I have a question: what are the backup methods for the UCS system?
Is it possible to copy the LDAP settings or import them?
Or what does the backup look like if Linux UCS is not placed on a virtual machine but on physical hardware?
Hello Skellige,
the virtualized use of UCS would make the most sense, as complete backups and snapshots are possible through the hypervisor. If this is not possible, it depends on the individual scenario and how much time is planned for a restore. Depending on the use case, there are several tools that support this: rsync, rclone, restic, BorgBackup, bacula, rsnapshot, Bareos Backup etc.
Depending on the tool, UCS services should be stopped, at least openLDAP and services that use databases (otherwise there can be no guarantee of a consistent backup).
Internally UCS saves daily dumps of the openLDAP and Samba database, UCS variables and SYSVOL shares under /var/univention-backup/
. These internal backups should be saved to additional external storage regardless of the backup strategy used. These backups are stored for 180 days by default and can be deleted via the UCRV
backup/clean/max_age
.
In addition, everything from /etc/
(including ldap.secret, machine.secret, /etc/univention-ssl/) and /home/
(here additionally the POSIX ACLs via getfacl -R /home > home_acl_$(date -iso)
should be backed up. When using Windows ACLs, the extended attributes must also be backed up via getfattr -RP -d -m -- /home > home_attr_$(date -iso)
.
If required, the package lists can also be backed up: dpkg --get-selections > dpkg_selections_$(date -iso)
It is essential to involve a monitoring tool in the backup and you should test the restoring.
Please also note the backup sequence: Primary Directory Node > Backup Directory Nodes > Replica Directory Nodes > Managed Nodes.
When using interfaces, these must also be taken into account.
When restoring, at least all system services and LDAP replication must be checked.
I hope this is enough orientation for now. If there is a need for further discussion, we also offer corresponding services as a Professional Service.
Regards