On 05/03/2018 09:57, Barry via FreeIPA-users wrote:
Hi: the link u provided mentioned similar :

9.2. RESTORING A BACKUP

If you have a directory with a backup created using

ipa-backup

, you can restore your IdM

server or the LDAP content to the state in which they were when the backup was

performed. You cannot restore a backup on a host different from the host on which the

backup was originally created

Hi,

this means that you need to restore on a host with the same hostname, and same IPA version. It can be a different machine (a new VM or a new physical system). The procedure in the doc will allow to recover the IPA master from the backup.

HTH,
Flo


Is it meant if I clean install using same host name ( a total new host) and restore using the backup

it will fail right ?.. The disaster meant all hosts fail I need clean install the first host can I use the that restore method ?


2018-03-05 16:31 GMT+08:00 Florence Blanc-Renaud <f...@redhat.com <mailto:f...@redhat.com>>:

    On 04/03/2018 02:28, barrykfl--- via FreeIPA-users wrote:

        Tried those command before ,,,seem the web page and LDAP
        separate or I missed some parts.
        it can turn on the ldap but the web page not allow to login
        ...mostly it related to ?

    Hi,

    on which system do you have trouble accessing the web GUI? the master?
    In this case, can you paste the exact command you ran for restore,
    and the exact error message you see when trying to authenticate to
    the web? The httpd error log may also be helpful (/var/log/httpd/error).

    Flo

        2018-03-02 17:24 GMT+08:00 Florence Blanc-Renaud <f...@redhat.com
        <mailto:f...@redhat.com> <mailto:f...@redhat.com
        <mailto:f...@redhat.com>>>:

             On 01/03/2018 10:37, barrykfl--- via FreeIPA-users wrote:

                 ic ..but the full restore can success run in clean
        installed
                 master with new CA overwrite?

                 e.g. master with CA and ldap all crashed with replication
                 servers but data aslo crashed...can it be use as
        restore using
                 the same hostname   and rebuild the replication
        agreements with
                 others?

             Hi,

             yes, the doc explains how to restore in a multi-master
        environment:
        
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/linux_domain_identity_authentication_and_policy_guide/restore#restore-multiple-masters
        
<https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/linux_domain_identity_authentication_and_policy_guide/restore#restore-multiple-masters>
<https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/linux_domain_identity_authentication_and_policy_guide/restore#restore-multiple-masters
        
<https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/linux_domain_identity_authentication_and_policy_guide/restore#restore-multiple-masters>>

             HTH,
             Flo

                 2018-03-01 15:19 GMT+08:00 Florence Blanc-Renaud
        <f...@redhat.com <mailto:f...@redhat.com>
                 <mailto:f...@redhat.com <mailto:f...@redhat.com>>
        <mailto:f...@redhat.com <mailto:f...@redhat.com>
                 <mailto:f...@redhat.com <mailto:f...@redhat.com>>>>:

                      On 03/01/2018 12:10 AM, barrykfl--- via
        FreeIPA-users wrote:

                          any ref. full backup.of 4.5?
                          I only can found v3 . will it recover all cert
        ca         related ? I
                          tried such recover in v3 it seem it broken the
                 relationship of
                          others agreement. or I missed the backup of
        some files.

                      Hi,

                      you can find the doc for 4.5 in
        
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/linux_domain_identity_authentication_and_policy_guide/backup-restore
        
<https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/linux_domain_identity_authentication_and_policy_guide/backup-restore>
<https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/linux_domain_identity_authentication_and_policy_guide/backup-restore
        
<https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/linux_domain_identity_authentication_and_policy_guide/backup-restore>>
<https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/linux_domain_identity_authentication_and_policy_guide/backup-restore
        
<https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/linux_domain_identity_authentication_and_policy_guide/backup-restore>
<https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/linux_domain_identity_authentication_and_policy_guide/backup-restore
        
<https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/linux_domain_identity_authentication_and_policy_guide/backup-restore>>>

                      The full backup of a master with CA also contains
        the certs
                 and the CA.

                      HTH,
                      Flo

                          is it possible to use very old vm image plus the
                 regular ldif
                          backup recovery?

