On Fri, Apr 3, 2015 at 4:41 PM, Dmitri Pal <d...@redhat.com> wrote:

>  On 04/03/2015 09:46 AM, Brian Topping wrote:
>  On Apr 3, 2015, at 6:48 AM, Tamas Papp <tom...@martos.bme.hu> 
> <tom...@martos.bme.hu> wrote:
> hi All,
> I have CentOS 6.6 server and want to upgrade to 7.1.
> What is the upgrade path, can I do it directly or first I need to make it to 
> 3.3?
> Also is there any known issue I should expect with workarounds?
>  I just did this yesterday, so here's my experience. If you have a simple 
> single-server installation with no custom LDAP DIT modifications, you should 
> find "yum upgrade" does the right thing.
> If you do have DIT mods, you should ask yourself why they are there and 
> whether the data will still be accessible after the ACLs are changed. In my 
> case, I had Postfix using a LDAP hash and mail delivery stopped working 
> (although the domain data was still there just fine).
> Note that the ACLs will propagate from the 4.1 server to your 3.0 if they are 
> replicated. To be safe, back up all replicas (snapshot or whatnot) before the 
> first upgrade and if you decide to restore any of them, be sure everything is 
> shut down and restore all of them to avoid 4.x schema contaminating 3.0 as 
> they come up.
> The general recommendation for 3.3 -> 4.1 migration is to start
> introducing 4.1 replicas into your 3.3 environment and then turn your 3.3
> replicas off. Do not forget to install the CA component with one of your
> 4.1 replicas before removing all the 3.3 instanced with CAs. With this
> procedure you would also need to move the CRL generation and cert tracking.
> See details in migration section
> https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html-single/Linux_Domain_Identity_Authentication_and_Policy_Guide/index.html#migrating-ipa-proc

 Will this excellent documentation work too on the migration from 3.0x
(rhel 6) to 4.1.x (rhel 7.1)?

I will be migrating the coming months to 7.1 or 7.2 (whichever is the
current stable then), so just wondering.


Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to