Thanks Rafael.

I was hoping to do it in place if at all possible because where things get complicated is the 4.5.4 server is also the internal DNS server that everyone utilizes (we have multiple but people just use the 1 mainly). It really was their "main" server. I added the other two replicas a few years ago to make sure we had something. They contacted me and wanted help to upgrade everything so here I am. Making any modifications to it will probably make everything go heywire (or at least break DNS for everyone). That is unless I get it back immediately by

1. adding a 4th server

2. promoting the 4th server to master

3. decommission the 4.5.4 server

4. reassign the 4th server the same IP as the old 4.5.4 server?

5. upgrade rest of servers

Any thoughts? recommendations?

On Wed, Feb 8, 2023 at 5:43 AM Rafael Jeffman <rjeffman@redhat.com> wrote:

On Tue, Feb 7, 2023 at 6:29 PM Kevin Vasko via FreeIPA-users <freeipa-users@lists.fedorahosted.org> wrote:
>
> We have a set of 3x freeIPA servers that have outdated (everything) in a development/test environment that need to be updated.
>
> It seems that 4.6.8-5.el7.centos.12 is the latest version available on CentOS 7?
>
> We are at on the 3 servers:
> 4.5.4-10.el7.centos.4.4
> 4.6.4-10-el7.centos.6
> 4.6.4-10-el7.centos.6
>
> For the two 4.6.4 installs, that seems relatively simple upgrade as we would only be going to a different dot release and a simple "yum update ipa-server" should handle this? Is there any advisement for/against doing a full "yum update" on the entire system to get everything updated?
>
> For the 4.5.4 system, is there much of a concern going straight from 4.5.4 to 4.6.8 straight? I assume the concern would be jumping major versions and going from say 4.5 to 4.9?
>
> My current plan is to stop at CentOS 7.9 and latest FreeIPA 4.6 release on CentOS 7.9. But for my own knowledge if I was going to 4.10 wouldn't the recommendation path to upgrade to 4.10, to install CentOS Stream 9 on a new server, enroll it, make 4.10 the master and then remove the CentOS 7 instances?
>

Assuming you can't have a 4th server, Is it possible for you to have only 2 replicas for some time? If so, you can remove the 4.5.4 server, fully (cleanly?) upgrade it, add it back, set it as CA master, and repeat the procedure with the other servers.

As you are upgrading the whole OS, this would be more in line with the current recommendation (see https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/migrating_to_identity_management_on_rhel_8/migrate-7-to-8_migrating).

Rafael

> -Kevin
>
>
> _______________________________________________
> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
> To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org
> Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
> Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue

--
Rafael Guterres Jeffman
Senior Software Engineer
FreeIPA - Red Hat