OpenDJ 3: Backup and Restore

Posted on August 10, 2017 by Jianming Li

Contents

  1. Overview
  2. backup
    1. Examples
  3. Restore
    1. Examples
  4. Help Pages
    1. backup
    2. restore
  5. References
 

Overview

* Backup and restore can be done in two formats:
– binary
– ldif
* backup command only backs up directory data
* Server configuration backups are stored in config/archived-configs directory
* Backup data can be encrypted.
– Symmetric key, which is stored in server configuration, is used to encrypt data
– Symmetric key is itself encrypted by a server private key, which is also stored in server configuration

backup

Examples

* Online backup

# Backup all user data on the server
backup --port 4444 --bindDN "cn=Directory Manager" --bindPassword "Welcome1" --backupAll --backupDirectory C:\prog\opendj3\bak --start 0
 
Backup task 20170810154556423 scheduled to start Aug 10, 2017 3:45:56 PM EDT
 
# Backup userRoot data only
backup --port 4444 --bindDN "cn=Directory Manager" --bindPassword "Welcome1" --backendID userRoot --backupDirectory C:\prog\opendj3\bak --start 0
 
Backup task 20170810154027505 scheduled to start Aug 10, 2017 3:40:27 PM EDT

* Offline backup

stop-ds
 
backup --backendId userRoot --backupDirectory C:\prog\opendj3\bak
 
[10/08/2017:15:02:26 -0400] category=TOOLS seq=0 severity=INFO msg=Starting backup for backend userRoot
[10/08/2017:15:02:26 -0400] category=UTIL seq=1 severity=INFO msg=Archived backup file: 00000000.jdb
[10/08/2017:15:02:26 -0400] category=TOOLS seq=2 severity=INFO msg=The backup process completed successfully

Restore

Examples

* List backups

restore --backupDirectory C:\prog\opendj3\bak --listBackups
Backup ID:          20170810190222Z
Backup Date:        10/Aug/2017:15:02:26 -0400
Is Incremental:     false
Is Compressed:      false
Is Encrypted:       false
Has Unsigned Hash:  false
Has Signed Hash:    false
Dependent Upon:     none
 
Backup ID:          20170810194027Z
Backup Date:        10/Aug/2017:15:40:27 -0400
Is Incremental:     false
Is Compressed:      false
Is Encrypted:       false
Has Unsigned Hash:  false
Has Signed Hash:    false
Dependent Upon:     none

* Online restore from a particular backup

restore --port 4444 --bindDN "cn=Directory Manager" --bindPassword Welcome1 --backupDirectory C:\prog\opendj3\bak --backupID 20170810194027Z --start 0
 
Restore task 20170810161658314 scheduled to start Aug 10, 2017 4:16:58 PM EDT

* Offline restore from a particular backup

stop-ds
 
restore --backupDirectory C:\prog\opendj3\bak --backupID 20170810194027Z
 
Restore task 20170810161658314 scheduled to start Aug 10, 2017 4:16:58 PM EDT

Help Pages

backup

 
backup --help
C:\prog\opendj3\bat>backup --help
Usage:  backup  {options}
 
This utility can be used to back up one or more Directory Server backends
 
Command options:
 
-a, --backUpAll
    Back up all backends in the server
-A, --hash
    Generate a hash of the backup contents
-B, --incrementalBaseID {backupID}
    Backup ID of the source archive for an incremental backup
-c, --compress
    Compress the backup contents
-d, --backupDirectory {backupDir}
    Path to the target directory for the backup file(s)
-i, --incremental
    Perform an incremental backup rather than a full backup
-I, --backupID {backupID}
    Use the provided identifier for the backup
-n, --backendID {backendName}
    Backend ID for the backend to archive
-s, --signHash
    Sign the hash of the backup contents
-y, --encrypt
    Encrypt the backup contents
 
Task Backend Connection Options
 
--connectTimeout {timeout}
    Maximum length of time (in milliseconds) that can be taken to establish a
    connection.  Use '0' to specify no time out
    Default value: 30000
-D, --bindDN {bindDN}
    DN to use to bind to the server
    Default value: cn=Directory Manager
-h, --hostname {host}
    The fully-qualified directory server host name that will be used when
    generating self-signed certificates for LDAP SSL/StartTLS, the
    administration connector, and replication
    Default value: VW1JIALI2
-j, --bindPasswordFile {bindPasswordFile}
    Bind password file
-K, --keyStorePath {keyStorePath}
    Certificate key store path
-N, --certNickname {nickname}
    Nickname of the certificate that the server should use when accepting
    SSL-based connections or performing StartTLS negotiation
-o, --saslOption {name=value}
    SASL bind options
-p, --port {port}
    Directory server administration port number
    Default value: 4444
-P, --trustStorePath {trustStorePath}
    Certificate trust store path
    Default value: C:\prog\opendj3\config\admin-truststore
-T, --trustStorePassword {trustStorePassword}
    Certificate trust store PIN
-u, --keyStorePasswordFile {keyStorePasswordFile}
    Certificate key store PIN file.  A PIN is required when you specify to use
    an existing certificate as server certificate
-U, --trustStorePasswordFile {path}
    Certificate trust store PIN file
-w, --bindPassword {bindPassword}
    Password to use to bind to the server. Use -w - to ensure that the command
    prompts for the password, rather than entering the password as a command
    argument
-W, --keyStorePassword {keyStorePassword}
    Certificate key store PIN.  A PIN is required when you specify to use an
    existing certificate as server certificate
-X, --trustAll
    Trust all server SSL certificates
 
