On 2/5/2014, 1:35 AM, Rob Crittenden wrote: > Will Sheldon wrote: > > > > Hello IPA users :) > > > > We have implemented IPA using the packaged version in centos 6.5 (which > > is 3.0.0-37.el6), but have been playing with the more recent version in > > Fedora 19 (3.3.3-2.fc19) and are quite keen to take advantage of the > > shiny new features, so are thinking about migrating. > > > > Has anyone done this? Is there an easy way to migrate/upgrade? > > What would happen if I tried to setup a FC19 replica, would it get angry > > and break? > > > > We only have users in production so far, (no production clients or > > issued certs) so maybe the user migration script mentioned in previous > > posts would be the best bet? > > > > Any pointers would be hugely appreciated.. > > This is exactly the way to migrate between versions. You'll want to set up a > CA on the F19 server for sure, and DNS if you're using that. The idea is that > you set up the new master, spend some time (days, weeks not months) verifying > that things are working ok, then remove the old server and things should > continue to just work. We also recommend having at least two masters with CAs > for redundancy and avoiding a single point of failure. > > We have discovered a bug in the way clients are enrolled though. We store the > name of the master you enroll against. Normally this isn't a big deal, > especially if you use SRV records. The problem is if that some tools use the > master from this file to connect to and not SRV records, so you may want to > run around to your clients and change this in /etc/ipa/default.conf once the > migration is complete. > > rob > Yay! That’s easier than I thought it would be, thanks Rob.
Would this work as a solution? 1) Leave current centos server (ipa.domain.com (http://ipa.domain.com)) in production 2) Configure new FC19 ipa server as a replica (newipa.domain.com (http://newipa.domain.com)) using the server install script 3) Check that newipa.domain.com (http://newipa.domain.com) is functioning as expected. 4) Remove centos server from production (not checked, but I assume there is a documented process for this) 5) Install new FC19 replica using same IP and DNS name as the old centos server (ipa.domain.com).
_______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
