Sun OpenSSO Enterprise 8.0 Administration Guide

Chapter 15 Backing Up and Restoring Configuration Data

OpenSSO Enterprise creates and manages configuration and service management data in the embedded configuration datastore. If this data becomes corrupt or if some of it is missing, OpenSSO Enterprise will not function properly. Because of this, it is recommended that you backup your configuration datastore on a regular basis. Thus, in the event of a machine crash or other corrupting influence, you can restore the configuration data to its previous, non-corrupt state. This chapter describes the backup and restore procedures for the OpenSSO Enterprise server configuration data and contains the following sections.

Understanding Backup and Restore

OpenSSO Enterprise supports the following types of configuration datastores:


Caution – Caution –

The procedures in this chapter do not apply to the user datastore.


The backup and restore procedures are dependent on the following:

Backing Up the Configuration Datastore

This procedure describes how to back up the data contained the configuration datastore.

ProcedureTo Backup the Configuration Datastore

Before You Begin

Make sure that the configuration datastore is running, but there are no write procedures being sent to the configuration datastore.

  1. Export the service configuration data to an XML file using the ssoadm command line utility option export-svc-cfg. For example:

    $ cd sso_tools_dir

    $ ./ssoadm export-svc-cfg –u username –f password file location –e key to encyrpt password –o XML-backup-file


    Note –

    If multiple servers are configured to share the same configuration store, the step is only required to be executed once on one of the servers.


  2. Move XML-backup-file (from the previous step) to a secure location.

    It is recommended to also create an MD5 hash of this file and to store it in a secure location. Use the hash file for future verification.

Restoring the Configuration Data Store

This section contains instructions to restore saved configuration data to the OpenSSO Enterprise configuration data store or the Directory Server configuration data store. Restoration of the configuration data can be done by loading an XML file or through directory replication. There are two methods to restore the configuration data for the OpenSSO configuration data store:

Loading XML

Use this option if there is only one OpenSSO Enterprise instance and it is corrupted or, multiple servers are configured to share the same configuration datastore and all instances are corrupted.

Directory Replication

Use this option in the case where multiple OpenSSO Enterprise instances are configured to share the same configuration datastore and at least one of the instances is uncorrupted.

This section contains the following procedures.


Tip –

In cases where the default OpenSSO Enterprise configuration data store is used, check its status by running ssoadm embedded-status on the command line. This will help to determine the proper restoration procedure to use. See Chapter 1, ssoadm Command Line Interface Reference, in Sun OpenSSO Enterprise 8.0 Administration Reference for more information.


ProcedureTo Restore the Embedded Configuration Datastore by Loading XML

Use this option if there is only one OpenSSO Enterprise instance and it is corrupted or, multiple servers are configured to share the same configuration datastore and all instances are corrupted. If multiple instances of OpenSSO Enterprise are configured to share the same configuration datastore, repeat steps 1 through 4 on each instance first and then do step 5 and step 6.

  1. Stop all instances of OpenSSO Enterprise.

  2. Remove all files and directories from the existing configuration directory.

    $ rm -rf configuration_directory

  3. Restart all instances of OpenSSO Enterprise.

  4. Reconfigure the OpenSSO Enterprise web application by accessing the OpenSSO Enterprise configurator.

    All configuration attributes must be redefined as they were originally defined. For the configuration of the second and all succeeding OpenSSO Enterprise instances, choose the Add to Existing Deployment option during configuration and point it to the first instance.

  5. Import the saved service configuration data to the configuration datastore using the ssoadmin command line utility option import-svc-cfg.

    ./ssoadm import-svc-cfg -u username -f password_file_location -e key_to_enctrypt_password -X backup_xml_file

    In the case of the multiple server configuration, this step only needs to be done once.

  6. Restart all OpenSSO Enterprise instances.

ProcedureTo Restore by Replication of the OpenSSO Configuration Data store

Before You Begin

Use this option in the case where multiple OpenSSO Enterprise instances are configured to share the same configuration datastore and at least one of the instances is uncorrupted.

