Upgrade to DS 7: Cleanup After Upgrade

Save this as 2a-2-cleanup-after-adding-servers.sh:

#!/usr/bin/env bash
# Copyright 2021 ForgeRock AS. All Rights Reserved
#
# Use of this code requires a commercial software license with ForgeRock AS.
# or with one of its affiliates. All use shall be exclusively subject
# to such license between the licensee and ForgeRock AS.
set -e

# Clean up after upgrading by adding new servers to an old deployment.

CURRENT_DIR=$(pwd)
BASE_DIR=/path/to

cd "${BASE_DIR}"

echo "### Stop and remove the remaining 6.5 servers."
./ds-rs-1/bin/stop-ds
./ds-rs-2/bin/stop-ds
rm -rf ds-rs-1 ds-rs-2

echo "### Run cleanup command on DS 7 servers."
./ds-rs-7/bin/dsrepl \
    cleanup-migrated-pre-7-0-topology \
    --bindDn uid=admin \
    --bindPassword password \
    --hostname localhost \
    --port 34444 \
    --trustAll \
    --no-prompt

echo "### Clean up schema files"
for server in ds-rs-7 ds-7 rs-7; do
    ./${server}/bin/stop-ds
    for file in 00-core.ldif 03-pwpolicyextension.ldif; do
        cp ${server}/template/db/schema/${file} ${server}/db/schema/
    done
    #./${server}/bin/start-ds
done

echo "### Remove cn=admin data (skip this step if you have encrypted data or passwords)"
for server in ds-rs-7 ds-7 rs-7; do
    #./${server}/bin/stop-ds
    ./${server}/bin/dsconfig \
        delete-backend \
        --backend-name adminRoot \
        --offline \
        --configFile /path/to/${server}/config/config.ldif \
        --no-prompt
    rm -rf ${server}/db/adminRoot
    ./${server}/bin/start-ds
done

echo "### Cleanup is finished."
echo

echo "### Running dsrepl status..."
./ds-rs-7/bin/dsrepl \
    status \
    --hostname localhost \
    --port 34444 \
    --baseDn "cn=admin data" \
    --baseDn "dc=example,dc=com" \
    --baseDn "cn=schema" \
    --bindDN uid=admin \
    --bindPassword password \
    --trustStorePath /path/to/ds-rs-7/config/keystore \
    --trustStorePassword:file /path/to/ds-rs-7/config/keystore.pin \
    --no-prompt

echo
echo "### Consider deprecating older password storage in favor of PBKDF2-HMAC-SHA256 or better."
echo "### For an example, see https://backstage.forgerock.com/docs/ds/7/security-guide/passwords.html#example-deprecate-storage-scheme"

cd "${CURRENT_DIR}"