On 19-12-18 12:06, Kees Bakker via FreeIPA-users wrote: > On 18-12-18 17:50, Florence Blanc-Renaud wrote: > [...] >> If you have a spare machine you can also use replication, and create a >> replica of your current master with all the needed services (CA, KRA, DNS if >> needed). >> If you really need to keep the same hostname, then you will need a spare >> machine: >> 1. create serverB as a replica of serverA on your spare machine. Do not >> forget to promote serverB as CA renewal master and CRL master [2]. >> 2. decommission serverA with (on serverA) ipa-server-install --uninstall and >> (on serverB) ipa-replica-manage del serverA --clean >> 3. provision your new hardware with hostname=serverA, install serverA as a >> replica of serverB. >> I would advise to keep serverB as it will provide redundancy. >> >> This wiki [3] also explains the preferred paths depending on your situation. > I have read that document too. First I want to give it another try. If it > fails again I will follow advice described above. > > Thanks for your help. > >> HTH, >> flo >> >> >> [1] >> https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html-single/linux_domain_identity_authentication_and_policy_guide/#backup-restore >> [2] https://www.freeipa.org/page/Howto/Promote_CA_to_Renewal_and_CRL_Master >> [3] https://www.freeipa.org/page/Backup_and_Restore >>
Just to let you know, I have given up with my "rsync" procedure. I am now following the steps above. Well, except step3, because I didn't want to add even more hardware in the process (the "spare machine" mentioned above). Step 1 is completed. Promotion of CA renewal and CRL master is done. I have a remaining question. What do I do with all the IPA clients that point to serverA? At some point I want to execute step 2, and shut off that system. I briefly looked at the files in /etc and found these (alblas is my serverA): /etc/sssd/sssd.conf:ipa_server = _srv_, alblas.ghs.nl /etc/ipa/default.conf:server = alblas.ghs.nl /etc/ipa/default.conf:xmlrpc_uri = https://alblas.ghs.nl/ipa/xml /etc/ntp.conf:server alblas.ghs.nl /etc/ldap/ldap.conf:URI ldaps://alblas.ghs.nl Do I have to visit each client and modify these files? Anything else? -- Kees _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
