Hi: the link u provided mentioned similar :

9.2. RESTORING A BACKUP

If you have a directory with a backup created using

ipa-backup

, you can restore your IdM

server or the LDAP content to the state in which they were when the backup
was

performed. You cannot restore a backup on a host different from the host on
which the

backup was originally created


Is it meant if I clean install using same host name ( a total new host) and
restore using the backup

it will fail right ?.. The disaster meant all hosts fail I need clean
install the first host can I use the that restore method ?

2018-03-05 16:31 GMT+08:00 Florence Blanc-Renaud <f...@redhat.com>:

> On 04/03/2018 02:28, barrykfl--- via FreeIPA-users wrote:
>
>> Tried those command before ,,,seem the web page and LDAP separate or I
>> missed some parts.
>> it can turn on the ldap but the web page not allow to login ...mostly it
>> related to ?
>>
>> Hi,
>
> on which system do you have trouble accessing the web GUI? the master?
> In this case, can you paste the exact command you ran for restore, and the
> exact error message you see when trying to authenticate to the web? The
> httpd error log may also be helpful (/var/log/httpd/error).
>
> Flo
>
> 2018-03-02 17:24 GMT+08:00 Florence Blanc-Renaud <f...@redhat.com <mailto:
>> f...@redhat.com>>:
>>
>>     On 01/03/2018 10:37, barrykfl--- via FreeIPA-users wrote:
>>
>>         ic ..but the full restore can success run in clean installed
>>         master with new CA overwrite?
>>
>>         e.g. master with CA and ldap all crashed with replication
>>         servers but data aslo crashed...can it be use as restore using
>>         the same hostname   and rebuild the replication agreements with
>>         others?
>>
>>     Hi,
>>
>>     yes, the doc explains how to restore in a multi-master environment:
>>     https://access.redhat.com/documentation/en-us/red_hat_enterp
>> rise_linux/7/html/linux_domain_identity_authentication_and_
>> policy_guide/restore#restore-multiple-masters
>>     <https://access.redhat.com/documentation/en-us/red_hat_enter
>> prise_linux/7/html/linux_domain_identity_authentication_and_
>> policy_guide/restore#restore-multiple-masters>
>>
>>     HTH,
>>     Flo
>>
>>         2018-03-01 15:19 GMT+08:00 Florence Blanc-Renaud <f...@redhat.com
>>         <mailto:f...@redhat.com> <mailto:f...@redhat.com
>>         <mailto:f...@redhat.com>>>:
>>
>>              On 03/01/2018 12:10 AM, barrykfl--- via FreeIPA-users wrote:
>>
>>                  any ref. full backup.of 4.5?
>>                  I only can found v3 . will it recover all cert ca
>>  related ? I
>>                  tried such recover in v3 it seem it broken the
>>         relationship of
>>                  others agreement. or I missed the backup of some files.
>>
>>              Hi,
>>
>>              you can find the doc for 4.5 in
>>         https://access.redhat.com/documentation/en-us/red_hat_enterp
>> rise_linux/7/html/linux_domain_identity_authentication_and_
>> policy_guide/backup-restore
>>         <https://access.redhat.com/documentation/en-us/red_hat_enter
>> prise_linux/7/html/linux_domain_identity_authentication_and_
>> policy_guide/backup-restore>
>>                     <https://access.redhat.com/doc
>> umentation/en-us/red_hat_enterprise_linux/7/html/linux_domai
>> n_identity_authentication_and_policy_guide/backup-restore
>>         <https://access.redhat.com/documentation/en-us/red_hat_enter
>> prise_linux/7/html/linux_domain_identity_authentication_and_
>> policy_guide/backup-restore>>
>>
>>              The full backup of a master with CA also contains the certs
>>         and the CA.
>>
>>              HTH,
>>              Flo
>>
>>                  is it possible to use very old vm image plus the
>>         regular ldif
>>                  backup recovery?
>>
>>                  2018年3月1日 上午7:02 於 "Rob Crittenden"
>>         <rcrit...@redhat.com <mailto:rcrit...@redhat.com>
>>                  <mailto:rcrit...@redhat.com
>>         <mailto:rcrit...@redhat.com>> <mailto:rcrit...@redhat.com
>>
>>         <mailto:rcrit...@redhat.com>
>>
>>                  <mailto:rcrit...@redhat.com
>>         <mailto:rcrit...@redhat.com>>>> 寫道:
>>
>>                       barrykfl--- via FreeIPA-users wrote:
>>                        > Hi all:
>>                        >
>>                        > any one has better solution of freeipa backup ?
>>         assume
>>                  all ldap
>>                       db crash
>>                        > ,all ca fail, no backup of cert ...etc but need
>>         cleanly
>>                  install
>>                       one with
>>                        > same hostname.
>>                        >
>>                        > and we have /usr/sbin/ipa-backup ldif backup .
>>                        >
>>                        > Can I use an old image but restore back  ldif
>>         such backup?
>>                        >
>>                        > or any better solution for clean install with
>>         this ldif
>>                  copy.
>>
>>                       If you have a full backup of a master with a CA
>>         and have
>>                  saved it
>>                       off-machine and your machine dies then you can
>>         re-install
>>                  using the
>>                       EXACT SAME OPTIONS.
>>
>>                       Then restore the backup. Then re-initialize all
>> other
>>                  masters (this
>>                       should all be documented already).
>>
>>                       If you have only one master with a CA and it dies
>>         and you
>>                  have no
>>                       backups then you are pretty much hosed at the
>> moment.
>>
>>                       IPA is so much more than just an LDIF.
>>
>>                       _Could_ you use an LDIF to restore the data minus
>> the
>>                  certs? Yeah,
>>                       probably, with a whole ton of work and expertise.
>>         Would it
>>                  be worth the
>>                       trouble and would you ever fully trust that you
>>         got it 100%
>>                  right?
>>
>>                       The best solution is to maintain multiple masters
>>         and > 1
>>                  CA. If one
>>                       dies then you delete it and provision a new
>>         master. You can
>>                  maintain the
>>                       old name if you want.
>>
>>                       Or if you use VMs you can use disk snapshots to
>>         maintain
>>                  backups.
>>
>>                       rob
>>
>>
>>
>>                  _______________________________________________
>>                  FreeIPA-users mailing list --
>>         freeipa-users@lists.fedorahosted.org
>>         <mailto:freeipa-users@lists.fedorahosted.org>
>>                  <mailto:freeipa-users@lists.fedorahosted.org
>>         <mailto:freeipa-users@lists.fedorahosted.org>>
>>                  To unsubscribe send an email to
>>         freeipa-users-le...@lists.fedorahosted.org
>>         <mailto:freeipa-users-le...@lists.fedorahosted.org>
>>                  <mailto:freeipa-users-le...@lists.fedorahosted.org
>>         <mailto:freeipa-users-le...@lists.fedorahosted.org>>
>>
>>
>>
>>
>>
>>         _______________________________________________
>>         FreeIPA-users mailing list --
>>         freeipa-users@lists.fedorahosted.org
>>         <mailto:freeipa-users@lists.fedorahosted.org>
>>         To unsubscribe send an email to
>>         freeipa-users-le...@lists.fedorahosted.org
>>         <mailto:freeipa-users-le...@lists.fedorahosted.org>
>>
>>
>>
>>
>>
>> _______________________________________________
>> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
>> To unsubscribe send an email to freeipa-users-le...@lists.fedo
>> rahosted.org
>>
>>
>
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to