidelines:
> > https://fedoraproject.org/wiki/Mailing_list_guidelines
> > > List Archives:
> >
> https://lists.fedoraproject.org/archives/list/freeipa-users@lists.fedorahosted.org/message/ZQODAMCETRGPFZXWHDAMV3C2ASSQIEDS/
> > >
> >
> >
> > --
> > Tony Albers
> > Systems administrator, IT-development
> > Royal Danish Library, Victor Albecks Vej 1, 8000 Aarhus C,
> Denmark.
> > Tel: +45 2566 2383 / +45 8946 2316
> > ___
> > FreeIPA-users mailing list --
> > freeipa-users@lists.fedorahosted.org
> > 
> > To unsubscribe send an email to
> > freeipa-users-le...@lists.fedorahosted.org
> > 
> > Fedora Code of Conduct:
> https://getfedora.org/code-of-conduct.html
> > List Guidelines:
> > https://fedoraproject.org/wiki/Mailing_list_guidelines
> > List Archives:
> >
> https://lists.fedoraproject.org/archives/list/freeipa-users@lists.fedorahosted.org/message/XVJJI4RT4TSPGNTOTAP2Z56JNVLP4MES/
> >
> >
> >
> > --
> > /Alfredo/
> >
> >
> >
> > --
> > /Alfredo/
> >
> >
> >
> > ___
> > FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
> > To unsubscribe send an email to
> freeipa-users-le...@lists.fedorahosted.org
> > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
> > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> > List Archives:
> https://lists.fedoraproject.org/archives/list/freeipa-users@lists.fedorahosted.org/message/MZ4J2WAFT2FELS65TTYH23XZAHQXJIVM/
> >
>
>

-- 
*Alfredo*
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/freeipa-users@lists.fedorahosted.org/message/MC4BCY7PMBP33GGGLRPYYXHXEBQ4HKBG/

[Freeipa-users] Re: freeIPA backup

2018-06-18 Thread Rob Crittenden via FreeIPA-users 
Alfredo De Luca via FreeIPA-users wrote:
> Hi Tony et all.
> AFAIK if I perform a full backup, and one day I need to restore it , I
> can but only on the same machine/FQDN... is that right? So if I destroy
> the IPA server then create a new one with the same FQDN and options as
> the first time then I restore it should be fine? 

Yes. The same version of IPA is also required.

rob

> 
> Cheers
> Alfredo
> 
> 
> On Wed, Jun 13, 2018 at 5:49 PM Alfredo De Luca
> mailto:alfredo.del...@gmail.com>> wrote:
> 
> Thanks Tony. Appreciated. 
> 
> I will soon do that.
> Cheers
> 
> 
> On Wed, Jun 13, 2018 at 11:10 AM Tony Brian Albers via FreeIPA-users
>  > wrote:
> 
> Hi Alfredo,
> 
> As Peter says, use ipa-backup. I suggest running it twice a day,
> but
> that depends on how many changes you make in FreeIPA.
> 
> Then, get your backup software to backup /var/lib/ipa/backup
> some time
> after you've run ipa-backup. Or, get your backup software to run
> ipa-backup for you and then back up the destination folder.
> 
> It's always easier to restore a system from a full backup, but
> it takes
> time and demands many full backups which are large in size,
> demands a
> lot of storage and stresses your network.
> 
> I'd run a full backup of the FreeIPA server weekly and incrementals
> twice a day, all of them right after running ipa-backup.
> 
> HTH
> 
> /tony
> 
> 
> On 13/06/18 10:07, Alfredo De Luca via FreeIPA-users wrote:
> > thanks Peter.
> > I know that having only one server it's not good thats' why
> for now I just want to implement a backup/restore  process then
> one/multiple replicas.
> >
> > About a retore... is it better to restore from a full backup
> rather than only data backup?
> >
> >
> > Cheers
> > ___
> > FreeIPA-users mailing list --
> freeipa-users@lists.fedorahosted.org
> 
> > To unsubscribe send an email to
> freeipa-users-le...@lists.fedorahosted.org
> 
> > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
> > List Guidelines:
> https://fedoraproject.org/wiki/Mailing_list_guidelines
> > List Archives:
> 
> https://lists.fedoraproject.org/archives/list/freeipa-users@lists.fedorahosted.org/message/ZQODAMCETRGPFZXWHDAMV3C2ASSQIEDS/
> >
> 
> 
> -- 
> Tony Albers
> Systems administrator, IT-development
> Royal Danish Library, Victor Albecks Vej 1, 8000 Aarhus C, Denmark.
> Tel: +45 2566 2383 / +45 8946 2316
> ___
> FreeIPA-users mailing list --
> freeipa-users@lists.fedorahosted.org
> 
> To unsubscribe send an email to
> freeipa-users-le...@lists.fedorahosted.org
> 
> Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
> List Guidelines:
> https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
> 
> https://lists.fedoraproject.org/archives/list/freeipa-users@lists.fedorahosted.org/message/XVJJI4RT4TSPGNTOTAP2Z56JNVLP4MES/
> 
> 
> 
> -- 
> /Alfredo/
> 
> 
> 
> -- 
> /Alfredo/
> 
> 
> 
> ___
> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
> To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
> Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives: 
> https://lists.fedoraproject.org/archives/list/freeipa-users@lists.fedorahosted.org/message/MZ4J2WAFT2FELS65TTYH23XZAHQXJIVM/
> 
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/freeipa-users@lists.fedorahosted.org/message/J7MELRC4AZ7WDLZYRZT3IVZFCNHQ5TS3/

