Overview#

We wrote a script to do NAM Access Manager backup so it is a little more convenient.

/root/backup/wambackup.sh

More Information#

There might be more information for this subject on one of the following:

• NAM 3.1.3-273
• NAM Access Manager
• NAM Administration
• NAM SP3
• NAM SP4

Cron#

We added a soft link to /root/backup/wambackup.sh in :/etc/cron.daily

This allows the job to run every day.

What the script does#

The script does this:

• Change to the /opt/novell/devman/bin directory.
• Run the following command from root: ./anf-ambkup.sh.
• Sets various "default" values for parameters
• Puts a dated backup file in the /root/backup/ directory
• Puts a dated log file in the /root/backup/ directory
• Creates /root/backup/YYYY-MM-dd-wambackup-jsp.tgz with the JSP files.
• Change to the /root/backup/ directory

Modified Provided Script Files#

We edited some of the Novell supplied files and so we added the "anf-" to the front of the following "standard" Novell scripts: {noformat} /opt/novell/devman/bin/anf-ambkup.sh /opt/novell/devman/bin/anf-defbkparm.sh /opt/novell/devman/bin/anf-getparams.sh {noformat}

Script Files#

• wambackup.sh - Used to get to the other scripts
• anf-defbkparm.sh - Most parameters/variables are in this
• anf-getparams.sh - Gathers local information form the server the script is running on.
• anf-ambkup.sh - The actual work is done in this script.

{warning:title=Restore Information} The file expects the LDIF; which is within the "ZIP" file to be the SAME name as the backup file less the extension. So DO NOT rename the backup file or you will have issues if you try to restore. Use the Novell Supplied Scripts for restores! {warning}

Backup Logs#

The script writes a /root/backup/YYYY-MM-dd-wambackup.log file each time the script runs. This file should be monitored to see thta the backup is functioning. Typical successful output is shown below:

==============================================================
   C o n f i g u r a t i o n   B a c k u p   U t i l i t y    
==============================================================
- - - - - - - - - - - Performing back up - - - - - - - - - - -
Tue Sep 30 12:01:35 EDT 2008
- - - - - - - - - - - - - - -  - - - - - - - - - - - - - - - -
Novell Import Convert Export utility for Novell eDirectory  
version: 20112.86 
Copyright 2000-2005 Novell, Inc.  All rights reserved.  U.S. Patent No. 6,915,287.
Source Handler: ICE LDAP handler for Novell eDirectory (version: 20112.86 )
Destination Handler: ICE LDIF handler for Novell eDirectory (version: 20112.86 )
Start time: Tue Sep 30 12:01:36 2008

Press control-C to exit
Operation in progress ... 

. . . . 

Total entries processed: 421
Total entries failed: 0
End time: Tue Sep 30 12:01:36 2008

