Re: [Freeipa-users] Upgrade from 4.1.4
Please ignore my mails about tomcat/pki. An update fixed the issue. On 5 November 2015 at 12:58, Prashant Bapatwrote: > Looks like there are issues with dogtag and tomcat8. > http://pki.fedoraproject.org/wiki/Tomcat_8 > > On 5 November 2015 at 11:32, Prashant Bapat wrote: > >> New issue with upgrade. >> >> I setup a test IPA server. Its on AWS EC2 instance in a VPC. Fedora 21. >> freeipa 4.1.4. >> >> Upgraded OS from F21 --> F22 --> F23. All OK. >> >> Once in F23 *ipactl start* command tells me an upgrade is needed. >> >> Ran* ipa-server-upgrade* command. This command seems to do everything >> but somehow fails during upgrading the PKI (Tomcat). Now the tomcat service >> wont start. Other components are upgraded to 4.2.2 but Tomcat is down. >> >> Attached is the *ipaupgrade.log* and *catalina.2015-11-05.log*. >> >> Any help appreciated. >> >> Thanks. >> --Prashant >> >> On 5 November 2015 at 06:31, Prashant Bapat wrote: >> >>> Great idea! Is that possible ? Any documentation on how to do this would >>> be very helpful. >>> >>> Thanks. >>> >>> On 4 November 2015 at 19:17, Rob Crittenden wrote: >>> Martin Kosek wrote: > On 11/04/2015 10:27 AM, Prashant Bapat wrote: >> Ack. But in a live replicated setup wont upgrading from F21->F22 and >> F22->F23 take a long time. I mean couple of hours ? > > It will take some outage time, yes. But if you have appropriate number of > replicas and are upgrading one by one, you should be fine - the clients should > fail over to other replicas. > >> Are there any other ways to do this. Perhaps do a fresh install of F23 and >> then restore data from FreeIPA 4.1.4 (F21) ? > > FreeIPA upgrade also updates the data themselves. Restoring old data and > configuration files on fresh F23 using full backup + running the upgrade may > work, but there may be also a lot of hurdles. It is not really a tested approach. Or he could one by one install a new F23 system and configure it as a new master to replace one of the old ones until they are all running F23. I'm pretty sure backup/restore only works within the same version. rob > >> >> On 4 November 2015 at 14:52, Martin Kosek wrote: >> >>> On 11/04/2015 10:15 AM, Lukas Slebodnik wrote: On (04/11/15 14:37), Prashant Bapat wrote: > Hi All, > > We rolled out freeipa in our setup somewhere in beginning of 2015. Since > then there have been couple of new releases. Latest being 4.2.3. > > The FreeIPA servers are installed on Fedora 21 hosts and at this point > there is no direct way of upgrading to 4.2.3 unless we also upgrade the >>> OS. > The COPR repos do not support Fedora 21. > Fedora 23 was released yesterday. It means then Fedora 21 will be out of support in a month. I would definitelly recomment to upgrade it to newer Fedora. >>> >>> +1. I did the same actually for FreeIPA demo which was also running on F21 >>> before: >>> http://www.freeipa.org/page/Demo >>> I had to do it in two steps: F21->F22, F22->F23. >>> >>> If you make sure that F22->F23 upgrade updates to freeipa-4.2.3-1.fc23 or >>> later >>> (https://bodhi.fedoraproject.org/updates/FEDORA-2015-4d94884a7e), it >>> should >>> work just fine. >>> If you do not want t upgrade so often you might use FreeIPA on CentOS 7 LS >>> >>> >> > >>> >> > -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] Upgrade from 4.1.4
Great idea! Is that possible ? Any documentation on how to do this would be very helpful. Thanks. On 4 November 2015 at 19:17, Rob Crittendenwrote: > Martin Kosek wrote: > > On 11/04/2015 10:27 AM, Prashant Bapat wrote: > >> Ack. But in a live replicated setup wont upgrading from F21->F22 and > >> F22->F23 take a long time. I mean couple of hours ? > > > > It will take some outage time, yes. But if you have appropriate number of > > replicas and are upgrading one by one, you should be fine - the clients > should > > fail over to other replicas. > > > >> Are there any other ways to do this. Perhaps do a fresh install of F23 > and > >> then restore data from FreeIPA 4.1.4 (F21) ? > > > > FreeIPA upgrade also updates the data themselves. Restoring old data and > > configuration files on fresh F23 using full backup + running the upgrade > may > > work, but there may be also a lot of hurdles. It is not really a tested > approach. > > Or he could one by one install a new F23 system and configure it as a > new master to replace one of the old ones until they are all running F23. > > I'm pretty sure backup/restore only works within the same version. > > rob > > > > >> > >> On 4 November 2015 at 14:52, Martin Kosek wrote: > >> > >>> On 11/04/2015 10:15 AM, Lukas Slebodnik wrote: > On (04/11/15 14:37), Prashant Bapat wrote: > > Hi All, > > > > We rolled out freeipa in our setup somewhere in beginning of 2015. > Since > > then there have been couple of new releases. Latest being 4.2.3. > > > > The FreeIPA servers are installed on Fedora 21 hosts and at this > point > > there is no direct way of upgrading to 4.2.3 unless we also upgrade > the > >>> OS. > > The COPR repos do not support Fedora 21. > > > Fedora 23 was released yesterday. > It means then Fedora 21 will be out of support in a month. > I would definitelly recomment to upgrade it to newer Fedora. > >>> > >>> +1. I did the same actually for FreeIPA demo which was also running on > F21 > >>> before: > >>> http://www.freeipa.org/page/Demo > >>> I had to do it in two steps: F21->F22, F22->F23. > >>> > >>> If you make sure that F22->F23 upgrade updates to freeipa-4.2.3-1.fc23 > or > >>> later > >>> (https://bodhi.fedoraproject.org/updates/FEDORA-2015-4d94884a7e), it > >>> should > >>> work just fine. > >>> > If you do not want t upgrade so often you might use FreeIPA > on CentOS 7 > > LS > > >>> > >>> > >> > > > > -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] Upgrade from 4.1.4
Looks like there are issues with dogtag and tomcat8. http://pki.fedoraproject.org/wiki/Tomcat_8 On 5 November 2015 at 11:32, Prashant Bapatwrote: > New issue with upgrade. > > I setup a test IPA server. Its on AWS EC2 instance in a VPC. Fedora 21. > freeipa 4.1.4. > > Upgraded OS from F21 --> F22 --> F23. All OK. > > Once in F23 *ipactl start* command tells me an upgrade is needed. > > Ran* ipa-server-upgrade* command. This command seems to do everything but > somehow fails during upgrading the PKI (Tomcat). Now the tomcat service > wont start. Other components are upgraded to 4.2.2 but Tomcat is down. > > Attached is the *ipaupgrade.log* and *catalina.2015-11-05.log*. > > Any help appreciated. > > Thanks. > --Prashant > > On 5 November 2015 at 06:31, Prashant Bapat wrote: > >> Great idea! Is that possible ? Any documentation on how to do this would >> be very helpful. >> >> Thanks. >> >> On 4 November 2015 at 19:17, Rob Crittenden wrote: >> >>> Martin Kosek wrote: >>> > On 11/04/2015 10:27 AM, Prashant Bapat wrote: >>> >> Ack. But in a live replicated setup wont upgrading from F21->F22 and >>> >> F22->F23 take a long time. I mean couple of hours ? >>> > >>> > It will take some outage time, yes. But if you have appropriate number >>> of >>> > replicas and are upgrading one by one, you should be fine - the >>> clients should >>> > fail over to other replicas. >>> > >>> >> Are there any other ways to do this. Perhaps do a fresh install of >>> F23 and >>> >> then restore data from FreeIPA 4.1.4 (F21) ? >>> > >>> > FreeIPA upgrade also updates the data themselves. Restoring old data >>> and >>> > configuration files on fresh F23 using full backup + running the >>> upgrade may >>> > work, but there may be also a lot of hurdles. It is not really a >>> tested approach. >>> >>> Or he could one by one install a new F23 system and configure it as a >>> new master to replace one of the old ones until they are all running F23. >>> >>> I'm pretty sure backup/restore only works within the same version. >>> >>> rob >>> >>> > >>> >> >>> >> On 4 November 2015 at 14:52, Martin Kosek wrote: >>> >> >>> >>> On 11/04/2015 10:15 AM, Lukas Slebodnik wrote: >>> On (04/11/15 14:37), Prashant Bapat wrote: >>> > Hi All, >>> > >>> > We rolled out freeipa in our setup somewhere in beginning of 2015. >>> Since >>> > then there have been couple of new releases. Latest being 4.2.3. >>> > >>> > The FreeIPA servers are installed on Fedora 21 hosts and at this >>> point >>> > there is no direct way of upgrading to 4.2.3 unless we also >>> upgrade the >>> >>> OS. >>> > The COPR repos do not support Fedora 21. >>> > >>> Fedora 23 was released yesterday. >>> It means then Fedora 21 will be out of support in a month. >>> I would definitelly recomment to upgrade it to newer Fedora. >>> >>> >>> >>> +1. I did the same actually for FreeIPA demo which was also running >>> on F21 >>> >>> before: >>> >>> http://www.freeipa.org/page/Demo >>> >>> I had to do it in two steps: F21->F22, F22->F23. >>> >>> >>> >>> If you make sure that F22->F23 upgrade updates to >>> freeipa-4.2.3-1.fc23 or >>> >>> later >>> >>> (https://bodhi.fedoraproject.org/updates/FEDORA-2015-4d94884a7e), it >>> >>> should >>> >>> work just fine. >>> >>> >>> If you do not want t upgrade so often you might use FreeIPA >>> on CentOS 7 >>> >>> LS >>> >>> >>> >>> >>> >>> >> >>> > >>> >>> >> > -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] Upgrade from 4.1.4
