[Freeipa-users] F19 -> F20 yum upgrade success report (WAS: Re: WARNING: Do not upgrade FreeIPA deployments to Fedora 20 final (yet))

Martin Kosek mkosek at redhat.com
Fri Mar 7 09:16:04 UTC 2014 

On 03/03/2014 09:54 PM, Anthony Messina wrote:
> On Saturday, March 01, 2014 04:18:11 AM Anthony Messina wrote:
>> I've been waiting patiently for F20 to "settle" before upgrading my two
>> VM installations of FreeIPA:
>> 
>> ipa1 (original master) ipa2 (clone)
>> 
>> I'm considering doing a "yum upgrade" this weekend and was wondering if
>> any users had found any "gotchas"?  One that I can think of is the
>> addition of the following in F20's default /etc/krb5.conf:
>> 
>> [libdefaults] ... default_ccache_name = KEYRING:persistent:%{uid} ...
>> 
>> I've seen on some of my freshly installed F20 FreeIPA clients that this 
>> option  is no longer present after ipa-client-install.  On those
>> clients, I've manually added it post client install and things seem to
>> work OK with the exception of SELinux errors reported here:
>> 
>> https://bugzilla.redhat.com/show_bug.cgi?id=1001703
>> 
>> Should I place this option in /etc/krb5.conf on the masters
>> before/after the  yum upgrade (or at all)?
>> 
>> Should I run "ipactl stop" prior to running the yum upgrade?
>> 
>> Of note, I'm considering the "yum upgrade" option rather than creating
>> F20 replicas of F19 masters due to:
>> 
>> https://fedorahosted.org/pki/ticket/816 
>> https://fedorahosted.org/389/ticket/47721
>> 
>> Any guidance is appreciated.  Thanks, and have a good weekend.
>> 
>> -A
> 
> I can report to the list that I've upgraded my ipa1 and ipa2 machines from
> F19 to F20 via "yum upgrade" in SELinux permissive mode and things went 
> swimmingly.

I always like to hear user reports like this one :) Thanks!

> 
> As far as my concerns above, I added the following to /etc/krb5.conf after
> the upgrade, but before the reboot:
> 
> default_ccache_name = KEYRING:persistent:%{uid}
> 
> And I did not issue "ipactl stop" prior to the upgrade.
> 
> The only post-upgrade issue I am seeing is invalid characters passed to
> dirsrv queries when using FreeIPA web interface:
> 
> https://fedorahosted.org/freeipa/ticket/4214

Thanks for the report. I think I found the root cause, patch sent.

Martin

More information about the Freeipa-users mailing list