#4331 ipa-backup recursively adds old backups from /var/lib/ipa/backup
Closed: Fixed None Opened 8 years ago by alazar.

Ticket created per:

13:58 < iewgni> Question: I see ipa-backup creates a files.tar containing /var/lib/ipa/ which contains old backups on disk that have not been purged.  This can cause full disks after few backups.  Is this known/intended/addressed?
14:36 < rcrit> iewgni, not intended. Can you open a ticket on this at https://fedorahosted.org/freeipa/

Example:
Line from debug output of running 'ipa-backup -d' on freeipa-server-3.3.4-0.fc20.x86_64 shows tar command adding /var/lib/ipa to files.tar, which contains /var/lib/ipa/backups

2014-04-30T09:00:15Z DEBUG args=tar --xattrs --selinux -czf /tmp/tmpNDyT6aipa/ipa/files.t
ar /usr/share/ipa/html /root/.pki /etc/pki/pki-tomcat /etc/sysconfig/pki /etc/httpd/alias
 /var/lib/pki /var/lib/ipa/sysrestore /var/lib/ipa-client/sysrestore /var/lib/sss/pubconf
/krb5.include.d /var/lib/authconfig/last /var/lib/certmonger /var/lib/ipa /var/run/dirsrv
 /var/lock/dirsrv /etc/dirsrv/slapd-DOMAIN-COM /var/lib/dirsrv/scripts-DOMAIN-COM /va
r/lib/dirsrv/slapd-DOMAIN-COM /etc/resolv.conf /etc/sysconfig/pki-tomcat /etc/sysconfig
/dirsrv /etc/sysconfig/ntpd /etc/sysconfig/krb5kdc /etc/sysconfig/authconfig /etc/pki/nss
db/cert8.db /etc/pki/nssdb/key3.db /etc/pki/nssdb/secmod.db /etc/nsswitch.conf /etc/krb5.
keytab /etc/sssd/sssd.conf /etc/openldap/ldap.conf /etc/security/limits.conf /etc/httpd/c
onf/password.conf /etc/httpd/conf/ipa.keytab /etc/httpd/conf.d/ipa-pki-proxy.conf /etc/ht
tpd/conf.d/ipa-rewrite.conf /etc/httpd/conf.d/nss.conf /etc/httpd/conf.d/ipa.conf /etc/ss
h/sshd_config /etc/ssh/ssh_config /etc/krb5.conf /etc/group /etc/passwd /etc/ipa/ca.crt /
etc/ipa/default.conf /etc/dirsrv/ds.keytab /etc/ntp.conf /etc/samba/smb.conf /root/ca-age
nt.p12 /root/cacert.p12 /var/kerberos/krb5kdc/kdc.conf /etc/systemd/system/multi-user.tar
get.wants/ipa.service /etc/systemd/system/multi-user.target.wants/sssd.service /etc/syste
md/system/multi-user.target.wants/certmonger.service /etc/systemd/system/pki-tomcatd.target.wants/pki-tomcatd@pki-tomcat.service /etc/sysconfig/dirsrv-DOMAIN-COM

Backups growing out of control:

1012    /var/lib/ipa/backup/ipa-data-2014-04-30-14-56-23
3204    /var/lib/ipa/backup/ipa-full-2014-04-11-15-29-32
7648    /var/lib/ipa/backup/ipa-full-2014-04-17-14-21-55
14088   /var/lib/ipa/backup/ipa-full-2014-04-18-02-01-22
29264   /var/lib/ipa/backup/ipa-full-2014-04-18-15-24-36
59020   /var/lib/ipa/backup/ipa-full-2014-04-19-02-00-19
117432  /var/lib/ipa/backup/ipa-full-2014-04-20-02-00-22
234456  /var/lib/ipa/backup/ipa-full-2014-04-21-02-00-28
468540  /var/lib/ipa/backup/ipa-full-2014-04-22-02-00-47
937592  /var/lib/ipa/backup/ipa-full-2014-04-23-02-01-15
1876308 /var/lib/ipa/backup/ipa-full-2014-04-23-11-30-06
3752724 /var/lib/ipa/backup/ipa-full-2014-04-24-02-05-41
7508768 /var/lib/ipa/backup/ipa-full-2014-04-25-02-11-02

Workaround of excluding /var/lib/ipa/backup from the tar command in ipa_backup.py:

[root@ipaserver ~]# diff -u /usr/lib/python2.7/site-packages/ipaserver/install/ipa_backup.py.bak.1398891754 /usr/lib/python2.7/site-packages/ipaserver/install/ipa_backup.py
--- /usr/lib/python2.7/site-packages/ipaserver/install/ipa_backup.py.bak.1398891754      2014-01-28 00:12:54.000000000 -0800
+++ /usr/lib/python2.7/site-packages/ipaserver/install/ipa_backup.py     
2014-04-30 14:06:29.430125103 -0700
@@ -459,6 +459,7 @@

         self.log.info("Backing up files")
         args = ['tar',
+                '--exclude=/var/lib/ipa/backup',
                 '--xattrs',
                 '--selinux',
                 '-czf',

Backport to Fedora too.

Patch has been posted to mailing list.

master:

  • 9f2c470 ipa recursively adds old backups

Metadata Update from @alazar:
- Issue assigned to rga
- Issue set to the milestone: FreeIPA 4.0 - 2014/06

5 years ago

Login to comment on this ticket.

Metadata