32.2 Transfer ID Migration Procedure

32.2.1 Using Migration GUI for Proxy Migration

Beginning with OES 2015 or later, you can perform Common Proxy or Service Proxy migration using the Migration GUI tool.

The Transfer ID GUI now supports migration of Common proxy and Service Proxy and there is no need to perform any additional manual steps.

In the eDirectory Precheck step, the source server’s proxy credentials are copied to the target server. In the Repair step, these proxy credentials are used to reconfigure the proxy user on the target server.

Supported Scenarios:

  • Source server and target server are both configured with Common Proxy.

  • Source server and target server are both configured with Service Proxy

Cross proxy migration (Service proxy to Common proxy or vice versa) or mixed proxy migration (service proxy + common proxy to target or vice versa) is not supported.

32.2.2 Using the Migration Commands for Proxy Migration

Services that are Using Common Proxy

Prerequisite

  • Ensure that the source server and target server is updated with the latest patches.

  • Enable SSH on the source server. For more information, see Enabling SSH.

Pre-Migration Procedure

Before services are migrated to OES 2015 SP1 server, you must identify the services using common proxy and the common proxy credentials on the source server.

  1. On the source server, login as a root user.

  2. Retrieve the common proxy credentials on the source server by executing the following commands:

    /opt/novell/proxymgmt/bin/cp_retrieve_proxy_cred username

    Displays common proxy DN.

    IMPORTANT:The dot format is not supported by the common proxy scripts. Ensure to use comma format for common proxy users and contexts.

    /opt/novell/proxymgmt/bin/cp_retrieve_proxy_cred password

    Displays common proxy password.

    Make a note of the common proxy credentials.

  3. Identify the services using common proxy on the source server by executing the following command:

    /opt/novell/proxymgmt/bin/retrieve_proxy_list.sh

    This command writes all the OES services and their proxy users to the file /var/opt/novell/log/proxymgmt/pxylist.txt. Using the common proxy credentials that are identified in Step 2, determine the services using common proxy from the pxylist.txt file.

    IMPORTANT:Do not delete, modify, or rename the common proxy user from eDirectory.

Proxy Migration

Migrate all the services that are using common proxy to the target server. On successful migration proceed with the post-migration procedure.

Post-Migration Procedure

After the services are migrated to OES 2015 SP1 server, you must update CASA on the target server with common proxy credentials and reconfigure the services using common proxy to use the updated credentials.

  1. Update CASA on the target server with common proxy credentials retrieved in Step 2.

    1. On the target server, login as a root user.

    2. Run the following command:

      /opt/novell/proxymgmt/bin/cp_update_proxy_cred.sh

      You are prompted to enter common proxy user DN and password. Enter details that are retrieved in Step 2. This updates CASA with common proxy credentials.

  2. Verify if common proxy credentials are updated properly by executing the following commands:

    /opt/novell/proxymgmt/bin/cp_retrieve_proxy_cred username

    Displays common proxy DN.

    /opt/novell/proxymgmt/bin/cp_retrieve_proxy_cred password

    Displays common proxy password.

  3. Reconfigure the services identified in Step 3 to use updated common proxy credentials.

    /opt/novell/proxymgmt/bin/move_to_common_proxy.sh -d <Admin DN> -w <Admin Password> -i <Destination system IP> -p 636 -s <comma separated list of services>

    For example:

    /opt/novell/proxymgmt/bin/move_to_common_proxy.sh -d cn=admin,o=novell -w novell -i 192.168.1.254 -p 636 -s novell-afp,novell-cifs,novell-dns

Services that are Using Service Specific Proxy

Proxy migration reconfigures the services on the target server with the source server proxy credentials. The migrate_services_proxy.sh script retrieves the service specific proxy credentials from the source and reconfigures the services on the target server with the proxy credentials of the source server.

The progress of proxy migration is recorded in the /var/opt/novell/log/proxymgmt/pxymgmt.log file.

Prerequisites

  • Platform Support for the Target Server:

    • OES 2015 SP1

  • Platform Support for the Source Server:

    • OES 2015 SP1

    • OES 2015

    • OES 11 SP2

    • OES 2 SP3 Linux on 32-bit or 64-bit

  • Ensure that the source and target servers are updated with the latest patches.

  • Enable SSH on the source server. For more information, see Enabling SSH.

  • For OES 2 SP2, see the TID 7010507 to download the binaries and to perform proxy migration.

Pre-Migration Procedure

Execute the following command and note the service proxy credentials of the source server.

/opt/novell/proxymgmt/bin/migrate_services_proxy.sh -I "" -e <yes|no>

The -I option ignores the common proxy services and the -e option encrypts the password.

Proxy Migration Procedure

  1. Migrate the services to the target server.

    On successful migration of services for supported OES source servers, proceed to Step 4 for proxy migration.

  2. (Conditional) Proxy migration of DNS, DHCP and LUM services on OES 2 SP2 server - On the source server, create the folders to store the proxy credentials retrieval scripts (/opt/novell/proxymgmt/bin/) and log files (/var/opt/novell/log/proxymgmt/). To download the scripts, refer the TID 7010507.