Martin Kosek wrote: > On 11/04/2015 10:27 AM, Prashant Bapat wrote: >> Ack. But in a live replicated setup wont upgrading from F21->F22 and >> F22->F23 take a long time. I mean couple of hours ? > > It will take some outage time, yes. But if you have appropriate number of > replicas and are upgrading one by one, you should be fine - the clients should > fail over to other replicas. > >> Are there any other ways to do this. Perhaps do a fresh install of F23 and >> then restore data from FreeIPA 4.1.4 (F21) ? > > FreeIPA upgrade also updates the data themselves. Restoring old data and > configuration files on fresh F23 using full backup + running the upgrade may > work, but there may be also a lot of hurdles. It is not really a tested > approach. Or he could one by one install a new F23 system and configure it as a new master to replace one of the old ones until they are all running F23. I'm pretty sure backup/restore only works within the same version. rob > >> >> On 4 November 2015 at 14:52, Martin Kosekwrote: >> >>> On 11/04/2015 10:15 AM, Lukas Slebodnik wrote: On (04/11/15 14:37), Prashant Bapat wrote: > Hi All, > > We rolled out freeipa in our setup somewhere in beginning of 2015. Since > then there have been couple of new releases. Latest being 4.2.3. > > The FreeIPA servers are installed on Fedora 21 hosts and at this point > there is no direct way of upgrading to 4.2.3 unless we also upgrade the >>> OS. > The COPR repos do not support Fedora 21. > Fedora 23 was released yesterday. It means then Fedora 21 will be out of support in a month. I would definitelly recomment to upgrade it to newer Fedora. >>> >>> +1. I did the same actually for FreeIPA demo which was also running on F21 >>> before: >>> http://www.freeipa.org/page/Demo >>> I had to do it in two steps: F21->F22, F22->F23. >>> >>> If you make sure that F22->F23 upgrade updates to freeipa-4.2.3-1.fc23 or >>> later >>> (https://bodhi.fedoraproject.org/updates/FEDORA-2015-4d94884a7e), it >>> should >>> work just fine. >>> If you do not want t upgrade so often you might use FreeIPA on CentOS 7 LS >>> >>> >> > -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] Upgrade from 4.1.4
On (04/11/15 14:37), Prashant Bapat wrote: >Hi All, > >We rolled out freeipa in our setup somewhere in beginning of 2015. Since >then there have been couple of new releases. Latest being 4.2.3. > >The FreeIPA servers are installed on Fedora 21 hosts and at this point >there is no direct way of upgrading to 4.2.3 unless we also upgrade the OS. >The COPR repos do not support Fedora 21. > Fedora 23 was released yesterday. It means then Fedora 21 will be out of support in a month. I would definitelly recomment to upgrade it to newer Fedora. If you do not want t upgrade so often you might use FreeIPA on CentOS 7 LS -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] Upgrade from 4.1.4
On 11/04/2015 10:15 AM, Lukas Slebodnik wrote: > On (04/11/15 14:37), Prashant Bapat wrote: >> Hi All, >> >> We rolled out freeipa in our setup somewhere in beginning of 2015. Since >> then there have been couple of new releases. Latest being 4.2.3. >> >> The FreeIPA servers are installed on Fedora 21 hosts and at this point >> there is no direct way of upgrading to 4.2.3 unless we also upgrade the OS. >> The COPR repos do not support Fedora 21. >> > Fedora 23 was released yesterday. > It means then Fedora 21 will be out of support in a month. > I would definitelly recomment to upgrade it to newer Fedora. +1. I did the same actually for FreeIPA demo which was also running on F21 before: http://www.freeipa.org/page/Demo I had to do it in two steps: F21->F22, F22->F23. If you make sure that F22->F23 upgrade updates to freeipa-4.2.3-1.fc23 or later (https://bodhi.fedoraproject.org/updates/FEDORA-2015-4d94884a7e), it should work just fine. > If you do not want t upgrade so often you might use FreeIPA > on CentOS 7 > > LS > -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] Upgrade from 4.1.4
