Thanks that actually helped. I have the CA moved and the old server decommissioned now. Thanks.
Regards, ------------------------------------------ Aric Wilisch awili...@gmail.com > On Apr 14, 2015, at 3:07 AM, Martin Kosek <mko...@redhat.com> wrote: > > You do not need to uninstall the 4 server, you just need to install the CA > component on it: > > # ipa-ca-install /path/to/replica.file > > ... and make it CRL/renewal master. See step 8 and later in > > https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/migrating-ipa-proc.html > > <https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/migrating-ipa-proc.html> > > On 04/14/2015 02:06 AM, Aric Wilisch wrote: >> I didn’t see this guide until now. The IPA3 server started off as a RHEL 6.6 >> server so no upgrade is necessary, but I simply generated the replica file >> and created the IPA 4 server as a replica. Aside from the CA not being there >> the server looks to be working fine and shows up as a master. >> >> I’ll uninstall the 4 server and work through the script process to see if >> that fixes the issue. >> >> Regards, >> ------------------------------------------ >> Aric Wilisch >> awili...@gmail.com >> >> >> >> >>> On Apr 13, 2015, at 7:47 PM, Dmitri Pal <d...@redhat.com> wrote: >>> >>> On 04/13/2015 07:26 PM, Aric Wilisch wrote: >>>> One of our environments has a Freeipa3 sever installed and I need to >>>> upgrade it to FreeIPA 4. I brought up RHEL 7 server and installed FreeIPA >>>> 4 as a replica of the FreeIPA3 box. But now I’m stuck. I can’t find any >>>> good documentation on how to promote the new FreeIPA4 server and take the >>>> old FreeIPA3 server out of the picture. If I do a ida-replica-manage del >>>> —force stip01.staging.fioptics.int it tells me I can’t because it would >>>> leave me without a CA. However I can’t find any documentation on migrating >>>> the CA from IPA3 to IPA4. >>>> >>>> Any help would be appreciated. >>>> >>>> Regards, >>>> ------------------------------------------ >>>> Aric Wilisch >>>> awili...@gmail.com <mailto:awili...@gmail.com> <mailto:awili...@gmail.com >>>> <mailto:awili...@gmail.com>> >>>> >>>> >>>> >>>> >>>> >>>> >>> >>> >>> Did you follow this procedure? >>> https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html-single/Linux_Domain_Identity_Authentication_and_Policy_Guide/index.html#migrating-ipa-proc >>> >>> <https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html-single/Linux_Domain_Identity_Authentication_and_Policy_Guide/index.html#migrating-ipa-proc><https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html-single/Linux_Domain_Identity_Authentication_and_Policy_Guide/index.html#migrating-ipa-proc >>> >>> <https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html-single/Linux_Domain_Identity_Authentication_and_Policy_Guide/index.html#migrating-ipa-proc>> >>> >>> I would say that I would recommend upgrading to 6.6 rather than 6.5. >>> >>> If you did not what exactly did you do? >>> >>> -- >>> Thank you, >>> Dmitri Pal >>> >>> Sr. Engineering Manager IdM portfolio >>> Red Hat, Inc. >>> -- >>> Manage your subscription for the Freeipa-users mailing list: >>> https://www.redhat.com/mailman/listinfo/freeipa-users >>> <https://www.redhat.com/mailman/listinfo/freeipa-users> >>> Go to http://freeipa.org <http://freeipa.org/> for more info on the project
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
