[FEATURE_REQUEST]: Restoring virtualmin backup fails when using LDAP for accounts

Dear team,

Basically this is a feature request, but might be something worth considering. When you want to have a hot standby machine that interacts via LDAP (two ldap instances, synchronised with eachother), it is impossible to restore a virtualmin backup because the 'user' already exists.

virtualmin restore-domain --source ~remko/jrhosting.tbz/testjrhosting.nl.tar.gz --all-domains --all-features --continue-on-error --skip-warnings

Checking for missing features .. .. all features in backup are supported

Starting restore.. Extracting backup archive file .. .. done

Re-creating virtual server testjrhosting.nl .. .. a clash was detected : A unix user named testjrhosting already exists - try selecting a different administration username

Restore failed!

What am I trying to achieve? I want to split services and want to use my master Virtualmin install to create the appropriate directory structure on different virtualmin nodes (so that I can say: mail goes to box1, www goes to box2 etc.). I do realise that when I replicate this over lets say 10 machines, I get the same directory structure on 2, 4, 5, etc. different machines, but with proper administration and automation that doesn't matter that much at this stage.

I want to use the remote.cgi API but I run into the fact that the virtualmin user does not exist on the remote server(s). When trying to create the user via the API I run into the problem that the user already exists and it does not seem possible to skip the unixuser creation and just create the directory structure and services.

Can such a feature be added to Virtualmin to ignore the unixcreation itself and use existing credentials which is already available via LDAP?

Thanks, Remko

Status: 
Active

Comments

I'd be interested to learn more about your machine setup here -do you have multiple systems running virtualmin and sharing the same LDAP server? And could the same domain be on several systems at the same time?

Hi Jamie,

As a matter of fact, yes. I have one PRO machine and one gpl instance, and ~20 machines that rely on the same LDAP information (mail relays, ftp servers, mail servers (dovecot and authenticated email), webservers, etc).

So, one domain can be WWW hosted on machine X, while the mail can be on machine Y. (both under control of virtualmin at this stage), machine X can be serviced by FTP server Z, while the machine Y can be serviced by FTP server A. and so on. Currently we are setting this up manually and I copy around the vhost configuration for example for Apache between the hosts. On the mailservers I make sure the same paths are available (by hand) so that dovecot can deliver email on the same place etc.

Ultimately I want to use the Virtualmin API between all machines to automatically provision Web, Mail, FTP, etc between all hosts (yes there will be redundant information between systems, but that is OK at this stage).

Does that help?

Remko

Wouldn't it be better to just create the Virtualmin domains on a single system with users stored in LDAP, and then use post-creation scripts to perform other setup on the mail / FTP servers? That way you wouldn't ever have the situation of the same Virtualmin domain (and thus users) existing on multiple systems at once.

That is a potential option. Sadly you need elevated privileges to do this sort of creation remotely or write a complex piece of code that writes a standard configuration file to some place, which is picked up every X time by a cronjob and is then processed. The Virtualmin API is more elegant in that regard.

Yes, I think you'd need to allow remote root SSH access to your other systems from the Virtualmin machine.

I'd recommend going with this approach, as Virtualmin isn't really designed for creating the same domain on multiple systems that share users/groups or storage.

I'm experiencing the same glitch, but on one server.

I'm trying to restore a backup of my virtualmin virtual servers (because the upgrade from debian 6 to 7 failed since it required Centos 6 and I was stuck on Centos 5). The restore is failing because the LDAP users (I'm using "LDAP Users and Groups" to hold my domain email users) already exist.

Here's my full details on this forum post: https://www.virtualmin.com/node/31921

Worried about a restore possibly clobbering existing mailboxes containing 1 GB of mail, and/or apache websites.

Right now virtualmin's showing 0 virtual servers. Only the webmin interface of virtualmin contains valid information. Virtualmin is acting as if it's empty, yet the apache websites, and email accounts, are still working. Virtualmin isn't allowing you to create any new email mailbox under virtrual servers because virtualmin doesn't detect the virtual servers.

Would love to know your thoughts on a simple workaround to accomplish a non-destructive restore of the virtualmin virtual servers.