[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: cloning instances of openldap?



Christopher Orr wrote:
Thomas-

Is it safe to use a 'clone' of an openldap servers's database to
rebuild another server in a cluster?

In my tests, I followed a procedure where I shut 2 servers down,
copied the backend database from one to the other, and restarted and
everything seems to indicate that the 'cloned' server is valid.
Replication works.. Adds/deletes work.. etc..

Is there any danger in using this procedure?  Is there anything
'instance specific' that is stored in the directory that could cause
an issue?

There is nothing 'instance specific' in the data files for current releases. If no other processes are using the files, it's generally safe to clone them. There are exceptions of course, which is why none of our documentation ever tells you that this is a safe thing to do.


Ive found that even using slapadd's 'quick' flag it can still take 4
hours to import an LDIF, and if I can rely on this procedure to
rebuild an LDAP read server in a crisis, I'd like to continue using
it.

While I'm sure someone else will say that it's not advisable, I've cloned the disc of a Solaris 10 (x86-64) machine running OpenLDAP and haven't ran into any issues with it yet. (Knocking on wood)

However- OpenLDAP was not running at the time.

We went to some effort to make sure that it's safe to run slapcat while slapd is running, to allow hot backups to be performed. Ignoring this feature is pretty counterproductive. BerkeleyDB itself also provides documentation for how to perform a hot backup of the raw DB files. Both of these options exist and are already documented; anything else you do at your own risk.
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/