Skip to content

Instantly share code, notes, and snippets.

@josh-at-knoesis
Created March 13, 2014 17:41
Show Gist options
  • Save josh-at-knoesis/9533175 to your computer and use it in GitHub Desktop.
Save josh-at-knoesis/9533175 to your computer and use it in GitHub Desktop.
FreeIPA Migration Issue 001

Original Server

Preparing for replica:

[root@original ipa]# rpm -qa|grep ipa|sort
ipa-admintools-3.0.0-37.el6.x86_64
ipa-client-3.0.0-37.el6.x86_64
ipa-pki-ca-theme-9.0.3-7.el6.noarch
ipa-pki-common-theme-9.0.3-7.el6.noarch
ipa-python-3.0.0-37.el6.x86_64
ipa-server-3.0.0-37.el6.x86_64
ipa-server-selinux-3.0.0-37.el6.x86_64
libipa_hbac-1.9.2-129.el6_5.4.x86_64
libipa_hbac-python-1.9.2-129.el6_5.4.x86_64
python-iniparse-0.3.1-2.1.el6.noarch
[root@original ipa]# ipa-replica-prepare --ip-address=10.10.84.11 --reverse-zone=84.10.10.in-addr.arpa. core-n1.example.org
Directory Manager (existing master) password:

Preparing replica for core-n1.example.org from original.example.org
Creating SSL certificate for the Directory Server
Creating SSL certificate for the dogtag Directory Server
Creating SSL certificate for the Web Server
Exporting RA certificate
Copying additional files
Finalizing configuration
Packaging replica information into /var/lib/ipa/replica-info-core-n1.example.org.gpg
Adding DNS records for core-n1.example.org
Using reverse zone 84.10.10.in-addr.arpa.
[root@original ipa]# ls
pki-ca  replica-info-core-n1.example.org.gpg  sysrestore  sysupgrade
[root@original ipa]# scp replica-info-core-n1.example.org.gpg root@core-n1:/var/lib/ipa/
The authenticity of host 'core-n1 (10.10.84.11)' can't be established.
RSA key fingerprint is 94:a1:22:f4:3c:fc:76:70:4b:78:89:12:4c:45:d8:d7.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'core-n1' (RSA) to the list of known hosts.
root@core-n1's password:
scp: /var/lib/ipa/: Is a directory
[root@original ipa]# scp replica-info-core-n1.example.org.gpg root@core-n1:/var/lib/ipa/replica-info-core-n1.example.org.gpg
root@core-n1's password:
scp: /var/lib/ipa/replica-info-core-n1.example.org.gpg: No such file or directory
[root@original ipa]# ^C
[root@original ipa]# ^C
[root@original ipa]# ^C
[root@original ipa]# ^C
[root@original ipa]# ^C
[root@original ipa]# ^C
[root@original ipa]#
[root@original ipa]#
[root@original ipa]#
[root@original ipa]# scp replica-info-core-n1.example.org.gpg root@core-n1:/tmp
root@core-n1's password:
replica-info-core-n1.example.org.gpg                                                            100%   38KB  38.4KB/s   00:00
[root@original ipa]# cat /etc/redhat-release
CentOS release 6.5 (Final)
[root@original ipa]# ls
ls           lsblk        lscgroup     lsinitrd     lsof
lsattr       lsb_release  lscpu        lsmod        lssubsys
[root@original ipa]# lsof -nPi TCP|grep LIST
rpcbind   1008     rpc    8u  IPv4  10539      0t0  TCP *:111 (LISTEN)
rpc.statd 1044 rpcuser    9u  IPv4  10835      0t0  TCP *:55526 (LISTEN)
ns-slapd  1106  dirsrv    8u  IPv4  10970      0t0  TCP *:584 (LISTEN)
ns-slapd  1106  dirsrv    9u  IPv4  10974      0t0  TCP *:389 (LISTEN)
ns-slapd  1106  dirsrv   10u  IPv4  10975      0t0  TCP *:636 (LISTEN)
ns-slapd  1182  pkisrv    6u  IPv4  11027      0t0  TCP *:7389 (LISTEN)
ns-slapd  1182  pkisrv    7u  IPv4  11028      0t0  TCP *:7390 (LISTEN)
krb5kdc   1311    root    7u  IPv4  11177      0t0  TCP *:88 (LISTEN)
kadmind   1334    root    7u  IPv4  11247      0t0  TCP *:464 (LISTEN)
kadmind   1334    root    8u  IPv4  11248      0t0  TCP *:749 (LISTEN)
named     1354   named   20u  IPv4  11361      0t0  TCP 127.0.0.1:53 (LISTEN)
named     1354   named   21u  IPv4  11363      0t0  TCP 10.10.5.88:53 (LISTEN)
named     1354   named   22u  IPv4  11427      0t0  TCP 127.0.0.1:953 (LISTEN)
httpd     1412    root    3u  IPv4  11536      0t0  TCP *:80 (LISTEN)
httpd     1412    root    4u  IPv4  11538      0t0  TCP *:443 (LISTEN)
httpd     1438  apache    3u  IPv4  11536      0t0  TCP *:80 (LISTEN)
httpd     1438  apache    4u  IPv4  11538      0t0  TCP *:443 (LISTEN)
httpd     1439  apache    3u  IPv4  11536      0t0  TCP *:80 (LISTEN)
httpd     1439  apache    4u  IPv4  11538      0t0  TCP *:443 (LISTEN)
httpd     1441  apache    3u  IPv4  11536      0t0  TCP *:80 (LISTEN)
httpd     1441  apache    4u  IPv4  11538      0t0  TCP *:443 (LISTEN)
httpd     1443  apache    3u  IPv4  11536      0t0  TCP *:80 (LISTEN)
httpd     1443  apache    4u  IPv4  11538      0t0  TCP *:443 (LISTEN)