                          2018年3月1日 上午7:02 於 "Rob Crittenden"
                 <rcrit...@redhat.com <mailto:rcrit...@redhat.com>
        <mailto:rcrit...@redhat.com <mailto:rcrit...@redhat.com>>
                          <mailto:rcrit...@redhat.com
        <mailto:rcrit...@redhat.com>
                 <mailto:rcrit...@redhat.com
        <mailto:rcrit...@redhat.com>>> <mailto:rcrit...@redhat.com
        <mailto:rcrit...@redhat.com>

                 <mailto:rcrit...@redhat.com <mailto:rcrit...@redhat.com>>

                          <mailto:rcrit...@redhat.com
        <mailto:rcrit...@redhat.com>
                 <mailto:rcrit...@redhat.com
        <mailto:rcrit...@redhat.com>>>>> 寫道:

                               barrykfl--- via FreeIPA-users wrote:
                                > Hi all:
                                >
                                > any one has better solution of freeipa
        backup ?
                 assume
                          all ldap
                               db crash
                                > ,all ca fail, no backup of cert ...etc
        but need
                 cleanly
                          install
                               one with
                                > same hostname.
                                >
                                > and we have /usr/sbin/ipa-backup ldif
        backup .
                                >
                                > Can I use an old image but restore
        back  ldif
                 such backup?
                                >
                                > or any better solution for clean
        install with
                 this ldif
                          copy.

                               If you have a full backup of a master
        with a CA
                 and have
                          saved it
                               off-machine and your machine dies then
        you can
                 re-install
                          using the
                               EXACT SAME OPTIONS.

                               Then restore the backup. Then
        re-initialize all other
                          masters (this
                               should all be documented already).

                               If you have only one master with a CA and
        it dies
                 and you
                          have no
                               backups then you are pretty much hosed at
        the moment.

                               IPA is so much more than just an LDIF.

                               _Could_ you use an LDIF to restore the
        data minus the
                          certs? Yeah,
                               probably, with a whole ton of work and
        expertise.
                 Would it
                          be worth the
                               trouble and would you ever fully trust
        that you
                 got it 100%
                          right?

                               The best solution is to maintain multiple
        masters
                 and > 1
                          CA. If one
                               dies then you delete it and provision a new
                 master. You can
                          maintain the
                               old name if you want.

                               Or if you use VMs you can use disk
        snapshots to
                 maintain
                          backups.

                               rob



                          _______________________________________________
                          FreeIPA-users mailing list --
        freeipa-users@lists.fedorahosted.org
        <mailto:freeipa-users@lists.fedorahosted.org>
                 <mailto:freeipa-users@lists.fedorahosted.org
        <mailto:freeipa-users@lists.fedorahosted.org>>
                          <mailto:freeipa-users@lists.fedorahosted.org
        <mailto:freeipa-users@lists.fedorahosted.org>
                 <mailto:freeipa-users@lists.fedorahosted.org
        <mailto:freeipa-users@lists.fedorahosted.org>>>
                          To unsubscribe send an email to
        freeipa-users-le...@lists.fedorahosted.org
        <mailto:freeipa-users-le...@lists.fedorahosted.org>
                 <mailto:freeipa-users-le...@lists.fedorahosted.org
        <mailto:freeipa-users-le...@lists.fedorahosted.org>>
<mailto:freeipa-users-le...@lists.fedorahosted.org
        <mailto:freeipa-users-le...@lists.fedorahosted.org>
                 <mailto:freeipa-users-le...@lists.fedorahosted.org
        <mailto:freeipa-users-le...@lists.fedorahosted.org>>>





                 _______________________________________________
                 FreeIPA-users mailing list --
        freeipa-users@lists.fedorahosted.org
        <mailto:freeipa-users@lists.fedorahosted.org>
                 <mailto:freeipa-users@lists.fedorahosted.org
        <mailto:freeipa-users@lists.fedorahosted.org>>
                 To unsubscribe send an email to
        freeipa-users-le...@lists.fedorahosted.org
        <mailto:freeipa-users-le...@lists.fedorahosted.org>
                 <mailto:freeipa-users-le...@lists.fedorahosted.org
        <mailto:freeipa-users-le...@lists.fedorahosted.org>>





        _______________________________________________
        FreeIPA-users mailing list --
        freeipa-users@lists.fedorahosted.org
        <mailto:freeipa-users@lists.fedorahosted.org>
        To unsubscribe send an email to
        freeipa-users-le...@lists.fedorahosted.org
        <mailto:freeipa-users-le...@lists.fedorahosted.org>





_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to