elmau
/
iredmail-doc
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
iredmail-doc/faq/backup.restore.md

227 lines
8.1 KiB
Markdown
Raw Normal View History

New: faq/backup.restore.md.
2015-05-10 07:29:07 -05:00
# Backup and restore
[TOC]
## Backup
### Backup mail accounts
Mail accounts are stored in SQL/LDAP database. iRedMail provides shell scripts
to backup SQL/LDAP databases, you can find them in downloaded iRedMail release,
or find them in [iRedMail source code repository](https://bitbucket.org/zhb/iredmail/src/default/iRedMail/tools/):
* `iRedMail-[VERSION]/tools/backup_openldap.sh`: used to backup OpenLDAP data.
* `iRedMail-[VERSION]/tools/backup_mysql.sh`: used to backup MySQL/MariaDB databases.
* `iRedMail-[VERSION]/tools/backup_pgsql.sh`: used to backup PostgreSQL databases.
iRedMail will setup a daily cron job to run backup script(s) during
installation, so what you need to do is checking whether or not they're
defined as cron jobs with below commands:
```
# crontab -l -u root
```
Sample output on an iRedMail server with OpenLDAP backend:
```
# iRedMail: Backup OpenLDAP data every day on 03:01 AM
1 3 * * * /bin/bash /var/vmail/backup/backup_openldap.sh
# iRedMail: Backup MySQL databases every day on 03:10 AM
10 3 * * * /bin/bash /var/vmail/backup/backup_mysql.sh
```
Notes:
* Backup files are stored under directory defined in parameter `BACKUP_ROOTDIR`
in backup scripts, default is `/var/vmail/backup`.
* SQL backup is plain SQL file, LDAP backup is plain LDIF file.
* Backup files are compressed with `bzip2` by default, you can decompress them
with command `bunzip2`. for example, `bunzip file_name.bz2`.
* It's ok to run the backup scripts manually.
## Restore
### How to restore SQL databases
You can simply restore plain SQL files backed up by above backup scripts.
> __WARNING: Do not restore database `mysql` on a new iRedMail server.__
>
> If you're restoring on a __NEW__ iRedMail server, do *NOT*
> restore database `mysql` exported from old server, it contains SQL usernames
> and passwords used in many components (e.g. Postfix, Dovecot, Roundcube
> webmail) on old server. New iRedMail server already has the same SQL accounts
> with different passwords, so please do not restore `mysql` database,
> otherwise almost all services won't work due to incorrect SQL credentials.
### How to restore LDAP backup
Backup script runs command `slapcat` to dump whole LDAP tree as a backup, it
must be so restored with command `slapadd`.
Below example shows how to restore a LDAP backup on RHEL/CentOS 6.x, files and
directories may be different on other Linux/BSD distributions, you can find
the correct ones in this tutorial:
[Locations of configuration and log files of mojor components](./file.locations.html#openldap).
* LDAP backups are stored under `/var/vmail/backup/ldap/[YEAR]/[MONTH]` by
default, for example, `/var/vmail/backup/ldap/2015/05/`. And it's compressed
with `bzip2` command to save disk space. we must decompress it first.
* Go to the backup directory, find the latest backup. here we use backup file
`2015-05-10-03:01:01.ldif.bz2` for example.
```
# cd /var/vmail/backup/ldap/2015/05/
# bunzip2 2015-05-10-03:01:01.ldif.bz2
# ls -l 2015-05-10-03:01:01.ldif
-rw-r--r-- 1 root root 7352 May 10 03:01 2015-05-10-03:01:01.ldif
```
* Find passwords for `cn=vmail,dc=xx,dc=xx` and `cn=vmailadmin,dc=xx,dc=xx`
in the root directory of iRedMail installation directory on __NEW__ iRedMail
server. for example, `/root/iRedMail-0.9.0/iRedMail.tips`. Notes:
* They're plain passwords, not hashed or encrypted.
* You can also find `cn=vmail`'s password in Postfix config files under
`/etc/postfix/mysql` (MySQL/MariaDB backend) or
`/etc/postfix/pgsql` (PostgreSQL backend).
* You can also find `cn=vmailadmin`'s password in
[iRedAdmin config file](./file.locations.html#iredadmin).
Below is sample copy in file `iRedMail.tips`.
```
OpenLDAP:
...
* LDAP bind dn (read-only): cn=vmail,dc=example,dc=com, password: py2BQwM0zoRM5nciK68AlP8dyu2Mq6
* LDAP admin dn (used for iRedAdmin): cn=vmailadmin,dc=example,dc=com, password: 9wr0mHeVYz2uaxSAGBLucVkOgYPSBB
```
* Now hash them with command `slappasswd`:
```
# slappasswd -h '{ssha}' -s 'py2BQwM0zoRM5nciK68AlP8dyu2Mq6' # <- cn=vmail's password
{SSHA}eJEO2yGVryVw+mZ/Qd2HMSyrl6u9WDhd
# slappasswd -h '{ssha}' -s 'py2BQwM0zoRM5nciK68AlP8dyu2Mq6' # <- cn=vmailadmin's password
{SSHA}lWt6zjOOUq+2WUmiAea2FXLB4oHMYvIb
```
* Open the backup file `2015-05-10-03:01:01.ldif` with your favourite text
editor, find `usePassword` line of `cn=vmail` and `cn=vmailadmin`.
