[Freeipa-users] FreeIPA update guidance

Bret Wortman bret.wortman at damascusgrp.com
Fri Apr 21 15:54:04 UTC 2017 

I don't know that what we did is the most correct or even best way to 
manage an upgrade, but here's what I did.

We started with two nodes, ipa1 and ipa2. Both running Fedora.

I built a new system, ipa3, and installed IPA on it, then made it a replica.

I then removed the replication agreements to ipa1 and upgraded it. Then 
made it a replica again using ipa3 as the master.

Finally, I removed ipa2's replication agreement and upgraded it. Again, 
it was brought back into replication by creating a replication file on 
ipa3 and copying it to ipa2.

Somewhere in there, I'm pretty sure I had to do something with the CA to 
ensure we still had one, but for the life of me, I can't remember what I 
did!

Good luck!


Bret


On 04/21/2017 10:06 AM, B.harries wrote:
> Hi All,
>
> As I am new to the list, I'd like to introduce myself as Bennie. In my 
> fairly small (CentOS based) organization we use FreeIPA and we are 
> honestly really happy with this all in one solution. Lately however we 
> are facing an issue regarding updating FreeIPA and I was hoping I 
> could find some guidance on this mail list =).
>
> *Current situation*
> We are currently running FreeIPA 4.3.1 on Fedora 23. When we started 
> using FreeIPA, CentOS was lacking quite behind so we choose to go with 
> Fedora. As Fedora 23 is quite out of date now we tried to perform a 
> dist-upgrade, enabling us to continue using FreeIPA on the 4.4 branch. 
> This dist-upgrade however led to an inoperable condition of FreeIPA, 
> mainly the PKI service fails miserably.
>
> *Second attempt*
> We then tried to install a fresh CentOS server, having FreeIPA version 
> 4.4 and attaching it as a second master to our IPA instance. This 
> however didn't work out as well, probably because the directory 
> structures are not equal.
>
> So far, everything failed. I was wondering if anyone here faced 
> similar problems and might be able to point in the right direction?
>
> Thanks in advance for a reply!
>
>
> Bennie
>
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170421/1e68b120/attachment.htm>

More information about the Freeipa-users mailing list