I have tried this Howto and run into problems.
For once, I believe that it should be clear (since it wasn't for me, yet) that for this to work you need to reinstall a server from scratch and reconfigure the packages as they are installed, namely, you will have to input the right distinguished name for your LDAP server. This means that the LDAP database is created anew.
It is also important to note that by not including the /var/lib/ebox/CA, all your existing certificates will be invalid, as you effectively creating a new root certificate.
Taken directly from the HOW-TO:
The strategy is simple; instead of restoring a complete server, we will install a new one, and fetch the bits and pieces we need from a backup.
and
Now, simply install it (Zentyal). If you want, you can choose a different file system, or even switch "bitness" (32- or 64-bit.) Even though we will later restore users and passwords, that will not replace the Zentyal administrative user, so choose a username and password with care. If possible, choose the same server-name, adresses and subnets as before. Go through the entire install process, including installing and updating (if internet is still up) every piece of software you used before. After upgrading reboot the server to activate any new kernel. If you have your screenshot of installed components, great, install only those. If you don't, just install everything, you can uninstall stuff later. You do not have to configure any modules except for the network (to reach your backup-server) and the Webconfigurator, change its port from 443 to something else in System/General. Make sure that all installed modules are enabled.
So yes, I specifically state in several places this is indeed a new installation. That is in fact the point of it all. I also give a link to the post describing my futile attempts to restore a server using the Zentyal backup documentation.
Because of this (and probably a huge number of mistake from my part, as I wanted it to work effortlessly) I ended up with a borked server, completely useless.
I'm sad to hear that, but thank you for telling me. It is very, very strange. In theory that cannot happen. The only reason I can think of is that old files from previous backup sets from the default backup configuration have been restored, overwriting the new server's settings and system-files (like /etc, /var.). You should not be able to mess up the core of Zentyal by restoring stuff with the backup-settings from the HOW-TO, it only restores data-files. The worst that can happen, and it shouldn't, is that you lock yourself out of remote access with firewall-rules, but you should *always* be able to log in at the server itself.
The instructions have to be followed precisely. I've explained that this is indeed a new installation, and if you didn't read that, you may have overlooked some other things as well. I'd appreciate if you'd try again.
As for the certificates, you are indeed right. The base certificate will be recreated. I'm in the process of running a restore of a real physical server using 20+ VPN certificates onto a virtual server, I'll report back with my findings.
Trym, could you be a little bit more specific on what folders you backup and which ones you don't, as well as what packages do you install and which ones you have to configure?
These are the backup-settings for my server at home:
Include Path /etc/ppp/ip-up.d/trymddns
Include Path /etc/apache2/sites-available
Include Path /etc/ebox/hooks/firewall.postservice
Include Path /etc/ebox/hooks/ebackup.postservice
Include Path /scripts
Include Path /backup
Include Path /home
Include Path /srv
Include Path /var/vmail
Include Path /var/www
Exclude path /
It's running these modules: Network, firewall, antivirus, dhcp, DNS, backup, events, logs, e-mail filter, monitor, NTP, trafficshaping, users and groups, certificate authority, webserver, voip, jabber, e-mail, filesharing, http-proxy, usercorner, and groupware. (with approx 2GIG backup-file from Zarafa.)
(I wanted to switch to ext4 from LVM, so I did, using the procedure in the guide. New installation, restore everything, back in business. I'm shocked you didn't get it to work.)
Has anyone tested this process entirely? What's your experience?
Well, I have ;-), a ton of times, and I've never been able to completely destroy the restored server. The 'worst' I've been able to do is to make https-websites unaccessible, and that's only if the network adresses are different. (Certificate related, for sure.) That is only to be expected, which is why I recommend a simulated network environment in part 2.5, so you can use exactly the same network setup.
As for which modules have to be configured manually... as long as you use the same network adresses... using the modules above: Only the two already mentioned (network, webconfigurator https-port).
The modules which are restored are listed in the /scripts/restoreall script. (I've added more and more as I've tested each new addition. I must have made a mistake if indeed restoring certificates does not work. Note, we're not restoring the certificate-
files, we're telling Zentyal to re-create them.)
You are raising some valid points, and as stated I will go check them out immedately, but probably won't finish until tomorrow.
I'd appreciate if you'd try again, it really shouldn't be possible to ruin your configuration to the point that it doesn't work at all. Just pretend you know nothing, and follow it step by step. If it indeed does not work, I'll remove it entirely until I can find out why.
Bye for now, more tomorrow.
::Trym