[Freeipa-devel] IPA 4.2 server upgrade refactoring - summary
Martin Basti
mbasti at redhat.com
Wed Mar 4 18:04:14 UTC 2015
Summary extracted from thread "[Freeipa-devel] IPA Server upgrade 4.2
design"
Design page: http://www.freeipa.org/page/V4/Server_Upgrade_Refactoring
* ipa-server-upgrade will not allow to use DM password, only LDAPI will
be used for upgrade
* upgrade files will be executed in alphabetical order, updater will not
require number in update file name. But we should still keep the
numbering in new upgrade files.
* LDAP updates will be applied per file, in order specified in file
(from top to bottom)
* new directive in update files *"plugin:<plugin-name>"* will execute
update plugins (renamed form "update-plugin" to "plugin")
* option "--skip-version-check" will override version check in ipactl
and ipa-server-upgrade commands (was --force before, but this collides
with existing --force option in ipactl)
* huge warning, "this may broke everything", in help, man, or CLI for
--skip-version-check option
* ipa-upgradeconfig will be removed
* ipa-ldap-updater will be changed to not allow overall update. It stays
as util for execute particular update files.
How and when execute upgrades (after discussion with Honza) -- not
updated in design page yet
A) ipactl*:
A.1) compare build platform and platform from last upgrade/installation
(based on used ipaplatform file)
A.1.i) if platform mismatch, raise error and prevent to start services
A.2) version of LDAP data(+schema included) compared to current version
(VENDOR_VERSION will be used)
A.2.i) if version of LDAP data is newer than version of build, raise
error and prevent services to start
A.2.ii) if version of LDAP data is older than version of build, upgrade
is required
A.2.iii) if versions are the same, continue
A.3) check if services requires update (this should be available after
installer refactoring)**
A.3.i) if any service requires configuration upgrade, upgrade is required
A.3.ii) if any service raises an error about wrong configuration (which
cannot be automatically fixed and requires manual fix by user), raise
error and prevent to start services
A.4.i) if upgrade is needed, ipactl will prevent to start services, and
promt user to run ipa-server-upgrade manually (ipactl will not execute
upgrade itself)
A.4.ii) otherwise start services
B) ipa-server-upgrade*
B.0) services should be in shutdown state, if not, stop services
(services will be started during upgrade on demand, then stopped)
B.1) compare build platform and platform from last upgrade/installation
(based on used ipaplatform file)
B.1.i) if platform mismatch, raise error stop upgrade
B.2) check version of LDAP data
B.2.i) if LDAP data version is newer than build version, raise error
stop upgrade
B.2.ii) if LDAP data version is the same as build version, skip schema
and LDAP data upgrade
B.2.iii) if LDAP data version is older than build version --> data
upgrade required
B.3) Check if services require upgrade, detect errors as in A.3) (??
this step may not be there)**
B.4) if data upgrade required, upgrade schema, then upgrade data, if
successful store current build version as data version
B.5) Run service upgrade (if needed?)**
B.6) if upgrade is successful, inform user that the one can now start
IPA (upgrade will not start IPA after it is done)
* with --skip-version-check option, ipactl will start services,
ipa-server-upgrade will upgrade everything
** services will handle local configuration upgrade by themselves. They
will not use data version to decide if upgrade is required (TODO
implementation details, Honza wants it in this way - sharing code with
installers)
Upgrade in different enviroments:
1) Upgrade during RPM transaction (as we do now) -- if it is possible,
upgrade will be executed during RPM transaction, service will be started
after upgrade (+ add messages "IPA is currently upgrading, please wait")
2) Upgrade cannot be executed during RPM transaction (fedup,
--no-script, containers) -- IPA will not start if update is required,
user have to run upgrade manually, using ipa-server-upgrade command (+
log/print errors that there is upgrade required)
Martin^2
--
Martin Basti
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20150304/e021b16d/attachment.htm>
More information about the Freeipa-devel
mailing list