Page History

...

From Morpheus, deploy a new machine with
1. image: rocky 8
2. security group: ldap security group
3. plan: eo1.medium
4. name: different from existing ldap machine
SSH to the new machine and become root

Stop and disable firewalld on the machine

Code Block
systemctl stop firewalld && systemctl disable firewalld

Add OLD LDAP IP and domain of the machine acting as LDAP in one line to /etc/hosts on this machine (OLD_LDAP_IP is the private IP of your current LDAP and OLD_LDAP_DOMAIN is the domain from your current LDAP (e.g. ldap.eumetsat.sandbox.ewc) )

Code Block

[test234@test-podman2 ~]$ cat /etc/hosts
<!-- BEGIN ANSIBLE MANAGED BLOCK -->
10.0.0.133 test-podman2.eumetsat.sandbox.ewc (this is an example, you will see the private IP of your machine and the domain from your machine here)
OLD_LDAP_IP OLD_LDAP_DOMAIN 
<!-- END ANSIBLE MANAGED BLOCK -->

Install freeipa dependencies

for rocky 8:

Code Block
sudo yum -y update
Code Block
sudo yum module reset idm:DL1
Code Block
sudo yum module enable idm:DL1

Code Block
sudo dnf install freeipa-server ipa-server-dns bind-dyndb-ldap -y

Run the following command to install the LDAP replica

Code Block

ipa-replica-install --domain "eumetsat.sandbox.ewc" --principal sandbox-ldap-admin --admin-password hunter2 --server <OLD LDAP complete domain (e.g. ldap.eumetsat.sandbox.ewc)> --setup-ca --setup-dns --force-join --forwarder=8.8.8.8 --forwarder=1.1.1.1 --no-host-dns --unattended

(add --verbose for more logs) NOTE: go ahead with the default netbios and also put yes when asked about the ipa-sidgen task installation for users

Make the new ldap machine primary, running the following commands
1. Find the dns zone name
  1. Code Block
    ipa dnszone-find
2. Make the ldap machine primary (SERVER IS the new LDAP machine complete domain (e.g. ldap-test-rocky.eumetsat.sandbox.ewc), while DNS_ZONE is the zone name from the previous command)
  1. Code Block
    ipa dnszone-mod DNS_ZONE --name-server=SERVER

...

From Morpheus, deploy a new machine with
1. image: rocky 9
2. security group: ldap security group
3. plan: eo1.medium
4. name: different from existing ldap machine
SSH to the new machine and become root

Stop and disable firewalld on the machine

Code Block
systemctl stop firewalld && systemctl disable firewalld

Add old ldap IP and domain of the machine acting as LDAP in one line to /etc/hosts on this machine (OLD_LDAP_IP is the private IP of your current LDAP and OLD_LDAP_DOMAIN is the domain from your current LDAP (e.g. ldap.eumetsat.sandbox.ewc) )

Code Block

[test234@test-podman2 ~]$ cat /etc/hosts
<!-- BEGIN ANSIBLE MANAGED BLOCK -->
 10.0.0.133 test-podman2.eumetsat.sandbox.ewc (this is an example, you will see the private IP of your machine and the domain from your machine here)
OLD_LDAP_IP OLD_LDAP_DOMAIN  
<!-- END ANSIBLE MANAGED BLOCK -->

Install freeipa dependencies
1. for rocky 9:
  1. Code Block
    sudo dnf install ipa-server ipa-server-dns -y
Run the following command to install the LDAP replica

Code Block

ipa-replica-install --domain "eumetsat.sandbox.ewc" --principal sandbox-ldap-admin --admin-password hunter2 --server <OLD LDAP complete domain (e.g. ldap.eumetsat.sandbox.ewc)> --setup-ca --setup-dns --force-join --forwarder=8.8.8.8 --forwarder=1.1.1.1 --no-host-dns --unattended

add --verbose for more logs

Make the new ldap machine primary, running the following commands
1. Find the dns zone name
  1. Code Block
    ipa dnszone-find
2. Make the ldap machine primary (SERVER is the new LDAP machine complete domain (e.g. ldap-test-rocky.eumetsat.sandbox.ewc), while DNS_ZONE is the zone name from the previous command)
  1. Code Block
    ipa dnszone-mod DNS_ZONE --name-server=SERVER

...

Space shortcuts

Page tree

Versions Compared

Old Version 32

New Version 33

Key