[Freeipa-users] Upgrade/Migration steps

Tue, 18 Jun 2013 17:13:16 -0700 

We are migrating from an ancient FreeIPA 2.0 server to a 3.1.5 server. Is 
there a documented procedure to export all the data from the 2.0 server and 
import it into the 3.1.5 server?

If I copy files over (PKI DB, main IPA DB, Kerberos stuff), will they be 
upgraded on next restart, or is it much, much, more complicated than that.

So far, I have the rough steps (see attached). But I don't know for sure if 
that will work.

Any ideas or insights?

Thanks!

j

-- 
Joshua J. Kugler - Fairbanks, Alaska
Azariah Enterprises - Programming and Website Design
jos...@azariah.com - Jabber: pedah...@gmail.com
PGP Key: http://pgp.mit.edu/  ID 0x73B13B6A
# Get the Info
# get the PKI db
/usr/lib64/dirsrv/slapd-PKI-IPA/db2ldif.pl -D "cn=Directory Manager" -w - -n 
ipaca
# get the main IPA db
/var/lib/dirsrv/scripts-LAB-WHAMCLOUD-COM/db2ldif.pl -D 'cn=Directory Manager' 
-w - -n userRoot

#!/bin/sh
KERBEROS="/etc/krb5* /etc/sysconfig/kadmin /etc/sysconfig/krb5kdc /var/kerberos"
DIRSRV="/etc/dirsrv /var/lib/dirsrv /etc/sysconfig/dirsrv /var/run/dirsrv 
/var/lock/dirsrv"
CERTMONGER="/etc/certmonger /var/lib/certmonger"
IPA="/var/lib/ipa /etc/ipa /root/ca* /etc/httpd/conf/ipa.keytab"
PATH_LIST="$DIRSRV $CERTMONGER $IPA $KERBEROS"
 
BACKUP_TGZ=/var/tmp/ipa-backup-$(date +%Y%m%d-%H%M%S).tar.gz

# Transfer to new system and import
 
cd /
tar -cvzf $BACKUP_TGZ $PATH_LIST

/usr/lib64/dirsrv/slapd-PKI-IPA/ldif2db.pl -D "cn=Directory Manager" -w - -n 
ipaca \
      -v -i 
/tmp/restore/var/lib/dirsrv/slapd-PKI-IPA/ldif/PKI-IPA-ipaca-2012_1_30_13_41_51.ldif
/var/lib/dirsrv/scripts-LAB-WHAMCLOUD-COM/ldif2db.pl -D "cn=Directory Manager" 
-w - \
      -n userRoot -v \
      -i 
/tmp/restore/var/lib/dirsrv/slapd-LAB-WHAMCLOUD-COM/ldif/LAB-WHAMCLOUD-COM-userRoot-2012_1_30_11_54_25.ldif2db

rsync -aP /tmp/restore/var/kerberos/ /var/kerberos/
cp -a /tmp/restore/etc/krb5.keytab /etc
cp -a /tmp/restore/etc/dirsrv/ds.keytab /etc/dirsrv
cp -a /tmp/restore/etc/httpd/conf/ipa.keytab /etc/httpd/conf
cp -a /tmp/restore/root/ca*.p12 /root

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to