Performing a restore
When restoring from a backup, firstly, perform it on a CLEAN installation. From a best practice perspective, use a fresh install and not something that you “think” might be clean enough. If in doubt, reinstall. It won’t take long to redeploy a clean system.
Next, restoration should take place using the config file taken in the above backup. Copy your backup from what ever media you saved it to, and copy it to your clean server.
DO NOT RUN “ipa-server install” on your clean system.
AGAIN, Please speak to Red Hat before performing this on a production FreeIPA environment. You don’t really want to risk it.
To continue with the restore, run “ipa-restore”.
See the below output
[root@ds01 ~]# ipa-restore Usage examples: To perform a backup, use the below information as a guide. Full Backup (in development) # ipa-restore --type full --source /path/to/my/full_backup.tgz LDAP Backup (in development) # ipa-restore --type ldap --source /path/to/my/ldap_backup.ldif Dogtag Backup (in development # ipa-restore --type dogtag --source /path/to/my/dogtag_backup.ldif Config Backup # ipa-restore --type config --source /path/to/my/config_backup.tgz [root@ds01 ~]# ipa-restore --type config --source /mybackup/config/config-20120907211435.tgz Using /mybackup/config/config-20120907211435.tgz as restore archive. This restore process will cause IPA to restart Are you sure you wish to continue? [Y/n] y Restoration is now complete All output for this restoration has been logged to /root/ipa-restore.log It is *highly* recommended that you reboot your system to allow all IPA dependant services to reload cleanly. Would you like to reboot now? [Y/n] y Broadcast message from email@example.com (/dev/pts/0) at 0:51 ... The system is going down for reboot NOW! [root@ds01 ~]#
You don’t HAVE to reboot after the restore, however as its a clean system and there is nothing else running on it, there is nothing to lose in doing so. Worst case scenario, you have at least confirmed that the restoration has not broken anything that is stopping an unattended reboot process.
I have tested this backup and restore process in my demo and testing environments over 100 times and each time it has worked. Kerberos and LDAP have persisted and allowed authentication. User and group management has worked, and all other tests have shown that the restoration has worked.
That being said, I am by no means an expert in the inner workings of FreeIPA. Please test this process thoroughly and get the OK from Red Hat if you wish to use it in production.
I truly hope this has proven helpful to my readers.