[Freeipa-users] F19 -> F20 yum upgrade success report (WAS: Re: WARNING: Do not upgrade FreeIPA deployments to Fedora 20 final (yet))

Anthony Messina amessina at messinet.com
Mon Mar 3 20:54:56 UTC 2014 

On Saturday, March 01, 2014 04:18:11 AM Anthony Messina wrote:
> I've been waiting patiently for F20 to "settle" before upgrading my two VM 
> installations of FreeIPA:
> 
> ipa1 (original master)
> ipa2 (clone)
> 
> I'm considering doing a "yum upgrade" this weekend and was wondering if any 
> users had found any "gotchas"?  One that I can think of is the addition of
> the following in F20's default /etc/krb5.conf:
> 
> [libdefaults]
>   ...
>   default_ccache_name = KEYRING:persistent:%{uid}
>   ...
> 
> I've seen on some of my freshly installed F20 FreeIPA clients that this
> option  is no longer present after ipa-client-install.  On those clients,
> I've manually added it post client install and things seem to work OK with
> the exception of SELinux errors reported here:
> 
> https://bugzilla.redhat.com/show_bug.cgi?id=1001703
> 
> Should I place this option in /etc/krb5.conf on the masters before/after
> the  yum upgrade (or at all)?
> 
> Should I run "ipactl stop" prior to running the yum upgrade?
> 
> Of note, I'm considering the "yum upgrade" option rather than creating F20 
> replicas of F19 masters due to:
> 
> https://fedorahosted.org/pki/ticket/816
> https://fedorahosted.org/389/ticket/47721
> 
> Any guidance is appreciated.  Thanks, and have a good weekend.
> 
> -A

I can report to the list that I've upgraded my ipa1 and ipa2 machines from F19 
to F20 via "yum upgrade" in SELinux permissive mode and things went 
swimmingly.

As far as my concerns above, I added the following to /etc/krb5.conf after the 
upgrade, but before the reboot:

default_ccache_name = KEYRING:persistent:%{uid}

And I did not issue "ipactl stop" prior to the upgrade.

The only post-upgrade issue I am seeing is invalid characters passed to dirsrv 
queries when using FreeIPA web interface:

https://fedorahosted.org/freeipa/ticket/4214

Thanks again to the FreeIPA team!

-A

-- 
Anthony - http://messinet.com - http://messinet.com/~amessina/gallery
8F89 5E72 8DF0 BCF0 10BE 9967 92DC 35DC B001 4A4E
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140303/dc569cf9/attachment.sig>

More information about the Freeipa-users mailing list