Thanks to support from folks on this list I have a 3-node multi-site replicating FreeIPA system supporting a number of 1-way trusts to various AD Forests. Testing has gone well and it's clear that this "POC" will soon transition to production.

Because of the importance of this system to our environment I'm trying to flesh out a proper strategy for testing upgrades and updates in a way that lets us keep our system highly available and online.

And seeing how rapidly this software is being developed w/ new features and how dependent we are on the most recent version (or how badly I want to try the version in RHEL-BETA-3) I think this is a system we will possibly be upgrading somewhat often ...

I understand that replicas can run newer versions of IPA/IDM than the master so that is one path by which we can carefully test updates and patches but I don't think that covers all the scenarios ...

Can anyone share strategies or war stories for how testing is done in support of production IPA/IDM environments? Especially when Trusts need to be set up with many external AD systems?

Do people run discrete standalone dev/test IPA domains/realms to create isolated environments or is there some other good strategy that allows testing to be done within the same domain/realm?



Manage your subscription for the Freeipa-users mailing list:
Go to for more info on the project

Reply via email to