ic ..but the full restore can success run in clean installed master with new CA overwrite?
e.g. master with CA and ldap all crashed with replication servers but data aslo crashed...can it be use as restore using the same hostname and rebuild the replication agreements with others? 2018-03-01 15:19 GMT+08:00 Florence Blanc-Renaud <f...@redhat.com>: > On 03/01/2018 12:10 AM, barrykfl--- via FreeIPA-users wrote: > >> any ref. full backup.of 4.5? >> I only can found v3 . will it recover all cert ca related ? I tried such >> recover in v3 it seem it broken the relationship of others agreement. or I >> missed the backup of some files. >> >> Hi, > > you can find the doc for 4.5 in https://access.redhat.com/docu > mentation/en-us/red_hat_enterprise_linux/7/html/linux_domain > _identity_authentication_and_policy_guide/backup-restore > > The full backup of a master with CA also contains the certs and the CA. > > HTH, > Flo > > is it possible to use very old vm image plus the regular ldif backup >> recovery? >> >> 2018年3月1日 上午7:02 於 "Rob Crittenden" <rcrit...@redhat.com <mailto: >> rcrit...@redhat.com>> 寫道: >> >> barrykfl--- via FreeIPA-users wrote: >> > Hi all: >> > >> > any one has better solution of freeipa backup ? assume all ldap >> db crash >> > ,all ca fail, no backup of cert ...etc but need cleanly install >> one with >> > same hostname. >> > >> > and we have /usr/sbin/ipa-backup ldif backup . >> > >> > Can I use an old image but restore back ldif such backup? >> > >> > or any better solution for clean install with this ldif copy. >> >> If you have a full backup of a master with a CA and have saved it >> off-machine and your machine dies then you can re-install using the >> EXACT SAME OPTIONS. >> >> Then restore the backup. Then re-initialize all other masters (this >> should all be documented already). >> >> If you have only one master with a CA and it dies and you have no >> backups then you are pretty much hosed at the moment. >> >> IPA is so much more than just an LDIF. >> >> _Could_ you use an LDIF to restore the data minus the certs? Yeah, >> probably, with a whole ton of work and expertise. Would it be worth >> the >> trouble and would you ever fully trust that you got it 100% right? >> >> The best solution is to maintain multiple masters and > 1 CA. If one >> dies then you delete it and provision a new master. You can maintain >> the >> old name if you want. >> >> Or if you use VMs you can use disk snapshots to maintain backups. >> >> rob >> >> >> >> _______________________________________________ >> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org >> To unsubscribe send an email to freeipa-users-le...@lists.fedo >> rahosted.org >> >> >
_______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
