Ash Alam wrote: > Hello > > I am looking for some advice on how to make my existing clients join a > new ipa cluster. We have an existing cluster (3.0) and after several > attempts at upgrading we decided to just build fresh cluster (4.2) We > now want the clients join the new cluster. It seems there are few things > that tie the clients. > > - /var/lib/ipa-client/sysrestore > - /etc/ipa/ca.crt > - certutil -L -d /etc/pki/nssdb/ > - certutil delete the IPA CA cert (which is fully trusted CT, C, C) > - certutil delete the machine specific certificate > > Even with all of this its not clean and i am running into other issues. > I am hoping there is a better way.
Your best bet is ipa-client-install --uninstall If /etc/ipa/ca.crt still exists (it was left in < EL 6.7 IIRC) then remove that, then re-run ipa-client-install to point to new install. rob -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project