28.2 Transfer ID Migration Procedure

28.2.1 Using Migration GUI for Proxy Migration

Beginning with OES 2015 or later, you can perform Common Proxy or Service Proxy migration using the Migration GUI tool.

Since OES 24.4 allows the use of only common proxy user, the Transfer ID GUI now supports migration of Common proxy and there is no need to perform any additional manual steps.

In the eDirectory Precheck step, the source server’s proxy credentials are copied to the target server. In the Repair step, these proxy credentials are used to reconfigure the proxy user on the target server.

Supported Scenarios:

  • Source server and target server are both configured with Common Proxy.

Cross proxy migration (Service proxy to Common proxy or vice versa) or mixed proxy migration (service proxy + common proxy to target or vice versa) is not supported.

28.2.2 Using the Migration Commands for Proxy Migration

Services that are Using Common Proxy

Prerequisite

  • Ensure that the source server and target server is updated with the latest patches.

  • Enable SSH on the source server. For more information, see Enabling SSH.

Pre-Migration Procedure

Before services are migrated to OES 24.4 server, you must identify the services using common proxy and the common proxy credentials on the source server.

  1. On the source server, login as a root user.

  2. Retrieve the common proxy credentials on the source server by executing the following commands:

    /opt/novell/proxymgmt/bin/cp_retrieve_proxy_cred username

    Displays common proxy DN.

    IMPORTANT:The dot format is not supported by the common proxy scripts. Ensure to use comma format for common proxy users and contexts.

    /opt/novell/proxymgmt/bin/cp_retrieve_proxy_cred password

    Displays common proxy password.

    Make a note of the common proxy credentials.

  3. Identify the services using common proxy on the source server by executing the following command:

    /opt/novell/proxymgmt/bin/retrieve_proxy_list.sh

    This command writes all the OES services and their proxy users to the file /var/opt/novell/log/proxymgmt/pxylist.txt. Using the common proxy credentials that are identified in Step 2, determine the services using common proxy from the pxylist.txt file.

    IMPORTANT:Do not delete, modify, or rename the common proxy user from eDirectory.

Proxy Migration

Migrate all the services that are using common proxy to the target server. On successful migration proceed with the post-migration procedure.

Post-Migration Procedure

After the services are migrated to OES 24.4 server, you must update OES Credential Store (OCS) on the target server with common proxy credentials and reconfigure the services using common proxy to use the updated credentials.

  1. Update OCS on the target server with common proxy credentials retrieved in Step 2.

    1. On the target server, login as a root user.

    2. Run the following command:

      /opt/novell/proxymgmt/bin/cp_update_proxy_cred.sh

      You are prompted to enter common proxy user DN and password. Enter details that are retrieved in Step 2. This updates OCS with common proxy credentials.

  2. Verify if common proxy credentials are updated properly by executing the following commands:

    /opt/novell/proxymgmt/bin/cp_retrieve_proxy_cred username

    Displays common proxy DN.

    /opt/novell/proxymgmt/bin/cp_retrieve_proxy_cred password

    Displays common proxy password.

  3. Reconfigure the services identified in Step 3 to use updated common proxy credentials.

    /opt/novell/proxymgmt/bin/move_to_common_proxy.sh -d <Admin DN> -w <Admin Password> -i <Destination system IP> -p 636 -s <comma separated list of services>

    For example:

    /opt/novell/proxymgmt/bin/move_to_common_proxy.sh -d cn=admin,o=novell -w novell -i 192.168.1.254 -p 636 -s,novell-cifs,novell-dns

28.2.3 Enabling SSH

  1. Enable SSH on the source server and the target server.

  2. Enter the # ssh-keygen -t rsa command on the target server.

  3. When you are prompted to enter the file in which to save the key (/root/.ssh/id_rsa), press Enter.

    The ssh keys are stored in the default location.

  4. When you are prompted to enter the passphrase (empty for no passphrase), press Enter.

    We recommend that you do not include the passphrase.

  5. Copy the key value (the output of the # ssh-keygen -t rsa command) to the source server.

    # scp ~/.ssh/id_rsa.pub root@<source-server>:/root/

    where <source-server> is the IP address or the hostname of the source server.

  6. Log in to the source server by using ssh. If the.ssh directory is not available, create the directory, then append the key value to the list of authenticated keys.

    cat id_rsa.pub >> /root/.ssh/authorized_keys