Re: [Freeipa-users] upgrade 3.0 -> 4.1

Fri, 03 Apr 2015 07:45:23 -0700 

On 04/03/2015 09:46 AM, Brian Topping wrote:

On Apr 3, 2015, at 6:48 AM, Tamas Papp <[email protected]> wrote:

hi All,

I have CentOS 6.6 server and want to upgrade to 7.1.

What is the upgrade path, can I do it directly or first I need to make it to 
3.3?
Also is there any known issue I should expect with workarounds?

I just did this yesterday, so here's my experience. If you have a simple single-server 
installation with no custom LDAP DIT modifications, you should find "yum 
upgrade" does the right thing.

If you do have DIT mods, you should ask yourself why they are there and whether 
the data will still be accessible after the ACLs are changed. In my case, I had 
Postfix using a LDAP hash and mail delivery stopped working (although the 
domain data was still there just fine).

Note that the ACLs will propagate from the 4.1 server to your 3.0 if they are 
replicated. To be safe, back up all replicas (snapshot or whatnot) before the 
first upgrade and if you decide to restore any of them, be sure everything is 
shut down and restore all of them to avoid 4.x schema contaminating 3.0 as they 
come up.
The general recommendation for 3.3 -> 4.1 migration is to start introducing 4.1 replicas into your 3.3 environment and then turn your 3.3 replicas off. Do not forget to install the CA component with one of your 4.1 replicas before removing all the 3.3 instanced with CAs. With this procedure you would also need to move the CRL generation and cert tracking.
See details in migration section https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html-single/Linux_Domain_Identity_Authentication_and_Policy_Guide/index.html#migrating-ipa-proc 

Brian


Thanks,
tamas

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project






--
Thank you,
Dmitri Pal

Sr. Engineering Manager IdM portfolio
Red Hat, Inc.


-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to