[Freeipa-users] Upgrade/Migration steps
Joshua J. Kugler
joshua at azariah.com
Wed Jun 19 00:09:26 UTC 2013
We are migrating from an ancient FreeIPA 2.0 server to a 3.1.5 server. Is
there a documented procedure to export all the data from the 2.0 server and
import it into the 3.1.5 server?
If I copy files over (PKI DB, main IPA DB, Kerberos stuff), will they be
upgraded on next restart, or is it much, much, more complicated than that.
So far, I have the rough steps (see attached). But I don't know for sure if
that will work.
Any ideas or insights?
Thanks!
j
--
Joshua J. Kugler - Fairbanks, Alaska
Azariah Enterprises - Programming and Website Design
joshua at azariah.com - Jabber: pedahzur at gmail.com
PGP Key: http://pgp.mit.edu/ ID 0x73B13B6A
-------------- next part --------------
# Get the Info
# get the PKI db
/usr/lib64/dirsrv/slapd-PKI-IPA/db2ldif.pl -D "cn=Directory Manager" -w - -n ipaca
# get the main IPA db
/var/lib/dirsrv/scripts-LAB-WHAMCLOUD-COM/db2ldif.pl -D 'cn=Directory Manager' -w - -n userRoot
#!/bin/sh
KERBEROS="/etc/krb5* /etc/sysconfig/kadmin /etc/sysconfig/krb5kdc /var/kerberos"
DIRSRV="/etc/dirsrv /var/lib/dirsrv /etc/sysconfig/dirsrv /var/run/dirsrv /var/lock/dirsrv"
CERTMONGER="/etc/certmonger /var/lib/certmonger"
IPA="/var/lib/ipa /etc/ipa /root/ca* /etc/httpd/conf/ipa.keytab"
PATH_LIST="$DIRSRV $CERTMONGER $IPA $KERBEROS"
BACKUP_TGZ=/var/tmp/ipa-backup-$(date +%Y%m%d-%H%M%S).tar.gz
# Transfer to new system and import
cd /
tar -cvzf $BACKUP_TGZ $PATH_LIST
/usr/lib64/dirsrv/slapd-PKI-IPA/ldif2db.pl -D "cn=Directory Manager" -w - -n ipaca \
-v -i /tmp/restore/var/lib/dirsrv/slapd-PKI-IPA/ldif/PKI-IPA-ipaca-2012_1_30_13_41_51.ldif
/var/lib/dirsrv/scripts-LAB-WHAMCLOUD-COM/ldif2db.pl -D "cn=Directory Manager" -w - \
-n userRoot -v \
-i /tmp/restore/var/lib/dirsrv/slapd-LAB-WHAMCLOUD-COM/ldif/LAB-WHAMCLOUD-COM-userRoot-2012_1_30_11_54_25.ldif2db
rsync -aP /tmp/restore/var/kerberos/ /var/kerberos/
cp -a /tmp/restore/etc/krb5.keytab /etc
cp -a /tmp/restore/etc/dirsrv/ds.keytab /etc/dirsrv
cp -a /tmp/restore/etc/httpd/conf/ipa.keytab /etc/httpd/conf
cp -a /tmp/restore/root/ca*.p12 /root
More information about the Freeipa-users
mailing list