Versions Compared

Old Version 35

changes.mady.by.user Francesco Murdaca

Saved on

compared with

New Version 36

changes.mady.by.user Francesco Murdaca

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Warning

In order to perform this migration, you need to request Openstack Application Credentials EWC - How to request Openstack Application Credentials

User procedure

  • pre requisite (openstack)


  • deploy the machine from morpheus and then run first workflow (all Morpheus )
  • switch IP interface (openstack + ssh + Morpheus )
  • tests (Morpheus + ssh)


  • deploy second machine from morpheus and then run first workflow (all Morpheus )
  • switch IP interface (openstack + ssh + Morpheus )
  • tests (Morpheus + ssh)



  1. ssh to a machine in your tenancy and login with openstack Openstack client EWC - OpenStack Command-Line client
  2. List ldap security group rule 
    Code Block
    openstack security group rule list ldap
  3. add port 636 TCP.749 TCP,464 UDP to ldap security group if they are missing
    Code Block
    openstack security group rule create ldap --protocol tcp --ingress --dst-port 636 --remote-ip 0.0.0.0/0 --ethertype IPv4
openstack security group rule create ldap --protocol tcp --ingress --dst-port 749 --remote-ip 0.0.0.0/0 --ethertype IPv4
openstack security group rule create ldap --protocol udp --ingress --dst-port 464 --remote-ip 0.0.0.0/0 --ethertype IPv4
  4. SSH into the OLD LDAP machine (your current one) and create DNS reverse zone (NAME_FROM_IP = LDAP IP or using IP range ) (https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/7/html/linux_domain_identity_authentication_and_policy_guide/managing-reverse-dns-zones
    Code Block
    ipa dnszone-add --name-from-ip=NAME_FROM_IP
  5. Backup existing LDAP machine using the following documentation: EWC - How to create and restore backups from VMs
  6. If your LDAP is rocky 8 based, jump to step 9., if it is centos7 based continue the procedure normally.
  7. Create LDAP replica instance type to move from centos7 to rocky 8 (see MigratefromCentos7toRocky8);
  8. Switch IP interfaces between LDAPs (see RunworkflowtoswitchIPinterfacesbetweenLDAP);
  9. Check everything is fine (see Tests);
  10. Create LDAP replica instance type to move from rocky 8 to rocky 9 (see MigratefromRocky8toRocky9)
  11. Switch IP interfaces between LDAPs (see RunworkflowtoswitchIPinterfacesbetweenLDAP);
  12. Check everything is fine (see Tests);
  13. Remove old LDAPs machines to free resources (from Morpheus)

...

  1. Using Openstack Application credentials (EWC - OpenStack Command-Line client), identify your OLD LDAP machine 
    Code Block
    openstack server list
  2. Detach the interface from the OLD LDAP machine (SERVER_NAME is the name of the VM from previous command, IP_ADDRESS is the private IP of the OLD LDAP VM, you listed with the previous command, SAVE IT in your notes and don't lose it!)
    Code Block
    openstack server remove fixed ip SERVER_NAME IP_ADDRESS
  3. SSH In the NEW LDAP machine,
    1. Update the IP of the NEW LDAP machine in the /etc/hosts (IP_ADDRESS ) with the IP of the OLD LDAP machine and remove the line relative to the OLD LDAP ( The one you saved before in your notes!)
      Code Block
      [murdaca@ipa ~]$ cat /etc/hosts

<!-- BEGIN ANSIBLE MANAGED BLOCK -->

IP_ADDRESS ipa.batchpro.ewc

<!-- END ANSIBLE MANAGED BLOCK -->
    2. Delete OLD LDAP machine DNS records (SERVER is the old LDAP machine complete domain (e.g. ldap-test-rocky.eumetsat.sandbox.ewc)
      Code Block
      ipa-replica-manage del SERVER --force

    3. Find the dns zone name 

      Code Block
      ipa dnszone-find
    4. Replace the NEW LDAP machine IP with the IP of the interface of the OLD LDAP machine (HOSTED_ZONE is the output name from the previous command, IP_ADDRESS=The one you saved before in your notes!HOSTNAME is the new LDAP machine complete domain (e.g. ldap-test-rocky.eumetsat.sandbox.ewc)
      Code Block
      ipa dnsrecord-mod HOSTED_ZONE ipa-ca --a-rec IP_ADDRESS 
ipa dnsrecord-mod HOSTED_ZONE HOSTNAME --a-rec  IP_ADDRESS
  4. Switch off the NEW LDAP machine (SERVER_NAME is the name of the VM, you can find it with openstack server list )
    Code Block
    openstack server stop SERVER_NAME
  5. Detach the interface from the NEW LDAP machine (SERVER_NAME is the name of the VM, IP_ADDRESS is the private IP of the NEW LDAP VM )
    Code Block
    openstack server remove fixed ip SERVER_NAME IP_ADDRESS
  6. Add interface to the NEW LDAP machine with the IP of the old LDAP machine (SERVER_NAME is the name of the VM, IP_ADDRESS=The one you saved before in your notes!
    Code Block
    openstack server add fixed ip SERVER_NAME IP_ADDRESS
  7. Add LDAP security group to new LDAP machine
  8. Restart NEW LDAP machine (SERVER_NAME is the name of the VM)
    Code Block
    openstack server restart SERVER_NAME
  9. Go to Morpheus and change the value in Cypher: Delete the secret/ldap_hostname and recreate secret/ldap_hostname it to point to the new ipa host (e.g. ldap.eumetsat.sandbox.ewc)

...