[Freeipa-users] Fwd: Scorched earth
Bret Wortman
bret.wortman at damascusgrp.com
Wed Aug 28 14:16:20 UTC 2013
Ugh. Well that certainly hurts, but I just don't see an alternative. I hope
Puppet can at least make the re-enrollment a bit easier.
I'm still hand-copying some of the configuration and user group details and
crafting the load scripts so if anyone has a bright idea in the next few
hours, I'd love to hear it!
*
*
*Bret Wortman*
http://damascusgrp.com/
http://about.me/wortmanbret
On Wed, Aug 28, 2013 at 9:56 AM, Rob Crittenden <rcritten at redhat.com> wrote:
> Bret Wortman wrote:
>
>> Today, I'm going to wipe my master, install f18 from scratch, then
>> install the freeipa-server RPMs again and manually load all our hosts,
>> dns entries, and users from scratch (I'm building scripts to do this for
>> me using the command line tools). We'll then do the same for each
>> replica so that our system will basically be starting clean again.
>>
>> Are there any files that I really ought to back up and restore as part
>> of this effort, like certificates, that might make it easier for clients
>> to deal with us after the master comes back on line? Or am I safe to
>> just nuke the box and start clean?
>>
>
> You'll end up with a new CA so you'll need to re-enroll any client
> machines. Browsers will see the most grief as there will be a different CA
> with the same subject.
>
> Depending on how you are migrating your users they will all likely need to
> reset their passwords, or go through the migration step.
>
> rob
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20130828/b5a4bfb6/attachment.htm>
More information about the Freeipa-users
mailing list