eDirectory 9.2.8 SLES 12 sp5 to SLES 15 sp6 in-place upgrade

Does anyone have experience with an in-place upgrade eDirectory from SLES12 SP5 to SLES15 SP6?

We have VM servers, 3 in each of 4 trees, in production and also in the test environment.

We are using eDirectory 9.2.8 as LDAP server and IDM 4.8.7.

One eDirectory server is running on SLES15 SP6 with a fresh install. It works perfectly.

I want to avoid installing new VMs, it would be about 20 servers.

I have not found any references to recommendations and no-goes. Every information is helpful

Thank you very much,
Ute E.

  • 0 in reply to   

    Thank you Norbert for the valuable reminders of the reasons too

    Ute E.

  • 0 in reply to   

    In fact, That's the motivation for using SLES and not OES. We just have eDir for LDAP and IDM for data exchange.

    Thank you Georg for replying to Claude.

    Ute E.

  • 0 in reply to   

    Hi Philipp,

    thank you for this answer. Yes I know the upgrade paths, we have an upgrade script (provided of our internal Linux group) to upgrade SLES12SP5 to SLES15 SP6. We already used it for several servers, everything worked fine.  

    I just worried whether eDir and IDM will work after upgrade. I think I will first upgrade eDir to 9.2.9 and IDM to 4.9. And then I will try it on one of our test servers.

    The alternative is to install a new SLES15 SP5 VM and add it to an existing tree, then remove the old SLES 12 VM.

    Best, Ute

  • 0 in reply to 

    Hi Claude,

    the motivation is exact like Georg described. Thank you for answering to my post.

    Ute E.

  • 0  

    A thought: In a remote LAB environment set up a VM SLES 15 SP6 with eDir same IP, FQDN and other as the SLES 12 VM. I assume that if a technician is involved with IDM, he knows how to make a DIB and certificate backup. After the backup has been made on the SLES 12 VM, the VM can be shut down and an eDir disaster recovery can be performed bon target vm in the lab.. The NDS knows that the eDir on the server is down, this is also announced in the NDS in Sync. Even if the NDS is restarted on the new VM in the lab, the sync partners are missing and the system is shut down again at the end, i.e. the VM and DIB are offline.

    There are other things to consider for the master functions of the eDir on a VM, but that should also be clear. After the VM has the SLES 12 DIB + Cert, move it from the LAB network to the “real” network and run the necessary health check

    One important thing. Before the whole migration topic, please check whether the transitive synchronization is OK and whether any vectors in the NDS are “rotten”. An experienced NDS supporter will know what this means. Furthermore, please check whether SLP is really OK, whether there are no open offsprings backlinks, Replika sync,  obituaries etc. at any point. Please think about the timekeeping, SLES 12 is different from SLES 15. Check all certificates beforehand and, above all, make a backup of the tree CA. Write a small script using nmap to check whether the necessary ports for eDir, Time, etc. are open on all systems and, above all, check whether every server can reach every server via 524 TCP. Check the hosts of all servers and above all check whether the NDS is bound to 127.0.0.2, the IP can appear as a bind IP in the hosts in certain situations. An NDS on 127.0.02 leads to quite funny errors in the NDS communication. 
    George

    “You can't teach a person anything, you can only help them to discover it within themselves.” Galileo Galilei