Thanks that actually helped. I have the CA moved and the old server 
decommissioned now. Thanks.

Regards,
------------------------------------------
Aric Wilisch
awili...@gmail.com




> On Apr 14, 2015, at 3:07 AM, Martin Kosek <mko...@redhat.com> wrote:
> 
> You do not need to uninstall the 4 server, you just need to install the CA
> component on it:
> 
> # ipa-ca-install /path/to/replica.file
> 
> ... and make it CRL/renewal master. See step 8 and later in
> 
> https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/migrating-ipa-proc.html
>  
> <https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/migrating-ipa-proc.html>
> 
> On 04/14/2015 02:06 AM, Aric Wilisch wrote:
>> I didn’t see this guide until now. The IPA3 server started off as a RHEL 6.6 
>> server so no upgrade is necessary, but I simply generated the replica file 
>> and created the IPA 4 server as a replica. Aside from the CA not being there 
>> the server looks to be working fine and shows up as a master. 
>> 
>> I’ll uninstall the 4 server and work through the script process to see if 
>> that fixes the issue. 
>> 
>> Regards,
>> ------------------------------------------
>> Aric Wilisch
>> awili...@gmail.com
>> 
>> 
>> 
>> 
>>> On Apr 13, 2015, at 7:47 PM, Dmitri Pal <d...@redhat.com> wrote:
>>> 
>>> On 04/13/2015 07:26 PM, Aric Wilisch wrote:
>>>> One of our environments has a Freeipa3 sever installed and I need to 
>>>> upgrade it to FreeIPA 4. I brought up  RHEL 7 server and installed FreeIPA 
>>>> 4 as a replica of the FreeIPA3 box. But now I’m stuck. I can’t find any 
>>>> good documentation on how to promote the new FreeIPA4 server and take the 
>>>> old FreeIPA3 server out of the picture. If I do a ida-replica-manage del 
>>>> —force stip01.staging.fioptics.int it tells me I can’t because it would 
>>>> leave me without a CA. However I can’t find any documentation on migrating 
>>>> the CA from IPA3 to IPA4. 
>>>> 
>>>> Any help would be appreciated. 
>>>> 
>>>> Regards,
>>>> ------------------------------------------
>>>> Aric Wilisch
>>>> awili...@gmail.com <mailto:awili...@gmail.com> <mailto:awili...@gmail.com 
>>>> <mailto:awili...@gmail.com>>
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>> 
>>> 
>>> Did you follow this procedure?
>>> https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html-single/Linux_Domain_Identity_Authentication_and_Policy_Guide/index.html#migrating-ipa-proc
>>>  
>>> <https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html-single/Linux_Domain_Identity_Authentication_and_Policy_Guide/index.html#migrating-ipa-proc><https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html-single/Linux_Domain_Identity_Authentication_and_Policy_Guide/index.html#migrating-ipa-proc
>>>  
>>> <https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html-single/Linux_Domain_Identity_Authentication_and_Policy_Guide/index.html#migrating-ipa-proc>>
>>> 
>>> I would say that I would recommend upgrading to 6.6 rather than 6.5.
>>> 
>>> If you did not what exactly did you do?
>>> 
>>> -- 
>>> Thank you,
>>> Dmitri Pal
>>> 
>>> Sr. Engineering Manager IdM portfolio
>>> Red Hat, Inc.
>>> -- 
>>> Manage your subscription for the Freeipa-users mailing list:
>>> https://www.redhat.com/mailman/listinfo/freeipa-users 
>>> <https://www.redhat.com/mailman/listinfo/freeipa-users>
>>> Go to http://freeipa.org <http://freeipa.org/> for more info on the project

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to