Description
This test case verifies the ipa-migrate
command in production mode with configuration migration skipped (-C
) performs the migration of users, groups, HBAC rules, and sudo rules from a remote IPA server to a local IPA server while excluding IDM-related configuration files.
Setup
- Install Fedora 41 on both local and remote servers.
- Set up a remote IPA server with the domain
testrelm.test
and ensure it is running. - Create the following on the remote IPA server:
* A user (user1
) with valid configuration. * Groups. * HBAC Rule:hbacrule1
. * Sudo Rule:sudorule1
.
- Set up a local IPA server with the same domain
testrelm.test
and ensure it is running.
How to test
- Install the IPA server on the remote system and configure it with the domain
testrelm.test
. - Create sample entries on the remote IPA server:
* Useruser1
. * Groups. * HBAC Rule:hbacrule1
. * Sudo Rule:sudorule1
.
- Install and configure the IPA server on the local system with the same domain
testrelm.test
. - Run the
ipa-migrate
command in production mode with configuration migration skipped (-C
): - [root@local ~]# ipa-migrate prod-mode remote.testrelm.test -C -w Secret123
- Confirm the migration operation by checking the logs and reviewing the migration summary.
- Validate migrated data on the local server.
Expected Results
The following must be true to consider this a successful test run:
- The
ipa-migrate
command executes without errors and displays the migration summary. - The output confirms that configuration migration is skipped:
DS Configuration Migration (migrated 0 entries) No updates
- Verify that the database migration successfully processes user, group, HBAC rule, and sudo rule entries:
- Database Migration (migrated 11 entries)
- Sysaccounts: 1
- Admin: 1
- Users: 1
- Groups: 5
- HBAC Rules: 1
- Sudo Rules: 1
- Verify the migrated user (
user1
) on the local server using:
[root@local ~]# ipa user-find User login: user1 First name: user1 Last name: s Home directory: /home/user1 Login shell: /bin/sh Principal name: user1@TESTRELM.TEST UID: [preserved UID] GID: [preserved GID] Account disabled: False
- Confirm post-migration action items are noted:
- Manual migration of IDM-related configuration files:
` /etc/ipa/* /etc/sssd/sssd.conf /etc/named.conf /etc/named/*
`
- Restart of SSSD after migration.
- Taking the local server out of migration mode once tasks are complete.
- Resetting the admin password if needed.
Optional
- Optionally test migration of additional users, groups, HBAC, and sudo rules to ensure robustness when configuration migration is skipped.
- Validate manually migrated configuration files for accuracy.