Product SiteDocumentation Site

16.9. Testing Before Upgrading the FreeIPA Server

It can be beneficial, and safer, to test newer versions of FreeIPA before upgrading production systems. There is a relatively simple way to do this by creating a sacrificial replica (which is a read-write server) and testing on that system.
  1. Set up a replica based on one of the production servers, with the same version of FreeIPA as is running in production, as described in Section 2.4, “Setting up FreeIPA Replicas”. For this example, this is called Test Replica. Make sure that Test Replica can successfully connect to the production server and domain.
  2. After verifying that Test Replica has been successfully added to the production domain, disconnect Test Replica from the network.
  3. Remove the replication agreements for Test Replica from the original FreeIPA server and from Test Replica.
  4. Reconnect Test Replica to the network.
  5. Upgrade the packages on Test Replica using yum or whatever package update tool is appropriate for your system. For example:
    # yum update freeipa*
  6. Test common things on Test Replica, like getting Kerberos credentials, opening the server UI, and running commands.