15.2.6. Step 6: Migrating Internal Databases

15.2.6. Step 6: Migrating Internal Databases

Migrate the internal databases of the 6.1 DRM to the 7.3 DRM internal databases by doing the following:

NOTE

For more information on migrating internal databases, see Section 9.8, “Migrating Internal Databases for 6.1”.

  1. Log into the new DRM instance server hosting server.example.com as the Certificate System user, and export the new internal database content to LDIF. 

    cd /opt/redhat-ds/slapd-DS-instance/db

db2ldif -n server.example.com-rhpki-kra

    The LDIF file location is given when the export from the database is complete. 

    ldif file: 
/opt/redhat-ds/slapd-DS-instance/ldif/2005_06_07_720658.ldif

  2. Open the given LDIF location, and rename the LDIF file new.ldif. 

    cd /opt/redhat-ds/slapd-DS-instance/ldif

mv 2005_06_07_720658.ldif new.ldif

    NOTE

    For this example, since the new Certificate System migration utility was copied during the CA migration described previously, there is no need to obtain it again for the DRM migration.

  3. Run the db2ldif command to export the database contents to LDIF. 

    cd /usr/netscape/servers/slapd-drm-db

db2ldif -n userRoot

    The location of the LDIF file is shown when the export from the database is complete. 

    ldif file: 
/usr/netscape/servers/slapd-drm-db/ldif/2005_06_07_390512.ldif

  4. Open the given LDIF location, and rename the LDIF file old.ldif. 

    cd /usr/netscape/servers/slapd-drm-db/ldif

mv 2005_06_07_390512.ldif old.ldif

  5. Adjust the LDIF content of old.ldif.

    NOTE

    For this example, the amount of data is relatively small, so any text editor work. For large files, use an appropriate program.

    1. Open the 6.1 DRM database ldif/ directory. 

      cd /usr/netscape/servers/slapd-drm-db/ldif/

    2. Replace the following entry with the one in new.ldif: 

      cn=aclResources,o=CertificateServer

  6. Convert the old.ldif file to a text file.

    1. Open the version-to-text directory in the 6.1 migration directory. 

      cd /usr/netscape/servers/bin/cert/migrate/61ToTxt

    2. Edit the run.sh script by uncommenting and setting the values for the following lines:

      • SERVER_ROOT=/usr/netscape/servers

      • export SERVER_ROOT

      • INSTANCE=drm

      • export INSTANCE

    3. Run the run.sh to use the old.ldif file to create a text file. 

      run.sh /usr/netscape/servers/slapd-drm-db/ldif/old.ldif >
 /usr/netscape/servers/slapd-drm-db/ldif/old.txt

  7. Open the 6.1 DRM LDIF directory, and copy the old.txt file to the 7.3 DRM internal database LDIF directory. 

    cd /usr/netscape/servers/slapd-drm-db/ldif

cp /usr/netscape/servers/slapd-drm-db/ldif/old.txt
 /opt/redhat-ds/slapd-DS-instance/ldif/old.txt

  8. Log into the new DRM instance server hosting server.example.com as the Certificate System user, and open the Certificate System ldif directory. 

    cd /opt/redhat-ds/slapd-DS-instance/ldif

  9. Log in as root, and set the file user and group to the Certificate System user and group. 

    su

chown pkiuser:pkiuser old.txt

  10. Log out as root. As the Certificate System user, change the permissions on the file. 

    chmod 00600 old.txt

  11. Convert the old.txt file to LDIF.

    1. Open the migration tools directory. 

      cd /usr/share/rhpki/migrate/TxtTo72

    2. Edit run.sh by uncommenting and setting the values for the following lines:

      • SERVER_ROOT=/var/lib

      • export SERVER_ROOT

      • INSTANCE=rhpki-kra

      • export INSTANCE

    3. Run run.sh to use old.txt to create an LDIF file. 

      run.sh /opt/redhat-ds/slapd-DS-instance/ldif/old.txt > 
/opt/redhat-ds/slapd-DS-instance/ldif/old.ldif

  12. Import the old.ldif LDIF file into this new DRM server instance's internal database.

    1. Open the 7.3 DRM database directory. 

      cd /opt/redhat-ds/slapd-DS-instance/db/

    2. Run the ldif2db tool to import the LDIF into the DRM database. 

      ldif2db -n server.example.com-rhpki-ca
 -i /opt/redhat-ds/slapd-DS-instance/ldif/old.ldif

    3. Force the virtual list views (VLV) indexes to be re-indexed. 

      db2index