[Freeipa-users] ipa-client install error
Dmitri Pal
dpal at redhat.com
Wed May 2 21:39:52 UTC 2012
On 05/02/2012 05:28 PM, Steven Jones wrote:
> Hi,
>
> "proper" isnt defined as such, but yes in an ideal world.... Trouble is we have so many servers that we patch over 2 or 3 early start mornings, until now we did test first, then prod.....now we have to start to separate them....
>
> also will IPA server on 6.3 collide with IPA server on 6.2? It would be "proper" to only upgrade one IPA at a time in case the upgrade buggered IPA....otherwise I have to do all at once.......and if it goes wrong I'm left with nothing......
>
The issue affects client to server authentication not server to server
replication so 6.3 and 6.2 should work fine for several days while you
are migrating servers from 6.2 to 6.3.
> regards
>
> Steven Jones
>
> Technical Specialist - Linux RHCE
>
> Victoria University, Wellington, NZ
>
> 0064 4 463 6272
>
> ________________________________________
> From: freeipa-users-bounces at redhat.com [freeipa-users-bounces at redhat.com] on behalf of Martin Kosek [mkosek at redhat.com]
> Sent: Thursday, 3 May 2012 1:28 a.m.
> To: dpal at redhat.com
> Cc: freeipa-users at redhat.com
> Subject: Re: [Freeipa-users] ipa-client install error
>
> On Tue, 2012-05-01 at 18:31 -0400, Dmitri Pal wrote:
>> On 05/01/2012 06:15 PM, Steven Jones wrote:
>>> So this opens a chicken and egg?
>>>
>>> ie when RHEL6.3 comes out and I upgrade the IPA server(s) to 6.3 all the older 6.2 clients will break? but I cant upgrade the clients until after the servers are done....if so that is a huge and ugly looking task that is one way.....
>>>
>> Yes this is a serious problem. Thank you for uncovering it.
>> Current plan is to: provide a fix for the older clients to be able to
>> connect to 2.2 via errata.
>> Make sure that the 2.2 client can connect to the 2.1 server.
>>
>> Thanks
>> Dmitri
> I am working on a patch for ipa-client-install which should make it
> capable of joining an older IPA server.
>
> BTW, I always thought that the proper upgrade scenario is to upgrade the
> servers to the new version first and then upgrade the clients. The issue
> here is that the new IPA clients won't be able to use "ipa" command to
> control the old server because they have a higher API version and the
> old server would not support it.
>
> The combination of older IPA client (e.g. 2.1) and new server (e.g. 2.2)
> should be OK as we maintain backwards compatibility.
>
> Martin
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IPA project,
Red Hat Inc.
-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
More information about the Freeipa-users
mailing list