On 01/03/2018 10:37, barrykfl--- via FreeIPA-users wrote:
ic ..but the full restore can success run in clean installed master with new CA overwrite?Hi,
e.g. master with CA and ldap all crashed with replication servers but data aslo crashed...can it be use as restore using the same hostname and rebuild the replication agreements with others?
yes, the doc explains how to restore in a multi-master environment:
https://access.redhat.com/documentation/en-us/red_hat_enterp rise_linux/7/html/linux_domain _identity_authentication_and_ policy_guide/restore#restore-m ultiple-masters
HTH,
Flo
2018-03-01 15:19 GMT+08:00 Florence Blanc-Renaud <flo@redhat.com <mailto:flo@redhat.com>>:
On 03/01/2018 12:10 AM, barrykfl--- via FreeIPA-users wrote:
any ref. full backup.of 4.5?
I only can found v3 . will it recover all cert ca related ? I
tried such recover in v3 it seem it broken the relationship of
others agreement. or I missed the backup of some files.
Hi,
you can find the doc for 4.5 in
https://access.redhat.com/documentation/en-us/red_hat_enterp rise_linux/7/html/linux_domain _identity_authentication_and_ policy_guide/backup-restore
<https://access.redhat.com/documentation/en-us/red_hat_enter >prise_linux/7/html/linux_domai n_identity_authentication_and_ policy_guide/backup-restore
The full backup of a master with CA also contains the certs and the CA.
HTH,
Flo
is it possible to use very old vm image plus the regular ldif
backup recovery?
2018年3月1日 上午7:02 於 "Rob Crittenden" <rcritten@redhat.com
<mailto:rcritten@redhat.com> <mailto:rcritten@redhat.com<mailto:freeipa-users@lists.fe
<mailto:rcritten@redhat.com>>> 寫道:
barrykfl--- via FreeIPA-users wrote:
> Hi all:
>
> any one has better solution of freeipa backup ? assume
all ldap
db crash
> ,all ca fail, no backup of cert ...etc but need cleanly
install
one with
> same hostname.
>
> and we have /usr/sbin/ipa-backup ldif backup .
>
> Can I use an old image but restore back ldif such backup?
>
> or any better solution for clean install with this ldif
copy.
If you have a full backup of a master with a CA and have
saved it
off-machine and your machine dies then you can re-install
using the
EXACT SAME OPTIONS.
Then restore the backup. Then re-initialize all other
masters (this
should all be documented already).
If you have only one master with a CA and it dies and you
have no
backups then you are pretty much hosed at the moment.
IPA is so much more than just an LDIF.
_Could_ you use an LDIF to restore the data minus the
certs? Yeah,
probably, with a whole ton of work and expertise. Would it
be worth the
trouble and would you ever fully trust that you got it 100%
right?
The best solution is to maintain multiple masters and > 1
CA. If one
dies then you delete it and provision a new master. You can
maintain the
old name if you want.
Or if you use VMs you can use disk snapshots to maintain
backups.
rob
_______________________________________________
FreeIPA-users mailing list --
freeipa-users@lists.fedorahosted.org dorahosted.org >
To unsubscribe send an email to
freeipa-users-leave@lists.fedorahosted.org
<mailto:freeipa-users-leave@lists.fedorahosted.org >
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org