On 11/04/2015 10:27 AM, Prashant Bapat wrote: > Ack. But in a live replicated setup wont upgrading from F21->F22 and > F22->F23 take a long time. I mean couple of hours ? It will take some outage time, yes. But if you have appropriate number of replicas and are upgrading one by one, you should be fine - the clients should fail over to other replicas. > Are there any other ways to do this. Perhaps do a fresh install of F23 and > then restore data from FreeIPA 4.1.4 (F21) ? FreeIPA upgrade also updates the data themselves. Restoring old data and configuration files on fresh F23 using full backup + running the upgrade may work, but there may be also a lot of hurdles. It is not really a tested approach. > > On 4 November 2015 at 14:52, Martin Kosekwrote: > >> On 11/04/2015 10:15 AM, Lukas Slebodnik wrote: >>> On (04/11/15 14:37), Prashant Bapat wrote: Hi All, We rolled out freeipa in our setup somewhere in beginning of 2015. Since then there have been couple of new releases. Latest being 4.2.3. The FreeIPA servers are installed on Fedora 21 hosts and at this point there is no direct way of upgrading to 4.2.3 unless we also upgrade the >> OS. The COPR repos do not support Fedora 21. >>> Fedora 23 was released yesterday. >>> It means then Fedora 21 will be out of support in a month. >>> I would definitelly recomment to upgrade it to newer Fedora. >> >> +1. I did the same actually for FreeIPA demo which was also running on F21 >> before: >> http://www.freeipa.org/page/Demo >> I had to do it in two steps: F21->F22, F22->F23. >> >> If you make sure that F22->F23 upgrade updates to freeipa-4.2.3-1.fc23 or >> later >> (https://bodhi.fedoraproject.org/updates/FEDORA-2015-4d94884a7e), it >> should >> work just fine. >> >>> If you do not want t upgrade so often you might use FreeIPA >>> on CentOS 7 >>> >>> LS >>> >> >> > -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
[Freeipa-users] Upgrade from 4.1.4
Hi All, We rolled out freeipa in our setup somewhere in beginning of 2015. Since then there have been couple of new releases. Latest being 4.2.3. The FreeIPA servers are installed on Fedora 21 hosts and at this point there is no direct way of upgrading to 4.2.3 unless we also upgrade the OS. The COPR repos do not support Fedora 21. Is there a way to get the latest freeipa WITHOUT upgrading the OS ? Since Fedora releases a new version approx every 6 months, how are others handling the upgrades ? Please let me know. Thanks. --Prashant -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] Upgrade from 4.1.4
Ack. But in a live replicated setup wont upgrading from F21->F22 and F22->F23 take a long time. I mean couple of hours ? Are there any other ways to do this. Perhaps do a fresh install of F23 and then restore data from FreeIPA 4.1.4 (F21) ? On 4 November 2015 at 14:52, Martin Kosekwrote: > On 11/04/2015 10:15 AM, Lukas Slebodnik wrote: > > On (04/11/15 14:37), Prashant Bapat wrote: > >> Hi All, > >> > >> We rolled out freeipa in our setup somewhere in beginning of 2015. Since > >> then there have been couple of new releases. Latest being 4.2.3. > >> > >> The FreeIPA servers are installed on Fedora 21 hosts and at this point > >> there is no direct way of upgrading to 4.2.3 unless we also upgrade the > OS. > >> The COPR repos do not support Fedora 21. > >> > > Fedora 23 was released yesterday. > > It means then Fedora 21 will be out of support in a month. > > I would definitelly recomment to upgrade it to newer Fedora. > > +1. I did the same actually for FreeIPA demo which was also running on F21 > before: > http://www.freeipa.org/page/Demo > I had to do it in two steps: F21->F22, F22->F23. > > If you make sure that F22->F23 upgrade updates to freeipa-4.2.3-1.fc23 or > later > (https://bodhi.fedoraproject.org/updates/FEDORA-2015-4d94884a7e), it > should > work just fine. > > > If you do not want t upgrade so often you might use FreeIPA > > on CentOS 7 > > > > LS > > > > -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project