Comments 4 Posted In Red Hat Enterprise Linux Migrate 389-DS from RHEL6 to RHEL7 Latest response 2019-07-28T09:26:29+00:00 We have two LDAP servers running on RHEL6 with 389-DS with master-master replications. Now we are trying to migrate them to new servers on RHEL7. Could someone please provide me steps how to achieve this AP Started 2019-07-15T09:53:39+00:00 by Arumugavel Petchimuthu Community Member 35 points Log in to join the conversation Responses Sort By Oldest Sort By Newest Expert 1098 points 18 July 2019 3:39 AM James Nauer Assuming the servers are fully redundant (either one is sufficient to carry the full load), simply shut down replication & remove one of the servers. Deploy one of the new servers, install 389-DS on it, and configure replication between the old and new server. Once replication is complete, remove the second old server and replace it with the second new server. There are a number of factors that can make the overall process more or less complicated; for example, doing this in a virtual machine environment is much easier & faster than with physical machines. If the servers are behind a load-balancer, the change will be less visible to clients and won't require matching hostnames (or IP addresses, in the case the somewhat inflexible DNS environment that I have to work with). Much depends on your environment. I was able to upgrade an 8-server environment (2 masters, 6 read-only replicas) in about 5 hours using a VM template, some Puppet configuration, and a set of bash scripts to automate re-configuring DS & replication (each server took about 40 minutes, including time for VM cloning and a full replication of a ~500k entry directory). AP Community Member 35 points 18 July 2019 8:09 AM Arumugavel Petchimuthu Thank you James for your response with valuable inputs. We are running them as a virtual machines in a VMware environment and one should be able to carry the load I guess, otherwise we can plan it during a less operations period. I've got a couple of queries (Sorry in advance :( , might be silly) before getting into details on how we can achieve this: -- Will replication works across different platforms (RHEL6 & RHEL7) -- Do we need to backup and restore the Directory server from old server to new server before removing old and adding new -- How to get the Certificates and Keys (NSS database) copied across to new server Thanks, Arumugavel P Expert 1098 points 19 July 2019 2:58 AM James Nauer replication from RH DS 9.x (RHEL 6.x) to RH DS 10.x (RHEL 7.x) is supported you should always have a backup. You should not need it for this upgrade, but definitely do a full LDIF export/backup, and consider taking a "cold" backup (with the application shut down) of all files with your standard system-level backup software. I believe we simply copied the cert & key db files from our old servers to the new ones (but I could be wrong, it's been a while since we did it). Our host names did not change, so we did not need to acquire and deploy a new SSL certificate. AP Community Member 35 points 28 July 2019 9:26 AM Arumugavel Petchimuthu I have tried configuring Single Master replication by configuring the current (RHEL6) server as Supplier and the new server (RHEL7) as Consumer. And created a replication agreement. As soon a s I initialise the consumer, all datas copied from supplier to consumer. Now as per my understanding the data on teh consumer is read-only replica and on Supplier is read-write replica. So when the data gets changed on the supplier server, it will update the read-only replica on consumer server. But I am still able to update (example, user entries) the data on the consumer server and that gets update on the supplier server. Could anyone please help on this ? I have checked the replication agreement and that looks correct.