Versions Compared

Old Version 46

changes.mady.by.user Francesco Murdaca

Saved on

compared with

New Version 47

changes.mady.by.user Francesco Murdaca

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. SSH into the OLD LDAP machine (your current one) and create DNS reverse zone (NAME_FROM_IP = LDAP IP or using IP range ) (https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/7/html/linux_domain_identity_authentication_and_policy_guide/managing-reverse-dns-zones
    Code Block
    ipa dnszone-add --name-from-ip=NAME_FROM_IP
  2. ssh to the VM with Openstack Client and run the following commands (see EWC - OpenStack Command-Line client for more details):
    1. List ldap security group rule 
      Code Block
      openstack security group rule list ldap
    2. add port 636 TCP.749 TCP,464 UDP to ldap security group if they are missing
      Code Block
      openstack security group rule create ldap --protocol tcp --ingress --dst-port 636 --remote-ip 0.0.0.0/0 --ethertype IPv4
openstack security group rule create ldap --protocol tcp --ingress --dst-port 749 --remote-ip 0.0.0.0/0 --ethertype IPv4
openstack security group rule create ldap --protocol udp --ingress --dst-port 464 --remote-ip 0.0.0.0/0 --ethertype IPv4
    3. Backup existing LDAP machine using the following documentation: EWC - How to create and restore backups from VMs
  3. Check the Operating System of your LDAP (either from Morpheus, Provisioning → Instances → select LDAP machine ;
    1. If your LDAP is rocky 8 based → jump to step 8. 
    2. If your LDAP is centos7 based → continue to step 4.
  4. Create LDAP replica instance type to move from centos7 to rocky 8 (see MigratefromCentos7toRocky8);
  5. Prepare new LDAP machine (see);
  6. Switch IP interfaces between LDAPs (see SwitchIPinterfacesbetweenLDAP );
  7. Update Morpheus (see UpdateMorpheus );
  8. Check everything is fine (see Tests);
  9. Create LDAP replica instance type to move from rocky 8 to rocky 9 (see MigratefromRocky8toRocky9)
  10. Prepare new LDAP machine (see);
  11. Switch IP interfaces between LDAPs (see SwitchIPinterfacesbetweenLDAP );
  12. Update Morpheus (see UpdateMorpheus );
  13. Check everything is fine (see Tests);
  14. Remove old LDAPs machines to free resources (from Morpheus)

...

  1. Login to Morpheus
  2. Go to Provisioning → Instances and click '+ADD'
  3. Select the LDAP replica Instance type
  4. Select a new name for the VM (e.g. ldap-rocky8) and click 'Next'
  5. Use the following inputs for the VM and then click 'Next' until the deployment starts:
    1. version: 9
    2. plan: eo1.medium
    3. networks: private
    4. security group: ldap

Switch IP interfaces between LDAP


Prepare new LDAP machine

  1. SSH In the NEW LDAP machine (LDAP replica) and become root
    1. Edit the /etc/hosts file and make sure it is as follow:
    2. Code Block
      [murdaca@ipa ~]$ cat /etc/hosts

<!-- BEGIN ANSIBLE MANAGED BLOCK -->

OLD_LDAP_PRIVATE_IP NEW_LDAP_HOSTNAME 

<!-- END ANSIBLE MANAGED BLOCK -->
    3. Delete OLD LDAP machine DNS records
      Code Block
      ipa-replica-manage del OLD_LDAP_HOSTNAME --force
    4. Replace the NEW LDAP machine IP DNS records with the IP of the interface of the OLD LDAP machine
      Code Block
      ipa dnsrecord-mod DNS_HOSTED_ZONE ipa-ca --a-rec OLD_LDAP_PRIVATE_IP 
ipa dnsrecord-mod DNS_HOSTED_ZONE NEW_LDAP_HOSTNAME --a-rec OLD_LDAP_PRIVATE_IP

Switch IP interfaces between LDAP

Now you can start the procedure to switch interfaces between two VMs:

...