Ronald Wimmer via FreeIPA-users wrote:
On 10.03.21 17:10, Rob Crittenden via FreeIPA-users wrote:
> Ronald Wimmer via FreeIPA-users wrote:
>> Hi,
>>
>> is there a way to export all IPA configuration and import it on a new
>> server? For instance to resetup everything from scratch or if purchasing
>> forces us to switch to a completely different distro.
>
> The typical way to move an IPA installation to a different distro is to
> create a new replica on that distro then decommission the old one.
That's exactly what we did. (according to the RHEL documentation) But I
fear there were errors before and I was not aware of the healthcheck
command at that point in time.
> Or do you want to abandon your current install and start over fresh but
> retain your users, groups, etc?
ipa-healthcheck reveals several ReplicationConflictCheck errors on each
of our eight ipa servers. What would you propose in order to get rid of
them?
Follow the docs:
https://access.redhat.com/documentation/en-us/red_hat_directory_server/10...
Additionally, there are CA troubles on two of four CA servers in
that
particular setup.
What would probably be the best way to fix all the problems? Where
should I start? Which road should I take (Fix errors server by server?
decommissioning all seven replicas and re-setup them from scratch?)
"CA troubles" isn't exactly enlightening.
In general, read the logs. For the CA reading top-down from the latest
start is generally recommended.
And ensure you don't have expired certificates.
rob