Re: [Freeipa-users] Upgrade from 4.1.4

2015-11-05 Thread Prashant Bapat 
Please ignore my mails about tomcat/pki. An update fixed the issue.

On 5 November 2015 at 12:58, Prashant Bapat  wrote:

> Looks like there are issues with dogtag and tomcat8.
> http://pki.fedoraproject.org/wiki/Tomcat_8
>
> On 5 November 2015 at 11:32, Prashant Bapat  wrote:
>
>> New issue with upgrade.
>>
>> I setup a test IPA server. Its on AWS EC2 instance in a VPC. Fedora 21.
>> freeipa 4.1.4.
>>
>> Upgraded OS from F21 --> F22 --> F23. All OK.
>>
>> Once in F23 *ipactl start* command tells me an upgrade is needed.
>>
>> Ran* ipa-server-upgrade* command. This command seems to do everything
>> but somehow fails during upgrading the PKI (Tomcat). Now the tomcat service
>> wont start. Other components are upgraded to 4.2.2 but Tomcat is down.
>>
>> Attached is the *ipaupgrade.log* and *catalina.2015-11-05.log*.
>>
>> Any help appreciated.
>>
>> Thanks.
>> --Prashant
>>
>> On 5 November 2015 at 06:31, Prashant Bapat  wrote:
>>
>>> Great idea! Is that possible ? Any documentation on how to do this would
>>> be very helpful.
>>>
>>> Thanks.
>>>
>>> On 4 November 2015 at 19:17, Rob Crittenden  wrote:
>>>
 Martin Kosek wrote:
 > On 11/04/2015 10:27 AM, Prashant Bapat wrote:
 >> Ack. But in a live replicated setup wont upgrading from F21->F22 and
 >> F22->F23 take a long time. I mean couple of hours ?
 >
 > It will take some outage time, yes. But if you have appropriate
 number of
 > replicas and are upgrading one by one, you should be fine - the
 clients should
 > fail over to other replicas.
 >
 >> Are there any other ways to do this. Perhaps do a fresh install of
 F23 and
 >> then restore data from FreeIPA 4.1.4 (F21) ?
 >
 > FreeIPA upgrade also updates the data themselves. Restoring old data
 and
 > configuration files on fresh F23 using full backup + running the
 upgrade may
 > work, but there may be also a lot of hurdles. It is not really a
 tested approach.

 Or he could one by one install a new F23 system and configure it as a
 new master to replace one of the old ones until they are all running
 F23.

 I'm pretty sure backup/restore only works within the same version.

 rob

 >
 >>
 >> On 4 November 2015 at 14:52, Martin Kosek  wrote:
 >>
 >>> On 11/04/2015 10:15 AM, Lukas Slebodnik wrote:
  On (04/11/15 14:37), Prashant Bapat wrote:
 > Hi All,
 >
 > We rolled out freeipa in our setup somewhere in beginning of
 2015. Since
 > then there have been couple of new releases. Latest being 4.2.3.
 >
 > The FreeIPA servers are installed on Fedora 21 hosts and at this
 point
 > there is no direct way of upgrading to 4.2.3 unless we also
 upgrade the
 >>> OS.
 > The COPR repos do not support Fedora 21.
 >
  Fedora 23 was released yesterday.
  It means then Fedora 21 will be out of support in a month.
  I would definitelly recomment to upgrade it to newer Fedora.
 >>>
 >>> +1. I did the same actually for FreeIPA demo which was also running
 on F21
 >>> before:
 >>> http://www.freeipa.org/page/Demo
 >>> I had to do it in two steps: F21->F22, F22->F23.
 >>>
 >>> If you make sure that F22->F23 upgrade updates to
 freeipa-4.2.3-1.fc23 or
 >>> later
 >>> (https://bodhi.fedoraproject.org/updates/FEDORA-2015-4d94884a7e),
 it
 >>> should
 >>> work just fine.
 >>>
  If you do not want t upgrade so often you might use FreeIPA
  on CentOS 7
 
  LS
 
 >>>
 >>>
 >>
 >


>>>
>>
>
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Re: [Freeipa-users] Upgrade from 4.1.4

2015-11-04 Thread Prashant Bapat 
Great idea! Is that possible ? Any documentation on how to do this would be
very helpful.