Task Scheduling Options
 
--completionNotify {emailAddress}
    Email address of a recipient to be notified when the task completes.  This
    option may be specified more than once
--dependency {taskID}
    ID of a task upon which this task depends.  A task will not start
    execution until all its dependencies have completed execution
--errorNotify {emailAddress}
    Email address of a recipient to be notified if an error occurs when this
    task executes.  This option may be specified more than once
--failedDependencyAction {action}
    Action this task will take should one if its dependent tasks fail.  The
    value must be one of PROCESS,CANCEL,DISABLE.  If not specified defaults to
    CANCEL
--recurringTask {schedulePattern}
    Indicates the task is recurring and will be scheduled according to the
    value argument expressed in crontab(5) compatible time/date pattern
-t, --start {startTime}
    Indicates the date/time at which this operation will start when scheduled
    as a server task expressed in YYYYMMDDhhmmssZ format for UTC time or
    YYYYMMDDhhmmss for local time.  A value of '0' will cause the task to be
    scheduled for immediate execution.  When this option is specified the
    operation will be scheduled to start at the specified time after which
    this utility will exit immediately
 
Utility input/output options:
 
--noPropertiesFile
    No properties file will be used to get default command line argument values
--propertiesFilePath {propertiesFilePath}
    Path to the file containing default property values used for command line
    arguments
 
General options:
 
-V, --version
    Display Directory Server version information
-?, -H, --help
    Display this usage information

restore

 
restore --help
 
Usage:  restore  {options}
 
This utility can be used to restore a backup of a Directory Server backend
 
Command options:
 
-d, --backupDirectory {backupDir}
    Path to the directory containing the backup file(s)
-I, --backupID {backupID}
    Backup ID of the backup to restore
-l, --listBackups
    List available backups in the backup directory
-n, --dry-run
    Verify the contents of the backup but do not restore it
 
Task Backend Connection Options
 
--connectTimeout {timeout}
    Maximum length of time (in milliseconds) that can be taken to establish a
    connection.  Use '0' to specify no time out
    Default value: 30000
-D, --bindDN {bindDN}
    DN to use to bind to the server
    Default value: cn=Directory Manager
-h, --hostname {host}
    The fully-qualified directory server host name that will be used when
    generating self-signed certificates for LDAP SSL/StartTLS, the
    administration connector, and replication
    Default value: VW1JIALI2
-j, --bindPasswordFile {bindPasswordFile}
    Bind password file
-K, --keyStorePath {keyStorePath}
    Certificate key store path
-N, --certNickname {nickname}
    Nickname of the certificate that the server should use when accepting
    SSL-based connections or performing StartTLS negotiation
-o, --saslOption {name=value}
    SASL bind options
-p, --port {port}
    Directory server administration port number
    Default value: 4444
-P, --trustStorePath {trustStorePath}
    Certificate trust store path
    Default value: C:\prog\opendj3\config\admin-truststore
-T, --trustStorePassword {trustStorePassword}
    Certificate trust store PIN
-u, --keyStorePasswordFile {keyStorePasswordFile}
    Certificate key store PIN file.  A PIN is required when you specify to use
    an existing certificate as server certificate
-U, --trustStorePasswordFile {path}
    Certificate trust store PIN file
-w, --bindPassword {bindPassword}
    Password to use to bind to the server. Use -w - to ensure that the command
    prompts for the password, rather than entering the password as a command
    argument
-W, --keyStorePassword {keyStorePassword}
    Certificate key store PIN.  A PIN is required when you specify to use an
    existing certificate as server certificate
-X, --trustAll
    Trust all server SSL certificates
 
Task Scheduling Options
 
--completionNotify {emailAddress}
    Email address of a recipient to be notified when the task completes.  This
    option may be specified more than once
--dependency {taskID}
    ID of a task upon which this task depends.  A task will not start
    execution until all its dependencies have completed execution
--errorNotify {emailAddress}
    Email address of a recipient to be notified if an error occurs when this
    task executes.  This option may be specified more than once
--failedDependencyAction {action}
    Action this task will take should one if its dependent tasks fail.  The
    value must be one of PROCESS,CANCEL,DISABLE.  If not specified defaults to
    CANCEL
--recurringTask {schedulePattern}
    Indicates the task is recurring and will be scheduled according to the
    value argument expressed in crontab(5) compatible time/date pattern
-t, --start {startTime}
    Indicates the date/time at which this operation will start when scheduled
    as a server task expressed in YYYYMMDDhhmmssZ format for UTC time or
    YYYYMMDDhhmmss for local time.  A value of '0' will cause the task to be
    scheduled for immediate execution.  When this option is specified the
    operation will be scheduled to start at the specified time after which
    this utility will exit immediately
 
Utility input/output options:
 
--noPropertiesFile
    No properties file will be used to get default command line argument values
--propertiesFilePath {propertiesFilePath}
    Path to the file containing default property values used for command line
    arguments
 
General options:
 
-V, --version
    Display Directory Server version information
-?, -H, --help
    Display this usage information

References

* OpenDJ Administration Guide Version 3.5

This entry was posted in OpenDJ and tagged , , . Bookmark the permalink.