[Freeipa-users] New Replacing Master server help
Cory Carlton
cory at pithoslabs.com
Wed Feb 18 19:13:12 UTC 2015
Thank you very much for the straight forward items.
I will continue use of these archives (impressed with this group).
Also improving my use of https://fedorahosted.org/freeipa/wiki
On Wed, Feb 18, 2015 at 12:46 PM, Dmitri Pal <dpal at redhat.com> wrote:
> On 02/18/2015 12:17 PM, Cory Carlton wrote:
>
> Hey all.
>
> We are in the process of essentially moving data centers while
> additionally changing to new OS(rhel from centos) - so we are building
> replica with master option servers to the new networks. version 3.0.. its
> up and is working as any of our instances.
>
> Question is how or what do I need to bring over on the new install
> -replica master(s) to ensure we have all the Original master server
> information, keys, crt's, CA etc. before we can shut it down for ever (+ a
> snapshot ;) )
>
> we have struggled understanding exactly what to back up since the 3.0
> version is lacking backup scripts.
>
>
> a thought, but not timely present would be to upgrade everything in
> place then migrate, again not timed right for us.
>
> Thanks in advance.
>
> Cory
>
>
>
>
> You need to make sure that at least one of the new replicas (better two)
> acts as an IPA CA.
> You need to move CRL generation to one of the new replicas that are CAs
> You need to move the certificate tracking from the old master to the new
> replica with CA.
>
> After that you can decommission old master.
>
> All these procedures are documented on the wiki and RHEL docs. You can
> also find some hints in these archives.
>
> Martin, do you think we need a combined wiki page that covers this use
> case or we already have something like this?
>
> --
> Thank you,
> Dmitri Pal
>
> Sr. Engineering Manager IdM portfolio
> Red Hat, Inc.
>
>
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go To http://freeipa.org for more info on the project
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150218/c0f531cc/attachment.htm>
More information about the Freeipa-users
mailing list