PingDirectory

Performing a manual initialization

About this task

The PingDirectory server provides the tools necessary for backing up and restoring backends, which can be used to manually initialize a replica.

As detailed in the following procedure, you use <server-root>/bin/backup to create a backup of the backend containing the replicated base DN. If encryption is enabled for the backend containing the replicated base DN, then you must also make a backup of the encryption-settings backend.

When initializing a server that has been offline longer than the replication-purge-delay, you must also make backups of the replicationChanges and schema backends.

You then need to transfer all backup files to the target server(s) and restore them individually using <server-root>/bin/restore.

To preserve existing encryption settings, <server-root>/bin/restore appends to the encryption-settings database as opposed to replacing it.

To manually initialize a server when an online initialization isn’t possible:

Steps

  1. From another server in the replication topology, back up the userRoot, schema, changelog, and replicationChanges backends to the <server-root>/bak directory.

    If data encryption is enabled, export the encryption-settings backend, because you might need to import one or more encryption settings IDs into the new replica.

    Example:

    $  <source-server-root>/bin/backup --backendID userRoot --backupDirectory \
       bak/userRoot
    $  <source-server-root>/bin/backup --backendID schema --backupDirectory \
       bak/schema
    $  <source-server-root>/bin/backup --backendID changelog --backupDirectory \
       bak/changelog
    $  <source-server-root>/bin/backup --backendID replicationChanges \
       --backupDirectory bak/replicationChanges
    $  <source-server-root>/bin/encryption-settings export --id <id> \
       --output-file bak/exported-key
  2. Copy the bak directory to the new replica.

    Example:

    $ scp -r  <source-server-root>/bak/* \
        <user>@<destination-server>:<destination-server-root>/bak
  3. Stop the server.

  4. Restore the userRoot, schema, changelog, and replicationChanges backends.

    If the encryption-settings backend was exported, import it before restoring any of the backends.

    Example:

    $  <destination-server-root>/bin/encryption-settings import --input-file \
       bak/exported-key --set-preferred
    Enter the PIN used to encrypt the definition:
    $  <destination-server-root>/bin/restore --backupDirectory bak/userRoot
    $  <destination-server-root>/bin/restore --backupDirectory bak/schema
    $  <destination-server-root>/bin/restore --backupDirectory \
    bak/changelog
    $  <destination-server-root>/bin/restore --backupDirectory \
       bak/replicationChanges
  5. Start the server using bin/start-server.