openldap/doc/guide/admin/maintenance.sdf

# $OpenLDAP$
# Copyright 2007-2024 The OpenLDAP Foundation, All Rights Reserved.
# COPYING RESTRICTIONS APPLY, see COPYRIGHT.

H1: Maintenance

System Administration is all about maintenance, so it is only fair that we 
discuss how to correctly maintain an OpenLDAP deployment.


H2: Directory Backups

Backup strategies largely depend on the amount of change in the database
and how much of that change an administrator might be willing to lose in a 
catastrophic failure. There are two basic methods that can be used:

1. Backup the LMDB database itself

The LMDB database can be copied live using the mdb_copy command.  If the database
is a sparse file via the use of the "writemap" environment flag, the resulting
copy will be the actual size of the database rather than a sparse copy.

2. Periodically run slapcat and back up the LDIF file:

Slapcat can be run while slapd is active. However, one runs the risk of an
inconsistent database- not from the point of slapd, but from the point of
the applications using LDAP. For example, if a provisioning application
performed tasks that consisted of several LDAP operations, and the slapcat
took place concurrently with those operations, then there might be
inconsistencies in the LDAP database from the point of view of that
provisioning application and applications that depended on it. One must,
therefore, be convinced something like that won't happen. One way to do that
would be to put the database in read-only mode while performing the
slapcat. The other disadvantage of this approach is that the generated LDIF
files can be rather large and the accumulation of the day's backups could
add up to a substantial amount of space.

You can use {{slapcat}}(8) to generate an LDIF file for each of your {{slapd}}(8) 
back-mdb databases.

>    slapcat -f slapd.conf -b "dc=example,dc=com"

For back-mdb this command may be ran while slapd(8) is running.


H2: Checkpointing

Setting a checkpoint is only necessary when back-mdb has the dbnosync flag set. Otherwise
it has no effect. With back-mdb the kbyte option is not implemented, meaning it will only
run a checkpoint based on the elapsed amount of minutes flag.

H2: Migration

The simplest steps needed to migrate between versions or upgrade, depending on your deployment
type are:

.{{S: }}
^{{B: Stop the current server when convenient}}

.{{S: }}
+{{B: slapcat the current data out}}

.{{S: }}
+{{B: Clear out the current data directory (/usr/local/var/openldap-data/)}}

.{{S: }}
+{{B: Perform the software upgrades}}

.{{S: }}
+{{B: slapadd the exported data back into the directory}}

.{{S: }}
+{{B: Start the server}}

Obviously this doesn't cater for any complicated deployments with {{SECT: N-Way Multi-Provider}}, 
but following the above sections and using either commercial support or community support should help. Also check the
{{SECT: Troubleshooting}} section.
Adding # $ 2007-06-01 17:56:17 -04:00			`# $OpenLDAP$`
Happy New Year! 2024-03-26 15:45:07 -04:00			`# Copyright 2007-2024 The OpenLDAP Foundation, All Rights Reserved.`
New TOC, new sdf files and merging/reworking of existing data. Makefile updated and tested also. 2007-06-01 13:45:42 -04:00			`# COPYING RESTRICTIONS APPLY, see COPYRIGHT.`

			`H1: Maintenance`

Merging and amending more FAQ content. 2007-08-05 18:18:12 -04:00			`System Administration is all about maintenance, so it is only fair that we`
			`discuss how to correctly maintain an OpenLDAP deployment.`
Saving links to FAQ-O-MATIC content for merging into main docs and work in progress. 2007-06-18 19:01:15 -04:00
New TOC, new sdf files and merging/reworking of existing data. Makefile updated and tested also. 2007-06-01 13:45:42 -04:00
			`H2: Directory Backups`

Backup strategy discussions. db_recover example to do. 2007-10-18 19:50:08 -04:00			`Backup strategies largely depend on the amount of change in the database`
			`and how much of that change an administrator might be willing to lose in a`
			`catastrophic failure. There are two basic methods that can be used:`

(L)MDB updates 2014-04-25 17:04:19 -04:00			`1. Backup the LMDB database itself`

			`The LMDB database can be copied live using the mdb_copy command. If the database`
			`is a sparse file via the use of the "writemap" environment flag, the resulting`
			`copy will be the actual size of the database rather than a sparse copy.`

