[Freeipa-users] WARNING: Do not upgrade FreeIPA deployments to Fedora 20 final (yet)
Anthony Messina
amessina at messinet.com
Sat Mar 1 10:18:11 UTC 2014
On Sunday, December 22, 2013 05:42:27 AM Alexander Bokovoy wrote:
> Hi,
>
> an update on the issue of upgrading Fedora 19 to Fedora 20 for FreeIPA
> deployments.
>
> An updated 389-ds-base package, 1.3.2.9-1.fc20 is in updates-testing
> repository. Updated slapi-nis package, 0.52-1.fc20, is in updates-testing
> as well.
>
> I've tested that using fedora-upgrade tool to upgrade from Fedora 19 to
> Fedora 20 does work if you have updates-testing repository enabled and that
> FreeIPA is continuing to work afterwards.
>
> I've initiated move of 389-ds-base to updates stable repository. Once it
> reach out there, I'll lift a warning on freeipa.org and publish a final
> update.
>
> Happy holidays!
>
> ----- Original Message -----
>
> > From: "Alexander Bokovoy" <abokovoy at redhat.com>
> > To: freeipa-users at redhat.com
> > Sent: Tuesday, December 17, 2013 11:14:34 AM
> > Subject: [Freeipa-users] WARNING: Do not upgrade FreeIPA deployments
> > to Fedora 20 final (yet)>
> >
> >
> > Greetings!
> >
> >
> >
> > As many of you are aware, Fedora Project releases Fedora 20 today,
> > Tuesday, December 17th. This post serves as a warning against upgrading
> > your FreeIPA deployments to Fedora 20 using release images. Please check
> > Fedora 20 Common Bugs page https://fedoraproject.org/wiki/Common_F20_bugs
> > for the complete list of issues.
> >
> >
> >
> > FreeIPA relies heavily on 389-ds Directory Server. Fedora 20 introduces
> > new version series of 389-ds, 1.3.2.x. Along with multiple enhancements,
> > unfortunately, few bugs went into the version currently available in
> > Fedora 20 stable tree. These bugs are causing crashes under certain
> > conditions and we don't recommend updating your existing configurations
> > due to these consequences.
> >
> >
> >
> > As an update to the Fedora 20 Common Bugs page, over last night fellow
> > developers from 389-ds and slapi-nis projects have fixed
> > https://bugzilla.redhat.com/show_bug.cgi?id=1043546 and
> > https://bugzilla.redhat.com/show_bug.cgi?id=1041732 but there will be
> > some delay before the builds featuring the fixes will appear in Fedora
> > 20 updates repository. Remaining bugs are under investigation.
> >
> >
> >
> > I'll post an update note once we'll get remaining issues fixed and
> > packages
> > pushed to Fedora 20 updates repository.
> >
> >
> >
> > --
> > / Alexander Bokovoy
I've been waiting patiently for F20 to "settle" before upgrading my two VM
installations of FreeIPA:
ipa1 (original master)
ipa2 (clone)
I'm considering doing a "yum upgrade" this weekend and was wondering if any
users had found any "gotchas"? One that I can think of is the addition of the
following in F20's default /etc/krb5.conf:
[libdefaults]
...
default_ccache_name = KEYRING:persistent:%{uid}
...
I've seen on some of my freshly installed F20 FreeIPA clients that this option
is no longer present after ipa-client-install. On those clients, I've
manually added it post client install and things seem to work OK with the
exception of SELinux errors reported here:
https://bugzilla.redhat.com/show_bug.cgi?id=1001703
Should I place this option in /etc/krb5.conf on the masters before/after the
yum upgrade (or at all)?
Should I run "ipactl stop" prior to running the yum upgrade?
Of note, I'm considering the "yum upgrade" option rather than creating F20
replicas of F19 masters due to:
https://fedorahosted.org/pki/ticket/816
https://fedorahosted.org/389/ticket/47721
Any guidance is appreciated. Thanks, and have a good weekend.
-A
--
Anthony - http://messinet.com - http://messinet.com/~amessina/gallery
8F89 5E72 8DF0 BCF0 10BE 9967 92DC 35DC B001 4A4E
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140301/55b4d0ba/attachment.sig>
More information about the Freeipa-users
mailing list