Thanks.

On 4 November 2015 at 19:17, Rob Crittenden  wrote:

> Martin Kosek wrote:
> > On 11/04/2015 10:27 AM, Prashant Bapat wrote:
> >> Ack. But in a live replicated setup wont upgrading from F21->F22 and
> >> F22->F23 take a long time. I mean couple of hours ?
> >
> > It will take some outage time, yes. But if you have appropriate number of
> > replicas and are upgrading one by one, you should be fine - the clients
> should
> > fail over to other replicas.
> >
> >> Are there any other ways to do this. Perhaps do a fresh install of F23
> and
> >> then restore data from FreeIPA 4.1.4 (F21) ?
> >
> > FreeIPA upgrade also updates the data themselves. Restoring old data and
> > configuration files on fresh F23 using full backup + running the upgrade
> may
> > work, but there may be also a lot of hurdles. It is not really a tested
> approach.
>
> Or he could one by one install a new F23 system and configure it as a
> new master to replace one of the old ones until they are all running F23.
>
> I'm pretty sure backup/restore only works within the same version.
>
> rob
>
> >
> >>
> >> On 4 November 2015 at 14:52, Martin Kosek  wrote:
> >>
> >>> On 11/04/2015 10:15 AM, Lukas Slebodnik wrote:
>  On (04/11/15 14:37), Prashant Bapat wrote:
> > Hi All,
> >
> > We rolled out freeipa in our setup somewhere in beginning of 2015.
> Since
> > then there have been couple of new releases. Latest being 4.2.3.
> >
> > The FreeIPA servers are installed on Fedora 21 hosts and at this
> point
> > there is no direct way of upgrading to 4.2.3 unless we also upgrade
> the
> >>> OS.
> > The COPR repos do not support Fedora 21.
> >
>  Fedora 23 was released yesterday.
>  It means then Fedora 21 will be out of support in a month.
>  I would definitelly recomment to upgrade it to newer Fedora.
> >>>
> >>> +1. I did the same actually for FreeIPA demo which was also running on
> F21
> >>> before:
> >>> http://www.freeipa.org/page/Demo
> >>> I had to do it in two steps: F21->F22, F22->F23.
> >>>
> >>> If you make sure that F22->F23 upgrade updates to freeipa-4.2.3-1.fc23
> or
> >>> later
> >>> (https://bodhi.fedoraproject.org/updates/FEDORA-2015-4d94884a7e), it
> >>> should
> >>> work just fine.
> >>>
>  If you do not want t upgrade so often you might use FreeIPA
>  on CentOS 7
> 
>  LS
> 
> >>>
> >>>
> >>
> >
>
>
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Re: [Freeipa-users] Upgrade from 4.1.4

2015-11-04 Thread Prashant Bapat 
Looks like there are issues with dogtag and tomcat8.
http://pki.fedoraproject.org/wiki/Tomcat_8

On 5 November 2015 at 11:32, Prashant Bapat  wrote:

> New issue with upgrade.
>
> I setup a test IPA server. Its on AWS EC2 instance in a VPC. Fedora 21.
> freeipa 4.1.4.
>
> Upgraded OS from F21 --> F22 --> F23. All OK.
>
> Once in F23 *ipactl start* command tells me an upgrade is needed.
>
> Ran* ipa-server-upgrade* command. This command seems to do everything but
> somehow fails during upgrading the PKI (Tomcat). Now the tomcat service
> wont start. Other components are upgraded to 4.2.2 but Tomcat is down.
>
> Attached is the *ipaupgrade.log* and *catalina.2015-11-05.log*.
>
> Any help appreciated.
>
> Thanks.
> --Prashant
>
> On 5 November 2015 at 06:31, Prashant Bapat  wrote:
>
>> Great idea! Is that possible ? Any documentation on how to do this would
>> be very helpful.
>>
>> Thanks.
>>
>> On 4 November 2015 at 19:17, Rob Crittenden  wrote:
>>
>>> Martin Kosek wrote:
>>> > On 11/04/2015 10:27 AM, Prashant Bapat wrote:
>>> >> Ack. But in a live replicated setup wont upgrading from F21->F22 and
>>> >> F22->F23 take a long time. I mean couple of hours ?
>>> >
>>> > It will take some outage time, yes. But if you have appropriate number
>>> of
>>> > replicas and are upgrading one by one, you should be fine - the
>>> clients should
>>> > fail over to other replicas.
>>> >
>>> >> Are there any other ways to do this. Perhaps do a fresh install of
>>> F23 and
>>> >> then restore data from FreeIPA 4.1.4 (F21) ?
>>> >
>>> > FreeIPA upgrade also updates the data themselves. Restoring old data
>>> and
>>> > configuration files on fresh F23 using full backup + running the
>>> upgrade may
>>> > work, but there may be also a lot of hurdles. It is not really a
>>> tested approach.
>>>
>>> Or he could one by one install a new F23 system and configure it as a
>>> new master to replace one of the old ones until they are all running F23.
>>>
>>> I'm pretty sure backup/restore only works within the same version.
>>>
>>> rob
>>>
>>> >
>>> >>
>>> >> On 4 November 2015 at 14:52, Martin Kosek  wrote:
>>> >>
>>> >>> On 11/04/2015 10:15 AM, Lukas Slebodnik wrote:
>>>  On (04/11/15 14:37), Prashant Bapat wrote:
>>> > Hi All,
>>> >
>>> > We rolled out freeipa in our setup somewhere in beginning of 2015.
>>> Since
>>> > then there have been couple of new releases. Latest being 4.2.3.
>>> >
>>> > The FreeIPA servers are installed on Fedora 21 hosts and at this
>>> point
>>> > there is no direct way of upgrading to 4.2.3 unless we also
>>> upgrade the
>>> >>> OS.
>>> > The COPR repos do not support Fedora 21.
>>> >
>>>  Fedora 23 was released yesterday.
>>>  It means then Fedora 21 will be out of support in a month.
>>>  I would definitelly recomment to upgrade it to newer Fedora.
>>> >>>
>>> >>> +1. I did the same actually for FreeIPA demo which was also running
>>> on F21
>>> >>> before:
>>> >>> http://www.freeipa.org/page/Demo
>>> >>> I had to do it in two steps: F21->F22, F22->F23.
>>> >>>
>>> >>> If you make sure that F22->F23 upgrade updates to
>>> freeipa-4.2.3-1.fc23 or
>>> >>> later
>>> >>> (https://bodhi.fedoraproject.org/updates/FEDORA-2015-4d94884a7e), it
>>> >>> should
>>> >>> work just fine.
>>> >>>
>>>  If you do not want t upgrade so often you might use FreeIPA
>>>  on CentOS 7
>>> 
>>>  LS
>>> 
>>> >>>
>>> >>>
>>> >>
>>> >
>>>
>>>
>>
>
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Re: [Freeipa-users] Upgrade from 4.1.4

2015-11-04 Thread Rob Crittenden 
Martin Kosek wrote:
> On 11/04/2015 10:27 AM, Prashant Bapat wrote:
>> Ack. But in a live replicated setup wont upgrading from F21->F22 and
>> F22->F23 take a long time. I mean couple of hours ?
> 
> It will take some outage time, yes. But if you have appropriate number of
> replicas and are upgrading one by one, you should be fine - the clients should
> fail over to other replicas.
> 
>> Are there any other ways to do this. Perhaps do a fresh install of F23 and
>> then restore data from FreeIPA 4.1.4 (F21) ?
> 
> FreeIPA upgrade also updates the data themselves. Restoring old data and
> configuration files on fresh F23 using full backup + running the upgrade may
> work, but there may be also a lot of hurdles. It is not really a tested 
> approach.

Or he could one by one install a new F23 system and configure it as a
new master to replace one of the old ones until they are all running F23.

