[Freeipa-users] Upgrading from 3.0.0 CentOS6 to 4.2.3 CentOS7
Martin Kosek
mkosek at redhat.com
Tue Jan 26 15:56:49 UTC 2016
Did you follow the instructions in the error message? There is also a longer
description here:
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/upgrading.html#migrating-ipa-proc
Martin
On 01/26/2016 04:38 PM, Ash Alam wrote:
> I wanted to follow up on this as i finally gotten around to doing the
> upgrade. I an running into this error. I also found a bugzilla ticket. Do
> you have to do some type of schema upgrade like you do with active
> directory?
>
> https://bugzilla.redhat.com/show_bug.cgi?id=1235766
>
> STDERR: ipa : CRITICAL The master CA directory server does not
> have necessary schema. Please copy the following script to all CA masters
> and run it on them: /usr/share/ipa/copy-schema-to-ca.py
>
> If you are certain that this is a false positive, use
> --skip-schema-check.
>
> ipa.ipapython.install.cli.install_tool(Replica): ERROR IPA schema
> missing on master CA directory server
>
>
>
> Thank You
>
>
>
>
> On Fri, Nov 20, 2015 at 11:13 AM, Martin Kosek <mkosek at redhat.com> wrote:
>
>> On 11/20/2015 04:08 PM, Ash Alam wrote:
>>
>>> Most of the clients in my env are centos 6.6 with ipa 3.0.0 client
>>> installed. I
>>> if bring up a replica on centos 7.2 with ipa 4.2.3 server and then start
>>> phasing out the older 3.0.0 servers. Will the client that are still
>>> running the
>>> older client software still work?
>>>
>>
>> It should, yes. It is expected that there are RHEL/CentOS-6 clients with
>> RHEL-7 FreeIPA servers. The older clients just won't be able to use the
>> newest features.
>>
>>
>>> On Fri, Nov 20, 2015 at 4:31 AM, Martin Kosek <mkosek at redhat.com
>>> <mailto:mkosek at redhat.com>> wrote:
>>>
>>> On 11/19/2015 11:03 PM, Ash Alam wrote:
>>>
>>> Hello All
>>>
>>> I am looking for some advice on upgrading. Currently our FreeIPA
>>> servers are
>>> 3.0.0 on centos 6.6. We are looking to go to 4.2.3 Centos7. This
>>> upgrade path
>>> is not possible per IPA documentation. Minimum version required
>>> is 3.3.x. I
>>> have also found that cenos6 does not provide anything past 3.0.0.
>>>
>>>
>>> And it won't. There are no plans in updating FreeIPA version in
>>> RHEL/CentOS-6.x, we encourage people who want the new features to
>>> migrate
>>> to RHEL-7.x:
>>>
>>>
>>> http://www.freeipa.org/page/Howto/Migration#Migrating_Identity_Management_in_RHEL.2FCentOS
>>>
>>>
>>> https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/upgrading.html#migrating-ipa-proc
>>>
>>> If you want to wait on CentOS-7.2, it should be in works now:
>>> http://seven.centos.org/2015/11/rhel-7-2-released-today/
>>>
>>> One idea is to upgrade to 3.3.x first and then upgrade to 4.2.3
>>> on centos7.
>>> This is harder since centos does not provide this. The other
>>> issue is if
>>> 3.0/3.3 client will be supported with 4.2.3 server.
>>>
>>>
>>> The right way is to migrate via creating replicas in RHEL/CentOS-7.x
>>> and
>>> slowly deprecating RHEL/CentOS-6 ones. Detailed procedure in the
>>> links above.
>>>
>>>
>>>
>>
>
More information about the Freeipa-users
mailing list