[Freeipa-users] Re: freeIPA backup

2018-06-18 Thread Alfredo De Luca via FreeIPA-users 
Hi Tony et all.
AFAIK if I perform a full backup, and one day I need to restore it , I can
but only on the same machine/FQDN... is that right? So if I destroy the IPA
server then create a new one with the same FQDN and options as the first
time then I restore it should be fine?

Cheers
Alfredo


On Wed, Jun 13, 2018 at 5:49 PM Alfredo De Luca 
wrote:

> Thanks Tony. Appreciated.
>
> I will soon do that.
> Cheers
>
>
> On Wed, Jun 13, 2018 at 11:10 AM Tony Brian Albers via FreeIPA-users <
> freeipa-users@lists.fedorahosted.org> wrote:
>
>> Hi Alfredo,
>>
>> As Peter says, use ipa-backup. I suggest running it twice a day, but
>> that depends on how many changes you make in FreeIPA.
>>
>> Then, get your backup software to backup /var/lib/ipa/backup some time
>> after you've run ipa-backup. Or, get your backup software to run
>> ipa-backup for you and then back up the destination folder.
>>
>> It's always easier to restore a system from a full backup, but it takes
>> time and demands many full backups which are large in size, demands a
>> lot of storage and stresses your network.
>>
>> I'd run a full backup of the FreeIPA server weekly and incrementals
>> twice a day, all of them right after running ipa-backup.
>>
>> HTH
>>
>> /tony
>>
>>
>> On 13/06/18 10:07, Alfredo De Luca via FreeIPA-users wrote:
>> > thanks Peter.
>> > I know that having only one server it's not good thats' why for now I
>> just want to implement a backup/restore  process then one/multiple replicas.
>> >
>> > About a retore... is it better to restore from a full backup rather
>> than only data backup?
>> >
>> >
>> > Cheers
>> > ___
>> > FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
>> > To unsubscribe send an email to
>> freeipa-users-le...@lists.fedorahosted.org
>> > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
>> > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
>> > List Archives:
>> https://lists.fedoraproject.org/archives/list/freeipa-users@lists.fedorahosted.org/message/ZQODAMCETRGPFZXWHDAMV3C2ASSQIEDS/
>> >
>>
>>
>> --
>> Tony Albers
>> Systems administrator, IT-development
>> Royal Danish Library, Victor Albecks Vej 1, 8000 Aarhus C, Denmark.
>> Tel: +45 2566 2383 / +45 8946 2316
>> ___
>> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
>> To unsubscribe send an email to
>> freeipa-users-le...@lists.fedorahosted.org
>> Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
>> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
>> List Archives:
>> https://lists.fedoraproject.org/archives/list/freeipa-users@lists.fedorahosted.org/message/XVJJI4RT4TSPGNTOTAP2Z56JNVLP4MES/
>>
>
>
> --
> *Alfredo*
>
>

-- 
*Alfredo*
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/freeipa-users@lists.fedorahosted.org/message/MZ4J2WAFT2FELS65TTYH23XZAHQXJIVM/

[Freeipa-users] Re: freeIPA backup

2018-06-13 Thread Alfredo De Luca via FreeIPA-users 
Thanks Tony. Appreciated.

I will soon do that.
Cheers


On Wed, Jun 13, 2018 at 11:10 AM Tony Brian Albers via FreeIPA-users <
freeipa-users@lists.fedorahosted.org> wrote:

