[Freeipa-users] New Replacing Master server help
Dmitri Pal
dpal at redhat.com
Wed Feb 18 18:46:39 UTC 2015
On 02/18/2015 12:17 PM, Cory Carlton wrote:
> Hey all.
>
> We are in the process of essentially moving data centers while
> additionally changing to new OS(rhel from centos) - so we are building
> replica with master option servers to the new networks. version 3.0..
> its up and is working as any of our instances.
>
> Question is how or what do I need to bring over on the new install
> -replica master(s) to ensure we have all the Original master server
> information, keys, crt's, CA etc. before we can shut it down for ever
> (+ a snapshot ;) )
>
> we have struggled understanding exactly what to back up since the 3.0
> version is lacking backup scripts.
>
>
> a thought, but not timely present would be to upgrade everything in
> place then migrate, again not timed right for us.
>
> Thanks in advance.
>
> Cory
>
>
>
You need to make sure that at least one of the new replicas (better two)
acts as an IPA CA.
You need to move CRL generation to one of the new replicas that are CAs
You need to move the certificate tracking from the old master to the new
replica with CA.
After that you can decommission old master.
All these procedures are documented on the wiki and RHEL docs. You can
also find some hints in these archives.
Martin, do you think we need a combined wiki page that covers this use
case or we already have something like this?
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150218/0d2e8f64/attachment.htm>
More information about the Freeipa-users
mailing list