<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">On 02/18/2015 12:17 PM, Cory Carlton
wrote:<br>
</div>
<blockquote
cite="mid:CAC3PCAJD-7TxE6Kve4hD27fJ9UvsCj5jo3O58mh8hzSSRNGvTw@mail.gmail.com"
type="cite">
<div dir="ltr">Hey all.
<div><br>
</div>
<div> We are in the process of essentially moving data centers
while additionally changing to new OS(rhel from centos) - so
we are building replica with master option servers to the new
networks. version 3.0.. its up and is working as any of our
instances.</div>
<div><br>
</div>
<div>Question is how or what do I need to bring over on the new
install -replica master(s) to ensure we have all the Original
master server information, keys, crt's, CA etc. before we can
shut it down for ever (+ a snapshot ;) )</div>
<div><br>
</div>
<div>we have struggled understanding exactly what to back up
since the 3.0 version is lacking backup scripts.</div>
<div><br>
</div>
<div><br>
</div>
<div>a thought, but not timely present would be to upgrade
everything in place then migrate, again not timed right for
us. </div>
<div><br>
</div>
<div>Thanks in advance.</div>
<div><br>
</div>
<div>Cory</div>
<div><br>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
</blockquote>
<br>
You need to make sure that at least one of the new replicas (better
two) acts as an IPA CA.<br>
You need to move CRL generation to one of the new replicas that are
CAs<br>
You need to move the certificate tracking from the old master to the
new replica with CA.<br>
<br>
After that you can decommission old master.<br>
<br>
All these procedures are documented on the wiki and RHEL docs. You
can also find some hints in these archives.<br>
<br>
Martin, do you think we need a combined wiki page that covers this
use case or we already have something like this?<br>
<br>
<pre class="moz-signature" cols="72">--
Thank you,
Dmitri Pal
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.</pre>
</body>
</html>