32.2 Transfer ID Migration Procedure

32.2.1 Services that Are Using Common Proxy

Prerequisites

  • Ensure that the source server and target server are updated with the latest patches.

  • Enable SSH on the source server. For more information, see Enabling SSH.

Pre-Migration Procedure

Before services are migrated to the OES 11 SP2 server, you must identify the services using common proxy and the common proxy credentials on the source server.

  1. On the source server, log in as a root user.

  2. Retrieve the common proxy credentials on the source server by executing the following commands:

    /opt/novell/proxymgmt/bin/cp_retrieve_proxy_cred username
    

    Displays the common proxy DN.

    /opt/novell/proxymgmt/bin/cp_retrieve_proxy_cred password
    

    Displays the common proxy password.

    Make a note of the common proxy credentials.

  3. Identify the services using common proxy on the source server by executing the following command:

    /opt/novell/proxymgmt/bin/retrieve_proxy_list.sh
    

    This command writes all the OES services and their proxy users to the file /var/opt/novell/log/proxymgmt/pxylist.txt. Using the common proxy credentials that are identified in Step 2, determine the services using common proxy from the pxylist.txt file.

    IMPORTANT:Do not delete, modify, or rename the common proxy user from eDirectory.

Post-Migration Procedure

After the services are migrated to the OES 11 SP2 server, you must update CASA on the target server with the common proxy credentials and then reconfigure the services using common proxy to use the updated credentials.

  1. Update CASA on the target server with the common proxy credentials retrieved in Step 2.

    1. On the target server, log in as a root user.

    2. Run the following command:

      /opt/novell/proxymgmt/bin/cp_update_proxy_cred.sh
      

      You are prompted to enter the common proxy user DN and password. Enter the details retrieved in Step 2. This updates CASA with the common proxy credentials.

  2. Verify that the common proxy credentials are updated properly by executing the following commands:

    /opt/novell/proxymgmt/bin/cp_retrieve_proxy_cred username
    

    Displays the common proxy DN.

    /opt/novell/proxymgmt/bin/cp_retrieve_proxy_cred password
    

    Displays the common proxy password.

  3. Reconfigure the services identified in Step 3 to use the updated common proxy credentials.

    /opt/novell/proxymgmt/bin/move_to_common_proxy.sh -d <LDAP Admin FDN> -w <LDAP Admin Password> -i <LDAP Server IP address> -p 636 -s <comma separated list of services>
    

    For example:

    /opt/novell/proxymgmt/bin/move_to_common_proxy.sh -d cn=admin,o=novell -w novell -i 192.168.1.254 -p 636 -s novell-afp,novell-cifs,novell-dns
    

32.2.2 Services that Are Using Service-Specific Proxy

Proxy migration reconfigures the services on the target server with the source server proxy credentials. The migrate_services_proxy.sh script retrieves the service-specific proxy credentials from the source and reconfigures the services on the target server with the proxy credentials of the source server.

The progress of proxy migration is recorded in the /var/opt/novell/log/proxymgmt/pxymgmt.log file.

Prerequisites

  • Platform Support for the Target Server:

    • OES 11 SP2

  • Platform Support for the Source Server:

    • OES 11

    • OES 2 SP3 Linux on 32-bit or 64-bit

    • OES 2 SP2 Linux on 32-bit or 64-bit for only DNS, DHCP, LUM, and NetStorage.

  • Ensure that the source and target servers are updated with the latest patches.

  • Enable SSH on the source server. For more information, see Enabling SSH.

  • For OES 2 SP2, see TID 7010507 to download the binaries and to perform proxy migration.

Proxy Migration Procedure

  1. Migrate the services to the target server.

    After a successful migration of services for OES 2 SP3 and OES 11 servers, proceed to Step 4 for proxy migration.

  2. (Conditional) Proxy migration of DNS, DHCP, and LUM services on OES 2 SP2 server: On the source server, create the folders to store the proxy credentials retrieval scripts (/opt/novell/proxymgmt/bin/) and log files (/var/opt/novell/log/proxymgmt/). To download the scripts, see TID 7010507.

  3. (Conditional) Proxy migration of NetStorage on OES 2 SP2 server:

    1. On the target server, install NetStorage

    2. Using YaST, configure NetStorage.

    3. When prompted for proxy user credentials, specify the proxy user credentials of the source server. NetStorage stores these credentials.

  4. (Conditional) Proxy migration of services on OES 2 SP3 and OES 11 servers: On the target server, run the command as a root user to reconfigure the services with the source server proxy credentials.

