Ctrl+K

Overview

Overview#

This page describes the process to restore a PKI server instance from a backup.

Current Limitations#

Currently this procedure has some limitations:

  • The backup should be restored on a machine with the same hostname since the hostname of the original server is stored in various server files and database entries.

  • The backup should be restored on a machine with the same PKI version since the server files and database might have changed in different versions.

In the future it might be possible to restore the instance on a machine with a different hostname and also migrate it to a newer version.

Restoring LDAP Database#

First, create a DS instance:

$ setup-ds.pl --silent -- \
    General.FullMachineName=$HOSTNAME \
    General.SuiteSpotUserID=nobody \
    General.SuiteSpotGroup=nobody \
    slapd.ServerPort=389 \
    slapd.ServerIdentifier=localhost \
    slapd.Suffix=dc=example,dc=com \
    "slapd.RootDN=cn=Directory Manager" \
    slapd.RootDNPwd=Secret.123

Create a backend database for each subsystem:

$ ldapadd -x -D "cn=Directory Manager" -w Secret.123 << EOF
dn: cn=ca,cn=ldbm database,cn=plugins,cn=config
objectClass: top
objectClass: nsBackendInstance
objectClass: extensibleObject
cn: ca
nsslapd-suffix: dc=ca,dc=pki,dc=example,dc=com
EOF

Also create a mapping entry for each backend database:

$ ldapadd -x -D "cn=Directory Manager" -w Secret.123 << EOF
dn: cn="dc=ca,dc=pki,dc=example,dc=com",cn=mapping tree,cn=config
objectClass: top
objectClass: extensibleObject
objectClass: nsMappingTree
cn: dc=ca,dc=pki,dc=example,dc=com
nsslapd-backend: ca
nsslapd-state: backend
EOF

Import PKI schema:

$ ldapmodify -x -D "cn=Directory Manager" -w Secret.123 -f /usr/share/pki/server/conf/schema.ldif

Update database configuration:

$ ldapmodify -x -D "cn=Directory Manager" -w Secret.123 -f /usr/share/pki/server/conf/database.ldif

Stop the instance:

$ systemctl stop dirsrv@localhost.service

Import the main database with the following command:

$ ldif2db -V -Z localhost -n userRoot -i $PWD/userRoot.ldif

Import each subsystem database with the following command:

$ ldif2db -V -Z localhost -n ca -i $PWD/ca.ldif

Restart the instance:

$ systemctl start dirsrv@localhost.service

Verify with the following commands:

$ ldapsearch -x -D "cn=Directory Manager" -w Secret.123 -b "dc=pki,dc=example,dc=com"
$ ldapsearch -x -D "cn=Directory Manager" -w Secret.123 -b "dc=ca,dc=pki,dc=example,dc=com"

Restoring Server Files#

See Restoring PKI Server.

See Also#

Contents