Versions Compared

Old Version 70

changes.mady.by.user Francesco Murdaca

Saved on

compared with

New Version 71

changes.mady.by.user Francesco Murdaca

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Login to Morpheus
  2. Go to Provisioning → Instances and click '+ADD'
  3. Select the LDAP replica Instance type
  4. Select a new name for the VM (e.g. ldap-rocky8) and click 'Next'
  5. Use the following inputs for the VM and then click 'Next' until the deployment starts:
    1. version: 8
    2. plan: eo1.medium
    3. networks: private
    4. security group: ldap

In case of errors check 

Warning




Migrate from Rocky 8 to Rocky 9

...

  1. ssh to ssh-proxy in your tenancy
  2. ssh using DNS to the new LDAP machine
  3. Run sudo ipactl status → verify the services are all up and running
  4. From Morpheus go to Provisioning → Instances and deploy a new machine to test the enrollment to LDAP DNS is working correctly with the new LDAP machine.


Known possible errors

DNA range issue

...

possible errors

...

ipa: ERROR: Operations error: Allocation of a new value for range cn=posix ids,cn=distributed numeric assignment plugin,cn=plugins,cn=config failed! Unable to proceed.

...

The fix for that error is the following command:

  1. Identify min and max range of IDs 
    Code Block
     ipa idrange-find
  2. Set the lower boundary to exclude every existing account (as of ipa user-find | grep 'UID')
  3. Assign the DNS range using ${min}-${max} identified in the previous steps 
    Code Block
     ipa-replica-manage dnarange-set $ldap_server ${min}-${max}
  4. Check the range that is used 

...

ipa command line of WebUI access is denied, with an HTTP error 401

...

Resource: https://access.redhat.com/solutions/7052125

DNA range issue

After the IPA Migration, especially from Centos7 to Rocky9, there might be still some possible errors, like the one below:

ipa: ERROR: Operations error: Allocation of a new value for range cn=posix ids,cn=distributed numeric assignment plugin,cn=plugins,cn=config failed! Unable to proceed.


There is a FreeIPA doc site related to this: https://www.freeipa.org/page/V3/Recover_DNA_Ranges.html

The fix for that error is the following command:

  1. Identify min and max range of IDs 
    Code Block
     ipa idrange-find
  2. Set the lower boundary to exclude every existing account (as of ipa user-find | grep 'UID')
  3. Assign the DNS range using ${min}-${max} identified in the previous steps 
    Code Block
     ipa-replica-manage dnarange-set $ldap_server ${min}-${max}
  4. Check the range that is used 
Code Block
ipa-replica-manage dnarange-show