Hi Martin

I actually mean restore. It's a complicated situation... There once was a
primary and it's CA replica. The primary got hosed and was cloned a few
years ago from the replica. Then the replica got hosed a few times too,
saved by the "primary",  only now it wouldn't install a CA during replica
setup.  Now the cloned primary got hosed (it sees itself as a clone and
being a the only CA,  has nowhere to go to renew certs). We opted to
reinstall a fresh primary and now we are looking for how to copy existing
data from the standing CA-less replica (everything is the same,  realms,
DNS hosts, HBAC, sudo rules,  etc ) to the freshly installed CA primary.
This would be amazing if we could or we'll have to setup the entire network
and rules from scratch.
I would really appreciate some example commands we could run to import data
into the new primary.  We've already run db2bak and db2ldif on the replica
to export from a helpful script we found in a thread.
I hope you can help us!

On Tue, May 26, 2015, 7:42 AM Martin Kosek <mko...@redhat.com> wrote:

> On 05/25/2015 05:46 PM, Sina Owolabi wrote:
> > Hi!
> >
> > Please how do I restore data to a freshly reinstalled IPA server from
> > an existing CA-less replica that has had replication agreements
> > removed?
> By restore, you mean actually migrate? We have a pending RFE for this:
> https://fedorahosted.org/freeipa/ticket/3656
> Migration of users/groups can be done via migrate-ds command. Migration of
> SUDO/HBAC/automount/... can be done by LDIF export and import (with some
> changes realms, etc.). But we have no automated way how to migrate Kerberos
> keys or certificates as the underlying keys are different.
> > Both servers are running rhel 6.6 with ipa-server versions 3.0.0
> > ( For some reason the IPA servers do not upgrade beyond this version).
> If you want a higher version than FreeIPA 3.0.0, please use RHEL-7.x.
> RHEL-7.1
> has FreeIPA 4.1, which is much more cooler than 3.0.0 :-) This is what we
> recommend for new deployments anyway.
> > I have been searching for information from RHEL knowledgebase and from
> > the FreeIPA site but I do not find information that exactly matches my
> > situation.
> >
> > I am grateful for any assistance in this.
> >
> >
> > Thanks!
> >
> HTH,
> Martin
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to