[Freeipa-users] Migration from RHEL6 (3.0.0-42) to CentOS7 (3.3.3-28.0.1)

Alexander Bokovoy abokovoy at redhat.com
Tue Mar 10 14:06:26 UTC 2015 

On Tue, 10 Mar 2015, Benjamin Reed wrote:
>On 3/10/15 9:31 AM, Alexander Bokovoy wrote:
>> Are you following these instructions?
>> https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/migrating-ipa-proc.html
>
>
>Aha!  No.  There are so many false positives in google I had no idea
>that document existed.  Pretty much everything I've found that links to
>"how to migrate" takes me to this:
>
>http://www.freeipa.org/page/Howto/Migration#Migrating_to_different_platform_or_OS
>
>...which in turn pointed to this:
>
>http://docs.fedoraproject.org/en-US/Fedora/18/html/FreeIPA_Guide/Setting_up_IPA_Replicas.html
>
>I didn't see anything about RHEL6->RHEL7 or FreeIPA 3.0->3.3
>http://www.freeipa.org/page/Documentation unless I missed it.  The 3.3
>section on there is pretty much just a collection of things about new
>features.  (And a presentation deck that points to that first link above...)
We have http://www.freeipa.org/page/Documentation#User_Guides and going
through user guide would be our recommended action. There is a whole
chapter 6 in RHEL7 docs for upgrades and migration.

>Anyways, thank you for the link.  That makes it much clearer.
>
>I do have one problem now. I currently have the following systems:
>
>connect: RHEL6, FreeIPA master
>auth.internal: CentOS6, FreeIPA replica
>auth: CentOS7, migration target
>
>Following the instructions you linked, I ran the copy-schema-to-ca.py
>script on connect, and it completed successfully.  I then tried to run
>it on auth.internal (the CentOS6 replica) and it fails with this error:
>
>> python copy-schema-to-ca.py
>> Traceback (most recent call last):
>>   File "copy-schema-to-ca.py", line 85, in <module>
>>     main()
>>   File "copy-schema-to-ca.py", line 79, in main
>>     add_ca_schema()
>>   File "copy-schema-to-ca.py", line 42, in add_ca_schema
>>     pki_pent = pwd.getpwnam(PKI_USER)
>> KeyError: 'getpwnam(): name not found: pkiuser'
>
>...am I supposed to run this script the replica as well?  Or is
>something broken on my replica?
Looks like you don't have CA installed on auth.internal so you don't
need to update CA schema there.

-- 
/ Alexander Bokovoy

More information about the Freeipa-users mailing list