[Freeipa-users] Upgrade form Centos to Fedora (3.0.0 -> 3.3.3)
Rob Crittenden
rcritten at redhat.com
Wed Feb 5 09:35:12 UTC 2014
Will Sheldon wrote:
>
> Hello IPA users :)
>
> We have implemented IPA using the packaged version in centos 6.5 (which
> is 3.0.0-37.el6), but have been playing with the more recent version in
> Fedora 19 (3.3.3-2.fc19) and are quite keen to take advantage of the
> shiny new features, so are thinking about migrating.
>
> Has anyone done this? Is there an easy way to migrate/upgrade?
> What would happen if I tried to setup a FC19 replica, would it get angry
> and break?
>
> We only have users in production so far, (no production clients or
> issued certs) so maybe the user migration script mentioned in previous
> posts would be the best bet?
>
> Any pointers would be hugely appreciated..
This is exactly the way to migrate between versions. You'll want to set
up a CA on the F19 server for sure, and DNS if you're using that. The
idea is that you set up the new master, spend some time (days, weeks not
months) verifying that things are working ok, then remove the old server
and things should continue to just work. We also recommend having at
least two masters with CAs for redundancy and avoiding a single point of
failure.
We have discovered a bug in the way clients are enrolled though. We
store the name of the master you enroll against. Normally this isn't a
big deal, especially if you use SRV records. The problem is if that some
tools use the master from this file to connect to and not SRV records,
so you may want to run around to your clients and change this in
/etc/ipa/default.conf once the migration is complete.
rob
More information about the Freeipa-users
mailing list