  3. (Conditional) Proxy migration of NetStorage on OES 2 SP2 server - Do the following:

    1. On the target server, install NetStorage

    2. Using YaST, configure NetStorage.

    3. When prompted for proxy user credentials, specify the proxy user credentials of the source server. NetStorage stores these credentials.

  4. (Conditional) Proxy migration of services on supported OES source servers - On the target server, run the command as a root user to reconfigure the services with the source server proxy credentials.

    /opt/novell/proxymgmt/bin/migrate_services_proxy.sh -s <Source_server_IP> -d <LDAP Admin FDN) -w <LDAP_Server_Password> -i <LDAP_server_IP> -p <LDAP Port>

    For example:

    /opt/novell/proxymgmt/bin/migrate_services_proxy.sh -s 192.168.1.1 -d cn=admin,o=novell -w xxxx -i 192.168.1.255 -p 636

    Option

    Description

    Mandatory Parameters:

     

    -s

    Specify the IP address of source server to copy the proxy credentials.

    -d

    Specify the LDAP Admin DN (comma format).

    -w

    Specify the LDAP Admin Password. Password is stored in encrypted format.

    -i

    Specify the LDAP server IP address.

    -p

    Specify the LDAP Port. Default secure port is 636.

    Optional Parameters:

     

    -e

    Specify the value to “yes” or “no”. Default value is “yes”. This ensures the credentials in the file are encrypted.

    -I

    Specify the value to “yes” or “no”. Default value is “yes”. This ignores the services using Common Proxy.

On successful completion of proxy migration, the services on the target server will run with proxy credentials of the source server.

Verifying Proxy Migration

Verify if the services using service specific proxy on the target server are running with the proxy credentials of the source server.

Execute the following command to display the service proxy credentials of the target server:

/opt/novell/proxymgmt/bin/migrate_services_proxy.sh -I "" -e <yes|no>

I” this option ignores the common proxy services. You must pass an empty string (“”) with this option.

“e” this option encrypts the service proxy credentials if “yes” parameter is passed.

Verify the details with the service proxy credential noted in the Pre-Migration Procedure.

32.2.3 Troubleshooting

Service Specific Proxy Migration Fails

Proxy users failed to migrate using the migrate_services_proxy.sh script. To resolve this issue, perform the following:

  1. Migrate the services to the target server.

    On successful migration of services, proceed to the next step.

  2. On the source server, login as a root user.

  3. (Conditional) If the source server is OES 2 SP2 and services are DNS, DHCP and LUM, create the folders to store the proxy credentials retrieval scripts (/opt/novell/proxymgmt/bin/) and log files (/var/opt/novell/log/proxymgmt/). To download the scripts, refer the TID 7010507.

  4. Copy the /opt/novell/proxymgmt/bin/services_get_proxy_cred.sh script from the target server to the source server in the /opt/novell/proxymgmt/bin/ folder.

  5. Retrieve the service specific proxy credentials on the source server by executing the following command:

    /opt/novell/proxymgmt/bin/services_get_proxy_cred.sh

    On successful execution, list of proxy user credentials are written to the /var/opt/novell/log/proxymgmt/proxycred file on the source server. The proxycred file contains proxy user name in clear text format and password in encrypted format.

    The proxycred file stores the information in the following format:

    <servicename>=<proxydn>:<proxypass>

    Considering CIFS as an example:

    CIFSPROXY=cn=user123,ou=users,o=novell:<pwd>
  6. Copy the proxycred file to the target server by executing the following command:

    scp /var/opt/novell/log/proxymgmt/proxycred root@<Target Server IP>: scp /var/opt/novell/log/proxymgmt/proxycred

  7. On the target server, run the command as a root user to reconfigure the services with source server proxy credentials

    /opt/novell/proxymgmt/bin/services_reconfig_proxy.sh -d <LDAP Admin DN> -w <LDAP Admin Password> -i <LDAP Server IP> -p <secure LDAP Port=636>

    The progress of proxy migration is recorded in the /var/opt/novell/log/proxymgmt/pxymgmt.log file.

    On successful execution, services are reconfigured with the proxy credentials available in the /var/opt/novell/log/proxymgmt/proxycred file.

  8. (Optional) On completion of Proxy migration, we recommend you can delete the following files and folders to cleanup the source server. If the files are not deleted, they do not impact the working of the source server.

    • services_get_proxy_cred.sh file

    • proxycred file

32.2.4 Enabling SSH

  1. Enable SSH on the source server and the target server.

  2. Enter the # ssh-keygen -t rsa command on the target server.

  3. When you are prompted to enter the file in which to save the key (/root/.ssh/id_rsa), press Enter.

    The ssh keys are stored in the default location.

  4. When you are prompted to enter the passphrase (empty for no passphrase), press Enter.

    We recommend that you do not include the passphrase.

  5. Copy the key value (the output of the # ssh-keygen -t rsa command) to the source server.

    # scp ~/.ssh/id_rsa.pub root@<source-server>:/root/

    where <source-server> is the IP address or the hostname of the source server.

  6. Log in to the source server by using ssh. If the.ssh directory is not available, create the directory, then append the key value to the list of authenticated keys.

    cat id_rsa.pub >> /root/.ssh/authorized_keys