Ticket created per:
13:58 < iewgni> Question: I see ipa-backup creates a files.tar containing /var/lib/ipa/ which contains old backups on disk that have not been purged. This can cause full disks after few backups. Is this known/intended/addressed? 14:36 < rcrit> iewgni, not intended. Can you open a ticket on this at https://fedorahosted.org/freeipa/
Example: Line from debug output of running 'ipa-backup -d' on freeipa-server-3.3.4-0.fc20.x86_64 shows tar command adding /var/lib/ipa to files.tar, which contains /var/lib/ipa/backups
2014-04-30T09:00:15Z DEBUG args=tar --xattrs --selinux -czf /tmp/tmpNDyT6aipa/ipa/files.t ar /usr/share/ipa/html /root/.pki /etc/pki/pki-tomcat /etc/sysconfig/pki /etc/httpd/alias /var/lib/pki /var/lib/ipa/sysrestore /var/lib/ipa-client/sysrestore /var/lib/sss/pubconf /krb5.include.d /var/lib/authconfig/last /var/lib/certmonger /var/lib/ipa /var/run/dirsrv /var/lock/dirsrv /etc/dirsrv/slapd-DOMAIN-COM /var/lib/dirsrv/scripts-DOMAIN-COM /va r/lib/dirsrv/slapd-DOMAIN-COM /etc/resolv.conf /etc/sysconfig/pki-tomcat /etc/sysconfig /dirsrv /etc/sysconfig/ntpd /etc/sysconfig/krb5kdc /etc/sysconfig/authconfig /etc/pki/nss db/cert8.db /etc/pki/nssdb/key3.db /etc/pki/nssdb/secmod.db /etc/nsswitch.conf /etc/krb5. keytab /etc/sssd/sssd.conf /etc/openldap/ldap.conf /etc/security/limits.conf /etc/httpd/c onf/password.conf /etc/httpd/conf/ipa.keytab /etc/httpd/conf.d/ipa-pki-proxy.conf /etc/ht tpd/conf.d/ipa-rewrite.conf /etc/httpd/conf.d/nss.conf /etc/httpd/conf.d/ipa.conf /etc/ss h/sshd_config /etc/ssh/ssh_config /etc/krb5.conf /etc/group /etc/passwd /etc/ipa/ca.crt / etc/ipa/default.conf /etc/dirsrv/ds.keytab /etc/ntp.conf /etc/samba/smb.conf /root/ca-age nt.p12 /root/cacert.p12 /var/kerberos/krb5kdc/kdc.conf /etc/systemd/system/multi-user.tar get.wants/ipa.service /etc/systemd/system/multi-user.target.wants/sssd.service /etc/syste md/system/multi-user.target.wants/certmonger.service /etc/systemd/system/pki-tomcatd.target.wants/pki-tomcatd@pki-tomcat.service /etc/sysconfig/dirsrv-DOMAIN-COM
Backups growing out of control:
1012 /var/lib/ipa/backup/ipa-data-2014-04-30-14-56-23 3204 /var/lib/ipa/backup/ipa-full-2014-04-11-15-29-32 7648 /var/lib/ipa/backup/ipa-full-2014-04-17-14-21-55 14088 /var/lib/ipa/backup/ipa-full-2014-04-18-02-01-22 29264 /var/lib/ipa/backup/ipa-full-2014-04-18-15-24-36 59020 /var/lib/ipa/backup/ipa-full-2014-04-19-02-00-19 117432 /var/lib/ipa/backup/ipa-full-2014-04-20-02-00-22 234456 /var/lib/ipa/backup/ipa-full-2014-04-21-02-00-28 468540 /var/lib/ipa/backup/ipa-full-2014-04-22-02-00-47 937592 /var/lib/ipa/backup/ipa-full-2014-04-23-02-01-15 1876308 /var/lib/ipa/backup/ipa-full-2014-04-23-11-30-06 3752724 /var/lib/ipa/backup/ipa-full-2014-04-24-02-05-41 7508768 /var/lib/ipa/backup/ipa-full-2014-04-25-02-11-02
Workaround of excluding /var/lib/ipa/backup from the tar command in ipa_backup.py:
[root@ipaserver ~]# diff -u /usr/lib/python2.7/site-packages/ipaserver/install/ipa_backup.py.bak.1398891754 /usr/lib/python2.7/site-packages/ipaserver/install/ipa_backup.py --- /usr/lib/python2.7/site-packages/ipaserver/install/ipa_backup.py.bak.1398891754 2014-01-28 00:12:54.000000000 -0800 +++ /usr/lib/python2.7/site-packages/ipaserver/install/ipa_backup.py 2014-04-30 14:06:29.430125103 -0700 @@ -459,6 +459,7 @@ self.log.info("Backing up files") args = ['tar', + '--exclude=/var/lib/ipa/backup', '--xattrs', '--selinux', '-czf',
Backport to Fedora too.
attachment freeipa-rga-0020-ipa-recursively-adds-old-backups.patch
Patch has been posted to mailing list.
master:
Metadata Update from @alazar: - Issue assigned to rga - Issue set to the milestone: FreeIPA 4.0 - 2014/06
Login to comment on this ticket.