Authentication related data required for protocols cluster DR
Authentication data that is necessary in a disaster recovery scenario is as follows.
The following authentication-related CCR file needs to be backed up for disaster recovery:
- authccr
File authentication-related data
The following
CCR variable needs to be backed up for file authentication:
- FILE_AUTH_TYPE
Depending on the file authentication scheme that you are using, more files need to be backed up.
LDAP for file authentication:
- SSSD_CONF
- LDAP_CONF
- KRB5_CONF 1
- KRB5_KEYTAB 1
- LDAP_TLS_CACERT 1
Active Directory (AD) for file authentication:
- KRB5_CONF
- KRB5_KEYTAB 1
NIS for file authentication:
- SSSD_CONF
- YP_CONF
Note: 1 This file is not always present.
Object authentication-related data
The object authentication-related files in CCR that need to be backed up are as follows:
- keystone.conf
- keystone-paste.ini
- logging.conf
- wsgi-keystone.conf
- ks_ext_cacert.pem
- keystone_ssl.tar
- authccr
The object authentication-related variables in CCR that need to be backed up are as follows:
- OBJECT_AUTH_TYPE
- PREV_OBJECT_AUTH_TYPE
This variable might not be present if the authentication type did not change.
- OBJECT_IDMAPDELETE
- ks_db_type
- ks_db_user
- ks_dns_name