On 02/18/2015 07:46 PM, Dmitri Pal wrote:
> On 02/18/2015 12:17 PM, Cory Carlton wrote:
>> Hey all.
>>  We are in the process of essentially moving data centers while additionally
>> changing to new OS(rhel from centos) - so we are building replica with master
>> option servers to the new networks.  version 3.0.. its up and is working as
>> any of our instances.
>> Question is how or what do I need to bring over on the new install -replica
>> master(s) to ensure we have all the Original master server information, keys,
>> crt's, CA etc. before we can shut it down for ever (+ a snapshot ;) )
>> we have struggled understanding exactly what to back up since the 3.0 version
>> is lacking backup scripts.
>> a thought, but not timely present would be to upgrade everything in place
>> then migrate, again not timed right for us.
>> Thanks in advance.
>> Cory
> You need to make sure that at least one of the new replicas (better two) acts
> as an IPA CA.
> You need to move CRL generation to one of the new replicas that are CAs
> You need to move the certificate tracking from the old master to the new
> replica with CA.
> After that you can decommission old master.
> All these procedures are documented on the wiki and RHEL docs. You can also
> find some hints in these archives.
> Martin, do you think we need a combined wiki page that covers this use case or
> we already have something like this?

I think we are already well set. This is the upstream page:


This is the downstream documentation, mostly targetted on RHEL-6.x to RHEL-7.0
migration, but also applicable on your use case:



Manage your subscription for the Freeipa-users mailing list:
Go To http://freeipa.org for more info on the project

Reply via email to