User procedure

Start user procedure:

1. Have an Ubuntu 22 VM ready in your tenancy or create a new temporary Ubuntu 22 VM from Morpheus Image Added
   
   1. plan: eo1.medium
   2. networks: private
   3. security group: ssh
2. Run the workflow called 
3. Edit LDAP Security Group (see EditLDAPsecuritygroup);
4. Backup existing LDAP machine using the following documentation: EWC - How to create and restore backups from VMs (VM Images Backup)
5. Check the Operating System of your LDAP from Morpheus, Provisioning → Instances → select LDAP machine ;
   1. If your LDAP is rocky 8 based → jump to step 10. 
      
   2. If your LDAP is centos7 based → continue to step 4.

   Prepare the following information knowing that your OLD_LDAP is centos7 based and NEW_LDAP is rocky8 based:

6. DNS_HOSTED_ZONE→ logging in Morpheus → Tools → Cypher and check the following secret → secret/ldap_domain
7. OLD_LDAP_SERVER_NAME → Name of the server from Openstack → you can find the name from openstack server list command
8. OLD_LDAP_PRIVATE_IP → logging in Morpheus → Provisioning → Instances, check your OLD LDAP VM IP address
9. OLD_LDAP_HOSTNAME → logging in Morpheus → Tools → Cypher and check the following secret → secret/ldap_hostname
NEW_LDAP_SERVER_NAME → Name of the server from Openstack → you can find the name from openstack server list command
10. NEW_LDAP_PRIVATE_IP → logging in Morpheus → Provisioning → Instances, check your new LDAP VM IP address
11. NEW_LDAP_HOSTNAME → <name-of-the-machine>.<tenancy-domain> where tenancy-domain → logging in Morpheus → Tools → Cypher and check the following secret → secret/ldap_domain (e.g. the result should be something like ldap-test-rocky.eumetsat.sandbox.ewc). Alternatively you can find it in /etc/hosts file in your new LDAP machine
12. Create LDAP replica instance type to move from centos7 to rocky 8 (see MigratefromCentos7toRocky8);Make new LDAP machine primary (see PreparenewLDAPmachine );
13. Switch IP interfaces between LDAPs using 'switch interfaces of two VMs' workflow in Morpheus (see SwitchIPinterfacesbetweenLDAPs );
14. Update Morpheus (see UpdateMorpheus );
15. Check everything is working fine (see Tests);
    

    Prepare the following information knowing that your OLD_LDAP is rocky8 based and NEW_LDAP is rocky9 based:

    DNS_HOSTED_ZONE→ logging in Morpheus → Tools → Cypher and check the following secret → secret/ldap_domain
16. OLD_LDAP_SERVER_NAME → Name of the server from Openstack → you can find the name from openstack server list command
17. OLD_LDAP_PRIVATE_IP → logging in Morpheus → Provisioning → Instances, check your OLD LDAP VM IP address
18. OLD_LDAP_HOSTNAME → logging in Morpheus → Tools → Cypher and check the following secret → secret/ldap_hostname
19. NEW_LDAP_SERVER_NAME → Name of the server from Openstack → you can find the name from openstack server list command
    
20. NEW_LDAP_PRIVATE_IP → logging in Morpheus → Provisioning → Instances, check your new LDAP VM IP address
21. NEW_LDAP_HOSTNAME → <name-of-the-machine>.<tenancy-domain> where tenancy-domain → logging in Morpheus → Tools → Cypher and check the following secret → secret/ldap_domain (e.g. the result should be something like ldap-test-rocky.eumetsat.sandbox.ewc). Alternatively you can find it in /etc/hosts file in your new LDAP machine
22. Create LDAP replica instance type to move from rocky 8 to rocky 9 (see MigratefromRocky8toRocky9)Make new LDAP machine primary (see PreparenewLDAPmachine );
23. Switch IP interfaces between LDAPs (see SwitchIPinterfacesbetweenLDAPs)
    1.  Run workflow from Morpheus called 'Switch machines interfaces` from the machine with the Openstack client installed;
24. Update Morpheus (see UpdateMorpheus );
25. Check everything is working fine (see Tests);
26. Delete old LDAP machine/s to free resources (see Delete a VM from Morpheus).

