Support of backup and restore operations

[pki-bot]

This issue was migrated from Pagure Issue #2325. Originally filed by edewata (@edewata) on 2016-05-13 03:15:02:

• Assigned to nobody

---

Currently the server deployement tool will always generate new configuration files and populate the database with new entries. This process does not allow someone to save the configuration and database for backup to restore it again in the future.

Ideally there should be a tool to create a backup of all subsystems in the instance which includes:

• saving the configuration files
• saving the system certificates (and keys if using internal NSS database) into PKCS 12 file
• saving the LDAP database, schema, and other configuration into LDIF files

And there should be another tool to restore the backup back into a running server.

Other than backup & restore, this feature can also be used for other purposes:

• migrating an instance to a different host
• migrating an instance to a newer version (after converting the backup files)
• minimizing new replica's initial synchronization time

[pki-bot]

Comment from mharmsen (@mharmsen) at 2016-05-23 22:58:05

Per CS/DS Meeting of 05/23/2016: 10.4

[pki-bot]

Comment from edewata (@edewata) at 2017-02-27 13:59:27

Metadata Update from @edewata:

• Issue set to the milestone: UNTRIAGED

[pki-bot]

Comment from edewata (@edewata) at 2020-09-09 18:27:22

This procedure works with basic CA only. It doesn't seem to be working with sub CA or cloned CA: https://www.dogtagpki.org/wiki/PKI_Server_Backup

This doc might be outdated: https://access.redhat.com/documentation/en-us/red_hat_certificate_system/9/html-single/administration_guide/index#Backing_up_and_Restoring_CRTS

[pki-bot]

Comment from edewata (@edewata) at 2020-09-09 18:27:23

Metadata Update from @edewata:

• Custom field feature adjusted to None
• Custom field proposedpriority adjusted to None
• Custom field reviewer adjusted to None
• Custom field version adjusted to None
• Issue close_status updated to: None