On 05/03/2018 09:57, Barry via FreeIPA-users wrote:
Hi: the link u provided mentioned similar :
9.2. RESTORING A BACKUP
If you have a directory with a backup created using
ipa-backup
, you can restore your IdM
server or the LDAP content to the state in which they were when the
backup was
performed. You cannot restore a backup on a host different from the host
on which the
backup was originally created
Hi,
this means that you need to restore on a host with the same hostname,
and same IPA version. It can be a different machine (a new VM or a new
physical system). The procedure in the doc will allow to recover the IPA
master from the backup.
HTH,
Flo
Is it meant if I clean install using same host name ( a total new host)
and restore using the backup
it will fail right ?.. The disaster meant all hosts fail I need clean
install the first host can I use the that restore method ?
2018-03-05 16:31 GMT+08:00 Florence Blanc-Renaud <f...@redhat.com
<mailto:f...@redhat.com>>:
On 04/03/2018 02:28, barrykfl--- via FreeIPA-users wrote:
Tried those command before ,,,seem the web page and LDAP
separate or I missed some parts.
it can turn on the ldap but the web page not allow to login
...mostly it related to ?
Hi,
on which system do you have trouble accessing the web GUI? the master?
In this case, can you paste the exact command you ran for restore,
and the exact error message you see when trying to authenticate to
the web? The httpd error log may also be helpful (/var/log/httpd/error).
Flo
2018-03-02 17:24 GMT+08:00 Florence Blanc-Renaud <f...@redhat.com
<mailto:f...@redhat.com> <mailto:f...@redhat.com
<mailto:f...@redhat.com>>>:
On 01/03/2018 10:37, barrykfl--- via FreeIPA-users wrote:
ic ..but the full restore can success run in clean
installed
master with new CA overwrite?
e.g. master with CA and ldap all crashed with replication
servers but data aslo crashed...can it be use as
restore using
the same hostname and rebuild the replication
agreements with
others?
Hi,
yes, the doc explains how to restore in a multi-master
environment:
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/linux_domain_identity_authentication_and_policy_guide/restore#restore-multiple-masters
<https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/linux_domain_identity_authentication_and_policy_guide/restore#restore-multiple-masters>
<https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/linux_domain_identity_authentication_and_policy_guide/restore#restore-multiple-masters
<https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/linux_domain_identity_authentication_and_policy_guide/restore#restore-multiple-masters>>
HTH,
Flo
2018-03-01 15:19 GMT+08:00 Florence Blanc-Renaud
<f...@redhat.com <mailto:f...@redhat.com>
<mailto:f...@redhat.com <mailto:f...@redhat.com>>
<mailto:f...@redhat.com <mailto:f...@redhat.com>
<mailto:f...@redhat.com <mailto:f...@redhat.com>>>>:
On 03/01/2018 12:10 AM, barrykfl--- via
FreeIPA-users wrote:
any ref. full backup.of 4.5?
I only can found v3 . will it recover all cert
ca related ? I
tried such recover in v3 it seem it broken the
relationship of
others agreement. or I missed the backup of
some files.
Hi,
you can find the doc for 4.5 in
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/linux_domain_identity_authentication_and_policy_guide/backup-restore
<https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/linux_domain_identity_authentication_and_policy_guide/backup-restore>
<https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/linux_domain_identity_authentication_and_policy_guide/backup-restore
<https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/linux_domain_identity_authentication_and_policy_guide/backup-restore>>
<https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/linux_domain_identity_authentication_and_policy_guide/backup-restore
<https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/linux_domain_identity_authentication_and_policy_guide/backup-restore>
<https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/linux_domain_identity_authentication_and_policy_guide/backup-restore
<https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/linux_domain_identity_authentication_and_policy_guide/backup-restore>>>
The full backup of a master with CA also contains
the certs
and the CA.
HTH,
Flo
is it possible to use very old vm image plus the
regular ldif
backup recovery?
