From Fedora Project Wiki

Description

This test case verifies the ipa-migrate command in production mode with configuration migration skipped (-C) performs the migration of users, groups, HBAC rules, and sudo rules from a remote IPA server to a local IPA server while excluding IDM-related configuration files.

Setup

  • Install Fedora 41 on both local and remote servers.
  • Set up a remote IPA server with the domain testrelm.test and ensure it is running.
  • Create the following on the remote IPA server:
 * A user (user1) with valid configuration.
 * Groups.
 * HBAC Rule: hbacrule1.
 * Sudo Rule: sudorule1.
  • Set up a local IPA server with the same domain testrelm.test and ensure it is running.

How to test

  1. Install the IPA server on the remote system and configure it with the domain testrelm.test.
  2. Create sample entries on the remote IPA server:
 * User user1.
 * Groups.
 * HBAC Rule: hbacrule1.
 * Sudo Rule: sudorule1.
  1. Install and configure the IPA server on the local system with the same domain testrelm.test.
  2. Run the ipa-migrate command in production mode with configuration migration skipped (-C):
  3. [root@local ~]# ipa-migrate prod-mode remote.testrelm.test -C -w Secret123
  4. Confirm the migration operation by checking the logs and reviewing the migration summary.
  5. Validate migrated data on the local server.

Expected Results

The following must be true to consider this a successful test run:

  1. The ipa-migrate command executes without errors and displays the migration summary.
  2. The output confirms that configuration migration is skipped:

DS Configuration Migration (migrated 0 entries) No updates

  1. Verify that the database migration successfully processes user, group, HBAC rule, and sudo rule entries:
  2. Database Migration (migrated 11 entries)
  • Sysaccounts: 1
  • Admin: 1
  • Users: 1
  • Groups: 5
  • HBAC Rules: 1
  • Sudo Rules: 1
  1. Verify the migrated user (user1) on the local server using:

[root@local ~]# ipa user-find User login: user1 First name: user1 Last name: s Home directory: /home/user1 Login shell: /bin/sh Principal name: user1@TESTRELM.TEST UID: [preserved UID] GID: [preserved GID] Account disabled: False

  1. Confirm post-migration action items are noted:
  • Manual migration of IDM-related configuration files:
 `
 /etc/ipa/*
 /etc/sssd/sssd.conf
 /etc/named.conf
 /etc/named/*
 `
  • Restart of SSSD after migration.
  • Taking the local server out of migration mode once tasks are complete.
  • Resetting the admin password if needed.

Optional

  • Optionally test migration of additional users, groups, HBAC, and sudo rules to ensure robustness when configuration migration is skipped.
  • Validate manually migrated configuration files for accuracy.