[Freeipa-users] Upgrading Freeipa 3 server.
Aric Wilisch
awilisch at gmail.com
Tue Apr 14 12:59:55 UTC 2015
Thanks that actually helped. I have the CA moved and the old server decommissioned now. Thanks.
Regards,
------------------------------------------
Aric Wilisch
awilisch at gmail.com
> On Apr 14, 2015, at 3:07 AM, Martin Kosek <mkosek at redhat.com> wrote:
>
> You do not need to uninstall the 4 server, you just need to install the CA
> component on it:
>
> # ipa-ca-install /path/to/replica.file
>
> ... and make it CRL/renewal master. See step 8 and later in
>
> https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/migrating-ipa-proc.html <https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/migrating-ipa-proc.html>
>
> On 04/14/2015 02:06 AM, Aric Wilisch wrote:
>> I didn’t see this guide until now. The IPA3 server started off as a RHEL 6.6 server so no upgrade is necessary, but I simply generated the replica file and created the IPA 4 server as a replica. Aside from the CA not being there the server looks to be working fine and shows up as a master.
>>
>> I’ll uninstall the 4 server and work through the script process to see if that fixes the issue.
>>
>> Regards,
>> ------------------------------------------
>> Aric Wilisch
>> awilisch at gmail.com
>>
>>
>>
>>
>>> On Apr 13, 2015, at 7:47 PM, Dmitri Pal <dpal at redhat.com> wrote:
>>>
>>> On 04/13/2015 07:26 PM, Aric Wilisch wrote:
>>>> One of our environments has a Freeipa3 sever installed and I need to upgrade it to FreeIPA 4. I brought up RHEL 7 server and installed FreeIPA 4 as a replica of the FreeIPA3 box. But now I’m stuck. I can’t find any good documentation on how to promote the new FreeIPA4 server and take the old FreeIPA3 server out of the picture. If I do a ida-replica-manage del —force stip01.staging.fioptics.int it tells me I can’t because it would leave me without a CA. However I can’t find any documentation on migrating the CA from IPA3 to IPA4.
>>>>
>>>> Any help would be appreciated.
>>>>
>>>> Regards,
>>>> ------------------------------------------
>>>> Aric Wilisch
>>>> awilisch at gmail.com <mailto:awilisch at gmail.com> <mailto:awilisch at gmail.com <mailto:awilisch at gmail.com>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>
>>>
>>> Did you follow this procedure?
>>> https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html-single/Linux_Domain_Identity_Authentication_and_Policy_Guide/index.html#migrating-ipa-proc <https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html-single/Linux_Domain_Identity_Authentication_and_Policy_Guide/index.html#migrating-ipa-proc><https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html-single/Linux_Domain_Identity_Authentication_and_Policy_Guide/index.html#migrating-ipa-proc <https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html-single/Linux_Domain_Identity_Authentication_and_Policy_Guide/index.html#migrating-ipa-proc>>
>>>
>>> I would say that I would recommend upgrading to 6.6 rather than 6.5.
>>>
>>> If you did not what exactly did you do?
>>>
>>> --
>>> Thank you,
>>> Dmitri Pal
>>>
>>> Sr. Engineering Manager IdM portfolio
>>> Red Hat, Inc.
>>> --
>>> Manage your subscription for the Freeipa-users mailing list:
>>> https://www.redhat.com/mailman/listinfo/freeipa-users <https://www.redhat.com/mailman/listinfo/freeipa-users>
>>> Go to http://freeipa.org <http://freeipa.org/> for more info on the project
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150414/b7c51ed5/attachment.htm>
More information about the Freeipa-users
mailing list