You do not need to uninstall the 4 server, you just need to install the CA
component on it:

# ipa-ca-install /path/to/replica.file

... and make it CRL/renewal master. See step 8 and later in

https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/migrating-ipa-proc.html

On 04/14/2015 02:06 AM, Aric Wilisch wrote:
> I didn’t see this guide until now. The IPA3 server started off as a RHEL 6.6 
> server so no upgrade is necessary, but I simply generated the replica file 
> and created the IPA 4 server as a replica. Aside from the CA not being there 
> the server looks to be working fine and shows up as a master. 
> 
> I’ll uninstall the 4 server and work through the script process to see if 
> that fixes the issue. 
> 
> Regards,
> ------------------------------------------
> Aric Wilisch
> awili...@gmail.com
> 
> 
> 
> 
>> On Apr 13, 2015, at 7:47 PM, Dmitri Pal <d...@redhat.com> wrote:
>>
>> On 04/13/2015 07:26 PM, Aric Wilisch wrote:
>>> One of our environments has a Freeipa3 sever installed and I need to 
>>> upgrade it to FreeIPA 4. I brought up  RHEL 7 server and installed FreeIPA 
>>> 4 as a replica of the FreeIPA3 box. But now I’m stuck. I can’t find any 
>>> good documentation on how to promote the new FreeIPA4 server and take the 
>>> old FreeIPA3 server out of the picture. If I do a ida-replica-manage del 
>>> —force stip01.staging.fioptics.int it tells me I can’t because it would 
>>> leave me without a CA. However I can’t find any documentation on migrating 
>>> the CA from IPA3 to IPA4. 
>>>
>>> Any help would be appreciated. 
>>>
>>> Regards,
>>> ------------------------------------------
>>> Aric Wilisch
>>> awili...@gmail.com <mailto:awili...@gmail.com>
>>>
>>>
>>>
>>>
>>>
>>>
>>
>>
>> Did you follow this procedure?
>> https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html-single/Linux_Domain_Identity_Authentication_and_Policy_Guide/index.html#migrating-ipa-proc
>>  
>> <https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html-single/Linux_Domain_Identity_Authentication_and_Policy_Guide/index.html#migrating-ipa-proc>
>>
>> I would say that I would recommend upgrading to 6.6 rather than 6.5.
>>
>> If you did not what exactly did you do?
>>
>> -- 
>> Thank you,
>> Dmitri Pal
>>
>> Sr. Engineering Manager IdM portfolio
>> Red Hat, Inc.
>> -- 
>> Manage your subscription for the Freeipa-users mailing list:
>> https://www.redhat.com/mailman/listinfo/freeipa-users
>> Go to http://freeipa.org for more info on the project
> 
> 
> 
> 

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to