<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <head> <meta content="text/html; charset=ISO-8859-1" http-equiv="Content-Type"> </head> <body bgcolor="#ffffff" text="#000000"> On 02/02/2011 12:30 PM, Ian Stokes-Rees wrote: <blockquote cite="mid:4D4994A8.5060409@hkl.hms.harvard.edu" type="cite"> <blockquote type="cite"> <blockquote type="cite"> <pre wrap="">So you can't upgrade from 1.2 to 1.9 and you can't go from 1.9 to 2.0 and you can't go from 2.0 beta-1 to 2.0 beta-2? So why would I want to use a product like that? </pre> </blockquote> <pre wrap="">Upgrades will be possible within stable releases. Handling upgrades in development versions would cost too much development time w/o any real benefit as schema and DIT will be fixed in stone once 2.0 final will be released. Alpha and Beta release are not meant for production but only for testing environments. </pre> </blockquote> <pre wrap=""> Hi, I'm part of the same team that is stuck in this situation. I think you guys (FreeIPA team) need to make it really clear to current adopters that they are going to have to start from scratch if they go with the current v2 releases (1.9, 2.0-beta, etc.) and want to "upgrade" later. </pre> </blockquote> It is our mistake that we did not realize that there is an expectation that there will be an easy migration between alphas and betas. We always thought of them as of preparation steps for the actual release and that none would try to use them in producution or load data that would be someothing other than a test set. So expectation was that no migration would be needed. This is why your situation caught us by surprise. I guess you had a lot of faith in the project and this is great. I also completely understand your frustration and desire to abandon it in the current situation. I think it would be mutually beneficial to avoid that and find a solution that would help you to move on. Yes you are ideal testers and we want to continue working with you. We also ask for understanding that such migration requirement was not expected on our side. We reinstall the system every day and run tests with new functionality on a fresh system. During last month between previous beta the team addressed more than 200 issues across the whole project. Some major issues have been addressed that required schema changes. We are planning to release IPA beta2 today or tomorrow this is why we are little bit less responsive than we want to be. But this is all lyrics. The main issue with the migration between betas (as in any case) is passwords and keys. Simo knows the details but in a nutshell the problem is that if you dump and load the LDIF (even if you adjust the records to accommodate schema changes manually) your keys would not match. You need to carry the master key over and may be more than that. We need to sit down and think through the recommendations for a manual procedure like this. We will try to do it ASAP but given that we are releasing any day now it is not realistic to expect it happening today. Can this wait till next week? If not it would be a real pity. We are working hard to deliver the project to research groups like yours and we will do our best to help you to migrate your data forward. To reduce the scope of the effort let me recap the goal: 1) You want to install IPA and load the users (is there anything else?) from the previous installation and abandon the old installation 2) You do not want to loose passwords 3) You are Ok with manual procedure 4) You are Ok to try different approaches (some of which might not work out) and work with us on formulating a procedure that would help other deployments like yours to overcome this situation. Again sorry for all the trouble. If we knew the requirement to be able to migrate between betas earlier we might have done some things differently. Hope to find understanding on your side and willingness to work with us on a solution. Thank you Dmitri <blockquote cite="mid:4D4994A8.5060409@hkl.hms.harvard.edu" type="cite"> <pre wrap=""> Of course there is no definition of what "beta" means, but really I think we're your *ideal* beta testers and you should put in some effort to make it possible for us to use the beta releases of FreeIPA. We are a research computing group, so our service level standards are "we can live with a 24-36 hours of down time M-F every couple of months, and 1 week of down time every year". We have a handful of real users, want to integrate apache httpd into using LDAP, want to utilize the web i/f for account management, use FreeIPA for NFS mounts, "real" X.509 certificates, etc. Even if an automated/smooth transition between beta versions or from beta to final release is impossible, then some guidance on strategies to transition systems "manually" (and a very rough estimate of the time commitment to do that) would be useful. I wish I understood LDAP better, but I don't see why we cant just dump the current FreeIPA LDIF files, tweak the entries as necessary, and import them to the latest version of FreeIPA. We're pretty close right now (as in, the next 4-24 hours) of abandoning FreeIPA, so some encouraging words on this front could make a difference and keep us with you. Ian </pre> <pre wrap=""> <fieldset class="mimeAttachmentHeader"></fieldset> _______________________________________________ Freeipa-users mailing list <a class="moz-txt-link-abbreviated" href="mailto:Freeipa-users@redhat.com">Freeipa-users@redhat.com</a> <a class="moz-txt-link-freetext" href="https://www.redhat.com/mailman/listinfo/freeipa-users">https://www.redhat.com/mailman/listinfo/freeipa-users</a></pre> </blockquote> </body> </html>