Christian Reiss via FreeIPA-users wrote: > Hey folks, > > Running a 3-node FreeIPA Installation. All is well, but I am now > upgrading all VMs, including my three IPA Servers from Centos 7 to 8. > As the Upgrade for Centos 7 to 8 is a complete reinstall I would need > to, one at a time, upgrade an IPA server. The IP and FQDN would remain > the same. > > - I read several documents out there and some say decommission one, > reinstall and add it again. > > - Others go for replica-prepare and go from there. > > - What about simply backup up the data direcory and restore that? > > Maybe there is a recommended way? > > I tried doing this some months ago for a failed server, and I got an > issue about replication agreement already existing which I only was able > to resolve by reinstalling. The proposed "modify ldap" was way, way > above me ;)
The recommended way is your first point: decommission one, reinstall with new OS, add back to the pool. Rinse and repeat. Things to remember: - ensuring that the DNA range is preserved (it can be automagic but watch out for it). See the ipa-replica-manage command for showing the ranges. - ensure that one master is defined as the CRL generator (and only one) - ensure that one master is defined as the CA renewal master - ensure you maintain the roles (and have at least 2 of everything) - watch the replication topology when it's done and adjust as needed We generally recommend that this transition happen over a fairly short period of time, week(s) not months. rob _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org