Tasks

Edit LDAP security group

1. ssh to the VM with Openstack Client and run the following commands (see EWC - OpenStack Command-Line client for more details):
   1. List ldap security group rule 

      Code Block
      openstack security group rule list ldap

   2. add port 636 TCP.749 TCP,464 UDP to ldap security group if they are missing

      Code Block
      openstack security group rule create ldap --protocol tcp --ingress --dst-port 636 --remote-ip 0.0.0.0/0 --ethertype IPv4 openstack security group rule create ldap --protocol tcp --ingress --dst-port 749 --remote-ip 0.0.0.0/0 --ethertype IPv4 openstack security group rule create ldap --protocol udp --ingress --dst-port 464 --remote-ip 0.0.0.0/0 --ethertype IPv4

...

1. Login to Morpheus
2. Go to Provisioning → Instances and click '+ADD'
3. Select the LDAP replica Instance type
4. Select a new name for the VM (e.g. ldap-rocky8) and click 'Next'
5. Use the following inputs for the VM and then click 'Next' until the deployment starts:
   
   1. version: 9
   2. plan: eo1.medium
   3. networks: private
   4. security group: ldap

Prepare new LDAP machine

1. SSH In the NEW LDAP machine (LDAP replica) and become root
   1. Edit the /etc/hosts file and make sure it is as follow:

   2. Code Block
      [murdaca@ipa ~]$ cat /etc/hosts <!-- BEGIN ANSIBLE MANAGED BLOCK --> OLD_LDAP_PRIVATE_IP NEW_LDAP_HOSTNAME <!-- END ANSIBLE MANAGED BLOCK -->

   3. Delete OLD LDAP machine DNS records

      Code Block
      ipa-replica-manage del OLD_LDAP_HOSTNAME --force

   4. Replace the NEW LDAP machine IP DNS records with the IP of the interface of the OLD LDAP machine
      

      Code Block
      ipa dnsrecord-mod DNS_HOSTED_ZONE ipa-ca --a-rec OLD_LDAP_PRIVATE_IP ipa dnsrecord-mod DNS_HOSTED_ZONE NEW_LDAP_HOSTNAME --a-rec OLD_LDAP_PRIVATE_IP

Switch IP interfaces between LDAPs

Now you can start the procedure to switch interfaces between two VMs:

Switch Interfaces of two VMs

1. Go to an Ubuntu 22 VM and select 'Run Workflow' Image Added
   
2. Select the 'Switch Interfaces of two VMsImage Added
   
3. Insert inputs and run the workflow Image Added where:
   1. OLD VM in this case is the OLD LDAP machine name
   2. NEW VM in this case is the NEW LDAP machine name
   3. Openstack Application Credentials ID and Secret
   SSH to the VM with Openstack client installed and run the following commands:
   1. Show information about the OLD LDAP machine (SERVER_NAME usually is ldap in the tenancies by default):
      

      Code Block
      openstack server show OLD_LDAP_SERVER_NAME

   2. Detach the interface from the OLD LDAP machine (SERVER_NAME is the name of the OLD LDAP VM from previous command, IP_ADDRESS is the private IP of the OLD LDAP VM, you listed with the previous command, SAVE IT in your notes!)

      Code Block
      openstack server remove fixed ip OLD_LDAP_SERVER_NAME OLD_LDAP_PRIVATE_IP

   3. Switch off the NEW LDAP machine (SERVER_NAME is the name of the VM, you can find it with openstack server list )

      Code Block
      openstack server stop OLD_LDAP_SERVER_NAME

   4. Detach the interface from the NEW LDAP machine (SERVER_NAME is the name of the VM, IP_ADDRESS is the private IP of the NEW LDAP VM )

      Code Block
      openstack server remove fixed ip NEW_LDAP_SERVER_NAME NEW_LDAP_PRIVATE_IP

   5. Add interface to the NEW LDAP machine with the IP of the old LDAP machine (SERVER_NAME is the name of the VM, IP_ADDRESS=The one you saved before in your notes!

      Code Block
      openstack server add fixed ip NEW_LDAP_SERVER_NAME OLD_LDAP_PRIVATE_IP

   6. Add LDAP security group to new LDAP machine (SERVER_NAME is the name of the NEW LDAP VM)

      Code Block
      openstack server add security group NEW_LDAP_SERVER_NAME ldap

   7. Restart NEW LDAP machine (SERVER_NAME is the name of the new LDAP VM) Code Blockopenstack server restart NEW_LDAP_SERVER_NAME

Update Morpheus

1. Login to Morpheus and change the value of the hostname for LDAP, going to Tools → Cypher:
   1. Delete the secret/ldap_hostname
      
   2. Use the '+ADD' to create a new secret
   3.  Add KEY: secret/ldap_hostname and VALUE: NEW_LDAP_HOSTNAME 

...