9.2. Restoring a Backup
ipa-backup, you can restore your IdM server or the LDAP content to the state in which they were when the backup was performed. You cannot restore a backup on a host different from the host on which the backup was originally created.
9.2.1. Restoring from the Full-Server or Data-Only Backup
ipa-restoreutility which must always be run as root. Pass the backup to the command:
- Pass only the name of the directory with the backup if it is located in the default
- Pass the full path to the backup if the directory containing the backup is not located in the default directory. For example:
[root@server ~]# ipa-restore /path/to/backup
ipa-restoreutility automatically detects what type of backup the backup directory contains and by default performs the same type of restore.
--dataperforms a data-only restore from a full-server backup, that is, restores only the LDAP data component from a backup directory containing the full-server backup
--onlinerestores the LDAP data in a data-only restore online
--instancespecifies which 389 DS instance is restored. IdM in Red Hat Enterprise Linux 7 only uses the
IPA-REALMinstance, but it might be possible, for example, to create a backup on a system with separate instances; in such cases,
--instanceallows you to restore only
IPA-REALM. For example:
[root@server ~]# ipa-restore --instance=IPA-REALM /path/to/backupYou can use this option only when performing a data-only restore.
--backendspecifies which back end is restored; without this option,
ipa-restorerestores all back ends it discovers. The arguments defining the possible back ends are
userRoot, which restores the IPA data back end, and
ipaca, which restores the CA back end.You can use this option only when performing a data-only restore.
--no-logsrestores the backup without restoring the log files
- Stop the SSSD service:
[root@server ~]# systemctl stop sssd
- Remove all cached content from SSSD:
[root@server ~]# find /var/lib/sss/ ! -type d | xargs rm -f
- Start the SSSD service:
[root@server ~]# systemctl start sssd
ipa-restore, see the ipa-restore(1) man page.
9.2.2. Restoring with Multiple Master Servers
ipa-replica-managecommand and, on masters that have a CA installed, the
ipa-csreplica-managecommand. For example:
[root@server ~]# ipa-replica-manage re-initialize --from=restored_master_FQDN
9.2.3. Restoring from an Encrypted Backup
--gpg-keyringoption. For example:
[root@server ~]# ipa-restore --gpg-keyring=/root/backup /path/to/backup