[Freeipa-users] Re: Backup idea of disaster

Wed, 28 Feb 2018 23:20:12 -0800 

On 03/01/2018 12:10 AM, barrykfl--- via FreeIPA-users wrote:

any ref. full backup.of 4.5?
I only can found v3 . will it recover all cert ca  related ? I tried such recover in v3 it seem it broken the relationship of others agreement. or I missed the backup of some files. 


Hi,


you can find the doc for 4.5 in 
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/linux_domain_identity_authentication_and_policy_guide/backup-restore


The full backup of a master with CA also contains the certs and the CA.

HTH,
Flo


is it possible to use very old vm image plus the regular ldif backup 
recovery?



2018年3月1日 上午7:02 於 "Rob Crittenden" <rcrit...@redhat.com 
<mailto:rcrit...@redhat.com>> 寫道:


    barrykfl--- via FreeIPA-users wrote:
     > Hi all:
     >
     > any one has better solution of freeipa backup ? assume all ldap
    db crash
     > ,all ca fail, no backup of cert ...etc but need cleanly install
    one with
     > same hostname.
     >
     > and we have /usr/sbin/ipa-backup ldif backup .
     >
     > Can I use an old image but restore back  ldif such backup?
     >
     > or any better solution for clean install with this ldif copy.

    If you have a full backup of a master with a CA and have saved it
    off-machine and your machine dies then you can re-install using the
    EXACT SAME OPTIONS.

    Then restore the backup. Then re-initialize all other masters (this
    should all be documented already).

    If you have only one master with a CA and it dies and you have no
    backups then you are pretty much hosed at the moment.

    IPA is so much more than just an LDIF.

    _Could_ you use an LDIF to restore the data minus the certs? Yeah,
    probably, with a whole ton of work and expertise. Would it be worth the
    trouble and would you ever fully trust that you got it 100% right?

    The best solution is to maintain multiple masters and > 1 CA. If one
    dies then you delete it and provision a new master. You can maintain the
    old name if you want.

    Or if you use VMs you can use disk snapshots to maintain backups.

    rob



_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org


_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org






















					Reply via email to