ITS#9010 - Delete back-bdb/back-hdb This commits deletes all references and code for back-bdb and back-hdb. There is some follow up work still necessary to flush out the admin guide for back-mdb. 2019-05-03 18:52:59 -04:00			`2. Periodically run slapcat and back up the LDIF file:`
Backup strategy discussions. db_recover example to do. 2007-10-18 19:50:08 -04:00
			`Slapcat can be run while slapd is active. However, one runs the risk of an`
			`inconsistent database- not from the point of slapd, but from the point of`
			`the applications using LDAP. For example, if a provisioning application`
			`performed tasks that consisted of several LDAP operations, and the slapcat`
			`took place concurrently with those operations, then there might be`
			`inconsistencies in the LDAP database from the point of view of that`
			`provisioning application and applications that depended on it. One must,`
			`therefore, be convinced something like that won't happen. One way to do that`
			`would be to put the database in read-only mode while performing the`
			`slapcat. The other disadvantage of this approach is that the generated LDIF`
			`files can be rather large and the accumulation of the day's backups could`
			`add up to a substantial amount of space.`
Merging and amending more FAQ content. 2007-08-05 18:18:12 -04:00
			`You can use {{slapcat}}(8) to generate an LDIF file for each of your {{slapd}}(8)`
ITS#9010 - Delete back-bdb/back-hdb This commits deletes all references and code for back-bdb and back-hdb. There is some follow up work still necessary to flush out the admin guide for back-mdb. 2019-05-03 18:52:59 -04:00			`back-mdb databases.`
Merging and amending more FAQ content. 2007-08-05 18:18:12 -04:00
			`> slapcat -f slapd.conf -b "dc=example,dc=com"`

ITS#9010 - Delete back-bdb/back-hdb This commits deletes all references and code for back-bdb and back-hdb. There is some follow up work still necessary to flush out the admin guide for back-mdb. 2019-05-03 18:52:59 -04:00			`For back-mdb this command may be ran while slapd(8) is running.`
Merging and amending more FAQ content. 2007-08-05 18:18:12 -04:00
New TOC, new sdf files and merging/reworking of existing data. Makefile updated and tested also. 2007-06-01 13:45:42 -04:00
			`H2: Checkpointing`

ITS#9200 -- 2.4 to 2.5 upgrade documentation and updates 2021-03-11 16:53:36 -05:00			`Setting a checkpoint is only necessary when back-mdb has the dbnosync flag set. Otherwise`
			`it has no effect. With back-mdb the kbyte option is not implemented, meaning it will only`
			`run a checkpoint based on the elapsed amount of minutes flag.`
Merging and amending more FAQ content. 2007-08-05 18:18:12 -04:00
Fixes and more content 2007-08-14 19:06:03 -04:00			`H2: Migration`

reorder chapters and start of a migration/upgrade section. 2008-11-25 10:14:23 -05:00			`The simplest steps needed to migrate between versions or upgrade, depending on your deployment`
			`type are:`

			`.{{S: }}`
			`^{{B: Stop the current server when convenient}}`

			`.{{S: }}`
			`+{{B: slapcat the current data out}}`

			`.{{S: }}`
ITS#9010 - Delete back-bdb/back-hdb This commits deletes all references and code for back-bdb and back-hdb. There is some follow up work still necessary to flush out the admin guide for back-mdb. 2019-05-03 18:52:59 -04:00			`+{{B: Clear out the current data directory (/usr/local/var/openldap-data/)}}`
reorder chapters and start of a migration/upgrade section. 2008-11-25 10:14:23 -05:00
			`.{{S: }}`
			`+{{B: Perform the software upgrades}}`

			`.{{S: }}`
			`+{{B: slapadd the exported data back into the directory}}`

			`.{{S: }}`
			`+{{B: Start the server}}`

ITS#9200 -- 2.4 to 2.5 upgrade documentation and updates 2021-03-11 16:53:36 -05:00			`Obviously this doesn't cater for any complicated deployments with {{SECT: N-Way Multi-Provider}},`
reorder chapters and start of a migration/upgrade section. 2008-11-25 10:14:23 -05:00			`but following the above sections and using either commercial support or community support should help. Also check the`
			`{{SECT: Troubleshooting}} section.`