Save this as 2a-2-cleanup-after-adding-servers.sh
:
#!/usr/bin/env bash
# Copyright 2021 ForgeRock AS. All Rights Reserved
#
# Use of this code requires a commercial software license with ForgeRock AS.
# or with one of its affiliates. All use shall be exclusively subject
# to such license between the licensee and ForgeRock AS.
set -e
# Clean up after upgrading by adding new servers to an old deployment.
CURRENT_DIR=$(pwd)
BASE_DIR=/path/to
cd "${BASE_DIR}"
echo "### Stop and remove the remaining 6.5 servers."
./ds-rs-1/bin/stop-ds
./ds-rs-2/bin/stop-ds
rm -rf ds-rs-1 ds-rs-2
echo "### Run cleanup command on DS 7 servers."
./ds-rs-7/bin/dsrepl \
cleanup-migrated-pre-7-0-topology \
--bindDn uid=admin \
--bindPassword password \
--hostname localhost \
--port 34444 \
--trustAll \
--no-prompt
echo "### Clean up schema files"
for server in ds-rs-7 ds-7 rs-7; do
./${server}/bin/stop-ds
for file in 00-core.ldif 03-pwpolicyextension.ldif; do
cp ${server}/template/db/schema/${file} ${server}/db/schema/
done
#./${server}/bin/start-ds
done
echo "### Remove cn=admin data (skip this step if you have encrypted data or passwords)"
for server in ds-rs-7 ds-7 rs-7; do
#./${server}/bin/stop-ds
./${server}/bin/dsconfig \
delete-backend \
--backend-name adminRoot \
--offline \
--configFile /path/to/${server}/config/config.ldif \
--no-prompt
rm -rf ${server}/db/adminRoot
./${server}/bin/start-ds
done
echo "### Cleanup is finished."
echo
echo "### Running dsrepl status..."
./ds-rs-7/bin/dsrepl \
status \
--hostname localhost \
--port 34444 \
--baseDn "cn=admin data" \
--baseDn "dc=example,dc=com" \
--baseDn "cn=schema" \
--bindDN uid=admin \
--bindPassword password \
--trustStorePath /path/to/ds-rs-7/config/keystore \
--trustStorePassword:file /path/to/ds-rs-7/config/keystore.pin \
--no-prompt
echo
echo "### Consider deprecating older password storage in favor of PBKDF2-HMAC-SHA256 or better."
echo "### For an example, see https://backstage.forgerock.com/docs/ds/7/security-guide/passwords.html#example-deprecate-storage-scheme"
cd "${CURRENT_DIR}"