httpd     1444  apache    3u  IPv4  11536      0t0  TCP *:80 (LISTEN)
httpd     1444  apache    4u  IPv4  11538      0t0  TCP *:443 (LISTEN)
httpd     1445  apache    3u  IPv4  11536      0t0  TCP *:80 (LISTEN)
httpd     1445  apache    4u  IPv4  11538      0t0  TCP *:443 (LISTEN)
httpd     1446  apache    3u  IPv4  11536      0t0  TCP *:80 (LISTEN)
httpd     1446  apache    4u  IPv4  11538      0t0  TCP *:443 (LISTEN)
httpd     1447  apache    3u  IPv4  11536      0t0  TCP *:80 (LISTEN)
httpd     1447  apache    4u  IPv4  11538      0t0  TCP *:443 (LISTEN)
java      1517 pkiuser   40u  IPv4  11839      0t0  TCP *:9180 (LISTEN)
java      1517 pkiuser   47u  IPv4  11845      0t0  TCP *:9443 (LISTEN)
java      1517 pkiuser   49u  IPv4  11847      0t0  TCP *:9445 (LISTEN)
java      1517 pkiuser   51u  IPv4  11850      0t0  TCP *:9444 (LISTEN)
java      1517 pkiuser   53u  IPv4  11852      0t0  TCP *:9446 (LISTEN)
java      1517 pkiuser   55u  IPv4  14394      0t0  TCP *:9447 (LISTEN)
java      1517 pkiuser   56u  IPv4  14488      0t0  TCP 127.0.0.1:9701 (LISTEN)
sshd      1761    root    3u  IPv4  13759      0t0  TCP *:22 (LISTEN)
qpidd     1785   qpidd   10u  IPv4  13866      0t0  TCP *:5672 (LISTEN)
[root@original ipa]# lsof -Pni^CCP|grep LIST
[root@original ipa]# netstat -an|grep LIST
tcp        0      0 0.0.0.0:749                 0.0.0.0:*                   LISTEN
tcp        0      0 0.0.0.0:111                 0.0.0.0:*                   LISTEN
tcp        0      0 0.0.0.0:80                  0.0.0.0:*                   LISTEN
tcp        0      0 0.0.0.0:464                 0.0.0.0:*                   LISTEN
tcp        0      0 10.10.5.88:53             0.0.0.0:*                   LISTEN
tcp        0      0 127.0.0.1:53                0.0.0.0:*                   LISTEN
tcp        0      0 0.0.0.0:22                  0.0.0.0:*                   LISTEN
tcp        0      0 0.0.0.0:88                  0.0.0.0:*                   LISTEN
tcp        0      0 127.0.0.1:953               0.0.0.0:*                   LISTEN
tcp        0      0 0.0.0.0:443                 0.0.0.0:*                   LISTEN
tcp        0      0 0.0.0.0:9180                0.0.0.0:*                   LISTEN
tcp        0      0 0.0.0.0:636                 0.0.0.0:*                   LISTEN
tcp        0      0 0.0.0.0:7389                0.0.0.0:*                   LISTEN
tcp        0      0 0.0.0.0:7390                0.0.0.0:*                   LISTEN
tcp        0      0 0.0.0.0:9443                0.0.0.0:*                   LISTEN
tcp        0      0 0.0.0.0:9444                0.0.0.0:*                   LISTEN
tcp        0      0 127.0.0.1:9701              0.0.0.0:*                   LISTEN
tcp        0      0 0.0.0.0:9445                0.0.0.0:*                   LISTEN
tcp        0      0 0.0.0.0:389                 0.0.0.0:*                   LISTEN
tcp        0      0 0.0.0.0:9446                0.0.0.0:*                   LISTEN
tcp        0      0 0.0.0.0:55526               0.0.0.0:*                   LISTEN
tcp        0      0 0.0.0.0:9447                0.0.0.0:*                   LISTEN
tcp        0      0 0.0.0.0:5672                0.0.0.0:*                   LISTEN
tcp        0      0 0.0.0.0:584                 0.0.0.0:*                   LISTEN
unix  2      [ ACC ]     STREAM     LISTENING     10976  /var/run/slapd-KNOESIS-ORG.socket
unix  2      [ ACC ]     STREAM     LISTENING     12241  /var/run/dbus/system_bus_socket
unix  2      [ ACC ]     STREAM     LISTENING     8324   @/com/ubuntu/upstart
unix  2      [ ACC ]     STREAM     LISTENING     10534  /var/run/rpcbind.sock
unix  2      [ ACC ]     STREAM     LISTENING     10608  /var/lib/sss/pipes/private/sbus-monitor
unix  2      [ ACC ]     STREAM     LISTENING     10725  /var/lib/sss/pipes/nss
unix  2      [ ACC ]     STREAM     LISTENING     10729  /var/lib/sss/pipes/private/pam
unix  2      [ ACC ]     STREAM     LISTENING     10727  /var/lib/sss/pipes/pam
unix  2      [ ACC ]     STREAM     LISTENING     10619  /var/lib/sss/pipes/private/sbus-dp_example.org.1024
unix  2      [ ACC ]     STREAM     LISTENING     10738  /var/lib/sss/pipes/pac
unix  2      [ ACC ]     STREAM     LISTENING     11628  /var/run/httpd/wsgi.1412.0.1.sock
unix  2      [ ACC ]     STREAM     LISTENING     11494  /var/run/ipa_memcached/ipa_memcached
[root@original ipa]#
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment