On 02/05/2016 11:35 AM, Petr Vobornik wrote:
> On 02/04/2016 06:14 PM, Christophe TREFOIS wrote:
>> Hi all,
>>
>> We are currently running a 3-replica (all are setup with the —setup-ca flag)
>> cluster on Fedora 21, with FreeIPA 4.1.4.
>>
>> We would like to slowly upgrade to the new version and move away from Fedora
>> to CentOS 7.2.
>>
>> We were thinking of the following:
>>
>> - Create 3 CentOS machines with —setup-ca flag so that our current cluster 
>> is 6.
>> The first CentOS VM would then probably update the DB schema to the new
>> FreeIPA version.
>> - Remove the Fedora VMs 1 by 1 from the cluster using ipa-replica-manage del
>> <host>
>> - Be happy?
>>
>>
>> 1. Could you please advise if this is considered the safest practise?
> 
> More or less yes:
> 
> 1. create First IPA 4.2 against some FreeIPA 4.1.4 with CA
> 2. create the other two against the newly Created CentOS - will verify if it 
> is
> in a good shape
> 3. set new renewal CRL master:
> http://www.freeipa.org/page/Howto/Promote_CA_to_Renewal_and_CRL_Master
> 4. Migrate DNA ranges using ipa-replica-manage tool
> 
> if all works well, remove all servers:
> 
> 5. remove CA repl. agreements for old servers using ipa-csreplica-manage del
> 6. remove old servers data and repl. agreements using ipa-replica-manage del
> 7. uninstall old servers using ipa-server-install --uninstall
> 
>> 2. Do we have to update to intermediate versions and if so how?
> 
> Should not be necessary.

Some advise is also present in the RHEL official docs:

https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/upgrading.html#migrating-ipa-proc

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to