[Freeipa-devel] [PATCH] 461 Update Dogtag 9 database during replica installation
Petr Viktorin
pviktori at redhat.com
Fri Mar 14 11:25:32 UTC 2014
On 03/14/2014 10:29 AM, Alexander Bokovoy wrote:
> On Thu, 13 Mar 2014, Martin Kosek wrote:
>> On 03/13/2014 03:15 PM, Martin Kosek wrote:
>>> On 03/13/2014 09:09 AM, Martin Kosek wrote:
>>>> When Dogtag 10 based FreeIPA replica is being installed for a Dogtag 9
>>>> based master, the PKI database is not updated and miss several ACLs
>>>> which prevent some of the PKI functions, e.g. an ability to create
>>>> other clones.
>>>>
>>>> Add an update file to do the database update. Content is based on
>>>> recommendation from PKI team:
>>>> * https://bugzilla.redhat.com/show_bug.cgi?id=1075118#c9
>>>>
>>>> This update file can be removed when Dogtag database upgrades are done
>>>> in PKI component. Upstream tickets:
>>>> * https://fedorahosted.org/pki/ticket/710 (database upgrade
>>>> framework)
>>>> * https://fedorahosted.org/pki/ticket/906 (checking database
>>>> version)
>>>>
>>>> https://fedorahosted.org/freeipa/ticket/4243
>>>
>>> I found few issues with the patch:
>>> - New update file was not added to Makefile.am
>>> - PKI was not restarted after LDAP updates so it did not pick up the
>>> ACLs and
>>> replica installation will crash anyway. Now the PKI is always
>>> restarted at the
>>> end of server/replica installation.
>>>
>>> Martin
>>
>> FYI - I was just confirmed that this patch finally fixed the issue
>> even in
>> automatized environment (beaker).
>
> ACK.
>
> With this patch in place, can we release 3.3.6 and update FreeIPA in
> Fedora 19 and Fedora 20? There are already reports on IRC from people
> trying to migrate via replica from CentOS to Fedora.
I have started testing this on RHEL 6.4 (master) → f20 git master with
this patch (replica), but ran into
https://fedorahosted.org/pki/ticket/816. I don't think we should release
until that is fixed.
--
Petr³
More information about the Freeipa-devel
mailing list