You do not need to uninstall the 4 server, you just need to install the CA component on it:
# ipa-ca-install /path/to/replica.file ... and make it CRL/renewal master. See step 8 and later in https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/migrating-ipa-proc.html On 04/14/2015 02:06 AM, Aric Wilisch wrote: > I didn’t see this guide until now. The IPA3 server started off as a RHEL 6.6 > server so no upgrade is necessary, but I simply generated the replica file > and created the IPA 4 server as a replica. Aside from the CA not being there > the server looks to be working fine and shows up as a master. > > I’ll uninstall the 4 server and work through the script process to see if > that fixes the issue. > > Regards, > ------------------------------------------ > Aric Wilisch > awili...@gmail.com > > > > >> On Apr 13, 2015, at 7:47 PM, Dmitri Pal <d...@redhat.com> wrote: >> >> On 04/13/2015 07:26 PM, Aric Wilisch wrote: >>> One of our environments has a Freeipa3 sever installed and I need to >>> upgrade it to FreeIPA 4. I brought up RHEL 7 server and installed FreeIPA >>> 4 as a replica of the FreeIPA3 box. But now I’m stuck. I can’t find any >>> good documentation on how to promote the new FreeIPA4 server and take the >>> old FreeIPA3 server out of the picture. If I do a ida-replica-manage del >>> —force stip01.staging.fioptics.int it tells me I can’t because it would >>> leave me without a CA. However I can’t find any documentation on migrating >>> the CA from IPA3 to IPA4. >>> >>> Any help would be appreciated. >>> >>> Regards, >>> ------------------------------------------ >>> Aric Wilisch >>> awili...@gmail.com <mailto:awili...@gmail.com> >>> >>> >>> >>> >>> >>> >> >> >> Did you follow this procedure? >> https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html-single/Linux_Domain_Identity_Authentication_and_Policy_Guide/index.html#migrating-ipa-proc >> >> <https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html-single/Linux_Domain_Identity_Authentication_and_Policy_Guide/index.html#migrating-ipa-proc> >> >> I would say that I would recommend upgrading to 6.6 rather than 6.5. >> >> If you did not what exactly did you do? >> >> -- >> Thank you, >> Dmitri Pal >> >> Sr. Engineering Manager IdM portfolio >> Red Hat, Inc. >> -- >> Manage your subscription for the Freeipa-users mailing list: >> https://www.redhat.com/mailman/listinfo/freeipa-users >> Go to http://freeipa.org for more info on the project > > > > -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
