[Freeipa-users] Existing clients join new cluster
Rob Crittenden
rcritten at redhat.com
Thu Mar 10 01:07:28 UTC 2016
Ash Alam wrote:
> Hello
>
> I am looking for some advice on how to make my existing clients join a
> new ipa cluster. We have an existing cluster (3.0) and after several
> attempts at upgrading we decided to just build fresh cluster (4.2) We
> now want the clients join the new cluster. It seems there are few things
> that tie the clients.
>
> - /var/lib/ipa-client/sysrestore
> - /etc/ipa/ca.crt
> - certutil -L -d /etc/pki/nssdb/
> - certutil delete the IPA CA cert (which is fully trusted CT, C, C)
> - certutil delete the machine specific certificate
>
> Even with all of this its not clean and i am running into other issues.
> I am hoping there is a better way.
Your best bet is ipa-client-install --uninstall
If /etc/ipa/ca.crt still exists (it was left in < EL 6.7 IIRC) then
remove that, then re-run ipa-client-install to point to new install.
rob
More information about the Freeipa-users
mailing list