Re: [Freeipa-users] migration 3.3->4.1 & CA change

2014-10-23 Thread Jan Cholasta 

Hi,

Dne 23.10.2014 v 08:47 Petr Spacek napsal(a):

On 22.10.2014 22:06, William Graboyes wrote:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Hello List,

So the whole not being able to change the CA easily is becoming a
regular point of contention in meetings.  If I have read the e-mails
on this list correctly this issue is fixed in 4.1.  After spending a
large amount of time thinking about this, I believe I have come to a
solution that will appease management, my coworkers, and myself.

Here is what I am thinking of doing.  I am thinking I will install
FC21 VM with free-IPA (which should be 4.1) then migrating my current
install over there, followed by changing the CA to that of my
contracted CA and third party issuer.

The questions that come to mind are:

1) how does one migrate the information over to a new install, in this
case 3.3 to 4.1 on separate servers?

You should be able to simply add FreeIPA 4.1 replica to existing 3.3
deployment. Please make sure that your 3.3 it updated with latest
packages, older versions of DS had some problems with replication to
newest version AFAIK.


2) is there any documentation on the process of changing the CA in 4.1?

Honza, can you add some details?


You can fid more info at 






3) am I insane for wanting to introduce FC21 into my environment?
4) has anyone done this, and what was your experience with doing so?




Honza

--
Jan Cholasta

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project

Re: [Freeipa-users] migration 3.3->4.1 & CA change

2014-10-22 Thread Petr Spacek 

On 22.10.2014 22:06, William Graboyes wrote:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Hello List,

So the whole not being able to change the CA easily is becoming a
regular point of contention in meetings.  If I have read the e-mails
on this list correctly this issue is fixed in 4.1.  After spending a
large amount of time thinking about this, I believe I have come to a
solution that will appease management, my coworkers, and myself.

Here is what I am thinking of doing.  I am thinking I will install
FC21 VM with free-IPA (which should be 4.1) then migrating my current
install over there, followed by changing the CA to that of my
contracted CA and third party issuer.

The questions that come to mind are:

1) how does one migrate the information over to a new install, in this
case 3.3 to 4.1 on separate servers?
You should be able to simply add FreeIPA 4.1 replica to existing 3.3 
deployment. Please make sure that your 3.3 it updated with latest packages, 
older versions of DS had some problems with replication to newest version AFAIK.



2) is there any documentation on the process of changing the CA in 4.1?

Honza, can you add some details?


3) am I insane for wanting to introduce FC21 into my environment?
4) has anyone done this, and what was your experience with doing so?


--
Petr^2 Spacek

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project