Backups

LDAP

Prerequisites

• Make sure the oci cli tool is installed and properly configured. The backup and restore scripts rely on the oci cli tool.
• Make sure that a bucket named 'backups' exists in OCI.

Backing up LDAP

The following script backs up users, groups, and associations to a JSON file, compresses it, and uploads it to the 'backups' Object Storage bucket.

python /opt/oci-hpc/bin/ldap_backup.py

Automatic LDAP Backups

To set up a daily backup at midnight, add the following entry to the crontab:

0 0 * * * /opt/oci-hpc/bin/ldap_backup.py

Note: Ensure the script runs successfully by checking logs or the backup bucket regularly. The script logs to /opt/oci-hpc/logs/backups/.

Clearing LDAP Data

Note: Before restoring LDAP data, you will need to clear existing users, groups, and cached entries.

# 1. Remove all users
# Use regex to filter for usernames only
cluster user list | grep -oP '^DN: cn=\K[^,]+' | while read -r user_name; do
    cluster user delete "$user_name"
done
# 2. Remove all groups
cluster group list | grep -oP '^DN: cn=\K[^,]+' | while read -r group_name; do
    cluster group delete "$group_name"
done
# 3. Clear sssd cache
sudo sss_cache -U -G
# 4. Clear nss cache
sudo nscd --invalidate=group
sudo nscd --invalidate=passwd[]

Note: Allow time for changes to propagate after clearing LDAP

Restoring LDAP From a Backup

Note: Ensure LDAP has been cleared (see Clearing LDAP Data section)

# 1. Located the desired backup in the backups bucket in OCI. Look for a file in the format
ldap_backup_{year}_{month}_{day}.json.gz
# 2. Download the backup file
oci os object get --bucket-name backups --name ldap_backup_{year}_{month}_{day}.json.gz --file /tmp/ldap_backup.json.gz
# 3. Decompress the file
gunzip /tmp/ldap_backup.json.gz
# 4. Restore LDAP data using the script
# Password: NQVjnPD6bYY8SNNade7aeFxTSKJZWVqR
python /opt/oci-hpc/scripts/ldap_restore.py