Uploaded image for project: 'IT Service Management'
  1. IT Service Management
  2. ITSM-4188

Create new LDAP containers with latest version and fixed certs

    XMLWordPrintable

    Details

    • Type: Task
    • Status: Resolved
    • Resolution: Fixed
    • Component/s: None
    • Labels:
      None

      Description

      And import the data from old LDAP.

      You should also change the container to use the live letsencrypt certificate (not archive), so the certificate won't be expiring every 2 months.

      Steps:

      0. Create a local copy of docker volumes (home folder and S3 - 2019-06-15-itsm-4188_before_upgrade.tgz)

      1. Make PRD readonly (change password in ID)

      2. Export data (password in LP):

      docker exec -it ldap_ldap_1 bash
      
      ldapsearch -LLL -D "cn=admin,dc=openmrs,dc=org" -W -b "ou=groups,dc=openmrs,dc=org" > /tmp/groups.ldif
      ldapsearch -LLL -D "cn=admin,dc=openmrs,dc=org" -W -b "ou=users,dc=openmrs,dc=org"   > /tmp/users.ldif
      

      Copy those files from the ldap container to the host using docker cp.

      3. Edit files and remove top level node for groups and users.

      4. Stop older containers. Change docker compose file to have new openldap containers and new volumes without exposing port. Start containers.

      5. Copy those files from the host to the openldap container using docker cp.
      Copy bootstrap files from ldap-stg as well, making sure to replace the placeholders for openmrs domain

      6. Import data (password in env file):

      docker exec -it ldap_openldap_1 bash
      
      time ldapmodify -W -D "cn=admin,cn=config"  -a -f /tmp/bootstrap/40-ppolicy.ldif
      time ldapmodify -W -D "cn=admin,dc=openmrs,dc=org"  -a -f /tmp/bootstrap/50-bootstrap.ldif
      time ldapmodify -W -D "cn=admin,dc=openmrs,dc=org"  -a -f /tmp/bootstrap/60-system-users.ldif
      time ldapmodify -W -D "cn=admin,cn=config"  -a -f /tmp/bootstrap/90-permissions.ldif
      time ldapmodify -W -D "cn=admin,cn=config"  -a -f /tmp/bootstrap/95-ppolicy.ldif
      
      
      #30 minutes in stg
      time ldapmodify -W -D "cn=admin,dc=openmrs,dc=org"  -a -f /tmp/import_data/users.ldif
      
      # < 1 minute
      time ldapmodify -W -D "cn=admin,dc=openmrs,dc=org"  -a -f /tmp/import_data/groups.ldif
      

      Note: I seem to have missed olcSizeLimit https://issues.openmrs.org/browse/ITSM-4230?focusedCommentId=260089&page=com.atlassian.jira.plugin.system.issuetabpanels%3Acomment-tabpanel#comment-260089

      7. Change passwords for system users

      ldappasswd -x -D "cn=admin,dc=openmrs,dc=org" -W -S "uid=atlas,ou=system,dc=openmrs,dc=org" -a "atlas"
      ldappasswd -x -D "cn=admin,dc=openmrs,dc=org" -W -S "uid=omrsid,ou=system,dc=openmrs,dc=org" -a "omrsid"
      ldappasswd -x -D "cn=admin,dc=openmrs,dc=org" -W -S "uid=crowd,ou=system,dc=openmrs,dc=org" -a "crowd"

      
      

      8. Remove older container in docker compose and change the port for new one. Delete old containers and volumes and expose new one.

      9. Run ansible to confirm server is updated

      10. Update LDAP password in ID

      11. Update passwords in LP

      12. Verify all logins

      • JIRA
      • Crowd
      • ID
      • Talk
      • Wiki
      • Formage
      • Change users in Crowd
      • Change users in Formage
      • New user
      • Reset password

        Attachments

          Activity

            People

            Assignee:
            cintiadr Cintia Del Rio
            Reporter:
            cintiadr Cintia Del Rio
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: