This chapter shows how to backup and restore OpenAM configuration data. This chapter does not cover backup and restore of user data, which in a critical production system should be stored separately.
Procedure 15.1. To Back Up OpenAM Configuration
OpenAM stores service configuration data in a directory. During normal production operations, you rely on directory replication to maintain multiple, current copies of OpenAM service configuration. For disaster recovery, however, you backup to and restore the service configuration from XML, using the ssoadm command.
-
Backup OpenAM service configuration using the ssoadm command.
$ ssoadm export-svc-cfg -u amadmin -e fZatIu68OiqccJMXosSRyVjMsWJIx+SA -f /tmp/pwd.txt -o ~/backup-`date -u +%F-%m-%S`.xml Service Configuration was exported.
In this example, the secret key for encrypting the password in
-e fZatIu68OiqccJMXosSRyVjMsWJIx+SAwas taken from the Password Encryption Key field in the OpenAM console under Configuration > Servers and Sites >Server Name> Security. -
Stop OpenAM.
-
Back up the instance file that points to the configuration directory.
This file is named after the instance location, such as
$HOME/.openamcfg/AMConfig_path_to_tomcat_webapps_openam_, where $HOME is the home directory of the user running the web container where OpenAM is deployed. -
Back up the files in the configuration directory.
The content of the file you backed up in the previous step is the path to the configuration directory, such as
$HOME/openam. -
Start OpenAM.
Procedure 15.2. To Restore OpenAM Configuration
The following steps restore OpenAM configuration data from backup as described in Procedure 15.1, “To Back Up OpenAM Configuration”.
![[Tip]](common/images/admon/tip.png) |
Tip |
|---|---|
|
If using the default OpenAM configuration data store, run ssoadm embedded-status to check the data store status to determine whether you must restore the configuration files including the embedded data store, or only the service configuration. |
-
Deploy the OpenAM web application as you did for installation, but do not start OpenAM or configure it.
In a site configuration, perform this step on all servers.
-
Restore files in the configuration directory as necessary.
In a site configuration, perform this step on all servers.
-
Restore the bootstrap files as necessary.
In a site configuration, perform this step on all servers.
-
Start OpenAM.
In a site configuration, perform this step on all servers before proceeding.
-
Restore OpenAM service configuration using the ssoadm command.
$ ssoadm import-svc-cfg -u amadmin -e fZatIu68OiqccJMXosSRyVjMsWJIx+SA -f /tmp/pwd.txt -X ~/backup-2011-09-13-09-00.xml Directory Service contains existing data. Do you want to delete it? [y|N] y Please wait while we import the service configuration... Service Configuration was imported.
In a site configuration, you perform this step only once.
If the password for
amadminhas been changed through the OpenAM console, then use the bind password for the root DN of the configuration store. -
Restart OpenAM.
In a site configuration, perform this step on all servers.
