[Freeipa-users] Migration from RHEL6 (3.0.0-42) to CentOS7 (3.3.3-28.0.1)
Alexander Bokovoy
abokovoy at redhat.com
Tue Mar 10 14:06:26 UTC 2015
On Tue, 10 Mar 2015, Benjamin Reed wrote:
>On 3/10/15 9:31 AM, Alexander Bokovoy wrote:
>> Are you following these instructions?
>> https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/migrating-ipa-proc.html
>
>
>Aha! No. There are so many false positives in google I had no idea
>that document existed. Pretty much everything I've found that links to
>"how to migrate" takes me to this:
>
>http://www.freeipa.org/page/Howto/Migration#Migrating_to_different_platform_or_OS
>
>...which in turn pointed to this:
>
>http://docs.fedoraproject.org/en-US/Fedora/18/html/FreeIPA_Guide/Setting_up_IPA_Replicas.html
>
>I didn't see anything about RHEL6->RHEL7 or FreeIPA 3.0->3.3
>http://www.freeipa.org/page/Documentation unless I missed it. The 3.3
>section on there is pretty much just a collection of things about new
>features. (And a presentation deck that points to that first link above...)
We have http://www.freeipa.org/page/Documentation#User_Guides and going
through user guide would be our recommended action. There is a whole
chapter 6 in RHEL7 docs for upgrades and migration.
>Anyways, thank you for the link. That makes it much clearer.
>
>I do have one problem now. I currently have the following systems:
>
>connect: RHEL6, FreeIPA master
>auth.internal: CentOS6, FreeIPA replica
>auth: CentOS7, migration target
>
>Following the instructions you linked, I ran the copy-schema-to-ca.py
>script on connect, and it completed successfully. I then tried to run
>it on auth.internal (the CentOS6 replica) and it fails with this error:
>
>> python copy-schema-to-ca.py
>> Traceback (most recent call last):
>> File "copy-schema-to-ca.py", line 85, in <module>
>> main()
>> File "copy-schema-to-ca.py", line 79, in main
>> add_ca_schema()
>> File "copy-schema-to-ca.py", line 42, in add_ca_schema
>> pki_pent = pwd.getpwnam(PKI_USER)
>> KeyError: 'getpwnam(): name not found: pkiuser'
>
>...am I supposed to run this script the replica as well? Or is
>something broken on my replica?
Looks like you don't have CA installed on auth.internal so you don't
need to update CA schema there.
--
/ Alexander Bokovoy
More information about the Freeipa-users
mailing list