> Hi Alfredo,
>
> As Peter says, use ipa-backup. I suggest running it twice a day, but
> that depends on how many changes you make in FreeIPA.
>
> Then, get your backup software to backup /var/lib/ipa/backup some time
> after you've run ipa-backup. Or, get your backup software to run
> ipa-backup for you and then back up the destination folder.
>
> It's always easier to restore a system from a full backup, but it takes
> time and demands many full backups which are large in size, demands a
> lot of storage and stresses your network.
>
> I'd run a full backup of the FreeIPA server weekly and incrementals
> twice a day, all of them right after running ipa-backup.
>
> HTH
>
> /tony
>
>
> On 13/06/18 10:07, Alfredo De Luca via FreeIPA-users wrote:
> > thanks Peter.
> > I know that having only one server it's not good thats' why for now I
> just want to implement a backup/restore  process then one/multiple replicas.
> >
> > About a retore... is it better to restore from a full backup rather than
> only data backup?
> >
> >
> > Cheers
> > ___
> > FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
> > To unsubscribe send an email to
> freeipa-users-le...@lists.fedorahosted.org
> > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
> > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> > List Archives:
> https://lists.fedoraproject.org/archives/list/freeipa-users@lists.fedorahosted.org/message/ZQODAMCETRGPFZXWHDAMV3C2ASSQIEDS/
> >
>
>
> --
> Tony Albers
> Systems administrator, IT-development
> Royal Danish Library, Victor Albecks Vej 1, 8000 Aarhus C, Denmark.
> Tel: +45 2566 2383 / +45 8946 2316
> ___
> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
> To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
> Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
> https://lists.fedoraproject.org/archives/list/freeipa-users@lists.fedorahosted.org/message/XVJJI4RT4TSPGNTOTAP2Z56JNVLP4MES/
>


-- 
*Alfredo*
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/freeipa-users@lists.fedorahosted.org/message/JEX2SN2BLATKFESDTRSUDNWEW4TPSOWV/

[Freeipa-users] Re: freeIPA backup

2018-06-13 Thread Tony Brian Albers via FreeIPA-users 
Hi Alfredo,

As Peter says, use ipa-backup. I suggest running it twice a day, but 
that depends on how many changes you make in FreeIPA.

Then, get your backup software to backup /var/lib/ipa/backup some time 
after you've run ipa-backup. Or, get your backup software to run 
ipa-backup for you and then back up the destination folder.

It's always easier to restore a system from a full backup, but it takes 
time and demands many full backups which are large in size, demands a 
lot of storage and stresses your network.

I'd run a full backup of the FreeIPA server weekly and incrementals 
twice a day, all of them right after running ipa-backup.

HTH

/tony


On 13/06/18 10:07, Alfredo De Luca via FreeIPA-users wrote:
> thanks Peter.
> I know that having only one server it's not good thats' why for now I just 
> want to implement a backup/restore  process then one/multiple replicas.
> 
> About a retore... is it better to restore from a full backup rather than only 
> data backup?
> 
> 
> Cheers
> ___
> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
> To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
> Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives: 
> https://lists.fedoraproject.org/archives/list/freeipa-users@lists.fedorahosted.org/message/ZQODAMCETRGPFZXWHDAMV3C2ASSQIEDS/
> 


-- 
Tony Albers
Systems administrator, IT-development
Royal Danish Library, Victor Albecks Vej 1, 8000 Aarhus C, Denmark.
Tel: +45 2566 2383 / +45 8946 2316
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/freeipa-users@lists.fedorahosted.org/message/XVJJI4RT4TSPGNTOTAP2Z56JNVLP4MES/

[Freeipa-users] Re: freeIPA backup

2018-06-13 Thread Alfredo De Luca via FreeIPA-users 
thanks Peter. 
I know that having only one server it's not good thats' why for now I just want 
to implement a backup/restore  process then one/multiple replicas. 

About a retore... is it better to restore from a full backup rather than only 
data backup? 


Cheers
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/freeipa-users@lists.fedorahosted.org/message/ZQODAMCETRGPFZXWHDAMV3C2ASSQIEDS/

[Freeipa-users] Re: freeIPA backup

2018-06-11 Thread Peter Larsen via FreeIPA-users 
On 06/11/2018 09:10 AM, Alfredo De Luca via FreeIPA-users wrote:
> Hi all. 
> What's the best procedure/practice  to periodically perform a backup on
> a single freeipa server with CA? 

Best practice is to NOT have just a single server.

Backup shuts down IPA for a short period of time, so you have to focus
on a schedule where impact of a downed identification server has the
least impact. In busy environments, that's hard - very hard, hence the
need for redundancy.

Each "ipa-backup" run is a full backup, so the rest is pretty simple.
How far back do you want to be able to restore things? Well, backup at
twice the interval for that, and once the "ipa-backup" is complete,
backup /var/lib/ipa/backup to tape or offsite (before you do that, you
encrypt, and DON'T ship the private encryption key AND the data at the
same time).

> Cheers
> 
> -- 
> /Alfredo/
> 
> 
> 
> ___
> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
> To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
> Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives: 
> https://lists.fedoraproject.org/archives/list/freeipa-users@lists.fedorahosted.org/message/KKKIFFZZQS4V562HUWYYR6FHGEA4KOYL/
> 

-- 
Regards
  Peter Larsen
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/freeipa-users@lists.fedorahosted.org/message/SOPHHMUU3KS6WMQVSS2SU7OBGLQPL6KX/