Backing Up and Restoring the eDirectory Tree with NICI Using DSBK on Linux

0 Likes
over 11 years ago

Backing up the NICI files using the utility DSBK using the -e option is back. The following instructions will explain how to use the -e option to backup NICI along with the other features of full backup, incremental backup and the use of roll forward logs.



Target Audience: eDirectory Administrators

Tool Used: DSBK, available as part of all 8.8x eDirectory installs.

Version Needed: eDirectory 8.8 SP5 or more (for NICI backup)



Assuming that you have an eDirectory instance and this is the first time your tree is being backed up, follow the instructions below:



Run the following commands in your terminal:




  1. dsbk getconfig

    Get the error "The required /etc/dsbk.conf file is missing". For more information, run 'man dsbk'.


  • vi /etc/dsbk.conf

    Open this file and add the line "/tmp/dsbk.tmp" to be used as the temporary file


  • touch /tmp/dsbk.tmp


  • dsbk getconfig

    Get the output that will ask you to view the ndsd.log (that will be available at /var/opt/novell/eDirectory/log in case of default eDirectory installations)


  • tail -f /var/opt/novell/eDirectory/log/ndsd.log

    Run this in another parallel terminal and monitor the backup/restore activity. See that 'Roll Forward Log' is off and the back up directory points to your default eDirectory install directory.

    The ndsd.log's output, at this point of time will be something like:



    Command line getconfig 
    Processing command line
    Roll forward log status OFF
    Stream file loggin status OFF
    Current roll forward log directory /var/opt/novell/eDirectory/data/dib/nds.rfl
    Minimum roll forward log size 104857600 bytes
    Maximum roll forward log size 4294705152 bytes
    Last roll forward log not used 00000000.log
    Current roll forward log 00000001.log




  • mkdir /backup
    Create a folder to hold all the backup files and logs. To be safe, create this directory in a separate machine or in a different partition of your machine.


  • dsbk setconfig -L -T -r /backup/

    -L - To keep roll forward logs, to help you not to lose any data till the moment your server crash. Enabling this option will log all the successful transactions (since the time you last backed up the tree) to the rfl files.

    -T - To start logging of stream files

    -r - To specify the rollforward directory




  • dsbk getconfig

    Run this and see the ndsd.log. The log will confirm that will show that the RollForwarding and the stream file logging are enabled.



    Verify the ndsd.log:



    Command line getconfig 
    Processing command line
    Roll forward log status ON
    Stream file logging status ON
    Current roll forward log directory /backup/nds.rfl
    Minimum roll forward log size 104857600 bytes
    Maximum roll forward log size 4294705152 bytes
    Last roll forward log not used 00000001.log
    Current roll forward log 00000002.log





  • dsbk backup -f /backup/fb.bak -l /backup/fb.log -e novell -t -b

    The command to take the full NICI backup:


    -e - Specifies its a NICI back up(with the backup password novell – that needs to be used while restoring)

    -t - To backup stream files

    -b - To perform a full back up

    -f, -l - To specify the full backup file name and log



    See the ndsd.log output:



    Command line backup -f /backup/fb.bak -l /backup/fb.log -e XXXXXX -t -b 
    Processing command line
    Backup type: Full
    Log file name: /backup/fb.log
    Backup started: 2010-4-12'T16:29:54
    Backup file name: /backup/fb.bak
    Server name: \T=PAL-TEST\O=novell\CN=blr-paldev
    Current Roll Forward Log: 00000002.log
    DS Version: 2060103
    Backup ID: 4BC2FD2A
    NICI BACKUP: "NICI Files has been backed up Successfully"
    Starting database backup...

    Database backup finished
    Completion time 00:00:31
    Backup completed successfully




  • Now add a user named user1 to the tree under the container o=novell (of course, assuming that the container exists)


  • ldapsearch -h <host-ip> -D <admindn> -w <password> cn=user1

    Do a ldapsearch to view the new user that got added.




  • dsbk backup -f /backup/ib.bak -l /backup/ib.log -e novell -t -i

    Do an incremental backup for the new user (user1).



    View the output of ndsd.log to confirm the backup:



    Command line backup -f /backup/ib.bak -l /backup/ib.log -e XXXXXX -t -i 
    Processing command line
    Backup type: Incremental
    Log file name: /backup/ib.log
    Backup started: 2010-4-12'T16:40:51
    Backup file name: /backup/ib.bak
    Server name: \T=PAL-TEST\O=novell\CN=blr-paldev
    Current Roll Forward Log: 00000002.log
    DS Version: 2060103
    Backup ID: 4BC2FFBB
    NICI BACKUP: "NICI Files has been backed up Successfully"
    Starting database backup...
    Database backup finished
    Completion time 00:00:01
    Backup completed successfully





  • Create one more user named "user2" and DO NOT BACKUP this user.


  • killall -9 ndsd ; rm -rf /var/opt/novell/eDirectory/data/dib/ ; rm -rf

    /etc/opt/novell/eDirectory/conf/.edir/instances.0


    Simulate a crash and make your tree dead completely (even the default data directories are deleted)




  • ndsstat

    Run ndsstat to confirm that no eDirectory instances are there.




  • ndsconfig new -t DSBK-TEST -n novell -a admin.novell

    Configure a new instance (tree) of eDirectory.




  • ldapsearch -h <host-ip> -D <admindn> -w <password> cn=user*

    Do the ldapsearch for user1 and user2 and it wont return anything as the server is new and the users are obviously not present




  • dsbk restore -r -f /backup/fb.bak -l /backup/fb.log -d /backup/nds.rfl/ -e novell -a -o -i /backup/ib.bak

    - To restore the full backup (-r -f), and use the roll forward log directory (-d)

    - NICI restore (-e)

    - activate the dib (-a) and open the dib (-o)

    - do the incremental backup (-i)

    - mind that we use the same password "novell" that we gave during the backup.



    View the ndsd.log:



    Command line restore -r -f /backup/fb.bak -l /backup/fb.log -d /backup/nds.rfl/ -e XXXXXX -a -o -i /backup/ib.bak 
    Processing command line
    Log file name: /backup/fb.log
    Restore started: 2010-4-12'T16:49:7
    Restore file name: /backup/fb.bak
    Restoring file /var/opt/novell/eDirectory/data/dsnici.bak
    NICI RESTORE: "NICI Files has been Restored Successfully"
    Starting database restore...


    Restoring file /backup/fb.bak
    Restoring file /backup/ib.bak
    Restoring file /var/opt/novell/eDirectory/data/dsnici.bak
    NICI RESTORE: "NICI Files has been Restored Successfully"



  • rcndsd restart

    Restart the eDirectory server.




  • ldapsearch -h <host-ip> -p 636 -e <SSL Certificate Path> -D <admindn> -w <password> cn=user*

    Do the ldapsearch for user1 & user2 and see that both the objects are backed up successfully. Also as we do the search over SSL (port 636), we can confirm that NICI is also backed up successfully.





Labels:

How To-Best Practice
Comment List
Anonymous
  • If you take a server out of a production environment for testing or if you need to restore while other servers in the tree are gone you will get error -626 while restoring.
    Use dsbk restore -f /tmp/dsbk_file -l /tmp/restore.log -r -a -o -n -v -k

    See tid 7000768 for details
Related Discussions
Recommended