From Fedora Project Wiki

Description

This test case verifies that the ipa-migrate command in production mode with schema migration skipped (-S) performs the migration of users and other IPA data from a remote IPA server to a local IPA server without migrating schema definitions.

Setup

  • Install Fedora 41 on both local and remote servers.
  • Set up a remote IPA server with the domain testrelm.test and ensure it is running.
  • Create the following on the remote IPA server:
 * A user (user1) with valid configuration.
 * Groups.
 * HBAC Rule: hbacrule1.
 * Sudo Rule: sudorule1.
  • Set up a local IPA server with the same domain testrelm.test and ensure it is running.

How to test

  1. Install the IPA server on the remote system and configure it with the domain testrelm.test.
  2. Create sample entries on the remote IPA server:
 * User user1.
 * Groups.
 * HBAC Rule: hbacrule1.
 * Sudo Rule: sudorule1.
  1. Install and configure the IPA server on the local system with the same domain testrelm.test.
  2. Run the ipa-migrate command in production mode with schema migration skipped (-S):
  3. [root@local ~]# ipa-migrate prod-mode remote.testrelm.test -S -w Secret123
  4. Confirm the migration operation by checking the logs and reviewing the migration summary.

Expected Results

The following must be true to consider this a successful test run:

  1. The ipa-migrate command executes without errors and displays the migration summary.
  2. The output confirms that the schema migration is skipped:

Schema Migration (migrated 0 definitions)

   Attributes: 0
   Objectclasses: 0

  1. Verify that the database migration successfully processes user entries and related configurations:

Database Migration (migrated 1 entries) Users: 1

  • The migration logs (/var/log/ipa-migrate.log) confirm that no attributes or objectClasses were migrated:

2024-11-25T10:18:48Z INFO Migrating schema ... 2024-11-25T10:18:48Z DEBUG Getting schema from the remote server ... 2024-11-25T10:18:48Z DEBUG Retrieved 1538 attributes and 343 objectClasses 2024-11-25T10:18:49Z DEBUG Migrated 0 attributes and 0 objectClasses 2024-11-25T10:18:49Z DEBUG Skipped 1538 attributes and 343 objectClasses

  • Verify that users are successfully migrated:

[root@local ~]# ipa user-find User login: user1 First name: user1 Last name: s Home directory: /home/user1 Login shell: /bin/sh Principal name: user1@TESTRELM.TEST UID: [preserved UID] GID: [preserved GID] Account disabled: False

  • Confirm post-migration action items are noted:
    • Manual migration of IDM-related configuration files.
    • Restart of SSSD after migration.
    • Taking the local server out of migration mode once tasks are complete.
    • Resetting the admin password if needed.

Optional

  • Optionally validate the skipped schema migration by reviewing the schema logs for attributes and objectClasses.
  • Test migration with additional users, groups, and rules to ensure robustness when skipping schema migration.