Anthony Joseph Messina via FreeIPA-users wrote:
On Friday, August 17, 2018 1:34:03 PM CDT Rob Crittenden wrote:
> Anthony Joseph Messina via FreeIPA-users wrote:
>> I have two full (DNS, CA, KRA) FreeIPA instances still running F27 for
>> stability based on the recommendations at the time of the F28 release. Is
>> *this[1]* FreeIPA release recommended for a full OS dnf upgrade from F27
>> to
>> F28?
>
> Yes, we pushed that to stable today. I am not aware of any upgrade
> issues. Be sure to verify that your certificates are valid before
> starting the upgrade. Better to work that out in F27 than in the middle
> of a F28 upgrade.
>
> You can optionally install new F28 machines and create replicas on them
> to replace the current F27 machines.
>
> rob
Thank you, Alexander and Rob.
I've used the "create replica" method of upgrading in the past, but have
always run into trouble with the continuous splitting of id ranges and dna
ranges as new users are added.
When deleting a replica an attempt is made to harvest any DNA range that
the host had. The range has a "next range" setting that we try to merge
and stuff values in to. You can use ipa-replica-manage to see the status
of these and manually tweak ranges if you need.
I might give it another shot though--when adding a new replica in the
"managed
toplogy" level and promoting a client to a master, is there a way to
"point"
the about to be created replica to a certain master? I've found that it seems
to pick whatever existing master it wants to leading to agreements that don't
match between the domain and the ca.
There is some limited support in 4.7.0 to try to maintain some
"affinity" when setting up a new master but there are still some gaps.
The CA host may be one of them but you should be able to manually tweak
the topology post-install if it is still wonky.
I only run two masters, so I need to go from
MasterA (F27) <-> MasterB (F27)
to
MasterAA (F28) <-> MasterBB (F28)
I'll dig into the upgraded topology docs a bit to see if I can find more
clarification on promoting a client to master in a master in a topology-
managed environment, while upgrading the release at the same time.
Cool, sounds good. Don't forget to reset the CRL generating master once
you are done, and ensure that at least one new master has a DNA range.
rob