Versions Compared

Old Version 56

changes.mady.by.user Francesco Murdaca

Saved on

compared with

New Version 57

changes.mady.by.user Francesco Murdaca

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Edit LDAP Security Group (see EditLDAPsecuritygroup);
  2. Backup existing LDAP machine using the following documentation: EWC - How to create and restore backups from VMs
  3. Check the Operating System of your LDAP from Morpheus, Provisioning → Instances → select LDAP machine ;
    1. If your LDAP is rocky 8 based → jump to step 9. 
    2. If your LDAP is centos7 based → continue to step 4.
  4. Create LDAP replica instance type to move from centos7 to rocky 8 (see MigratefromCentos7toRocky8);
  5. Make new LDAP machine primary (see PreparenewLDAPmachine );
  6. Switch IP interfaces between LDAPs (see SwitchIPinterfacesbetweenLDAP );
  7. Update Morpheus (see UpdateMorpheus );
  8. Check everything is fine (see Tests);
  9. Create LDAP replica instance type to move from rocky 8 to rocky 9 (see MigratefromRocky8toRocky9)
  10. Make new LDAP machine primary (see PreparenewLDAPmachine );
  11. Switch IP interfaces between LDAPs (see SwitchIPinterfacesbetweenLDAP );
  12. Update Morpheus (see UpdateMorpheus );
  13. Check everything is fine (see Tests);
  14. Delete old LDAP machine/s to free resources (see Delete a VM from Morpheus).



Tasks

Create LDAP DNS reverse zone

  1. SSH into the OLD LDAP machine (your current one) and create DNS reverse zone (NAME_FROM_IP = LDAP IP or using IP range ) (https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/7/html/linux_domain_identity_authentication_and_policy_guide/managing-reverse-dns-zones
    Code Block
    ipa dnszone-add --name-from-ip=NAME_FROM_IP

Edit LDAP security group

  1. ssh to the VM with Openstack Client and run the following commands (see EWC - OpenStack Command-Line client for more details):
    1. List ldap security group rule 
      Code Block
      openstack security group rule list ldap
    2. add port 636 TCP.749 TCP,464 UDP to ldap security group if they are missing
      Code Block
      openstack security group rule create ldap --protocol tcp --ingress --dst-port 636 --remote-ip 0.0.0.0/0 --ethertype IPv4
openstack security group rule create ldap --protocol tcp --ingress --dst-port 749 --remote-ip 0.0.0.0/0 --ethertype IPv4
openstack security group rule create ldap --protocol udp --ingress --dst-port 464 --remote-ip 0.0.0.0/0 --ethertype IPv4

...