<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
On 02/02/2011 12:30 PM, Ian Stokes-Rees wrote:
<blockquote cite="mid:4D4994A8.5060409@hkl.hms.harvard.edu"
type="cite">
<blockquote type="cite">
<blockquote type="cite">
<pre wrap="">So you can't upgrade from 1.2 to 1.9 and you can't go from 1.9 to 2.0
and you can't go from 2.0 beta-1 to 2.0 beta-2?
So why would I want to use a product like that?
</pre>
</blockquote>
<pre wrap="">Upgrades will be possible within stable releases.
Handling upgrades in development versions would cost too much
development time w/o any real benefit as schema and DIT will be fixed
in stone once 2.0 final will be released.
Alpha and Beta release are not meant for production but only for
testing environments.
</pre>
</blockquote>
<pre wrap="">
Hi,
I'm part of the same team that is stuck in this situation. I think you
guys (FreeIPA team) need to make it really clear to current adopters
that they are going to have to start from scratch if they go with the
current v2 releases (1.9, 2.0-beta, etc.) and want to "upgrade" later.
</pre>
</blockquote>
<br>
It is our mistake that we did not realize that there is an
expectation that there will be an easy migration between alphas and
betas. We always thought of them as of preparation steps for the
actual release and that none would try to use them in producution or
load data that would be someothing other than a test set. So
expectation was that no migration would be needed. <br>
This is why your situation caught us by surprise. I guess you had a
lot of faith in the project and this is great. I also completely
understand your frustration and desire to abandon it in the current
situation. I think it would be mutually beneficial to avoid that
and find a solution that would help you to move on.<br>
Yes you are ideal testers and we want to continue working with you.
We also ask for understanding that such migration requirement was
not expected on our side. We reinstall the system every day and run
tests with new functionality on a fresh system. During last month
between previous beta the team addressed more than 200 issues across
the whole project. Some major issues have been addressed that
required schema changes. We are planning to release IPA beta2 today
or tomorrow this is why we are little bit less responsive than we
want to be. But this is all lyrics. <br>
<br>
The main issue with the migration between betas (as in any case) is
passwords and keys.<br>
Simo knows the details but in a nutshell the problem is that if you
dump and load the LDIF (even if you adjust the records to
accommodate schema changes manually) your keys would not match. You
need to carry the master key over and may be more than that. We need
to sit down and think through the recommendations for a manual
procedure like this. We will try to do it ASAP but given that we are
releasing any day now it is not realistic to expect it happening
today. <br>
<br>
Can this wait till next week? If not it would be a real pity. We are
working hard to deliver the project to research groups like yours
and we will do our best to help you to migrate your data forward.<br>
<br>
To reduce the scope of the effort let me recap the goal:<br>
1) You want to install IPA and load the users (is there anything
else?) from the previous installation and abandon the old
installation<br>
2) You do not want to loose passwords<br>
3) You are Ok with manual procedure<br>
4) You are Ok to try different approaches (some of which might not
work out) and work with us on formulating a procedure that would
help other deployments like yours to overcome this situation.<br>
<br>
Again sorry for all the trouble. If we knew the requirement to be
able to migrate between betas earlier we might have done some things
differently.<br>
Hope to find understanding on your side and willingness to work with
us on a solution.<br>
<br>
Thank you<br>
Dmitri <br>
<br>
<br>
<blockquote cite="mid:4D4994A8.5060409@hkl.hms.harvard.edu"
type="cite">
<pre wrap="">
Of course there is no definition of what "beta" means, but really I
think we're your *ideal* beta testers and you should put in some effort
to make it possible for us to use the beta releases of FreeIPA. We are
a research computing group, so our service level standards are "we can
live with a 24-36 hours of down time M-F every couple of months, and 1
week of down time every year". We have a handful of real users, want to
integrate apache httpd into using LDAP, want to utilize the web i/f for
account management, use FreeIPA for NFS mounts, "real" X.509
certificates, etc. Even if an automated/smooth transition between beta
versions or from beta to final release is impossible, then some guidance
on strategies to transition systems "manually" (and a very rough
estimate of the time commitment to do that) would be useful.
I wish I understood LDAP better, but I don't see why we cant just dump
the current FreeIPA LDIF files, tweak the entries as necessary, and
import them to the latest version of FreeIPA.
We're pretty close right now (as in, the next 4-24 hours) of abandoning
FreeIPA, so some encouraging words on this front could make a difference
and keep us with you.
Ian
</pre>
<pre wrap="">
<fieldset class="mimeAttachmentHeader"></fieldset>
_______________________________________________
Freeipa-users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Freeipa-users@redhat.com">Freeipa-users@redhat.com</a>
<a class="moz-txt-link-freetext" href="https://www.redhat.com/mailman/listinfo/freeipa-users">https://www.redhat.com/mailman/listinfo/freeipa-users</a></pre>
</blockquote>
<br>
<br>
</body>
</html>