I don't know that what we did is the most correct or even best way to manage an upgrade, but here's what I did.

We started with two nodes, ipa1 and ipa2. Both running Fedora.

I built a new system, ipa3, and installed IPA on it, then made it a replica.

I then removed the replication agreements to ipa1 and upgraded it. Then made it a replica again using ipa3 as the master.

Finally, I removed ipa2's replication agreement and upgraded it. Again, it was brought back into replication by creating a replication file on ipa3 and copying it to ipa2.

Somewhere in there, I'm pretty sure I had to do something with the CA to ensure we still had one, but for the life of me, I can't remember what I did!

Good luck!


Bret


On 04/21/2017 10:06 AM, B.harries wrote:
Hi All,

As I am new to the list, I'd like to introduce myself as Bennie. In my fairly small (CentOS based) organization we use FreeIPA and we are honestly really happy with this all in one solution. Lately however we are facing an issue regarding updating FreeIPA and I was hoping I could find some guidance on this mail list =).

*Current situation*
We are currently running FreeIPA 4.3.1 on Fedora 23. When we started using FreeIPA, CentOS was lacking quite behind so we choose to go with Fedora. As Fedora 23 is quite out of date now we tried to perform a dist-upgrade, enabling us to continue using FreeIPA on the 4.4 branch. This dist-upgrade however led to an inoperable condition of FreeIPA, mainly the PKI service fails miserably.

*Second attempt*
We then tried to install a fresh CentOS server, having FreeIPA version 4.4 and attaching it as a second master to our IPA instance. This however didn't work out as well, probably because the directory structures are not equal.

So far, everything failed. I was wondering if anyone here faced similar problems and might be able to point in the right direction?

Thanks in advance for a reply!


Bennie




-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to