Pierre-Marie Besserer via FreeIPA-users wrote:
Hi everybody!
I'm trying to migrate data from a containerised IPA to a freshly new installed
"standard" IPA, like you would do with the backup/restore tools. Naively I
thought I could just copy the files from my /data binded directory in the /etc/ dir of the
standard IPA, but I'm not sure it's the best way (or if even it will work) after
reading the scripts and patches in the freeipa-container' GitHub. Maybe it would be
better to mimic the behaviour of the containerised IPA (leaving my files in a /data dir
and modification of SYSCONFDIR in authconfig). Maybe an other way could be to declare my
new IPA as a replica of the containerised one..
Did someone has an idea how I can do this?
You are correct, the way to do it is to create a replica with a CA (and
DNS if you have it in container) and migrate over the CRL, CA renewal,
DNA and other responsibilities and then you can decommission the
container one. We strongly recommend that there are at least 2 servers
with a CA to prevent single-point-of-failure.
rob