Red Hat Summit Red Hat SummitSupportConsoleDevelopersStart a trialContact

Chapter 7. Managing data loss

Respond to data loss events by isolating affected servers or manually restoring lost information. You can determine the appropriate recovery method based on whether the data loss is isolated to specific replicas or has propagated across the entire environment.

7.1. Responding to isolated data loss
Copy link

If the data loss occurs, minimize the spread of corrupted data by immediately isolating the affected servers from the replication topology and replacing them with new replicas created from the remaining healthy servers.

Prerequisites

Procedure

  1. To limit replicating the data loss, disconnect all affected replicas from the rest of the topology by removing their replication topology segments.

    1. Display all domain replication topology segments in the deployment. 

      [root@server ~]# ipa topologysegment-find
      Copy to Clipboard Toggle word wrap 
      Suffix name: domain
------------------
8 segments matched
------------------
  Segment name: segment1
  Left node: server.example.com
  Right node: server2.example.com
  Connectivity: both

...

----------------------------
Number of entries returned 8
----------------------------
      Copy to Clipboard Toggle word wrap

    2. Delete all domain topology segments involving the affected servers. 

      [root@server ~]# ipa topologysegment-del
      Copy to Clipboard Toggle word wrap 
      Suffix name: domain
Segment name: segment1
-----------------------------
Deleted segment "segment1"
-----------------------------
      Copy to Clipboard Toggle word wrap

    3. Identify the ca topology segments that involve the restored server. 

      [root@server ~]# ipa topologysegment-find
      Copy to Clipboard Toggle word wrap 
      Suffix name: ca
------------------
1 segments matched
------------------
  Segment name: ca_segment
  Left node: server.example.com
  Right node: server2.example.com
  Connectivity: both
----------------------------
Number of entries returned 1
----------------------------
      Copy to Clipboard Toggle word wrap

    4. Delete all ca topology segments that involve the restored server. 

      [root@server ~]# ipa topologysegment-del
      Copy to Clipboard Toggle word wrap 
      Suffix name: ca
Segment name: ca_segment
-----------------------------
Deleted segment "ca_segment"
-----------------------------
      Copy to Clipboard Toggle word wrap
  2. The servers affected by the data loss must be abandoned. To create replacement replicas, see Recovering multiple servers with replication.

Respond to known, limited data loss that has propagated to all replicas, such as an accidental deletion. You can manually re-add the missing information to the database using a backup or a Virtual Machine (VM) snapshot.

Prerequisites

  • A Virtual VM snapshot or IdM backup of an IdM server that contains the lost data.

Procedure

  1. If you need to review any lost data, restore the VM snapshot or backup to an isolated server on a separate network.
  2. Add the missing information to the database using ipa or ldapadd commands.

Respond to severe or unknown data loss that has affected every replica in the deployment. You can restore an Identity Management (IdM) Certificate Authority (CA) server from a Virtual Machine (VM) snapshot to a known good state and use it to deploy an entirely new environment.

Prerequisites

  • A VM snapshot contains the lost data.

Procedure

  1. Restore an IdM Certificate Authority (CA) Replica from a VM snapshot to a known good state, and deploy a new IdM environment from it. See Recovering from only a VM snapshot.
  2. Add any data created after the snapshot was taken using ipa or ldapadd commands.
Red Hat logoGithubredditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust. Explore our recent updates.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

Theme

© 2026 Red HatBack to top