[Freeipa-users] Migration from FreeIPA 3.0 to 4.x
Dagan
list at sudo.nz
Sun Mar 26 23:08:02 UTC 2017
Thanks for the clarification Standa.
Cheers,
Dagan McGregor
On 25 March 2017 12:39:22 AM NZDT, Standa Laznicka <slaznick at redhat.com> wrote:
>While I don't consider myself an expert, I should note that
>ipa-replica-prepare has not been deprecated. The proposed solution to
>follow
>
>https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/upgrade-6-to-7.html
>
>is indeed the correct one.
>
>Not to be confused about ipa-replica-prepare: this command shall not be
>
>used on domain level 1 machines since the replication is
>solved in a smarter and more automatic way. The command would not work
>on domain level 1 anyway.
>
>HTH,
>Standa
>
>On 03/24/2017 11:58 AM, Christophe TREFOIS wrote:
>> I’m not expert but I think ipa-replica-prepare is depcrecated in 4.4
>> as the procedure become more simple.
>>
>> I think setting up a new cluster of CentOS 7.3 machines and setting
>up
>> replicas against the old cluster is sufficient.
>>
>> What do the experts say?
>>
>> --
>>
>> Dr Christophe Trefois, Dipl.-Ing.
>> Technical Specialist / Post-Doc
>>
>> UNIVERSITÉ DU LUXEMBOURG
>>
>> LUXEMBOURG CENTRE FOR SYSTEMS BIOMEDICINE
>> Campus Belval | House of Biomedicine
>> 6, avenue du Swing
>> L-4367 Belvaux
>> T:+352 46 66 44 6124
>> F:+352 46 66 44 6949
>> http://www.uni.lu/lcsb
>>
>> Facebook <https://www.facebook.com/trefex>Twitter
>> <https://twitter.com/Trefex>Google Plus
>> <https://plus.google.com/+ChristopheTrefois/>Linkedin
>> <https://www.linkedin.com/in/trefoischristophe>skype
>> <http://skype:Trefex?call>
>>
>> ----
>> This message is confidential and may contain privileged information.
>> It is intended for the named recipient only.
>> If you receive it in error please notify me and permanently delete
>the
>> original message and any copies.
>> ----
>>
>>
>>> On 24 Mar 2017, at 00:54, Zak Peirce <zak.peirce at zoom.us
>>> <mailto:zak.peirce at zoom.us>> wrote:
>>>
>>> I am looking to take this same journey. I found this guide, it
>seems
>>> like
>>> it covers all the bases
>>>
>>>
>https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/h
>>>
>tml/Linux_Domain_Identity_Authentication_and_Policy_Guide/upgrade-6-to-7.h
>>> tml
>>>
>>>
>>> -Zak
>>>
>>> -----Original Message-----
>>> From: freeipa-users-bounces at redhat.com
>>> [mailto:freeipa-users-bounces at redhat.com] On Behalf Of Dagan
>>> Sent: Thursday, March 23, 2017 3:52 PM
>>> To: freeipa-users at redhat.com
>>> Subject: [Freeipa-users] Migration from FreeIPA 3.0 to 4.x
>>>
>>> Hi,
>>>
>>> I am hoping someone will be able to help answer some questions about
>>> migrations.
>>>
>>> I have been asked to look at upgrading an existing FreeIPA
>>> installation on
>>> CentOS 6 (3.0.0) to a new installation on CentOS 7 with a recent
>stable
>>> release (4.4.0).
>>>
>>> The existing CentOS 6 installation does not manage DNS or have a CA
>that
>>> is being used (though the may be installed. It's primarily for user
>>> authentication and user group management.
>>>
>>> There are only a small number of users, groups, and hosts to migrate
>-
>>> less than 100 of each.
>>> But the data is used for LDAP integration in various applications so
>it
>>> needs to be consistent.
>>>
>>> Would it be recommended to do a straight LDIF type export and import
>of
>>> the data, and configure the new FreeIPA installation for the new
>>> access/sudo rules?
>>>
>>> Would that risk leaving behind any data I would need to know about?
>>>
>>> We are planning to review the sudo rules, host access lists etc as
>>> part of
>>> the migration work. So leaving behind some data may not be a blocker
>to
>>> upgrade.
>>>
>>> Any suggestions or links welcome.
>>>
>>> Cheers,
>>> Dagan McGregor
>>>
>>>
>>>
>>>
>>> --
>>> Manage your subscription for the Freeipa-users mailing list:
>>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>> Go to http://freeipa.org for more info on the project
>>>
>>> --
>>> Manage your subscription for the Freeipa-users mailing list:
>>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>> Go to http://freeipa.org for more info on the project
>>
>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170326/8023625f/attachment.htm>
More information about the Freeipa-users
mailing list