[prev in list] [next in list] [prev in thread] [next in thread] 

List:       forgerock-opendj
Subject:    [Opendj] Old admin key stores and boot-strap of replicas
From:       michael () stroeder ! com (=?ISO-8859-1?Q?Michael_Str=F6der?=)
Date:       2012-09-04 12:23:51
Message-ID: 5045F2D7.7030102 () stroeder ! com
[Download RAW message or body]

HI!

My goal in a current project is to (semi-)automate the
from-scratch-(re-)installation of OpenDJ replicas as much as possible.

Note: I have to use OpenDJ 2.4.3 in this environment.

I plan to let the configuration management software generate shell scripts
which invoke the dsreplication command with all the necessary command-line
arguments. So the admin does not have to take care of the details himself in
case a single replica has to be *re*-installed very quickly. Ideally the
initial installation and the reinstallation are the very same procedure.

But I can see that the admin server certs generated during initial setup are
stored in 'cn=ads-truststore' and 'cn=instance keys,cn=admin data' and maybe
somewhere else and that there are dependencies on host names. Also the
replication cleanup procedure described by Ludo [1] seems to be a rather
complex task in urgent recovery case.

So I wonder whether it's possible to simply reinstall the OS and start over
with my installation procedure which leads to *new* admin key stores being
generated. Or do I always have to recover the admin key stores because they
are tied to the hostnames forever?

Every hint is appreciated.

Ciao, Michael.

[1]
http://ludopoitou.wordpress.com/2012/01/09/disabling-replication-in-opendj-2-4/



-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3883 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.forgerock.org/pipermail/opendj/attachments/20120904/eeb5d0c3/attachment.bin 

[prev in list] [next in list] [prev in thread] [next in thread]