[Freeipa-users] Upgrade form Centos to Fedora (3.0.0 -> 3.3.3)

Bret Wortman bret.wortman at damascusgrp.com
Wed Feb 5 19:38:52 UTC 2014


Rob,

To add the second master-with-CA, is it as simple as doing this on one 
of the replicas?

# ipa-ca-install /path/to/replica-info-hostname.foo.net.gpg



Bret

On 02/05/2014 04:35 AM, Rob Crittenden wrote:
> Will Sheldon wrote:
>>
>> Hello IPA users :)
>>
>> We have implemented IPA using the packaged version in centos 6.5 (which
>> is 3.0.0-37.el6), but have been playing with the more recent version in
>> Fedora 19 (3.3.3-2.fc19) and are quite keen to take advantage of the
>> shiny new features, so are thinking about migrating.
>>
>> Has anyone done this? Is there an easy way to migrate/upgrade?
>> What would happen if I tried to setup a FC19 replica, would it get angry
>> and break?
>>
>> We only have users in production so far, (no production clients or
>> issued certs) so maybe the user migration script mentioned in previous
>> posts would be the best bet?
>>
>> Any pointers would be hugely appreciated..
>
> This is exactly the way to migrate between versions. You'll want to 
> set up a CA on the F19 server for sure, and DNS if you're using that. 
> The idea is that you set up the new master, spend some time (days, 
> weeks not months) verifying that things are working ok, then remove 
> the old server and things should continue to just work. We also 
> recommend having at least two masters with CAs for redundancy and 
> avoiding a single point of failure.
>
> We have discovered a bug in the way clients are enrolled though. We 
> store the name of the master you enroll against. Normally this isn't a 
> big deal, especially if you use SRV records. The problem is if that 
> some tools use the master from this file to connect to and not SRV 
> records, so you may want to run around to your clients and change this 
> in /etc/ipa/default.conf once the migration is complete.
>
> rob
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3766 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140205/3aedd7ec/attachment.p7s>


More information about the Freeipa-users mailing list