[Freeipa-users] Upgrading Freeipa 3 server.

Martin Kosek mkosek at redhat.com
Tue Apr 14 07:07:02 UTC 2015 

You do not need to uninstall the 4 server, you just need to install the CA
component on it:

# ipa-ca-install /path/to/replica.file

... and make it CRL/renewal master. See step 8 and later in

https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/migrating-ipa-proc.html

On 04/14/2015 02:06 AM, Aric Wilisch wrote:
> I didn’t see this guide until now. The IPA3 server started off as a RHEL 6.6 server so no upgrade is necessary, but I simply generated the replica file and created the IPA 4 server as a replica. Aside from the CA not being there the server looks to be working fine and shows up as a master. 
> 
> I’ll uninstall the 4 server and work through the script process to see if that fixes the issue. 
> 
> Regards,
> ------------------------------------------
> Aric Wilisch
> awilisch at gmail.com
> 
> 
> 
> 
>> On Apr 13, 2015, at 7:47 PM, Dmitri Pal <dpal at redhat.com> wrote:
>>
>> On 04/13/2015 07:26 PM, Aric Wilisch wrote:
>>> One of our environments has a Freeipa3 sever installed and I need to upgrade it to FreeIPA 4. I brought up  RHEL 7 server and installed FreeIPA 4 as a replica of the FreeIPA3 box. But now I’m stuck. I can’t find any good documentation on how to promote the new FreeIPA4 server and take the old FreeIPA3 server out of the picture. If I do a ida-replica-manage del —force stip01.staging.fioptics.int it tells me I can’t because it would leave me without a CA. However I can’t find any documentation on migrating the CA from IPA3 to IPA4. 
>>>
>>> Any help would be appreciated. 
>>>
>>> Regards,
>>> ------------------------------------------
>>> Aric Wilisch
>>> awilisch at gmail.com <mailto:awilisch at gmail.com>
>>>
>>>
>>>
>>>
>>>
>>>
>>
>>
>> Did you follow this procedure?
>> https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html-single/Linux_Domain_Identity_Authentication_and_Policy_Guide/index.html#migrating-ipa-proc <https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html-single/Linux_Domain_Identity_Authentication_and_Policy_Guide/index.html#migrating-ipa-proc>
>>
>> I would say that I would recommend upgrading to 6.6 rather than 6.5.
>>
>> If you did not what exactly did you do?
>>
>> -- 
>> Thank you,
>> Dmitri Pal
>>
>> Sr. Engineering Manager IdM portfolio
>> Red Hat, Inc.
>> -- 
>> Manage your subscription for the Freeipa-users mailing list:
>> https://www.redhat.com/mailman/listinfo/freeipa-users
>> Go to http://freeipa.org for more info on the project
> 
> 
> 
>

More information about the Freeipa-users mailing list