Thanks for confirmation. Enjoy the new and shiny FreeIPA 4.1+! :-) On 04/14/2015 02:59 PM, Aric Wilisch wrote: > Thanks that actually helped. I have the CA moved and the old server > decommissioned now. Thanks. > > Regards, > ------------------------------------------ > Aric Wilisch > awili...@gmail.com > > > > >> On Apr 14, 2015, at 3:07 AM, Martin Kosek <mko...@redhat.com> wrote: >> >> You do not need to uninstall the 4 server, you just need to install the CA >> component on it: >> >> # ipa-ca-install /path/to/replica.file >> >> ... and make it CRL/renewal master. See step 8 and later in >> >> https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/migrating-ipa-proc.html >> >> <https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/migrating-ipa-proc.html> >> >> On 04/14/2015 02:06 AM, Aric Wilisch wrote: >>> I didn’t see this guide until now. The IPA3 server started off as a RHEL >>> 6.6 server so no upgrade is necessary, but I simply generated the replica >>> file and created the IPA 4 server as a replica. Aside from the CA not being >>> there the server looks to be working fine and shows up as a master. >>> >>> I’ll uninstall the 4 server and work through the script process to see if >>> that fixes the issue. >>> >>> Regards, >>> ------------------------------------------ >>> Aric Wilisch >>> awili...@gmail.com >>> >>> >>> >>> >>>> On Apr 13, 2015, at 7:47 PM, Dmitri Pal <d...@redhat.com> wrote: >>>> >>>> On 04/13/2015 07:26 PM, Aric Wilisch wrote: >>>>> One of our environments has a Freeipa3 sever installed and I need to >>>>> upgrade it to FreeIPA 4. I brought up RHEL 7 server and installed >>>>> FreeIPA 4 as a replica of the FreeIPA3 box. But now I’m stuck. I can’t >>>>> find any good documentation on how to promote the new FreeIPA4 server and >>>>> take the old FreeIPA3 server out of the picture. If I do a >>>>> ida-replica-manage del —force stip01.staging.fioptics.int it tells me I >>>>> can’t because it would leave me without a CA. However I can’t find any >>>>> documentation on migrating the CA from IPA3 to IPA4. >>>>> >>>>> Any help would be appreciated. >>>>> >>>>> Regards, >>>>> ------------------------------------------ >>>>> Aric Wilisch >>>>> awili...@gmail.com <mailto:awili...@gmail.com> <mailto:awili...@gmail.com >>>>> <mailto:awili...@gmail.com>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>> >>>> >>>> Did you follow this procedure? >>>> https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html-single/Linux_Domain_Identity_Authentication_and_Policy_Guide/index.html#migrating-ipa-proc >>>> >>>> <https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html-single/Linux_Domain_Identity_Authentication_and_Policy_Guide/index.html#migrating-ipa-proc><https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html-single/Linux_Domain_Identity_Authentication_and_Policy_Guide/index.html#migrating-ipa-proc >>>> >>>> <https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html-single/Linux_Domain_Identity_Authentication_and_Policy_Guide/index.html#migrating-ipa-proc>> >>>> >>>> I would say that I would recommend upgrading to 6.6 rather than 6.5. >>>> >>>> If you did not what exactly did you do? >>>> >>>> -- >>>> Thank you, >>>> Dmitri Pal >>>> >>>> Sr. Engineering Manager IdM portfolio >>>> Red Hat, Inc. >>>> -- >>>> Manage your subscription for the Freeipa-users mailing list: >>>> https://www.redhat.com/mailman/listinfo/freeipa-users >>>> <https://www.redhat.com/mailman/listinfo/freeipa-users> >>>> Go to http://freeipa.org <http://freeipa.org/> for more info on the project > > > >
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project