[Freeipa-users] Migration from FreeIPA 3.0 to 4.x

Fri Mar 24 11:39:22 UTC 2017

While I don't consider myself an expert, I should note that 
ipa-replica-prepare has not been deprecated. The proposed solution to 
follow

https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/upgrade-6-to-7.html

is indeed the correct one.

Not to be confused about ipa-replica-prepare: this command shall not be 
used on domain level 1 machines since the replication is
solved in a smarter and more automatic way. The command would not work 
on domain level 1 anyway.

HTH,
Standa

On 03/24/2017 11:58 AM, Christophe TREFOIS wrote:
> I’m not expert but I think ipa-replica-prepare is depcrecated in 4.4 
> as the procedure become more simple.
>
> I think setting up a new cluster of CentOS 7.3 machines and setting up 
> replicas against the old cluster is sufficient.
>
> What do the experts say?
>
> -- 
>
> Dr Christophe Trefois, Dipl.-Ing.
> Technical Specialist / Post-Doc
>
> UNIVERSITÉ DU LUXEMBOURG
>
> LUXEMBOURG CENTRE FOR SYSTEMS BIOMEDICINE
> Campus Belval | House of Biomedicine
> 6, avenue du Swing
> L-4367 Belvaux
> T:+352 46 66 44 6124
> F:+352 46 66 44 6949
> http://www.uni.lu/lcsb
>
> Facebook <https://www.facebook.com/trefex>Twitter 
> <https://twitter.com/Trefex>Google Plus 
> <https://plus.google.com/+ChristopheTrefois/>Linkedin 
> <https://www.linkedin.com/in/trefoischristophe>skype 
> <http://skype:Trefex?call>
>
> ----
> This message is confidential and may contain privileged information.
> It is intended for the named recipient only.
> If you receive it in error please notify me and permanently delete the 
> original message and any copies.
> ----
>
>
>> On 24 Mar 2017, at 00:54, Zak Peirce <zak.peirce at zoom.us 
>> <mailto:zak.peirce at zoom.us>> wrote:
>>
>> I am looking to take this same journey.  I found this guide, it seems 
>> like
>> it covers all the bases
>>
>> https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/h
>> tml/Linux_Domain_Identity_Authentication_and_Policy_Guide/upgrade-6-to-7.h
>> tml
>>
>>
>> -Zak
>>
>> -----Original Message-----
>> From: freeipa-users-bounces at redhat.com
>> [mailto:freeipa-users-bounces at redhat.com] On Behalf Of Dagan
>> Sent: Thursday, March 23, 2017 3:52 PM
>> To: freeipa-users at redhat.com
>> Subject: [Freeipa-users] Migration from FreeIPA 3.0 to 4.x
>>
>> Hi,
>>
>> I am hoping someone will be able to help answer some questions about
>> migrations.
>>
>> I have been asked to look at upgrading an existing FreeIPA 
>> installation on
>> CentOS 6 (3.0.0) to a new installation on CentOS 7 with a recent stable
>> release (4.4.0).
>>
>> The existing CentOS 6 installation does not manage DNS or have a CA that
>> is being used (though the may be installed. It's primarily for user
>> authentication and user group management.
>>
>> There are only a small number of users, groups, and hosts to migrate -
>> less than 100 of each.
>> But the data is used for LDAP integration in various applications so it
>> needs to be consistent.
>>
>> Would it be recommended to do a straight LDIF type export and import of
>> the data, and configure the new FreeIPA installation for the new
>> access/sudo rules?
>>
>> Would that risk leaving behind any data I would need to know about?
>>
>> We are planning to review the sudo rules, host access lists etc as 
>> part of
>> the migration work. So leaving behind some data may not be a blocker to
>> upgrade.
>>
>> Any suggestions or links welcome.
>>
>> Cheers,
>> Dagan McGregor
>>
>>
>>
>>
>> -- 
>> Manage your subscription for the Freeipa-users mailing list:
>> https://www.redhat.com/mailman/listinfo/freeipa-users
>> Go to http://freeipa.org for more info on the project
>>
>> -- 
>> Manage your subscription for the Freeipa-users mailing list:
>> https://www.redhat.com/mailman/listinfo/freeipa-users
>> Go to http://freeipa.org for more info on the project
>
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170324/ae0e7430/attachment.htm>