Total Time:  0:00:01.641
Time per entry: 00:00.003
We are not in DHost. pid = -1208936744
--------------------------------------------------------------
Backup Complete
Backup file:
  Configuration and Certificate information:   /root/backup/2008-09-30-wambackup.zip
-rw-r--r-- 1 root root 4374966 Sep 30 12:01 /root/backup/2008-09-30-wambackup.zip
--------------------------------------------------------------
==============================================================
   JSP   B a c k u p   U t i l i t y    
==============================================================
/opt/novell/nids/lib/webapp/jsp/
/opt/novell/nids/lib/webapp/jsp/IdentityAccessEditor.jsp
/opt/novell/nids/lib/webapp/jsp/IdentityAccessEditor.js
/opt/novell/nids/lib/webapp/jsp/createacct.jsp
/opt/novell/nids/lib/webapp/jsp/banner.jsp
/opt/novell/nids/lib/webapp/jsp/IdentityAccessEditorBody.jsp
/opt/novell/nids/lib/webapp/jsp/IdentityAccessEditorFooter.jsp
/opt/novell/nids/lib/webapp/jsp/IdentityAccessEditorHeader.jsp
/opt/novell/nids/lib/webapp/jsp/IdentityEditor.js
/opt/novell/nids/lib/webapp/jsp/IdentityEditor.jsp
/opt/novell/nids/lib/webapp/jsp/IdentityEditorBody.jsp
/opt/novell/nids/lib/webapp/jsp/IdentityEditorFooter.jsp
/opt/novell/nids/lib/webapp/jsp/IdentityEditorHeader.jsp
/opt/novell/nids/lib/webapp/jsp/Interaction.js
/opt/novell/nids/lib/webapp/jsp/authentications.jsp
/opt/novell/nids/lib/webapp/jsp/expiredpwd.jsp
/opt/novell/nids/lib/webapp/jsp/err.jsp
/opt/novell/nids/lib/webapp/jsp/logoutSuccess.jsp
/opt/novell/nids/lib/webapp/jsp/fedconsent.jsp
/opt/novell/nids/lib/webapp/jsp/federations.jsp
/opt/novell/nids/lib/webapp/jsp/home.jsp
/opt/novell/nids/lib/webapp/jsp/idplogin.jsp
/opt/novell/nids/lib/webapp/jsp/interaction.jsp
/opt/novell/nids/lib/webapp/jsp/nmaslogin.jsp
/opt/novell/nids/lib/webapp/jsp/main.jsp
/opt/novell/nids/lib/webapp/jsp/nav.jsp
/opt/novell/nids/lib/webapp/jsp/nidp.js
/opt/novell/nids/lib/webapp/jsp/radiuslogin.jsp
/opt/novell/nids/lib/webapp/jsp/novell.js
/opt/novell/nids/lib/webapp/jsp/postit1.jsp
/opt/novell/nids/lib/webapp/jsp/login.jsp.orig
/opt/novell/nids/lib/webapp/jsp/saml2post.jsp
/opt/novell/nids/lib/webapp/jsp/logout.jsp
/opt/novell/nids/lib/webapp/jsp/logoutSuccess.jsp.orig
/opt/novell/nids/lib/webapp/jsp/login.3sp3ir2.jsp
/opt/novell/nids/lib/webapp/jsp/secretstore.jsp
/opt/novell/nids/lib/webapp/jsp/logout.3sp3ir2.jsp
/opt/novell/nids/lib/webapp/jsp/login.jsp
  JSP file information:   /root/backup/2008-09-30-wambackup-jsp.tgz

Backup JSPs#

Since A&F uses "branded" JSP files, be sure to back up these files. All JSPs are overwritten by the upgrade process. Be sure to save any custom JSPs before performing upgrade.

The JSPs are backed up daily within the backup scripts.

• Note:* in SP3 the JSPs changed and will probably need to be re-done.

the following command will create a backup of the JSP files.

tar cvzf /root/backups/2008-07-15-opt-novell-nids-lib-webapp-jsp.tgz /opt/novell/nids/lib/webapp/jsp 

Backup Files#

All backup files are in the /root/backup directory on su-wamappprd01.

• YYYY-MM-DD-wambackup.zip - Contains the primary file in the same format that the unmodified scripts would create.
• YYYY-MM-DD-wambackup-custom.zip - All custom JSPs, Images, css, and other custom files.
• YYYY-MM-DD-wambackup.log - Log of what happened.

{warning:title=Purge Backup Files} As we understand things, the IDP server are backed up on a regular basis. The files should be off on tape stoarge. The current scripts do NOT erase old files so you need to! Use the Novell Supplied Scripts for restores! {warning}

Restore Process#

Consult the latest appropriate Novell Documentation.

Restore of TEST 7/30/2008 #

Messed up the certs on the Identity Server and lost access to the Administration Console. Did a restore of Identity Server from ambckup file. Very Scary process, Followed process here: http://www.novell.com/documentation/novellaccessmanager/adminguide/index.html?page=/documentation/novellaccessmanager/adminguide/data/b5ve1by.html

There was an issue with the backup file. The file expects the LDIF to be the SAME name as the backup file less the extension. So DO NOT rename the backup file or you will have issues. We opened the ZIP file and found the file name to be ".LDIF". Renamed the LDIF file and then the restore worked. Not sure why the LDIF ended up blank name. Any way it did work. We did re-install the Identity Server. Had to:

• remove the IDS from cluster.
• Delete the IDS from Administration Console.
• Un-installed IDS form /root/Documents/nam-sp3.
• Re-installed IDS form /root/Documents/nam-sp3

All this did work, but too many steps... too many chances for errors. Scary.

More Information#

There might be more information for this subject on one of the following:

• NAM 3.1.3-273
• NAM Access Manager
• NAM Administration
• NAM SP3
• NAM SP4