I'm pretty sure backup/restore only works within the same version.

rob

> 
>>
>> On 4 November 2015 at 14:52, Martin Kosek  wrote:
>>
>>> On 11/04/2015 10:15 AM, Lukas Slebodnik wrote:
 On (04/11/15 14:37), Prashant Bapat wrote:
> Hi All,
>
> We rolled out freeipa in our setup somewhere in beginning of 2015. Since
> then there have been couple of new releases. Latest being 4.2.3.
>
> The FreeIPA servers are installed on Fedora 21 hosts and at this point
> there is no direct way of upgrading to 4.2.3 unless we also upgrade the
>>> OS.
> The COPR repos do not support Fedora 21.
>
 Fedora 23 was released yesterday.
 It means then Fedora 21 will be out of support in a month.
 I would definitelly recomment to upgrade it to newer Fedora.
>>>
>>> +1. I did the same actually for FreeIPA demo which was also running on F21
>>> before:
>>> http://www.freeipa.org/page/Demo
>>> I had to do it in two steps: F21->F22, F22->F23.
>>>
>>> If you make sure that F22->F23 upgrade updates to freeipa-4.2.3-1.fc23 or
>>> later
>>> (https://bodhi.fedoraproject.org/updates/FEDORA-2015-4d94884a7e), it
>>> should
>>> work just fine.
>>>
 If you do not want t upgrade so often you might use FreeIPA
 on CentOS 7

 LS

>>>
>>>
>>
> 

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Re: [Freeipa-users] Upgrade from 4.1.4

2015-11-04 Thread Lukas Slebodnik 
On (04/11/15 14:37), Prashant Bapat wrote:
>Hi All,
>
>We rolled out freeipa in our setup somewhere in beginning of 2015. Since
>then there have been couple of new releases. Latest being 4.2.3.
>
>The FreeIPA servers are installed on Fedora 21 hosts and at this point
>there is no direct way of upgrading to 4.2.3 unless we also upgrade the OS.
>The COPR repos do not support Fedora 21.
>
Fedora 23 was released yesterday.
It means then Fedora 21 will be out of support in a month.
I would definitelly recomment to upgrade it to newer Fedora.

If you do not want t upgrade so often you might use FreeIPA
on CentOS 7

LS

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Re: [Freeipa-users] Upgrade from 4.1.4

2015-11-04 Thread Martin Kosek 
On 11/04/2015 10:15 AM, Lukas Slebodnik wrote:
> On (04/11/15 14:37), Prashant Bapat wrote:
>> Hi All,
>>
>> We rolled out freeipa in our setup somewhere in beginning of 2015. Since
>> then there have been couple of new releases. Latest being 4.2.3.
>>
>> The FreeIPA servers are installed on Fedora 21 hosts and at this point
>> there is no direct way of upgrading to 4.2.3 unless we also upgrade the OS.
>> The COPR repos do not support Fedora 21.
>>
> Fedora 23 was released yesterday.
> It means then Fedora 21 will be out of support in a month.
> I would definitelly recomment to upgrade it to newer Fedora.

+1. I did the same actually for FreeIPA demo which was also running on F21 
before:
http://www.freeipa.org/page/Demo
I had to do it in two steps: F21->F22, F22->F23.

If you make sure that F22->F23 upgrade updates to freeipa-4.2.3-1.fc23 or later
(https://bodhi.fedoraproject.org/updates/FEDORA-2015-4d94884a7e), it should
work just fine.

> If you do not want t upgrade so often you might use FreeIPA
> on CentOS 7
> 
> LS
> 

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Re: [Freeipa-users] Upgrade from 4.1.4

2015-11-04 Thread Martin Kosek 
On 11/04/2015 10:27 AM, Prashant Bapat wrote:
> Ack. But in a live replicated setup wont upgrading from F21->F22 and
> F22->F23 take a long time. I mean couple of hours ?

It will take some outage time, yes. But if you have appropriate number of
replicas and are upgrading one by one, you should be fine - the clients should
fail over to other replicas.

