...
Pre-requisite info to have ready:
- OLD_LDAP_SERVER_NAME ->→ Name of the server from Openstack → you can find the name from openstack server list command
- OLD_LDAP_PRIVATE_IP → logging in Morpheus → Provisioning → Instances, check your OLD LDAP VM IP address
- OLD_LDAP_HOSTNAME → logging in Morpheus → Tools → Cypher and check the following secret → secret/ldap_hostname
- NEW_LDAP_SERVER_NAME ->→ Name of the server from Openstack → you can find the name from openstack server list command
- NEW_LDAP_PRIVATE_IP → logging in Morpheus → Provisioning → Instances, check your new LDAP VM IP address
- NEW_LDAP_HOSTNAME → <name-of-the-machine>.<tenancy-domain> where tenancy-domain → logging in Morpheus → Tools → Cypher and check the following secret → secret/ldap_domain (e.g. ldap-test-rocky.eumetsat.sandbox.ewc)
- DNS_HOSTED_ZONE→ logging in Morpheus → Tools → Cypher and check the following secret → secret/ldap_hostname
Prepare new LDAP machine
- SSH In the NEW LDAP machine (LDAP replica) and become root
- Edit the /etc/hosts file and make sure it is as follow:
Code Block [murdaca@ipa ~]$ cat /etc/hosts <!-- BEGIN ANSIBLE MANAGED BLOCK --> OLD_LDAP_PRIVATE_IP NEW_LDAP_HOSTNAME <!-- END ANSIBLE MANAGED BLOCK -->
- Delete OLD LDAP machine DNS records
Code Block ipa-replica-manage del OLD_LDAP_HOSTNAME --force
- Replace the NEW LDAP machine IP DNS records with the IP of the interface of the OLD LDAP machine
Code Block ipa dnsrecord-mod DNS_HOSTED_ZONE ipa-ca --a-rec OLD_LDAP_PRIVATE_IP ipa dnsrecord-mod DNS_HOSTED_ZONE NEW_LDAP_HOSTNAME --a-rec OLD_LDAP_PRIVATE_IP
Switch interfaces
Now you can start the procedure to switch interfaces between two VMs:
- SSH to the VM with Openstack client installed and run the following commands:
- Show information about the OLD LDAP machine (SERVER_NAME usually is ldap in the tenancies by default):
Code Block openstack server show OLD_LDAP_SERVER_NAME
- Detach the interface from the OLD LDAP machine (SERVER_NAME is the name of the OLD LDAP VM from previous command, IP_ADDRESS is the private IP of the OLD LDAP VM, you listed with the previous command, SAVE IT in your notes!)
Code Block openstack server remove fixed ip OLD_LDAP_SERVER_NAME OLD_LDAP_PRIVATE_IP
- Switch off the NEW LDAP machine (SERVER_NAME is the name of the VM, you can find it with openstack server list )
Code Block openstack server stop OLD_LDAP_SERVER_NAME
- Detach the interface from the NEW LDAP machine (SERVER_NAME is the name of the VM, IP_ADDRESS is the private IP of the NEW LDAP VM )
Code Block openstack server remove fixed ip NEW_LDAP_SERVER_NAME NEW_LDAP_PRIVATE_IP
- Add interface to the NEW LDAP machine with the IP of the old LDAP machine (SERVER_NAME is the name of the VM, IP_ADDRESS=The one you saved before in your notes!
Code Block openstack server add fixed ip NEW_LDAP_SERVER_NAME OLD_LDAP_PRIVATE_IP
- Add LDAP security group to new LDAP machine (SERVER_NAME is the name of the NEW LDAP VM)
Code Block openstack server add security group NEW_LDAP_SERVER_NAME ldap
- Restart NEW LDAP machine (SERVER_NAME is the name of the new LDAP VM)
Code Block openstack server restart NEW_LDAP_SERVER_NAME
- Show information about the OLD LDAP machine (SERVER_NAME usually is ldap in the tenancies by default):
Update Morpheus
- Login to Morpheus and change the value of the hostname for LDAP, going to Tools → Cypher:
- Delete the secret/ldap_hostname
- Use the '+ADD' to create a new secret
- Add KEY: secret/ldap_hostname and VALUE: NEW_LDAP_HOSTNAME
- Delete the secret/ldap_hostname
Tests
- ssh to ssh-proxy in your tenancy
- ssh using DNS to the new LDAP machine
- Run sudo ipactl status → verify the services are all up and running
- From Morpheus go to Provisioning → Instances and deploy a new machine to test the enrolment enrollment to LDAP DNS is working correctly with the new LDAP machine.
Post Installation (optional in case of similar errors)
...