Bug 30216

Summary: Best Practice Backup/Restore Samba4 DCs
Product: Z_SDB Reporter: Ingo Steuwer <steuwer>
Component: New entriesAssignee: SDB maintainers <sdb-maintainers>
Status: RESOLVED WONTFIX QA Contact:
Severity: enhancement    
Priority: P1 CC: gohmann, petersen, sdb-maintainers
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Linux   
What kind of report is it?: Development Internal What type of bug is this?: ---
Who will be affected by this bug?: --- How will those affected feel about the bug?: ---
User Pain: Enterprise Customer affected?:
School Customer affected?: ISV affected?:
Waiting Support: Flags outvoted (downgraded) after PO Review:
Ticket number: Bug group (optional):
Max CVSS v3 score:
Attachments: backup_samba4.sh initial version

Description Ingo Steuwer univentionstaff 2013-01-31 08:34:53 CET 
Requested in Ticket#: 2013011121000717

There should be a documentation how a consistent filesystem backup of UCS DC with Samba4 can be done and how a restore is possible without risk of data corruption in connection with DRS (AD replication) and Sysvol replication. Recommendations might be:

Backup:
- stop Samba4, Bind and Openldap to ensure database consitency

Restore:
- if the system is not the only Samba4 DC, do a desaster recovery without network connection, stop Samba4, restore the network connection and rejoin Samba4 or do a univention-join
Comment 1 Stefan Gohmann univentionstaff 2013-02-05 19:57:26 CET 
https://wiki.samba.org/index.php/Backup_and_Recovery
Comment 2 Arvid Requate univentionstaff 2014-02-10 22:06:19 CET 
Created attachment 5787 [details]
backup_samba4.sh initial version

There are quite a number of steps to be considered for recovery, so maybe it would be good to provide a script like the one attached, which takes the user and asks step by step for confirmation about the suggested next step. Samba upstream provides a somewhat more basic version of this, which we currently don't install in UCS. On backup the attached script

* stops the UCS services
* stores xattrs for the SYSVOL files
* tars everything in /etc/samba and /var/lib/samba (e.g. printer drivers)
* saves the state of the S4-Connector (internal.sqlite and the pickle files)
* restarts the services

On recovery the script

* stops the UCS services
* restores the files in the backup-archive selected
* restores the sysvol xattrs
* optionally generates a new invocationID for the database of the local server
  (to be tested, this should help avoiding USN rollback issues)
* optionally ucr commits the standard smb.conf and base.conf
* optionally starts the services again
Comment 3 Ingo Steuwer univentionstaff 2020-07-02 17:20:28 CEST 
Changes and improvements for SDB entries aren't tracked in Bugzilla anymore, so I close these entries. Please comment on help.univention.com or get in touch with the Univention Support team in case you have any suggestions for the SDB.