[Freeipa-users] FreeIPA update guidance
Bret Wortman
bret.wortman at damascusgrp.com
Fri Apr 21 15:54:04 UTC 2017
I don't know that what we did is the most correct or even best way to
manage an upgrade, but here's what I did.
We started with two nodes, ipa1 and ipa2. Both running Fedora.
I built a new system, ipa3, and installed IPA on it, then made it a replica.
I then removed the replication agreements to ipa1 and upgraded it. Then
made it a replica again using ipa3 as the master.
Finally, I removed ipa2's replication agreement and upgraded it. Again,
it was brought back into replication by creating a replication file on
ipa3 and copying it to ipa2.
Somewhere in there, I'm pretty sure I had to do something with the CA to
ensure we still had one, but for the life of me, I can't remember what I
did!
Good luck!
Bret
On 04/21/2017 10:06 AM, B.harries wrote:
> Hi All,
>
> As I am new to the list, I'd like to introduce myself as Bennie. In my
> fairly small (CentOS based) organization we use FreeIPA and we are
> honestly really happy with this all in one solution. Lately however we
> are facing an issue regarding updating FreeIPA and I was hoping I
> could find some guidance on this mail list =).
>
> *Current situation*
> We are currently running FreeIPA 4.3.1 on Fedora 23. When we started
> using FreeIPA, CentOS was lacking quite behind so we choose to go with
> Fedora. As Fedora 23 is quite out of date now we tried to perform a
> dist-upgrade, enabling us to continue using FreeIPA on the 4.4 branch.
> This dist-upgrade however led to an inoperable condition of FreeIPA,
> mainly the PKI service fails miserably.
>
> *Second attempt*
> We then tried to install a fresh CentOS server, having FreeIPA version
> 4.4 and attaching it as a second master to our IPA instance. This
> however didn't work out as well, probably because the directory
> structures are not equal.
>
> So far, everything failed. I was wondering if anyone here faced
> similar problems and might be able to point in the right direction?
>
> Thanks in advance for a reply!
>
>
> Bennie
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170421/1e68b120/attachment.htm>
More information about the Freeipa-users
mailing list