Ce contenu n'est pas disponible dans la langue sélectionnée.

Chapter 40. Migrating to IdM on RHEL 7 from FreeIPA on non-RHEL Linux distributions


To migrate a FreeIPA deployment on a non-RHEL Linux distribution to an Identity Management (IdM) deployment on RHEL 7 servers, you must first add a new RHEL 7 IdM Certificate Authority (CA) replica to your existing FreeIPA environment, transfer certificate-related roles to it, and then retire the non-RHEL FreeIPA servers.
Important
Performing an in-place conversion of a non-RHEL FreeIPA server to a RHEL 7 IdM server using the Convert2RHEL tool is not supported.

Prerequisites

  • You have determined the domain level of your non-RHEL FreeIPA certificate authority (CA) renewal server. For more information, see Displaying the Current Domain Level.
  • You have installed RHEL 7.9 on the system that you want to become the new CA renewal server.

Procedure

To perform the migration, follow the same procedure as Migrating Identity Management from Red Hat Enterprise Linux 6 to Version 7, with your non-RHEL FreeIPA CA server acting as the RHEL 6 server:
  1. If the original non-RHEL CA renewal server is running FreeIPA version 3.1 or older, Update the Identity Management Schema. To display the installed FreeIPA version, use the ipa --version command.
  2. Configure a RHEL 7 server and add it as an IdM replica to your current FreeIPA environment on the non-RHEL Linux distribution. If the domain level for your domain is 0, see Installing the RHEL 7 Replica . If the domain level is 1, follow the steps described in Creating the Replica: Introduction.
  3. Make the RHEL 7 replica the CA renewal server, stop generating the certificate revocation list (CRL) on the non-RHEL server and redirect CRL requests to the RHEL 7 replica. For details, see Transitioning the CA Services to the Red Hat Enterprise Linux 7 Server.
  4. Stop the original non-RHEL FreeIPA CA renewal server to force domain discovery to the new RHEL 7 server. For details, see Stop the Red Hat Enterprise Linux 6 Server.
  5. Install new replicas on other RHEL 7 systems and decommission the non-RHEL server. For details, see Next steps after migrating the master CA server.
    Important
    Red Hat recommends having IdM replicas of only one major RHEL version in your topology. For this reason, do not delay decommissioning the old server.

Additional resources

Red Hat logoGithubRedditYoutubeTwitter

Apprendre

Essayez, achetez et vendez

Communautés

À propos de la documentation Red Hat

Nous aidons les utilisateurs de Red Hat à innover et à atteindre leurs objectifs grâce à nos produits et services avec un contenu auquel ils peuvent faire confiance.

Rendre l’open source plus inclusif

Red Hat s'engage à remplacer le langage problématique dans notre code, notre documentation et nos propriétés Web. Pour plus de détails, consultez leBlog Red Hat.

À propos de Red Hat

Nous proposons des solutions renforcées qui facilitent le travail des entreprises sur plusieurs plates-formes et environnements, du centre de données central à la périphérie du réseau.

© 2024 Red Hat, Inc.