thank you! Out of curiosity has anyone been able to automate this using chef/puppet etc?
On Tue, Jan 26, 2016 at 10:56 AM, Martin Kosek <mko...@redhat.com> wrote: > Did you follow the instructions in the error message? There is also a > longer > description here: > > > https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/upgrading.html#migrating-ipa-proc > > Martin > > On 01/26/2016 04:38 PM, Ash Alam wrote: > > I wanted to follow up on this as i finally gotten around to doing the > > upgrade. I an running into this error. I also found a bugzilla ticket. Do > > you have to do some type of schema upgrade like you do with active > > directory? > > > > https://bugzilla.redhat.com/show_bug.cgi?id=1235766 > > > > STDERR: ipa : CRITICAL The master CA directory server does > not > > have necessary schema. Please copy the following script to all CA masters > > and run it on them: /usr/share/ipa/copy-schema-to-ca.py > > > > If you are certain that this is a false positive, use > > --skip-schema-check. > > > > ipa.ipapython.install.cli.install_tool(Replica): ERROR IPA schema > > missing on master CA directory server > > > > > > > > Thank You > > > > > > > > > > On Fri, Nov 20, 2015 at 11:13 AM, Martin Kosek <mko...@redhat.com> > wrote: > > > >> On 11/20/2015 04:08 PM, Ash Alam wrote: > >> > >>> Most of the clients in my env are centos 6.6 with ipa 3.0.0 client > >>> installed. I > >>> if bring up a replica on centos 7.2 with ipa 4.2.3 server and then > start > >>> phasing out the older 3.0.0 servers. Will the client that are still > >>> running the > >>> older client software still work? > >>> > >> > >> It should, yes. It is expected that there are RHEL/CentOS-6 clients with > >> RHEL-7 FreeIPA servers. The older clients just won't be able to use the > >> newest features. > >> > >> > >>> On Fri, Nov 20, 2015 at 4:31 AM, Martin Kosek <mko...@redhat.com > >>> <mailto:mko...@redhat.com>> wrote: > >>> > >>> On 11/19/2015 11:03 PM, Ash Alam wrote: > >>> > >>> Hello All > >>> > >>> I am looking for some advice on upgrading. Currently our > FreeIPA > >>> servers are > >>> 3.0.0 on centos 6.6. We are looking to go to 4.2.3 Centos7. > This > >>> upgrade path > >>> is not possible per IPA documentation. Minimum version required > >>> is 3.3.x. I > >>> have also found that cenos6 does not provide anything past > 3.0.0. > >>> > >>> > >>> And it won't. There are no plans in updating FreeIPA version in > >>> RHEL/CentOS-6.x, we encourage people who want the new features to > >>> migrate > >>> to RHEL-7.x: > >>> > >>> > >>> > http://www.freeipa.org/page/Howto/Migration#Migrating_Identity_Management_in_RHEL.2FCentOS > >>> > >>> > >>> > https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/upgrading.html#migrating-ipa-proc > >>> > >>> If you want to wait on CentOS-7.2, it should be in works now: > >>> http://seven.centos.org/2015/11/rhel-7-2-released-today/ > >>> > >>> One idea is to upgrade to 3.3.x first and then upgrade to 4.2.3 > >>> on centos7. > >>> This is harder since centos does not provide this. The other > >>> issue is if > >>> 3.0/3.3 client will be supported with 4.2.3 server. > >>> > >>> > >>> The right way is to migrate via creating replicas in > RHEL/CentOS-7.x > >>> and > >>> slowly deprecating RHEL/CentOS-6 ones. Detailed procedure in the > >>> links above. > >>> > >>> > >>> > >> > > > >
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