  1. Log in to the console of an uncorrupted instance of OpenSSO Enterprise as administrator.

  2. Remove the corrupted OpenSSO Enterprise instance(s) from the platform server list.

    The de-provisioning of the OpenSSO configuration datastore node will take effect after all the OpenSSO servers are restarted.

  3. Remove all files and directories from the existing configuration directory for all corrupted instances of OpenSSO Enterprise.

    $ rm -rf configuration_directory

  4. Restart all instances of OpenSSO Enterprise including those that are corrupted.

  5. Reconfigure the OpenSSO Enterprise web application on the corrupted OpenSSO Enterprise instance by accessing the OpenSSO Enterprise configurator.

    All configuration attributes must be redefined as they were originally defined.

  6. Import the saved service configuration data to the configuration datastore using the ssoadm command line utility option import-svc-cfg.

    ./ssoadm import-svc-cfg -u username -f password_file_location -e key_to_enctrypt_password -X backup_xml_file

    In the case of the multiple server configuration, this step only needs to be done once.

  7. Restart all OpenSSO Enterprise instances.

ProcedureTo Restore the Directory Server Configuration Datastore by Loading XML

Use this option if there is only one OpenSSO Enterprise instance and it is corrupted or, multiple servers are configured to share the same configuration datastore and all instances are corrupted. If multiple instances of OpenSSO Enterprise are configured to share the same configuration datastore, repeat steps 1 through 4 on each instance first and then do step 5 and step 6.

  1. Stop all OpenSSO Enterprise instances.

  2. Remove all files and directories from the existing configuration directory.

    $ rm -rf configuration_directory

  3. Confirm that the Directory Server configuration datastore is up and running with no OpenSSO Enterprise service configuration.

  4. Reconfigure the OpenSSO Enterprise web application by accessing the OpenSSO Enterprise configurator.

    All configuration attributes must be redefined as they were originally defined. For the configuration of the second and all succeeding OpenSSO Enterprise instances, choose the Add to Existing Deployment option during configuration and point it to the first instance.

  5. (Optional) Repeat these steps on each instance of OpenSSO Enterprise that is configured to share the same Directory Server configuration datastore.

  6. Import the saved service configuration data to the configuration datastore using the ssoadmin command line utility option import-svc-cfg.

    ./ssoadm import-svc-cfg –u username -f password_file_location –e key_to_enctrypt_password -X backup_xml_file

    In the case of the multi-server configuration, this step only needs to be done once.

  7. Restart all OpenSSO Enterprise instances.

ProcedureTo Restore by Replication of the Directory Server Configuration Datastore

Before You Begin

Use this option in the case where multiple OpenSSO Enterprise instances are configured to share the same configuration datastore and at least one of the instances is uncorrupted.

  1. Log in to the console of an uncorrupted instance of OpenSSO Enterprise as administrator.

  2. Remove the corrupted OpenSSO Enterprise instance(s) from the platform server list.

    The de-provisioning of the OpenSSO configuration datastore node will take effect after all the OpenSSO servers are restarted.

  3. Remove all files and directories from the existing configuration directory for all corrupted instances of OpenSSO Enterprise.

    $ rm -rf configuration_directory

  4. Restart all of the OpenSSO Enterprise servers including those that are corrupted.

  5. Reconfigure the OpenSSO Enterprise web application by accessing the OpenSSO Enterprise configurator.

    All configuration attributes must be redefined as they were originally defined.

  6. Import the saved service configuration data to the configuration datastore using the ssoadm command line utility option import-svc-cfg.

    ./ssoadm import-svc-cfg -u username -f password_file_location -e key_to_enctrypt_password -X backup_xml_file

    In the case of the multi-server configuration, this step only needs to be done once.

  7. Restart all OpenSSO Enterprise instances.