<html><head> <meta content="text/html; charset=windows-1252" http-equiv="Content-Type" /> </head><body bgcolor="#FFFFFF" text="#000000">Thanks for the clarification Standa. Cheers, Dagan McGregor <div class="gmail_quote">On 25 March 2017 12:39:22 AM NZDT, Standa Laznicka <slaznick@redhat.com> wrote:<blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;"> <div class="moz-cite-prefix">While I don't consider myself an expert, I should note that ipa-replica-prepare has not been deprecated. The proposed solution to follow <pre wrap=""><a class="moz-txt-link-freetext" href="https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/h">https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/upgrade-6-to-7.html</a> </pre> is indeed the correct one. Not to be confused about ipa-replica-prepare: this command shall not be used on domain level 1 machines since the replication is solved in a smarter and more automatic way. The command would not work on domain level 1 anyway. HTH, Standa On 03/24/2017 11:58 AM, Christophe TREFOIS wrote: </div> <blockquote cite="mid:9BE76508-A614-461B-A4D3-D8C765FF4721@uni.lu" type="cite"> <meta http-equiv="Content-Type" content="text/html; charset=windows-1252" /> I’m not expert but I think ipa-replica-prepare is depcrecated in 4.4 as the procedure become more simple. <div class=""> </div> <div class="">I think setting up a new cluster of CentOS 7.3 machines and setting up replicas against the old cluster is sufficient.</div> <div class=""> </div> <div class="">What do the experts say? <div class=""> <div style="color: rgb(0, 0, 0); letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""> <div style="color: rgb(0, 0, 0); letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""> <div style="color: rgb(0, 0, 0); letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""> -- Dr Christophe Trefois, Dipl.-Ing. Technical Specialist / Post-Doc UNIVERSITÉ DU LUXEMBOURG LUXEMBOURG CENTRE FOR SYSTEMS BIOMEDICINE Campus Belval | House of Biomedicine 6, avenue du Swing L-4367 Belvaux T: +352 46 66 44 6124 F: +352 46 66 44 6949 <a moz-do-not-send="true" href="http://www.uni.lu/lcsb" style="color: rgb(0, 109, 189); display: inline;" class="">http://www.uni.lu/lcsb</a> <a moz-do-not-send="true" href="https://www.facebook.com/trefex" style="display: inline;" class=""><img moz-do-not-send="true" data-filename="facebook.png" src="https://s3.amazonaws.com/htmlsig-assets/rounded/facebook.png" alt="Facebook" class="" height="24" width="24" /></a> <a moz-do-not-send="true" href="https://twitter.com/Trefex" style="display: inline;" class=""><img moz-do-not-send="true" data-filename="twitter.png" src="https://s3.amazonaws.com/htmlsig-assets/rounded/twitter.png" alt="Twitter" class="" height="24" width="24" /></a> <a moz-do-not-send="true" href="https://plus.google.com/+ChristopheTrefois/" style="display: inline;" class=""><img moz-do-not-send="true" data-filename="googleplus.png" src="https://s3.amazonaws.com/htmlsig-assets/rounded/googleplus.png" alt="Google Plus" class="" height="24" width="24" /></a> <a moz-do-not-send="true" href="https://www.linkedin.com/in/trefoischristophe" style="display: inline;" class=""><img moz-do-not-send="true" data-filename="linkedin.png" src="https://s3.amazonaws.com/htmlsig-assets/rounded/linkedin.png" alt="Linkedin" class="" height="24" width="24" /></a> <a moz-do-not-send="true" href="http://skype:Trefex?call" style="display: inline;" class=""><img moz-do-not-send="true" data-filename="skype.png" src="https://s3.amazonaws.com/htmlsig-assets/rounded/skype.png" alt="skype" class="" height="24" width="24" /></a> ---- This message is confidential and may contain privileged information. It is intended for the named recipient only. If you receive it in error please notify me and permanently delete the original message and any copies. ---- </div> </div> </div> </div> <div> <blockquote type="cite" class=""> <div class="">On 24 Mar 2017, at 00:54, Zak Peirce <<a moz-do-not-send="true" href="mailto:zak.peirce@zoom.us" class="">zak.peirce@zoom.us</a>> wrote:</div> <div class=""> <div class="">I am looking to take this same journey. I found this guide, it seems like it covers all the bases <a moz-do-not-send="true" href="https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/h" class="">https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/h</a> tml/Linux_Domain_Identity_Authentication_and_Policy_Guide/upgrade-6-to-7.h tml -Zak -----Original Message----- From: <a class="moz-txt-link-abbreviated" href="mailto:freeipa-users-bounces@redhat.com">freeipa-users-bounces@redhat.com</a> [<a class="moz-txt-link-freetext" href="mailto:freeipa-users-bounces@redhat.com">mailto:freeipa-users-bounces@redhat.com</a>] On Behalf Of Dagan Sent: Thursday, March 23, 2017 3:52 PM To: <a class="moz-txt-link-abbreviated" href="mailto:freeipa-users@redhat.com">freeipa-users@redhat.com</a> Subject: [Freeipa-users] Migration from FreeIPA 3.0 to 4.x Hi, I am hoping someone will be able to help answer some questions about migrations. I have been asked to look at upgrading an existing FreeIPA installation on CentOS 6 (3.0.0) to a new installation on CentOS 7 with a recent stable release (4.4.0). The existing CentOS 6 installation does not manage DNS or have a CA that is being used (though the may be installed. It's primarily for user authentication and user group management. There are only a small number of users, groups, and hosts to migrate - less than 100 of each. But the data is used for LDAP integration in various applications so it needs to be consistent. Would it be recommended to do a straight LDIF type export and import of the data, and configure the new FreeIPA installation for the new access/sudo rules? Would that risk leaving behind any data I would need to know about? We are planning to review the sudo rules, host access lists etc as part of the migration work. So leaving behind some data may not be a blocker to upgrade. Any suggestions or links welcome. Cheers, Dagan McGregor -- Manage your subscription for the Freeipa-users mailing list: <a class="moz-txt-link-freetext" href="https://www.redhat.com/mailman/listinfo/freeipa-users">https://www.redhat.com/mailman/listinfo/freeipa-users</a> Go to <a class="moz-txt-link-freetext" href="http://freeipa.org">http://freeipa.org</a> for more info on the project -- Manage your subscription for the Freeipa-users mailing list: <a class="moz-txt-link-freetext" href="https://www.redhat.com/mailman/listinfo/freeipa-users">https://www.redhat.com/mailman/listinfo/freeipa-users</a> Go to <a class="moz-txt-link-freetext" href="http://freeipa.org">http://freeipa.org</a> for more info on the project </div> </div> </blockquote> </div> </div> <fieldset class="mimeAttachmentHeader"></fieldset> </blockquote> </blockquote></div></body></html>