On 02/18/2015 12:17 PM, Cory Carlton wrote:
We are in the process of essentially moving data centers while
additionally changing to new OS(rhel from centos) - so we are building
replica with master option servers to the new networks. version 3.0..
its up and is working as any of our instances.
Question is how or what do I need to bring over on the new install
-replica master(s) to ensure we have all the Original master server
information, keys, crt's, CA etc. before we can shut it down for ever
(+ a snapshot ;) )
we have struggled understanding exactly what to back up since the 3.0
version is lacking backup scripts.
a thought, but not timely present would be to upgrade everything in
place then migrate, again not timed right for us.
Thanks in advance.
You need to make sure that at least one of the new replicas (better two)
acts as an IPA CA.
You need to move CRL generation to one of the new replicas that are CAs
You need to move the certificate tracking from the old master to the new
replica with CA.
After that you can decommission old master.
All these procedures are documented on the wiki and RHEL docs. You can
also find some hints in these archives.
Martin, do you think we need a combined wiki page that covers this use
case or we already have something like this?
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.
Manage your subscription for the Freeipa-users mailing list:
Go To http://freeipa.org for more info on the project