Migrate issued tokens to newly installed server

I have an old centos server with pi 2.23 and a fresh ubuntu 20 server with pi 3.7
Is there a way to migrate all issued tokens to the new server without too much hassle?

Any downtime is not an option what so ever.
That’s why I’m very hesitant to update the old server first.
And I’m not sure if and how I can install pi 2.23 on the new server through packages.

I understand there’s a difference in database structure so that would need special attention.
Is there anything else that needs to be taken in consideration?

The tokenowner are now stored in a different way.
Always take a look at READ BEFORE UPDATE.

The DB migrate script should technically take care of this. However, if you have a high 5 digit number of users, this can take quite some time.

Is there any documentation how to migrate only tokens, preferably with assignments, from pi 2.25 to 3.7?

Have a quite old installation of 2.25 on ubuntu 16.04, on which migrate-data.py is failing, so I don’t really want to migrate.

My failback option would be radius passthrough.

No. This is done by the update script. Actually this is a DB update.

Hi @Alexey_Dolgopolov

OK, You installed the server anew - I see.

My recommendation would be to try the following:

  1. run a backup pi-manage backup create -e on the old server
  2. run a restore on the new server pi-manage backup restore <your backup file>. This will restore the old database to the newly installed server. This means you have the new code with old data.
  3. You could now run the db upgrade / migration: pi-manage db upgrade -d /opt/privacyidea/lib/privacyidea/migrations/.

This would be the basic concept to go. Pitfalls included. Path changes included per individual installation.