[Freeipa-users] migration 3.3->4.1 & CA change
Petr Spacek
pspacek at redhat.com
Thu Oct 23 06:47:43 UTC 2014
On 22.10.2014 22:06, William Graboyes wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
> Hello List,
>
> So the whole not being able to change the CA easily is becoming a
> regular point of contention in meetings. If I have read the e-mails
> on this list correctly this issue is fixed in 4.1. After spending a
> large amount of time thinking about this, I believe I have come to a
> solution that will appease management, my coworkers, and myself.
>
> Here is what I am thinking of doing. I am thinking I will install
> FC21 VM with free-IPA (which should be 4.1) then migrating my current
> install over there, followed by changing the CA to that of my
> contracted CA and third party issuer.
>
> The questions that come to mind are:
>
> 1) how does one migrate the information over to a new install, in this
> case 3.3 to 4.1 on separate servers?
You should be able to simply add FreeIPA 4.1 replica to existing 3.3
deployment. Please make sure that your 3.3 it updated with latest packages,
older versions of DS had some problems with replication to newest version AFAIK.
> 2) is there any documentation on the process of changing the CA in 4.1?
Honza, can you add some details?
> 3) am I insane for wanting to introduce FC21 into my environment?
> 4) has anyone done this, and what was your experience with doing so?
--
Petr^2 Spacek
More information about the Freeipa-users
mailing list