On 06/11/2018 09:10 AM, Alfredo De Luca via FreeIPA-users wrote:
Hi all. What's the best procedure/practice to periodically perform a backup on a single freeipa server with CA?
Best practice is to NOT have just a single server.
Backup shuts down IPA for a short period of time, so you have to focus on a schedule where impact of a downed identification server has the least impact. In busy environments, that's hard - very hard, hence the need for redundancy.
Each "ipa-backup" run is a full backup, so the rest is pretty simple. How far back do you want to be able to restore things? Well, backup at twice the interval for that, and once the "ipa-backup" is complete, backup /var/lib/ipa/backup to tape or offsite (before you do that, you encrypt, and DON'T ship the private encryption key AND the data at the same time).
Cheers
-- /Alfredo/
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/freeipa-users@lists.fedorahost...