Ugh. Well that certainly hurts, but I just don't see an alternative. I hope Puppet can at least make the re-enrollment a bit easier.
I'm still hand-copying some of the configuration and user group details and crafting the load scripts so if anyone has a bright idea in the next few hours, I'd love to hear it! * * *Bret Wortman* http://damascusgrp.com/ http://about.me/wortmanbret On Wed, Aug 28, 2013 at 9:56 AM, Rob Crittenden <[email protected]> wrote: > Bret Wortman wrote: > >> Today, I'm going to wipe my master, install f18 from scratch, then >> install the freeipa-server RPMs again and manually load all our hosts, >> dns entries, and users from scratch (I'm building scripts to do this for >> me using the command line tools). We'll then do the same for each >> replica so that our system will basically be starting clean again. >> >> Are there any files that I really ought to back up and restore as part >> of this effort, like certificates, that might make it easier for clients >> to deal with us after the master comes back on line? Or am I safe to >> just nuke the box and start clean? >> > > You'll end up with a new CA so you'll need to re-enroll any client > machines. Browsers will see the most grief as there will be a different CA > with the same subject. > > Depending on how you are migrating your users they will all likely need to > reset their passwords, or go through the migration step. > > rob >
_______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
