Versions Compared

Old Version 77

changes.mady.by.user Francesco Murdaca

Saved on

compared with

New Version Current

changes.mady.by.user Francesco Murdaca

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

You can find the manual procedure for some of the steps above

Migrate from Centos7 to Rocky 8

Creating a new LDAP to migrate to

  1. From Morpheus, deploy a new machine with
    1. image: rocky 8
    2. security group: ldap security group
    3. plan: eo1.medium
    4. name: different from existing ldap machine
  2. SSH to the new machine and become root
  3. Stop and disable firewalld on the machine
    Code Block
    systemctl stop firewalld && systemctl disable firewalld
  4. Add OLD LDAP IP and domain of the machine acting as LDAP in one line to /etc/hosts on this machine (OLD_LDAP_IP is the private IP of your current LDAP and OLD_LDAP_DOMAIN is the domain from your current LDAP (e.g. ldap.eumetsat.sandbox.ewc) )
    Code Block
    [test234@test-podman2 ~]$ cat /etc/hosts
<!-- BEGIN ANSIBLE MANAGED BLOCK -->
10.0.0.133 test-podman2.eumetsat.sandbox.ewc (this is an example, you will see the private IP of your machine and the domain from your machine here)
OLD_LDAP_IP OLD_LDAP_DOMAIN 
<!-- END ANSIBLE MANAGED BLOCK -->
  5. Install freeipa dependencies
    1. for rocky 8:
      1. Code Block
        sudo yum -y update
      2. Code Block
        sudo yum module reset idm:DL1
      3. Code Block
        sudo yum module enable idm:DL1
      4. Code Block
        sudo dnf install freeipa-server ipa-server-dns bind-dyndb-ldap -y
  6. Run the following command to install the LDAP replica
  7. Code Block
    ipa-replica-install --domain "eumetsat.sandbox.ewc" --principal sandbox-ldap-admin --admin-password hunter2 --server <OLD LDAP complete domain (e.g. ldap.eumetsat.sandbox.ewc)> --setup-ca --setup-dns --force-join --forwarder=8.8.8.8 --forwarder=1.1.1.1 --no-host-dns --unattended

    (add --verbose for more logs) NOTE: go ahead with the default netbios and also put yes when asked about the ipa-sidgen task installation for users

  8. Make the new ldap machine primary, running the following commands

    1. Find the dns zone name 

      1. Code Block
        ipa dnszone-find

    2.  Make the ldap machine primary  (SERVER IS the new LDAP machine complete domain (e.g. ldap-test-rocky.eumetsat.sandbox.ewc), while DNS_ZONE is the zone name from the previous command)

      1. Code Block
        ipa dnszone-mod DNS_ZONE --name-server=SERVER


Migrate from Rocky 8 to Rocky 9

Creating a new LDAP to migrate to

  1. From Morpheus, deploy a new machine with
    1. image: rocky 9
    2. security group: ldap security group
    3. plan: eo1.medium
    4. name: different from existing ldap machine
  2. SSH to the new machine and become root
  3. Stop and disable firewalld on the machine
    Code Block
    systemctl stop firewalld && systemctl disable firewalld
  4. Add old ldap IP and domain of the machine acting as LDAP in one line to /etc/hosts on this machine (OLD_LDAP_IP is the private IP of your current LDAP and OLD_LDAP_DOMAIN is the domain from your current LDAP (e.g. ldap.eumetsat.sandbox.ewc) )
    Code Block
    [test234@test-podman2 ~]$ cat /etc/hosts
<!-- BEGIN ANSIBLE MANAGED BLOCK -->
 10.0.0.133 test-podman2.eumetsat.sandbox.ewc (this is an example, you will see the private IP of your machine and the domain from your machine here)
OLD_LDAP_IP OLD_LDAP_DOMAIN  
<!-- END ANSIBLE MANAGED BLOCK -->
  5. Install freeipa dependencies
    1. for rocky 9:
      1. Code Block
        sudo dnf install ipa-server ipa-server-dns -y
  6. Run the following command to install the LDAP replica
  7. Code Block
    ipa-replica-install --domain "eumetsat.sandbox.ewc" --principal sandbox-ldap-admin --admin-password hunter2 --server <OLD LDAP complete domain (e.g. ldap.eumetsat.sandbox.ewc)> --setup-ca --setup-dns --force-join --forwarder=8.8.8.8 --forwarder=1.1.1.1 --no-host-dns --unattended

    add --verbose for more logs

  8. Make the new ldap machine primary, running the following commands

    1. Find the dns zone name 

      1. Code Block
        ipa dnszone-find

    2.  Make the ldap machine primary  (SERVER is the new LDAP machine complete domain (e.g. ldap-test-rocky.eumetsat.sandbox.ewc), while DNS_ZONE is the zone name from the previous command)

      1. Code Block
        ipa dnszone-mod DNS_ZONE --name-server=SERVER

Post installation


Switch IP interfaces between LDAP

  1. SSH to the VM with Openstack Application credentials (EWC - OpenStack Command-Line client) installed and run the following commands:
    1. Show information about the
    Delete
    1. OLD LDAP machine
    DNS records
    1. (SERVER_NAME usually is
    the old LDAP machine complete domain (e.g. ldap-test-rocky.eumetsat.sandbox.ewc)
    Code Block
    ipa-replica-manage del SERVER --force

