Zak Wolfinger wrote:

On Apr 11, 2016, at 12:09 PM, Martin Basti <
<>> wrote:

On 11.04.2016 19:01, Zak Wolfinger wrote:
We are running FreeIPA 3.0 (Dogtag 9) on CentOS and want to migrate
to the latest version.

I understand that FreeIPA 3.1 introduced Dogtag 10 and there is no
“upgrade” but can be accomplished as a “migration”.

However we are not currently using CA so that may simplify things.

Can I just do this?
1. Create a new  replica VM running 4.3.1
2. Make sure it syncs up with the 3.0 primary and test
3. Promote the new replica to primary
4. Remove all the old 3.0 replicas
5. Build new 4.3.1 replicas
6. ??
7. Profit

What do you experienced people think?  What am I missing?

This may help

There is covered migration form RHEL 6 to RHEL 7, it should work

Since we are running FreeIPA on CentOS instead of IDM on RHEL, I’m not
sure how this warning applies to our configuration:

If any of the instances in your IdM deployment are using Red Hat
Enterprise Linux 6.5 or earlier, upgrade them to Red Hat
Enterprise Linux 6.6 before upgrading a Red Hat Enterprise Linux 7.0 IdM
server to the 7.1 version or before connecting a Red Hat
Enterprise Linux 7.1 IdM replica.
anything to be concerned about here?

One reason is

You need 3.0.0-38 or higher.


Manage your subscription for the Freeipa-users mailing list:
Go to for more info on the project

Reply via email to