subject:"\[Freeipa\-users\] CentOS 6 \-> 7 migration"

Re: [Freeipa-users] CentOS 6 -> 7 migration

2017-02-28 Thread Ian Pilcher


On 02/28/2017 03:49 AM, Petr Vobornik wrote:

On 02/26/2017 04:58 PM, Rob Verduijn wrote:

Sounds feasable, however I'm not sure which solution entails the most
work.


+1

Just in case, I'll mention migration documentation:
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/upgrading.html#migrating-ipa-proc


There are some manual steps regarding CA which should not be skipped.



Thanks for mentioning that.  I thought that I was done, but I had missed
that part.

--

Ian Pilcher arequip...@gmail.com
 "I grew up before Mark Zuckerberg invented friendship" 


--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Re: [Freeipa-users] CentOS 6 -> 7 migration

2017-02-28 Thread Petr Vobornik

On 02/26/2017 04:58 PM, Rob Verduijn wrote:

Sounds feasable, however I'm not sure which solution entails the most work.

Just in case, I'll mention migration documentation:
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/upgrading.html#migrating-ipa-proc

There are some manual steps regarding CA which should not be skipped.

In step 3 you loose all the extra functionalities( cups/squid/ntp ) as well,
while these stay preserved by a p2v including a nice backup.
You do need a backup of all the functions before proceeding with step3.

Rob Verduijn

2017-02-26 14:40 GMT+01:00 Ian Pilcher >:

On 02/26/2017 05:08 AM, Rob Verduijn wrote:

You should consider setting up a temporary vm to migrate from.
On one of your client systems, I assume you got at least 1 ipa client

Try looking at http://libguestfs.org/virt-p2v.1.html
to migrate your
current system to a vm (side effect : instant full backup)

When you got the vm up and running you can reinstall your main system
with the new os and ipa.
Then replicate the old ipa to the new one.

Hmm. The system that runs IPA is the "network server" in my home
network. It runs various services -- DNS, NTP, CUPS, squid, etc. -- as
well as routing between various VLANs. So simply P2V'ing it would be
a major project in its own right.

What about this, though ...

1. Set up a new CentOS 7 VM running IPA

2. Replicate the IPA data from the old CentOS 6 system to the VM.

3. Install CentOS 7 on the original system

4. Replicate the IPA data back from the VM

Will this work?

Ian Pilcher arequip...@gmail.com
"I grew up before Mark Zuckerberg invented friendship"

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users

Go to http://freeipa.org for more info on the project

--
Petr Vobornik

Associate Manager, Engineering, Identity Management
Red Hat, Inc.

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Re: [Freeipa-users] CentOS 6 -> 7 migration

2017-02-27 Thread Greg

I've had success going from RHEL6 to RHEL7 and IPA 3.0 to 4.4, without
losing any data/objects/clients. It is as you found though, through
replication.

I've followed this guide for IPA upgrade:

https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/upgrading.html#migrating-ipa-proc

And this guide for in-situ RHEL6 to 7 upgrade, not sure if/how applicable
that is to CentOS, but if you can get away doing fresh OS installs, that's
always better (I couldn't, very limited access to hardware/BIOS):

https://access.redhat.com/solutions/637583

For IPA upgrade, you definitely want a replica. Well, just another machine
on the same network really to help you migrate and you can later go back to
using just the one IPA server. As suggested by Rob, you could nominate one
of your IPA clients as a replica temporarily (though if that's CentOS 6,
it'd need OS upgrade too).

In my case I already had two replicas, and I had done the following
(deviating slightly from Redhat's guide, that says use 3rd/fresh machine,
then decomm old ones):

- Removed one RHEL6 replica, uninstalled IPA 3.0 on it, trashed the config
etc, made it into as clean RHEL 6 as possible (even yum remove ipa-server
etc).
- Upgraded that cleaned up RHEL6 ex-replica to RHEL7 in-situ, and installed
IPA 4.4 server.
- Joined the freshly upgraded and empty RHEL7/IPA4.4 to existing realm and
moved CA renewal service to it (important).
- Repeated the steps on the other replica (remove from replication,
uninstall/trash everything to have as clean RHEL6 as possible, upgraded to
RHEL7, install IPA 4.4, re-join).

In a way your steps would be even easier, cause you can ignore step 1, and
just use a fresh machine. If you still want to end up with just 1 IPA
server, then you'd introduce new CentOS 7 / IPA 4.4 replica (new machine on
the same network, or existing client nominated to be a server for duration
of migration), make sure clients can connect to it / are aware of it, move
CA renewal to it, remove existing/old IPA from replication, clean it,
upgrade to CentOS 7 / IPA 4.4 (or re-install OS from scratch), re-introduce
into replication, move CA renewal back to it, and finally remove the new
machine replica, so that you're left with your original machine in an
upgraded state.

Hope that makes sense. If you can avoid in-situ 6 to7 OS upgrade and do
fresh OS installs between the replica migrations, all the better, as it can
be a bit of an added nuisance (trawling all the *.rpmnew config files and
making sure everything is correct).

--
Thanks,

Greg Kubok.

