[Freeipa-devel] [PATCH] 461 Update Dogtag 9 database during replica installation

Petr Viktorin pviktori at redhat.com
Fri Mar 14 13:27:46 UTC 2014 

On 03/14/2014 01:34 PM, Petr Viktorin wrote:
> On 03/14/2014 12:37 PM, Alexander Bokovoy wrote:
>> On Fri, 14 Mar 2014, Petr Viktorin wrote:
>>> On 03/14/2014 10:29 AM, Alexander Bokovoy wrote:
>>>> On Thu, 13 Mar 2014, Martin Kosek wrote:
>>>>> On 03/13/2014 03:15 PM, Martin Kosek wrote:
>>>>>> On 03/13/2014 09:09 AM, Martin Kosek wrote:
>>>>>>> When Dogtag 10 based FreeIPA replica is being installed for a
>>>>>>> Dogtag 9
>>>>>>> based master, the PKI database is not updated and miss several ACLs
>>>>>>> which prevent some of the PKI functions, e.g. an ability to create
>>>>>>> other clones.
>>>>>>>
>>>>>>> Add an update file to do the database update. Content is based on
>>>>>>> recommendation from PKI team:
>>>>>>>   * https://bugzilla.redhat.com/show_bug.cgi?id=1075118#c9
>>>>>>>
>>>>>>> This update file can be removed when Dogtag database upgrades are
>>>>>>> done
>>>>>>> in PKI component. Upstream tickets:
>>>>>>>   * https://fedorahosted.org/pki/ticket/710 (database upgrade
>>>>>>> framework)
>>>>>>>   * https://fedorahosted.org/pki/ticket/906 (checking database
>>>>>>> version)
>>>>>>>
>>>>>>> https://fedorahosted.org/freeipa/ticket/4243
>>>>>>
>>>>>> I found few issues with the patch:
>>>>>> - New update file was not added to Makefile.am
>>>>>> - PKI was not restarted after LDAP updates so it did not pick up the
>>>>>> ACLs and
>>>>>> replica installation will crash anyway. Now the PKI is always
>>>>>> restarted at the
>>>>>> end of server/replica installation.
>>>>>>
>>>>>> Martin
>>>>>
>>>>> FYI - I was just confirmed that this patch finally fixed the issue
>>>>> even in
>>>>> automatized environment (beaker).
>>>>
>>>> ACK.
>>>>
>>>> With this patch in place, can we release 3.3.6 and update FreeIPA in
>>>> Fedora 19 and Fedora 20? There are already reports on IRC from people
>>>> trying to migrate via replica from CentOS to Fedora.
>>>
>>> I have started testing this on RHEL 6.4 (master) → f20 git master with
>>> this patch (replica), but ran into
>>> https://fedorahosted.org/pki/ticket/816. I don't think we should
>>> release until that is fixed.
>> Did you try git master or ipa-3-3 branch? It is unclear from your
>> description.
>
> I got the same problem on both. I haven't tried on f19 yet; it may be a
> f20 only issue.

The issue is unrelated to this patch, so ACK from me.
Pushed to:
master: b3c2197b7e4ed18a7febe3efa6396c2272ebccca
ipa-3-3: 9bc032f9ec0c44e83550d6f87f72e9395c3093d9

-- 
Petr³

More information about the Freeipa-devel mailing list