Beginning with OES 2015 or later, you can perform Common Proxy or Service Proxy migration using the Migration GUI tool.
The Transfer ID GUI now supports migration of Common proxy and Service Proxy and there is no need to perform any additional manual steps.
In the eDirectory Precheck step, the source server’s proxy credentials are copied to the target server. In the Repair step, these proxy credentials are used to reconfigure the proxy user on the target server.
Source server and target server are both configured with Common Proxy.
Source server and target server are both configured with Service Proxy
Cross proxy migration (Service proxy to Common proxy or vice versa) or mixed proxy migration (service proxy + common proxy to target or vice versa) is not supported.
Ensure that the source server and target server is updated with the latest patches.
Enable SSH on the source server. For more information, see Enabling SSH.
Before services are migrated to OES 2015 SP1 server, you must identify the services using common proxy and the common proxy credentials on the source server.
On the source server, login as a root user.
Retrieve the common proxy credentials on the source server by executing the following commands:
/opt/novell/proxymgmt/bin/cp_retrieve_proxy_cred username
Displays common proxy DN.
IMPORTANT:The dot format is not supported by the common proxy scripts. Ensure to use comma format for common proxy users and contexts.
/opt/novell/proxymgmt/bin/cp_retrieve_proxy_cred password
Displays common proxy password.
Make a note of the common proxy credentials.
Identify the services using common proxy on the source server by executing the following command:
/opt/novell/proxymgmt/bin/retrieve_proxy_list.sh
This command writes all the OES services and their proxy users to the file /var/opt/novell/log/proxymgmt/pxylist.txt. Using the common proxy credentials that are identified in Step 2, determine the services using common proxy from the pxylist.txt file.
IMPORTANT:Do not delete, modify, or rename the common proxy user from eDirectory.
Migrate all the services that are using common proxy to the target server. On successful migration proceed with the post-migration procedure.
After the services are migrated to OES 2015 SP1 server, you must update CASA on the target server with common proxy credentials and reconfigure the services using common proxy to use the updated credentials.
Update CASA on the target server with common proxy credentials retrieved in Step 2.
On the target server, login as a root user.
Run the following command:
/opt/novell/proxymgmt/bin/cp_update_proxy_cred.sh
You are prompted to enter common proxy user DN and password. Enter details that are retrieved in Step 2. This updates CASA with common proxy credentials.
Verify if common proxy credentials are updated properly by executing the following commands:
/opt/novell/proxymgmt/bin/cp_retrieve_proxy_cred username
Displays common proxy DN.
/opt/novell/proxymgmt/bin/cp_retrieve_proxy_cred password
Displays common proxy password.
Reconfigure the services identified in Step 3 to use updated common proxy credentials.
/opt/novell/proxymgmt/bin/move_to_common_proxy.sh -d <Admin DN> -w <Admin Password> -i <Destination system IP> -p 636 -s <comma separated list of services>
For example:
/opt/novell/proxymgmt/bin/move_to_common_proxy.sh -d cn=admin,o=novell -w novell -i 192.168.1.254 -p 636 -s novell-afp,novell-cifs,novell-dns
Proxy migration reconfigures the services on the target server with the source server proxy credentials. The migrate_services_proxy.sh script retrieves the service specific proxy credentials from the source and reconfigures the services on the target server with the proxy credentials of the source server.
The progress of proxy migration is recorded in the /var/opt/novell/log/proxymgmt/pxymgmt.log file.
Platform Support for the Target Server:
OES 2015 SP1
Platform Support for the Source Server:
OES 2015 SP1
OES 2015
OES 11 SP2
OES 2 SP3 Linux on 32-bit or 64-bit
Ensure that the source and target servers are updated with the latest patches.
Enable SSH on the source server. For more information, see Enabling SSH.
For OES 2 SP2, see the TID 7010507 to download the binaries and to perform proxy migration.
Execute the following command and note the service proxy credentials of the source server.
/opt/novell/proxymgmt/bin/migrate_services_proxy.sh -I "" -e <yes|no>
The -I option ignores the common proxy services and the -e option encrypts the password.
Migrate the services to the target server.
On successful migration of services for supported OES source servers, proceed to Step 4 for proxy migration.
(Conditional) Proxy migration of DNS, DHCP and LUM services on OES 2 SP2 server - On the source server, create the folders to store the proxy credentials retrieval scripts (/opt/novell/proxymgmt/bin/) and log files (/var/opt/novell/log/proxymgmt/). To download the scripts, refer the TID 7010507.
(Conditional) Proxy migration of NetStorage on OES 2 SP2 server - Do the following:
On the target server, install NetStorage
Using YaST, configure NetStorage.
When prompted for proxy user credentials, specify the proxy user credentials of the source server. NetStorage stores these credentials.
