On 02/18/2015 12:17 PM, Cory Carlton wrote:
Hey all.

We are in the process of essentially moving data centers while additionally changing to new OS(rhel from centos) - so we are building replica with master option servers to the new networks. version 3.0.. its up and is working as any of our instances.

Question is how or what do I need to bring over on the new install -replica master(s) to ensure we have all the Original master server information, keys, crt's, CA etc. before we can shut it down for ever (+ a snapshot ;) )

we have struggled understanding exactly what to back up since the 3.0 version is lacking backup scripts.

a thought, but not timely present would be to upgrade everything in place then migrate, again not timed right for us.

Thanks in advance.


You need to make sure that at least one of the new replicas (better two) acts as an IPA CA.
You need to move CRL generation to one of the new replicas that are CAs
You need to move the certificate tracking from the old master to the new replica with CA.

After that you can decommission old master.

All these procedures are documented on the wiki and RHEL docs. You can also find some hints in these archives.

Martin, do you think we need a combined wiki page that covers this use case or we already have something like this?

Thank you,
Dmitri Pal

Sr. Engineering Manager IdM portfolio
Red Hat, Inc.

Manage your subscription for the Freeipa-users mailing list:
Go To http://freeipa.org for more info on the project

Reply via email to