[Freeipa-devel] [PATCH] 461 Update Dogtag 9 database during replica installation
Alexander Bokovoy
abokovoy at redhat.com
Fri Mar 14 11:37:43 UTC 2014
On Fri, 14 Mar 2014, Petr Viktorin wrote:
>On 03/14/2014 10:29 AM, Alexander Bokovoy wrote:
>>On Thu, 13 Mar 2014, Martin Kosek wrote:
>>>On 03/13/2014 03:15 PM, Martin Kosek wrote:
>>>>On 03/13/2014 09:09 AM, Martin Kosek wrote:
>>>>>When Dogtag 10 based FreeIPA replica is being installed for a Dogtag 9
>>>>>based master, the PKI database is not updated and miss several ACLs
>>>>>which prevent some of the PKI functions, e.g. an ability to create
>>>>>other clones.
>>>>>
>>>>>Add an update file to do the database update. Content is based on
>>>>>recommendation from PKI team:
>>>>> * https://bugzilla.redhat.com/show_bug.cgi?id=1075118#c9
>>>>>
>>>>>This update file can be removed when Dogtag database upgrades are done
>>>>>in PKI component. Upstream tickets:
>>>>> * https://fedorahosted.org/pki/ticket/710 (database upgrade
>>>>>framework)
>>>>> * https://fedorahosted.org/pki/ticket/906 (checking database
>>>>>version)
>>>>>
>>>>>https://fedorahosted.org/freeipa/ticket/4243
>>>>
>>>>I found few issues with the patch:
>>>>- New update file was not added to Makefile.am
>>>>- PKI was not restarted after LDAP updates so it did not pick up the
>>>>ACLs and
>>>>replica installation will crash anyway. Now the PKI is always
>>>>restarted at the
>>>>end of server/replica installation.
>>>>
>>>>Martin
>>>
>>>FYI - I was just confirmed that this patch finally fixed the issue
>>>even in
>>>automatized environment (beaker).
>>
>>ACK.
>>
>>With this patch in place, can we release 3.3.6 and update FreeIPA in
>>Fedora 19 and Fedora 20? There are already reports on IRC from people
>>trying to migrate via replica from CentOS to Fedora.
>
>I have started testing this on RHEL 6.4 (master) → f20 git master
>with this patch (replica), but ran into
>https://fedorahosted.org/pki/ticket/816. I don't think we should
>release until that is fixed.
Did you try git master or ipa-3-3 branch? It is unclear from your
description.
For the record,
https://gist.githubusercontent.com/josh-at-knoesis/9536155/raw/ef04f209e4815c7cafc4f43289c6c186d420b5ee/freeipa-error_2014-04-13a.txt
contains dirsrv logs for the replica built from CentOS 6.5 to Fedora 19
(FreeIPA 3.3).
--
/ Alexander Bokovoy
More information about the Freeipa-devel
mailing list