On 04/07/2015 11:29 PM, Dmitri Pal wrote: > On 04/07/2015 03:04 PM, Natxo Asenjo wrote: >> hi, >> >> On Fri, Apr 3, 2015 at 4:41 PM, Dmitri Pal <d...@redhat.com >> <mailto:d...@redhat.com>> wrote: >> >> On 04/03/2015 09:46 AM, Brian Topping wrote: >>>> On Apr 3, 2015, at 6:48 AM, Tamas Papp<tom...@martos.bme.hu> >>>> <mailto:tom...@martos.bme.hu> wrote: >>>> >>>> hi All, >>>> >>>> I have CentOS 6.6 server and want to upgrade to 7.1. >>>> >>>> What is the upgrade path, can I do it directly or first I need to make >>>> it to 3.3? >>>> Also is there any known issue I should expect with workarounds? >>> I just did this yesterday, so here's my experience. If you have a simple >>> single-server installation with no custom LDAP DIT modifications, you should >>> find "yum upgrade" does the right thing. >>> >>> If you do have DIT mods, you should ask yourself why they are there and >>> whether the data will still be accessible after the ACLs are changed. In my >>> case, I had Postfix using a LDAP hash and mail delivery stopped working >>> (although the domain data was still there just fine). >>> >>> Note that the ACLs will propagate from the 4.1 server to your 3.0 if >>> they are replicated. To be safe, back up all replicas (snapshot or whatnot) >>> before the first upgrade and if you decide to restore any of them, be sure >>> everything is shut down and restore all of them to avoid 4.x schema >>> contaminating 3.0 as they come up. >> >> >> The general recommendation for 3.3 -> 4.1 migration is to start >> introducing 4.1 replicas into your 3.3 environment and then turn >> your 3.3 replicas off. Do not forget to install the CA component >> with one of your 4.1 replicas before removing all the 3.3 >> instanced with CAs. With this procedure you would also need to >> move the CRL generation and cert tracking. >> >> See details in migration section >> >> https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html-single/Linux_Domain_Identity_Authentication_and_Policy_Guide/index.html#migrating-ipa-proc >> >> >> >> Will this excellent documentation work too on the migration from 3.0x (rhel >> 6) to 4.1.x (rhel 7.1)? >> >> I will be migrating the coming months to 7.1 or 7.2 (whichever is the current >> stable then), so just wondering. > > Yes, though it is recommended to get to the latest 6.x first before you start > introducing 7.x replicas.
Strongly recommended I would say. Before adding RHEL-7.1 replica, please update to RHEL-6.6 + all it's z-streams to avoid compatibility issues in Directory Server or bind-dyndb-ldap if you are using DNS forward zones. HTH, Martin -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project