Finn Fysj via FreeIPA-users wrote:
Hey Finn,
for our replications where we don't have any CA installed i'm using the following ipabackup options to have proper backup:
ipa-backup --disable-role-check --logs --quiet
Cheers Yavor. I'll have a look at this. However it only answers a part of my problem. You'll face a issue with the RUV error with the replica having a different database generation ID. Meaning it needs to be re-initialized, right?
I see the ipatopologysuffix module doesn't have a way to check for working replication between the nodes.
I think there is some misunderstanding about the purpose of backup and restore. It is for catastrophic recovery only.
This is why it wants all roles to be included because if you lose your cluster and the only backup you have is lacking a role, say the CA, that is less than awesome.
A restore will disable all replication agreements. They can be re-enabled but a restore by its very nature is going back in time which is going to confuse the heck out of replication. At best any other existing servers will need to be re-initialized. Otherwise they need to be re-installed. Remember: catastrophic.
It is not designed for recovering a single entry that was accidentally deleted, or an undesired edit. If periodic backups are done the data is available in the stored LDIFs but it is an exercise for the user to restore in that case.
rob