On 02/18/2015 07:46 PM, Dmitri Pal wrote: > On 02/18/2015 12:17 PM, Cory Carlton wrote: >> Hey all. >> >> We are in the process of essentially moving data centers while additionally >> changing to new OS(rhel from centos) - so we are building replica with master >> option servers to the new networks. version 3.0.. its up and is working as >> any of our instances. >> >> Question is how or what do I need to bring over on the new install -replica >> master(s) to ensure we have all the Original master server information, keys, >> crt's, CA etc. before we can shut it down for ever (+ a snapshot ;) ) >> >> we have struggled understanding exactly what to back up since the 3.0 version >> is lacking backup scripts. >> >> >> a thought, but not timely present would be to upgrade everything in place >> then migrate, again not timed right for us. >> >> Thanks in advance. >> >> Cory >> >> >> > > You need to make sure that at least one of the new replicas (better two) acts > as an IPA CA. > You need to move CRL generation to one of the new replicas that are CAs > You need to move the certificate tracking from the old master to the new > replica with CA. > > After that you can decommission old master. > > All these procedures are documented on the wiki and RHEL docs. You can also > find some hints in these archives. > > Martin, do you think we need a combined wiki page that covers this use case or > we already have something like this?
I think we are already well set. This is the upstream page: http://www.freeipa.org/page/Howto/Migration#Migrating_to_different_platform_or_OS This is the downstream documentation, mostly targetted on RHEL-6.x to RHEL-7.0 migration, but also applicable on your use case: https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/migrating-ipa-proc.html Martin -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project