Pierre-Marie Besserer via FreeIPA-users wrote: > Hi everybody! > I'm trying to migrate data from a containerised IPA to a freshly new > installed "standard" IPA, like you would do with the backup/restore tools. > Naively I thought I could just copy the files from my /data binded directory > in the /etc/ dir of the standard IPA, but I'm not sure it's the best way (or > if even it will work) after reading the scripts and patches in the > freeipa-container' GitHub. Maybe it would be better to mimic the behaviour of > the containerised IPA (leaving my files in a /data dir and modification of > SYSCONFDIR in authconfig). Maybe an other way could be to declare my new IPA > as a replica of the containerised one.. > Did someone has an idea how I can do this?
You are correct, the way to do it is to create a replica with a CA (and DNS if you have it in container) and migrate over the CRL, CA renewal, DNA and other responsibilities and then you can decommission the container one. We strongly recommend that there are at least 2 servers with a CA to prevent single-point-of-failure. rob _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