On 26 February 2017 at 11:08, Rob Verduijn  wrote:

> Upgrading centos6 to 7 is not a smart thing, unless you like to suffer a
> lot of issues.
>
> Then there are many comaptibility issues regarding the upgrade from ipa3.3
> to 4.4
>
> You should consider setting up a temporary vm to migrate from.
> On one of your client systems, I assume you got at least 1 ipa client
>
> Try looking at http://libguestfs.org/virt-p2v.1.html to migrate your
> current system to a vm  (side effect : instant full backup)
>
> When you got the vm up and running you can reinstall your main system with
> the new os and ipa.
> Then replicate the old ipa to the new one.
>
> Rob Verduijn
>
>
>
> 2017-02-26 0:45 GMT+01:00 Ian Pilcher :
>
>> Is there any way to migrate an IPA server from 6 -> 7 without losing all
>> of the IPA configuration and data?  All of the documentation I can find
>> involves setting up a replica, replicating the data over, and then
>> decommissioning the old system; not exactly an option with a single
>> system.
>>
>> --
>> 
>> Ian Pilcher arequip...@gmail.com
>>  "I grew up before Mark Zuckerberg invented friendship" 
>> 
>>
>> --
>> Manage your subscription for the Freeipa-users mailing list:
>> https://www.redhat.com/mailman/listinfo/freeipa-users
>> Go to http://freeipa.org for more info on the project
>>
>
>
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project
>

-- 
Thanks,

Greg.
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Re: [Freeipa-users] CentOS 6 -> 7 migration

2017-02-26 Thread Rob Verduijn

Sounds feasable, however I'm not sure which solution entails the most work.

In step 3 you loose all the extra functionalities( cups/squid/ntp ) as
well, while these stay preserved by a p2v including a nice backup.
You do need a backup of all the functions before proceeding with step3.

Rob Verduijn

2017-02-26 14:40 GMT+01:00 Ian Pilcher :

> On 02/26/2017 05:08 AM, Rob Verduijn wrote:
>
>> You should consider setting up a temporary vm to migrate from.
>> On one of your client systems, I assume you got at least 1 ipa client
>>
>> Try looking at http://libguestfs.org/virt-p2v.1.html to migrate your
>> current system to a vm  (side effect : instant full backup)
>>
>> When you got the vm up and running you can reinstall your main system
>> with the new os and ipa.
>> Then replicate the old ipa to the new one.
>>
>
> Hmm.  The system that runs IPA is the "network server" in my home
> network.  It runs various services -- DNS, NTP, CUPS, squid, etc. -- as
> well as routing between various VLANs.  So simply P2V'ing it would be
> a major project in its own right.
>
> What about this, though ...
>
> 1.  Set up a new CentOS 7 VM running IPA
>
> 2.  Replicate the IPA data from the old CentOS 6 system to the VM.
>
> 3.  Install CentOS 7 on the original system
>
> 4.  Replicate the IPA data back from the VM
>
> Will this work?
>
> --
> 
> Ian Pilcher arequip...@gmail.com
>  "I grew up before Mark Zuckerberg invented friendship" 
> 
>
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project
>
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Re: [Freeipa-users] CentOS 6 -> 7 migration

2017-02-26 Thread Ian Pilcher


On 02/26/2017 05:08 AM, Rob Verduijn wrote:

You should consider setting up a temporary vm to migrate from.
On one of your client systems, I assume you got at least 1 ipa client

Try looking at http://libguestfs.org/virt-p2v.1.html to migrate your
current system to a vm  (side effect : instant full backup)

When you got the vm up and running you can reinstall your main system
with the new os and ipa.
Then replicate the old ipa to the new one.


Hmm.  The system that runs IPA is the "network server" in my home
network.  It runs various services -- DNS, NTP, CUPS, squid, etc. -- as
well as routing between various VLANs.  So simply P2V'ing it would be
a major project in its own right.

What about this, though ...

1.  Set up a new CentOS 7 VM running IPA

2.  Replicate the IPA data from the old CentOS 6 system to the VM.

3.  Install CentOS 7 on the original system

4.  Replicate the IPA data back from the VM

Will this work?

--

Ian Pilcher arequip...@gmail.com
 "I grew up before Mark Zuckerberg invented friendship" 


--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Re: [Freeipa-users] CentOS 6 -> 7 migration

2017-02-26 Thread Rob Verduijn

Upgrading centos6 to 7 is not a smart thing, unless you like to suffer a
lot of issues.

Then there are many comaptibility issues regarding the upgrade from ipa3.3
to 4.4

You should consider setting up a temporary vm to migrate from.
On one of your client systems, I assume you got at least 1 ipa client

Try looking at http://libguestfs.org/virt-p2v.1.html to migrate your
current system to a vm  (side effect : instant full backup)

When you got the vm up and running you can reinstall your main system with
the new os and ipa.
Then replicate the old ipa to the new one.

Rob Verduijn



2017-02-26 0:45 GMT+01:00 Ian Pilcher :

> Is there any way to migrate an IPA server from 6 -> 7 without losing all
> of the IPA configuration and data?  All of the documentation I can find
> involves setting up a replica, replicating the data over, and then
> decommissioning the old system; not exactly an option with a single
> system.
>
> --
> 
> Ian Pilcher arequip...@gmail.com
>  "I grew up before Mark Zuckerberg invented friendship" 
> 
>
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project
>
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

[Freeipa-users] CentOS 6 -> 7 migration

2017-02-25 Thread Ian Pilcher


Is there any way to migrate an IPA server from 6 -> 7 without losing all
of the IPA configuration and data?  All of the documentation I can find
involves setting up a replica, replicating the data over, and then
decommissioning the old system; not exactly an option with a single
system.

--

Ian Pilcher arequip...@gmail.com
 "I grew up before Mark Zuckerberg invented friendship" 


--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Re: [Freeipa-users] CentOS 6 -> 7 migration

Re: [Freeipa-users] CentOS 6 -> 7 migration

Re: [Freeipa-users] CentOS 6 -> 7 migration

Re: [Freeipa-users] CentOS 6 -> 7 migration

Re: [Freeipa-users] CentOS 6 -> 7 migration

Re: [Freeipa-users] CentOS 6 -> 7 migration

[Freeipa-users] CentOS 6 -> 7 migration

7 matches

Site Navigation

Mail list logo

Footer information