> Are there any other ways to do this. Perhaps do a fresh install of F23 and
> then restore data from FreeIPA 4.1.4 (F21) ?

FreeIPA upgrade also updates the data themselves. Restoring old data and
configuration files on fresh F23 using full backup + running the upgrade may
work, but there may be also a lot of hurdles. It is not really a tested 
approach.

> 
> On 4 November 2015 at 14:52, Martin Kosek  wrote:
> 
>> On 11/04/2015 10:15 AM, Lukas Slebodnik wrote:
>>> On (04/11/15 14:37), Prashant Bapat wrote:
 Hi All,

 We rolled out freeipa in our setup somewhere in beginning of 2015. Since
 then there have been couple of new releases. Latest being 4.2.3.

 The FreeIPA servers are installed on Fedora 21 hosts and at this point
 there is no direct way of upgrading to 4.2.3 unless we also upgrade the
>> OS.
 The COPR repos do not support Fedora 21.

>>> Fedora 23 was released yesterday.
>>> It means then Fedora 21 will be out of support in a month.
>>> I would definitelly recomment to upgrade it to newer Fedora.
>>
>> +1. I did the same actually for FreeIPA demo which was also running on F21
>> before:
>> http://www.freeipa.org/page/Demo
>> I had to do it in two steps: F21->F22, F22->F23.
>>
>> If you make sure that F22->F23 upgrade updates to freeipa-4.2.3-1.fc23 or
>> later
>> (https://bodhi.fedoraproject.org/updates/FEDORA-2015-4d94884a7e), it
>> should
>> work just fine.
>>
>>> If you do not want t upgrade so often you might use FreeIPA
>>> on CentOS 7
>>>
>>> LS
>>>
>>
>>
> 

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

[Freeipa-users] Upgrade from 4.1.4

2015-11-04 Thread Prashant Bapat 
Hi All,

We rolled out freeipa in our setup somewhere in beginning of 2015. Since
then there have been couple of new releases. Latest being 4.2.3.

The FreeIPA servers are installed on Fedora 21 hosts and at this point
there is no direct way of upgrading to 4.2.3 unless we also upgrade the OS.
The COPR repos do not support Fedora 21.

Is there a way to get the latest freeipa WITHOUT upgrading the OS ?

Since Fedora releases a new version approx every 6 months, how are others
handling the upgrades ?

Please let me know.

Thanks.
--Prashant
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Re: [Freeipa-users] Upgrade from 4.1.4

2015-11-04 Thread Prashant Bapat 
Ack. But in a live replicated setup wont upgrading from F21->F22 and
F22->F23 take a long time. I mean couple of hours ?

Are there any other ways to do this. Perhaps do a fresh install of F23 and
then restore data from FreeIPA 4.1.4 (F21) ?

On 4 November 2015 at 14:52, Martin Kosek  wrote:

> On 11/04/2015 10:15 AM, Lukas Slebodnik wrote:
> > On (04/11/15 14:37), Prashant Bapat wrote:
> >> Hi All,
> >>
> >> We rolled out freeipa in our setup somewhere in beginning of 2015. Since
> >> then there have been couple of new releases. Latest being 4.2.3.
> >>
> >> The FreeIPA servers are installed on Fedora 21 hosts and at this point
> >> there is no direct way of upgrading to 4.2.3 unless we also upgrade the
> OS.
> >> The COPR repos do not support Fedora 21.
> >>
> > Fedora 23 was released yesterday.
> > It means then Fedora 21 will be out of support in a month.
> > I would definitelly recomment to upgrade it to newer Fedora.
>
> +1. I did the same actually for FreeIPA demo which was also running on F21
> before:
> http://www.freeipa.org/page/Demo
> I had to do it in two steps: F21->F22, F22->F23.
>
> If you make sure that F22->F23 upgrade updates to freeipa-4.2.3-1.fc23 or
> later
> (https://bodhi.fedoraproject.org/updates/FEDORA-2015-4d94884a7e), it
> should
> work just fine.
>
> > If you do not want t upgrade so often you might use FreeIPA
> > on CentOS 7
> >
> > LS
> >
>
>
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project