__Important notes__:
* A line that begins with a SPACE denotes that the characters following the
space are part of the previous line.
* There're two colons after `userPassword` string (`userPassword::`).
Below is a sample copy in `2015-05-10-03:01:01.ldif`:
```
dn: cn=vmail,dc=iredmail,dc=org
...
userPassword:: e1NTSEF7F8AwbjVqeER1R1dXVmREN1RJU8NtdnFHN0hnekdWYzVHSG9iWEE9PQ= # <- remove this line
= # <- remove this line
...
dn: cn=vmailadmin,dc=iredmail,dc=org
userPassword:: e1NTSEF9alZi8E12dS9FNllaMktteFh7YkZham1mM3Jqc21cdEFsZjJIeEE9PQ= # <- remove this line
= # <- remove this line
...
```
Replace these two `userPassword` lines by the newly generated ssha passwords,
save your change, exit your text editor.
```
dn: cn=vmail,dc=iredmail,dc=org
...
userPassword: {SSHA}eJEO2yGVryVw+mZ/Qd2HMSyrl6u9WDhd
...
dn: cn=vmailadmin,dc=iredmail,dc=org
userPassword: {SSHA}lWt6zjOOUq+2WUmiAea2FXLB4oHMYvIb
...
```
__Important note__: There's only __ONE__ colon after `userPassword` string
(`userPassword:`).
* OpenLDAP service must be stopped while restoring backup. So we stop it first:
```
# /etc/init.d/ldap stop
```
* Remove all files under OpenLDAP data directory defined in LDAP config file
`slapd.conf` except one file (`DB_CONFIG`). For example:
```
# File: /etc/openldap/slapd.conf
...
database bdb
suffix dc=iredmail,dc=org
directory /var/lib/ldap/iredmail.org
...
```
So you should remove all files under directory `/var/lib/ldap/iredmail.org`
except `/var/lib/ldap/iredmail.org/DB_CONFIG`.
```
# cd /var/lib/ldap/iredmail.org/
# mv DB_CONFIG ~
# rm -rf /var/lib/ldap/iredmail.org/*
# mv ~/DB_CONFIG .
```
* Start OpenLDAP service immediately, then stop it again. it will help create
necessary files required by backend db (`dbd` in our case, `database dbd`).
```
# /etc/init.d/slapd start
# /etc/init.d/slapd stop
```
* Make sure OpenLDAP server is __NOT__ running, then restore backup LDIF file
with command `slapadd`.
```
# slapadd -f /etc/openldap/slapd.conf -l /path/to/backup/backup.ldif
```
* It's OK to start OpenLDAP server now. It may report errors like below:
```
# /etc/init.d/slapd start
Stopping slapd: [ OK ]
/var/lib/ldap/iredmail.org/mailMessageStore.bdb is not owned[WARNING]"
/var/lib/ldap/iredmail.org/objectClass.bdb is not owned by "[WARNING]
/var/lib/ldap/iredmail.org/mtaTransport.bdb is not owned by [WARNING]
/var/lib/ldap/iredmail.org/cn.bdb is not owned by "ldap" [WARNING]
/var/lib/ldap/iredmail.org/domainName.bdb is not owned by "l[WARNING]
/var/lib/ldap/iredmail.org/ou.bdb is not owned by "ldap" [WARNING]
/var/lib/ldap/iredmail.org/uid.bdb is not owned by "ldap" [WARNING]
/var/lib/ldap/iredmail.org/enabledService.bdb is not owned b[WARNING]
/var/lib/ldap/iredmail.org/homeDirectory.bdb is not owned by[WARNING]
/var/lib/ldap/iredmail.org/domainGlobalAdmin.bdb is not owne[WARNING]p"
/var/lib/ldap/iredmail.org/sn.bdb is not owned by "ldap" [WARNING]
/var/lib/ldap/iredmail.org/mail.bdb is not owned by "ldap" [WARNING]
/var/lib/ldap/iredmail.org/accountStatus.bdb is not owned by[WARNING]
/var/lib/ldap/iredmail.org/givenName.bdb is not owned by "ld[WARNING]
Checking configuration files for slapd: config file testing succeeded
[ OK ]
Starting slapd: [ OK ]
```
If you see above warning about improper file ownership, please set correct file
owner on newly created bdb files immediately, then restart OpenLDAP service:
```
# chown ldap:ldap /var/lib/ldap/iredmail.org/*.bdb
# /etc/init.d/ldap restart
```