2018年3月1日 上午7:02 於 "Rob Crittenden"
<rcrit...@redhat.com <mailto:rcrit...@redhat.com>
<mailto:rcrit...@redhat.com <mailto:rcrit...@redhat.com>>
<mailto:rcrit...@redhat.com
<mailto:rcrit...@redhat.com>
<mailto:rcrit...@redhat.com
<mailto:rcrit...@redhat.com>>> <mailto:rcrit...@redhat.com
<mailto:rcrit...@redhat.com>
<mailto:rcrit...@redhat.com <mailto:rcrit...@redhat.com>>
<mailto:rcrit...@redhat.com
<mailto:rcrit...@redhat.com>
<mailto:rcrit...@redhat.com
<mailto:rcrit...@redhat.com>>>>> 寫道:
barrykfl--- via FreeIPA-users wrote:
> Hi all:
>
> any one has better solution of freeipa
backup ?
assume
all ldap
db crash
> ,all ca fail, no backup of cert ...etc
but need
cleanly
install
one with
> same hostname.
>
> and we have /usr/sbin/ipa-backup ldif
backup .
>
> Can I use an old image but restore
back ldif
such backup?
>
> or any better solution for clean
install with
this ldif
copy.
If you have a full backup of a master
with a CA
and have
saved it
off-machine and your machine dies then
you can
re-install
using the
EXACT SAME OPTIONS.
Then restore the backup. Then
re-initialize all other
masters (this
should all be documented already).
If you have only one master with a CA and
it dies
and you
have no
backups then you are pretty much hosed at
the moment.
IPA is so much more than just an LDIF.
_Could_ you use an LDIF to restore the
data minus the
certs? Yeah,
probably, with a whole ton of work and
expertise.
Would it
be worth the
trouble and would you ever fully trust
that you
got it 100%
right?
The best solution is to maintain multiple
masters
and > 1
CA. If one
dies then you delete it and provision a new
master. You can
maintain the
old name if you want.
Or if you use VMs you can use disk
snapshots to
maintain
backups.
rob
_______________________________________________
FreeIPA-users mailing list --
freeipa-users@lists.fedorahosted.org
<mailto:freeipa-users@lists.fedorahosted.org>
<mailto:freeipa-users@lists.fedorahosted.org
<mailto:freeipa-users@lists.fedorahosted.org>>
<mailto:freeipa-users@lists.fedorahosted.org
<mailto:freeipa-users@lists.fedorahosted.org>
<mailto:freeipa-users@lists.fedorahosted.org
<mailto:freeipa-users@lists.fedorahosted.org>>>
To unsubscribe send an email to
freeipa-users-le...@lists.fedorahosted.org
<mailto:freeipa-users-le...@lists.fedorahosted.org>
<mailto:freeipa-users-le...@lists.fedorahosted.org
<mailto:freeipa-users-le...@lists.fedorahosted.org>>
<mailto:freeipa-users-le...@lists.fedorahosted.org
<mailto:freeipa-users-le...@lists.fedorahosted.org>
<mailto:freeipa-users-le...@lists.fedorahosted.org
<mailto:freeipa-users-le...@lists.fedorahosted.org>>>
_______________________________________________
FreeIPA-users mailing list --
freeipa-users@lists.fedorahosted.org
<mailto:freeipa-users@lists.fedorahosted.org>
<mailto:freeipa-users@lists.fedorahosted.org
<mailto:freeipa-users@lists.fedorahosted.org>>
To unsubscribe send an email to
freeipa-users-le...@lists.fedorahosted.org
<mailto:freeipa-users-le...@lists.fedorahosted.org>
<mailto:freeipa-users-le...@lists.fedorahosted.org
<mailto:freeipa-users-le...@lists.fedorahosted.org>>
_______________________________________________
FreeIPA-users mailing list --
freeipa-users@lists.fedorahosted.org
<mailto:freeipa-users@lists.fedorahosted.org>
To unsubscribe send an email to
freeipa-users-le...@lists.fedorahosted.org
<mailto:freeipa-users-le...@lists.fedorahosted.org>
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org