Angus Clarke via FreeIPA-users wrote: > Hello > > I am planning the upgrade of one of our FreeIPA deployments from EL7.9 > > Previously, we have been quite good at upgrading through OS point > upgrades (7.3, 7.4, 7.5 etc) as this was the advice through that series > of FreeIPA software. > > Upgrading our FreeIPAs from EL7.9 today will see me introduce an EL8 > FreeIPA which will receive the freeipa software from the Appstream > repository. At time of writing, that process will see me introducing a > replica running ipa-server 4.9.8 to my existing FreeIPA nodes running > ipa-server 4.6.8 > > Should I be concerned about more minor updates and find some way of > upgrading through different ipa-server (and dependencies) releases from > Appstream or do you think I should just run the procedure as described > above?
Major version upgrades via adding a new machine is the recommended and documented route. It includes retiring existing, older servers, so have a plan for that. Running mixed versions is likely fine in most cases but we don't recommend doing it for very long and encourage a relatively fast migration (weeks not months). Be sure to watch the replication topology and maintain the service mix (e.g. at least 2 CAs), and at have one CA designated as the renewal master, CRL master, etc. It's all in the docs. rob _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
