Here are some backup notes for LDS
Landscape uses several PostgreSQL databases and needs to keep them consistent. For example, if a computer is removed from LDS, more than one database needs to be updated.
For that reason, running something like pg_dumpall won't guarantee the consistency of the backup, because while the dump process does lock all tables in the database being backed up, it doesn't care about the other ones at that time. The result will likely be an inconsistent backup.
There are two solutions for that:
- hot backups: using things like WAL files (Write Ahead Log) from postgresql, and/or filesystem snapshots, it's possible to take a consistent image of all the databases at a given time.
offline backups: disable the Landscape service and do the normal backup with pg_dump or pg_dumpall. This has the problem of creating a downtime. Depending on how big the databases are, it can be just a few minutes, or about half an hour for a database with several thousand computers.
The PostgreSQL documentation is quite extensive on backup procedures, we recommend that administrators tasked with database backups read and understand it: http://www.postgresql.org/docs/8.4/interactive/backup.html (or http://www.postgresql.org/docs/9.1/interactive/backup.html for PostgreSQL 9.1)
Bear in mind that LDS can be deployed using several servers, so when you are taking the offline backup route, remember to disable all the Landscape services on all server machines!
/etc/landscape: configuration files and the LDS license
/etc/default/landscape-server: file to configure which services will start on this machine
/var/lib/landscape/hash-id-databases: these files are recreated by a weekly cron job, which can take several minutes to run, so backing them up can save time
/etc/apache2/sites-available/: the Landscape Apache vhost configuration file, usually named after the FQDN of the server
/etc/ssl/certs/: the Landscape server X509 certificate is in there
/etc/ssl/private/: the Landscape server X509 key file
/etc/ssl/certs/landscape_server_ca.crt: if in use, this is the CA file for the internal CA used to issue the Landscape server certificates. Clients need to have this file in that case
/etc/postgresql/8.4/main/: postgresql configuration files, in particular postgresql.conf for the tuning and pg_hba.conf for the access rules. These files may be in a separate host, dedicated to the database (use 9.1 for PostgreSQL version 9.1)
/var/log/landscape: all the LDS log files