Show Table of Contents
8.1.2. Using
Chapter 8. Updating and Migrating Identity Management
8.1. Updating Identity Management
You can use the
yum utility to update the Identity Management packages on the system.
Additionally, if a new minor Red Hat Enterprise Linux version is available, such as 7.3,
yum upgrades the Identity Management server or client to this version.
Note
This section does not describe migrating Identity Management from Red Hat Enterprise Linux 6 to Red Hat Enterprise Linux 7. If you want to migrate, see Section 8.2, “Migrating Identity Management from Red Hat Enterprise Linux 6 to Version 7”.
8.1.1. Considerations for Updating Identity Management
- After you update the Identity Management packages on at least one server, all other servers in the topology receive the updated schema, even if you do not update their packages. This ensures that any new entries which use the new schema can be replicated among the other servers.
- Downgrading Identity Management packages is not supported.
Important
Do not run theyum downgradecommand on any of the ipa-* packages. - Red Hat recommends upgrading to the next version only. For example, if you want to upgrade to Identity Management for Red Hat Enterprise Linux 7.4, we recommend upgrading from Identity Management for Red Hat Enterprise Linux 7.3. Upgrading from earlier versions can cause problems.
8.1.2. Using yum to Update the Identity Management Packages
To update all Identity Management packages on a server or client:
# yum update ipa-*Warning
When upgrading multiple Identity Management servers, wait at least 10 minutes between each upgrade.
When two or more servers are upgraded simultaneously or with only short intervals between the upgrades, there is not enough time to replicate the post-upgrade data changes throughout the topology, which can result in conflicting replication events.
Related Information
- For details on using the
yumutility, see Yum in the System Administrator's Guide.
Important
Due to CVE-2014-3566, the Secure Socket Layer version 3 (SSLv3) protocol needs to be disabled in the
mod_nss module. You can ensure that by following these steps:
- Edit the
/etc/httpd/conf.d/nss.conffile and set theNSSProtocolparameter toTLSv1.0(for backward compatibility),TLSv1.1, andTLSv1.2.NSSProtocol TLSv1.0,TLSv1.1,TLSv1.2
- Restart the
httpdservice.# systemctl restart httpd.service
Note that Identity Management in Red Hat Enterprise Linux 7 automatically performs the above steps when the
yum update ipa-* command is launched to upgrade the main packages.
Where did the comment section go?
Red Hat's documentation publication system recently went through an upgrade to enable speedier, more mobile-friendly content. We decided to re-evaluate our commenting platform to ensure that it meets your expectations and serves as an optimal feedback mechanism. During this redesign, we invite your input on providing feedback on Red Hat documentation via the discussion platform.