[Freeipa-users] Upgrading from 3.0.0 CentOS6 to 4.2.3 CentOS7

Tue Jan 26 20:45:58 UTC 2016

I didnt want to dig up an old thread but i am running into this issue. The
old thread points to Pki 10.2.6 as the solution but i am not seeing that
package on centos 7.2.

STDERR: ipa.ipaserver.install.cainstance.CAInstance: CRITICAL Failed to
configure CA instance: Command ''/usr/sbin/pkispawn' '-s' 'CA' '-f'
'/tmp/tmpHfdvFD'' returned non-zero exit status 1

Thank You

On Tue, Jan 26, 2016 at 12:14 PM, Ash Alam <aalam at paperlesspost.com> wrote:

> thank you! Out of curiosity has anyone been able to automate this using
> chef/puppet etc?
>
> On Tue, Jan 26, 2016 at 10:56 AM, Martin Kosek <mkosek at redhat.com> wrote:
>
>> Did you follow the instructions in the error message? There is also a
>> longer
>> description here:
>>
>>
>> https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/upgrading.html#migrating-ipa-proc
>>
>> Martin
>>
>> On 01/26/2016 04:38 PM, Ash Alam wrote:
>> > I wanted to follow up on this as i finally gotten around to doing the
>> > upgrade. I an running into this error. I also found a bugzilla ticket.
>> Do
>> > you have to do some type of schema upgrade like you do with active
>> > directory?
>> >
>> > https://bugzilla.redhat.com/show_bug.cgi?id=1235766
>> >
>> >     STDERR: ipa         : CRITICAL The master CA directory server does
>> not
>> > have necessary schema. Please copy the following script to all CA
>> masters
>> > and run it on them: /usr/share/ipa/copy-schema-to-ca.py
>> >
>> >     If you are certain that this is a false positive, use
>> > --skip-schema-check.
>> >
>> >     ipa.ipapython.install.cli.install_tool(Replica): ERROR    IPA schema
>> > missing on master CA directory server
>> >
>> >
>> >
>> > Thank You
>> >
>> >
>> >
>> >
>> > On Fri, Nov 20, 2015 at 11:13 AM, Martin Kosek <mkosek at redhat.com>
>> wrote:
>> >
>> >> On 11/20/2015 04:08 PM, Ash Alam wrote:
>> >>
>> >>> Most of the clients in my env are centos 6.6 with ipa 3.0.0 client
>> >>> installed. I
>> >>> if bring up a replica on centos 7.2 with ipa 4.2.3 server and then
>> start
>> >>> phasing out the older 3.0.0 servers. Will the client that are still
>> >>> running the
>> >>> older client software still work?
>> >>>
>> >>
>> >> It should, yes. It is expected that there are RHEL/CentOS-6 clients
>> with
>> >> RHEL-7 FreeIPA servers. The older clients just won't be able to use the
>> >> newest features.
>> >>
>> >>
>> >>> On Fri, Nov 20, 2015 at 4:31 AM, Martin Kosek <mkosek at redhat.com
>> >>> <mailto:mkosek at redhat.com>> wrote:
>> >>>
>> >>>     On 11/19/2015 11:03 PM, Ash Alam wrote:
>> >>>
>> >>>         Hello All
>> >>>
>> >>>         I am looking for some advice on upgrading. Currently our
>> FreeIPA
>> >>>         servers are
>> >>>         3.0.0 on centos 6.6. We are looking to go to 4.2.3 Centos7.
>> This
>> >>>         upgrade path
>> >>>         is not possible per IPA documentation. Minimum version
>> required
>> >>> is 3.3.x. I
>> >>>         have also found that cenos6 does not provide anything past
>> 3.0.0.
>> >>>
>> >>>
>> >>>     And it won't. There are no plans in updating FreeIPA version in
>> >>>     RHEL/CentOS-6.x, we encourage people who want the new features to
>> >>> migrate
>> >>>     to RHEL-7.x:
>> >>>
>> >>>
>> >>>
>> http://www.freeipa.org/page/Howto/Migration#Migrating_Identity_Management_in_RHEL.2FCentOS
>> >>>
>> >>>
>> >>>
>> https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/upgrading.html#migrating-ipa-proc
>> >>>
>> >>>     If you want to wait on CentOS-7.2, it should be in works now:
>> >>>     http://seven.centos.org/2015/11/rhel-7-2-released-today/
>> >>>
>> >>>         One idea is to upgrade to 3.3.x first and then upgrade to
>> 4.2.3
>> >>> on centos7.
>> >>>         This is harder since centos does not provide this. The other
>> >>> issue is if
>> >>>         3.0/3.3 client will be supported with 4.2.3 server.
>> >>>
>> >>>
>> >>>     The right way is to migrate via creating replicas in
>> RHEL/CentOS-7.x
>> >>> and
>> >>>     slowly deprecating RHEL/CentOS-6 ones. Detailed procedure in the
>> >>> links above.
>> >>>
>> >>>
>> >>>
>> >>
>> >
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160126/f45eb7cb/attachment.htm>