Hi All,
I know questions sure were asked before (even by me) but looking through my update notes I found that I missing a point about CA signing. Can I just drop my notes here and somebody smarter than me can feedback on what to do with CA
So currently I have:
- 2 x IC2 2.13.9 master clusters on Centos 7
- 50 x IC2 clients connected directly to this cluster (on node wizard I placed both masters)
So as you can figure out these Centos 7 servers need to go away and I cannot do in place upgrade for them as they are in AWS. So I built new OL9 servers and that’s my starting point. I also understand satellite would be better here but this is something we are looking for and for now, we are stuck with agents going directly to masters.
So my master plan is as follows
- Install IC2 on new OL8 servers
- Run the Icinga2 node wizard on them as MASTERS and add them to old Centos7 nodes
- At this stage I have 4 nodes and all my clients only point to 2 of them
- Now I can re-run Icinga2 node wizard on my clients and specify only 2 new masters
- When I migrate all clients I can move IcingaDB and Redis to new masters from old ones
The question is: what happens with CA? I now signing my new Endpoints manually using icinga2 pki comamnd one on existing masters. Is CA would be copied when new masters will be added or I need to do something completely wrong?
Thanks
Dariusz