[Freeipa-users] Upgrading from 3.0.0 CentOS6 to 4.2.3 CentOS7

Martin Kosek mkosek at redhat.com
Tue Jan 26 15:56:49 UTC 2016 

Did you follow the instructions in the error message? There is also a longer
description here:

https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/upgrading.html#migrating-ipa-proc

Martin

On 01/26/2016 04:38 PM, Ash Alam wrote:
> I wanted to follow up on this as i finally gotten around to doing the
> upgrade. I an running into this error. I also found a bugzilla ticket. Do
> you have to do some type of schema upgrade like you do with active
> directory?
> 
> https://bugzilla.redhat.com/show_bug.cgi?id=1235766
> 
>     STDERR: ipa         : CRITICAL The master CA directory server does not
> have necessary schema. Please copy the following script to all CA masters
> and run it on them: /usr/share/ipa/copy-schema-to-ca.py
> 
>     If you are certain that this is a false positive, use
> --skip-schema-check.
> 
>     ipa.ipapython.install.cli.install_tool(Replica): ERROR    IPA schema
> missing on master CA directory server
> 
> 
> 
> Thank You
> 
> 
> 
> 
> On Fri, Nov 20, 2015 at 11:13 AM, Martin Kosek <mkosek at redhat.com> wrote:
> 
>> On 11/20/2015 04:08 PM, Ash Alam wrote:
>>
>>> Most of the clients in my env are centos 6.6 with ipa 3.0.0 client
>>> installed. I
>>> if bring up a replica on centos 7.2 with ipa 4.2.3 server and then start
>>> phasing out the older 3.0.0 servers. Will the client that are still
>>> running the
>>> older client software still work?
>>>
>>
>> It should, yes. It is expected that there are RHEL/CentOS-6 clients with
>> RHEL-7 FreeIPA servers. The older clients just won't be able to use the
>> newest features.
>>
>>
>>> On Fri, Nov 20, 2015 at 4:31 AM, Martin Kosek <mkosek at redhat.com
>>> <mailto:mkosek at redhat.com>> wrote:
>>>
>>>     On 11/19/2015 11:03 PM, Ash Alam wrote:
>>>
>>>         Hello All
>>>
>>>         I am looking for some advice on upgrading. Currently our FreeIPA
>>>         servers are
>>>         3.0.0 on centos 6.6. We are looking to go to 4.2.3 Centos7. This
>>>         upgrade path
>>>         is not possible per IPA documentation. Minimum version required
>>> is 3.3.x. I
>>>         have also found that cenos6 does not provide anything past 3.0.0.
>>>
>>>
>>>     And it won't. There are no plans in updating FreeIPA version in
>>>     RHEL/CentOS-6.x, we encourage people who want the new features to
>>> migrate
>>>     to RHEL-7.x:
>>>
>>>
>>> http://www.freeipa.org/page/Howto/Migration#Migrating_Identity_Management_in_RHEL.2FCentOS
>>>
>>>
>>> https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/upgrading.html#migrating-ipa-proc
>>>
>>>     If you want to wait on CentOS-7.2, it should be in works now:
>>>     http://seven.centos.org/2015/11/rhel-7-2-released-today/
>>>
>>>         One idea is to upgrade to 3.3.x first and then upgrade to 4.2.3
>>> on centos7.
>>>         This is harder since centos does not provide this. The other
>>> issue is if
>>>         3.0/3.3 client will be supported with 4.2.3 server.
>>>
>>>
>>>     The right way is to migrate via creating replicas in RHEL/CentOS-7.x
>>> and
>>>     slowly deprecating RHEL/CentOS-6 ones. Detailed procedure in the
>>> links above.
>>>
>>>
>>>
>>
>

More information about the Freeipa-users mailing list