  2. Find the dns zone name 

  3. Code Block
    ipa dnszone-find
    1. ldap in the tenancies by default):
      Code Block
      openstack server show SERVER_NAME
    2. Detach the interface from
    Replace the NEW LDAP machine IP with the IP of the interface of
    1. the OLD LDAP machine (
    HOSTED
    1. SERVER_
    ZONE
    1. NAME is the
    output
    1. name of the OLD LDAP VM from
    the
    1. previous command, IP_ADDRESS
    =The one you saved before in your notes!HOSTNAME is the new LDAP machine complete domain (e.g. ldap-test-rocky.eumetsat.sandbox.ewc)
    Code Block
    ipa dnsrecord-mod HOSTED_ZONE ipa-ca --a-rec IP_ADDRESS 
ipa dnsrecord-mod HOSTED_ZONE HOSTNAME --a-rec  IP_ADDRESS

Switch IP interfaces between LDAP

    1. is the private IP of the OLD LDAP VM, you listed with the previous command, SAVE IT in your notes!)
      Code Block
      openstack server remove fixed ip SERVER_NAME IP_ADDRESS
  2. SSH In the NEW LDAP machine (LDAP replica)
    1. Update the IP of the NEW LDAP machine in the /etc/hosts (IP_ADDRESS ) with the IP of the OLD LDAP machine and remove the line relative to the OLD LDAP ( The one you saved before in your notes!)
      Code Block
      [murdaca@ipa ~]$ cat /etc/hosts

<!-- BEGIN ANSIBLE MANAGED BLOCK -->

IP_ADDRESS ipa.batchpro.ewc

<!-- END ANSIBLE MANAGED BLOCK -->
  3. SSH to the VM with Openstack client SSH to the VM with Openstack Application credentials (EWC - OpenStack Command-Line client) installed and run the following commands:
    1. Show information about the OLD Switch off the NEW LDAP machine (SERVER_NAME usually is ldap in the tenancies by default):the name of the VM, you can find it with openstack server list )
      Code Block
      openstack server showstop SERVER_NAME
    2. Detach the interface from the OLD NEW LDAP machine (SERVER_NAME is the name of the OLD LDAP VM from previous command, IP_ADDRESS is the private IP of the OLD LDAP VM, you listed with the previous command, SAVE IT in your notes!NEW LDAP VM )
      Code Block
      openstack server remove fixed ip SERVER_NAME IP_ADDRESS
    SSH In
    1. Add interface to the NEW LDAP machine
    (LDAP replica)
    1. Update with the IP of the NEW old LDAP machine in the /etc/hosts (IP_ADDRESS ) with the IP of the OLD LDAP machine and remove the line relative to the OLD LDAP ( (SERVER_NAME is the name of the VM, IP_ADDRESS=The one you saved before in your notes! )
      Code Block
      [murdaca@ipa ~]$ cat /etc/hosts

<!-- BEGIN ANSIBLE MANAGED BLOCK -->

IP_ADDRESS ipa.batchpro.ewc

<!-- END ANSIBLE MANAGED BLOCK -->
    SSH to the VM with Openstack client installed and run the following commands:
    1. openstack server add fixed ip SERVER_NAME IP_ADDRESS
    2. Add LDAP security group to new LDAP machine (SERVER_NAME is the name of the NEW LDAP VM)
      Code Block
      openstack server add security group SERVER_NAME ldap
    3. Restart
    4. Switch off the NEW LDAP machine (SERVER_NAME is the name of the VM, you can find it with openstack server list new LDAP VM)
      Code Block
      openstack server stoprestart SERVER_NAME
    5. Detach the interface from the NEW LDAP machine (SERVER_NAME is the name of the VM, IP_ADDRESS is the private IP of the NEW LDAP VM )
      Code Block
      openstack server remove fixed ip SERVER_NAME IP_ADDRESS
    6. Add interface to the NEW LDAP machine with the IP of the old LDAP machine (SERVER_NAME is the name of the VM, IP_ADDRESS=The one you saved before in your notes!
      Code Block
      openstack server add fixed ip SERVER_NAME IP_ADDRESS
    7. Add LDAP security group to new LDAP machine (SERVER_NAME is the name of the NEW LDAP VM)
      Code Block
      openstack server add security group SERVER_NAME ldap
      8. Restart NEW LDAP machine (SERVER_NAME is the name of the new LDAP VM) Code Blockopenstack server restart SERVER_NAME 

Post installation
You can run it after you switched the IP in the new LDAP machine
  1. Delete OLD LDAP machine DNS records (SERVER is the old LDAP machine complete domain (e.g. ldap-test-rocky.eumetsat.sandbox.ewc)
     Code Block
    ipa-replica-manage del SERVER --force
  2. Find the dns zone name 
  3.  Code Block
    ipa dnszone-find
  4. Replace the NEW LDAP machine IP with the IP of the interface of the OLD LDAP machine (HOSTED_ZONE is the output name from the previous command, IP_ADDRESS=The one you saved before in your notes!HOSTNAME is the new LDAP machine complete domain (e.g. ldap-test-rocky.eumetsat.sandbox.ewc)
     Code Block
    ipa dnsrecord-mod HOSTED_ZONE ipa-ca --a-rec IP_ADDRESS 
ipa dnsrecord-mod HOSTED_ZONE HOSTNAME --a-rec  IP_ADDRESS
Known possible errors
ipa command line of WebUI access is denied, with an HTTP error 401
...