    /opt/novell/proxymgmt/bin/migrate_services_proxy.sh -s <Source_server_IP> -d <LDAP Admin FDN) -w <LDAP_Server_Password> -i <LDAP_server_IP> -p <LDAP Port>
    

    For example:

    /opt/novell/proxymgmt/bin/migrate_services_proxy.sh -s 192.168.1.1 -d cn=admin,o=novell -w xxxx -i 192.168.1.255 -p 636
    

    Option

    Description

    Mandatory Parameters:

     

    -s

    Specify the IP address of the source server to copy the proxy credentials.

    -d

    Specify the LDAP Admin DN (comma format).

    -w

    Specify the LDAP Admin Password. The password is stored in encrypted format.

    -i

    Specify the LDAP server IP address.

    -p

    Specify the LDAP Port. The default secure port is 636.

    Optional Parameters:

     

    -e

    Specify the value as “yes” or “no.” Default value is “yes.” This ensures that the credentials in the file are encrypted.

    -I

    Specify the value as “yes” or “no.” Default value is “yes.” This ignores the services using Common Proxy.

After successful completion of proxy migration, the services on the target server will run with the proxy credentials of the source server.

Verifying Proxy Migration

  • Verify that the services using service specific proxy on the target server are running with the proxy credentials of the source server.

32.2.3 Troubleshooting

Service Specific Proxy Migration Fails

Proxy users failed to migrate using the migrate_services_proxy.sh script. To resolve this issue, perform the following:

  1. Migrate the services to the target server.

    After successful migration of the services, proceed to the next step.

  2. On the source server, login as a root user.

  3. (Conditional) If the source server is OES 2 SP2 and services are DNS, DHCP and LUM, create the folders to store the proxy credentials retrieval scripts (/opt/novell/proxymgmt/bin/) and log files (/var/opt/novell/log/proxymgmt/). To download the scripts, refer the TID 7010507.

  4. Copy the /opt/novell/proxymgmt/bin/services_get_proxy_cred.sh script from the target server to the source server in the /opt/novell/proxymgmt/bin/ folder.

  5. Retrieve the service specific proxy credentials on the source server by executing the following command:

    /opt/novell/proxymgmt/bin/services_get_proxy_cred.sh

    After successful execution, a list of proxy user credentials is written to the /var/opt/novell/log/proxymgmt/proxycred file on the source server. The proxycred file contains the proxy user name in clear text format and the password in encrypted format.

    The proxycred file stores the information in the following format:

    <servicename>=<proxydn>:<proxypass>

    Considering CIFS as an example:

    CIFSPROXY=cn=user123,ou=users,o=novell:<pwd>
    
  6. Copy the proxycred file to the target server by executing the following command:

    scp /opt/novell/log/proxymgmt/proxycred root@<Target Server IP>:/var/opt/novell/log/proxymgmt/

  7. On the target server, run the command as a root user to reconfigure the services with source server proxy credentials

    /opt/novell/proxymgmt/bin/services_reconfig_proxy.sh -d <LDAP Admin DN> -w <LDAP Admin Password> -i <LDAP Server IP> -p <secure LDAP Port=636>

    The progress of proxy migration is recorded in the /var/opt/novell/log/pxymgmt.log file.

    After successful execution, the services are reconfigured with the proxy credentials available in the /var/opt/novell/log/proxymgmt/proxycred file.

  8. (Optional) On completion of Proxy migration, we recommend that you delete the following files and folders to clean up the source server. If the files are not deleted, they do not impact the working of the source server.

    • Source server is OES 2 SP3:

      • services_get_proxy_cred.sh file

      • proxycred file

    • Source server is OES 2 SP2:

      • /opt/novell/proxymgmt folder

      • /var/opt/novell/log/proxymgt folder

32.2.4 Enabling SSH

  1. Enable SSH on the source server and the target server.

  2. Enter the # ssh-keygen -t rsa command on the target server.

  3. When you are prompted to enter the file in which to save the key (/root/.ssh/id_rsa), press Enter.

    The ssh keys are stored in the default location.

  4. When you are prompted to enter the passphrase (empty for no passphrase), press Enter.

    We recommend that you do not include the passphrase.

  5. Copy the key value (the output of the # ssh-keygen -t rsa command) to the source server.

    # scp ~/.ssh/id_rsa.pub root@<source-server>:/root/

    where <source-server> is the IP address or the hostname of the source server.

  6. Log in to the source server by using ssh. If the.ssh directory is not available, create the directory, then append the key value to the list of authenticated keys.

    cat id_rsa.pub >> /root/.ssh/authorized_keys