(Conditional) Proxy migration of services on supported OES source servers - On the target server, run the command as a root user to reconfigure the services with the source server proxy credentials.
/opt/novell/proxymgmt/bin/migrate_services_proxy.sh -s <Source_server_IP> -d <LDAP Admin FDN) -w <LDAP_Server_Password> -i <LDAP_server_IP> -p <LDAP Port>
For example:
/opt/novell/proxymgmt/bin/migrate_services_proxy.sh -s 192.168.1.1 -d cn=admin,o=novell -w xxxx -i 192.168.1.255 -p 636
|
Option |
Description |
|---|---|
|
Mandatory Parameters: |
|
|
-s |
Specify the IP address of source server to copy the proxy credentials. |
|
-d |
Specify the LDAP Admin DN (comma format). |
|
-w |
Specify the LDAP Admin Password. Password is stored in encrypted format. |
|
-i |
Specify the LDAP server IP address. |
|
-p |
Specify the LDAP Port. Default secure port is 636. |
|
Optional Parameters: |
|
|
-e |
Specify the value to “yes” or “no”. Default value is “yes”. This ensures the credentials in the file are encrypted. |
|
-I |
Specify the value to “yes” or “no”. Default value is “yes”. This ignores the services using Common Proxy. |
On successful completion of proxy migration, the services on the target server will run with proxy credentials of the source server.
Verify if the services using service specific proxy on the target server are running with the proxy credentials of the source server.
Execute the following command to display the service proxy credentials of the target server:
/opt/novell/proxymgmt/bin/migrate_services_proxy.sh -I "" -e <yes|no>
“I” this option ignores the common proxy services. You must pass an empty string (“”) with this option.
“e” this option encrypts the service proxy credentials if “yes” parameter is passed.
Verify the details with the service proxy credential noted in the Pre-Migration Procedure.
Proxy users failed to migrate using the migrate_services_proxy.sh script. To resolve this issue, perform the following:
Migrate the services to the target server.
On successful migration of services, proceed to the next step.
On the source server, login as a root user.
(Conditional) If the source server is OES 2 SP2 and services are DNS, DHCP and LUM, create the folders to store the proxy credentials retrieval scripts (/opt/novell/proxymgmt/bin/) and log files (/var/opt/novell/log/proxymgmt/). To download the scripts, refer the TID 7010507.
Copy the /opt/novell/proxymgmt/bin/services_get_proxy_cred.sh script from the target server to the source server in the /opt/novell/proxymgmt/bin/ folder.
Retrieve the service specific proxy credentials on the source server by executing the following command:
/opt/novell/proxymgmt/bin/services_get_proxy_cred.sh
On successful execution, list of proxy user credentials are written to the /var/opt/novell/log/proxymgmt/proxycred file on the source server. The proxycred file contains proxy user name in clear text format and password in encrypted format.
The proxycred file stores the information in the following format:
<servicename>=<proxydn>:<proxypass>
Considering CIFS as an example:
CIFSPROXY=cn=user123,ou=users,o=novell:<pwd>
Copy the proxycred file to the target server by executing the following command:
scp /var/opt/novell/log/proxymgmt/proxycred root@<Target Server IP>: scp /var/opt/novell/log/proxymgmt/proxycred
On the target server, run the command as a root user to reconfigure the services with source server proxy credentials
/opt/novell/proxymgmt/bin/services_reconfig_proxy.sh -d <LDAP Admin DN> -w <LDAP Admin Password> -i <LDAP Server IP> -p <secure LDAP Port=636>
The progress of proxy migration is recorded in the /var/opt/novell/log/proxymgmt/pxymgmt.log file.
On successful execution, services are reconfigured with the proxy credentials available in the /var/opt/novell/log/proxymgmt/proxycred file.
(Optional) On completion of Proxy migration, we recommend you can delete the following files and folders to cleanup the source server. If the files are not deleted, they do not impact the working of the source server.
services_get_proxy_cred.sh file
proxycred file
Enable SSH on the source server and the target server.
Enter the # ssh-keygen -t rsa command on the target server.
When you are prompted to enter the file in which to save the key (/root/.ssh/id_rsa), press Enter.
The ssh keys are stored in the default location.
When you are prompted to enter the passphrase (empty for no passphrase), press Enter.
We recommend that you do not include the passphrase.
Copy the key value (the output of the # ssh-keygen -t rsa command) to the source server.
# scp ~/.ssh/id_rsa.pub root@<source-server>:/root/
where <source-server> is the IP address or the hostname of the source server.
Log in to the source server by using ssh. If the.ssh directory is not available, create the directory, then append the key value to the list of authenticated keys.
cat id_rsa.pub >> /root/.ssh/authorized_keys