...
Switch IP interfaces between LDAP
Pre-requisite info to have ready:
- OLD_LDAP_SERVER_NAME ->
- OLD_LDAP_PRIVATE_IP → logging in Morpheus → Provisioning → Instances, check your OLD LDAP VM IP address
- OLD_LDAP_HOSTNAME → logging in Morpheus → Tools → Cypher and check the following secret → secret/ldap_hostname
- NEW_LDAP_SERVER_NAME ->
- NEW_LDAP_PRIVATE_IP → logging in Morpheus → Provisioning → Instances, check your new LDAP VM IP address
- NEW_LDAP_HOSTNAME → <name-of-the-machine>.<tenancy-domain> where tenancy-domain → logging in Morpheus → Tools → Cypher and check the following secret → secret/ldap_domain (e.g. ldap-test-rocky.eumetsat.sandbox.ewc)
- DNS_HOSTED_ZONE→ logging in Morpheus → Tools → Cypher and check the following secret → secret/ldap_hostname
- SSH In the NEW LDAP machine (LDAP replica) and become root
- Edit
- Update the IP of the NEW LDAP machine in the /etc/hosts (IP_ADDRESS ) with the IP of the OLD LDAP machine and remove the line relative to the OLD LDAP ( The one you saved before in your notes!), You will end up withfile and make sure it is as follow:
Code Block [murdaca@ipa ~]$ cat /etc/hosts <!-- BEGIN ANSIBLE MANAGED BLOCK --> OLD_LDAP_PRIVATE_IP NEW_LDAP_ADDRESSHOSTNAME ipa.batchpro.ewc <!-- END ANSIBLE MANAGED BLOCK -->
- Delete OLD LDAP machine DNS records (SERVER is the old LDAP machine complete domain (e.g. ldap-test-rocky.eumetsat.sandbox.ewc)
Code Block ipa-replica-manage del SERVEROLD_LDAP_HOSTNAME --force
Find the dns zone name, you have two alternatives:
You can find this information logging in Morpheus → Tools → Cypher and check the following secret → secret/ldap_domain
Use ipa command
Code Block - Replace the NEW LDAP machine IP DNS records with the IP of the interface of the OLD LDAP machine (HOSTED_ZONE is the output name from the previous command, IP_ADDRESS=The one you saved before in your notes!, HOSTNAME is the new LDAP machine complete domain (e.g. ldap-test-rocky.eumetsat.sandbox.ewc)
Code Block ipa dnsrecord-mod DNS_HOSTED_ZONE ipa-ca --a-rec IP_ADDRESSOLD_LDAP_PRIVATE_IP ipa dnsrecord-mod DNS_HOSTED_ZONE NEW_LDAP_HOSTNAME --a-rec IP_ADDRESSOLD_LDAP_PRIVATE_IP
- Show information about the OLD LDAP machine (SERVER_NAME usually is ldap in the tenancies by default):
Code Block openstack server show OLD_LDAP_SERVER_NAME - Detach the interface from the OLD LDAP machine (SERVER_NAME is the name of the OLD LDAP VM from previous command, IP_ADDRESS is the private IP of the OLD LDAP VM, you listed with the previous command, SAVE IT in your notes!)
Code Block openstack server remove fixed ip OLD_LDAP_SERVER_NAME IP_ADDRESSOLD_LDAP_PRIVATE_IP
- Switch off the NEW LDAP machine (SERVER_NAME is the name of the VM, you can find it with openstack server list )
Code Block openstack server stop OLD_LDAP_SERVER_NAME - Detach the interface from the NEW LDAP machine (SERVER_NAME is the name of the VM, IP_ADDRESS is the private IP of the NEW LDAP VM )
Code Block openstack server remove fixed ip NEW_LDAP_SERVER_NAME IP_ADDRESSNEW_LDAP_PRIVATE_IP
- Add interface to the NEW LDAP machine with the IP of the old LDAP machine (SERVER_NAME is the name of the VM, IP_ADDRESS=The one you saved before in your notes!
Code Block openstack server add fixed ip NEW_LDAP_SERVER_NAME IP_ADDRESSOLD_LDAP_PRIVATE_IP
- Add LDAP security group to new LDAP machine (SERVER_NAME is the name of the NEW LDAP VM)
Code Block openstack server add security group NEW_LDAP_SERVER_NAME ldap - Restart NEW LDAP machine (SERVER_NAME is the name of the new LDAP VM)
Code Block openstack server restart NEW_LDAP_SERVER_NAME
- Delete the secret/ldap_hostname
- Use the '+ADD' to create a new secret
- Add KEY: secret/ldap_hostname and VALUE: new LDAP hostname (e.g. ldap.eumetsat.sandbox.ewc) NEW_LDAP_HOSTNAME
Tests
- ssh to ssh-proxy
- ssh using DNS to the new LDAP machine
- Run sudo ipactl status → verify the services are all up and running
- From Morpheus go to Provisioning → Instances and deploy a new machine to test the enrolment to LDAP DNS is working correctly.
...