Darrell May wrote:
>
> Hi Jason, firstly, there is NO problem with a tape-restore executed via
> the e-smith-manager.
Excellent, the most important thing from our standpoint obviously.
>
> What I had asked is:
> > If this happens and the correct password file is overwritten, is there
> > an easy way to recover from this?
>
> You reply provided my answer as /etc/openldap/ldap.pw actually contains
> the valid and correct password so the problem I mention above has an
> easy solution. Simply edit the /root/.my.cnf with the password from
> /etc/openldap/ldap.pw and access to mysql is returned.
Yep. That would work nicely, as you'll see lower in the response.
>
> Taking this example further, both of these files are 'key' files and
> should be excluded from any command-line restore. It may be advisable
> to create an 'exclusion list' noting all the key files that
> should not be restored via a command-line restore. You know that
> since this ability exists users will undoubtedly try command-line
> restores.
Comments later.
>
> You had also commented:
> > The script is supposed to grab the *new* contents of
> > /etc/openldap/ldap.pw from the fresh installation of the machine and
> > RESET the mysql password accordingly, including .my.cnf - so as far as
> > well can tell it works like its expected to. So, on a
> > restore your root
> > password changes for mysql. Since we only support mysql for webmail,
> > and we use the new contents of .my.cnf to gain access, it shouldn't
> > break your connection.
>
> As far as I can determine, and again I will note I am not an expert
> on understanding scripts, but in this case, the restore script:
>
> /etc/e-smith/events/actions/tape-restore-flexbackup
>
> only restores the /root/.ssh file and does not in any way do what you
> mention above, nor does it have to for a typical restore, at least from
> what I can gather.
>
> my @restore = (
> 'home/e-smith',
> 'etc/e-smith/templates-custom',
> 'etc/ssh',
> 'root/.ssh',
> 'etc/passwd',
> 'etc/shadow',
> 'etc/group',
> 'etc/gshadow',
> 'etc/smbpasswd',
>
> Did I miss something? Only if a user performs a command-line restore
> of the /root directory and overwrites the correct .my.cnf file is this
> an issue anyhow.
Agreed, it is not directly included in the restore file. However, the
e-smith manager takes things one step further, performing
/sbin/e-smith/signal-event post-upgrade
which includes this symlink to an action script:
/etc/e-smith/events/post-upgrade/S75mysql-import-tables
And this one does what I mentioned (overwriting /root/my.cnf with the
contents of /etc/openldap/ldap.pw). Sorry for the confusion, I should
have been more specific. So its the post-upgrade event that makes these
changes to ensure that mysql is still functional using a new root
password, etc., not the actual 'restore' process. We neither backup the
/root/my.cnf nor restore it, we just 'overwrite it' as part of the
process.
>
> Regards,
>
> Darrell
>
Thanks for the report, hope that helps a little.
Jay
--
Jason D. Miller Senior Software Developer +1 613.564.8000 e.4387
[EMAIL PROTECTED] www.e-smith.com direct: +1 613.368.4387
Toll Free (Canada/US) +1 888.ESMITH.1
Fax +1 613.564.7739