[Freeipa-users] F19 -> F20 yum upgrade success report (WAS: Re: WARNING: Do not upgrade FreeIPA deployments to Fedora 20 final (yet))
Martin Kosek
mkosek at redhat.com
Fri Mar 7 09:16:04 UTC 2014
On 03/03/2014 09:54 PM, Anthony Messina wrote:
> On Saturday, March 01, 2014 04:18:11 AM Anthony Messina wrote:
>> I've been waiting patiently for F20 to "settle" before upgrading my two
>> VM installations of FreeIPA:
>>
>> ipa1 (original master) ipa2 (clone)
>>
>> I'm considering doing a "yum upgrade" this weekend and was wondering if
>> any users had found any "gotchas"? One that I can think of is the
>> addition of the following in F20's default /etc/krb5.conf:
>>
>> [libdefaults] ... default_ccache_name = KEYRING:persistent:%{uid} ...
>>
>> I've seen on some of my freshly installed F20 FreeIPA clients that this
>> option is no longer present after ipa-client-install. On those
>> clients, I've manually added it post client install and things seem to
>> work OK with the exception of SELinux errors reported here:
>>
>> https://bugzilla.redhat.com/show_bug.cgi?id=1001703
>>
>> Should I place this option in /etc/krb5.conf on the masters
>> before/after the yum upgrade (or at all)?
>>
>> Should I run "ipactl stop" prior to running the yum upgrade?
>>
>> Of note, I'm considering the "yum upgrade" option rather than creating
>> F20 replicas of F19 masters due to:
>>
>> https://fedorahosted.org/pki/ticket/816
>> https://fedorahosted.org/389/ticket/47721
>>
>> Any guidance is appreciated. Thanks, and have a good weekend.
>>
>> -A
>
> I can report to the list that I've upgraded my ipa1 and ipa2 machines from
> F19 to F20 via "yum upgrade" in SELinux permissive mode and things went
> swimmingly.
I always like to hear user reports like this one :) Thanks!
>
> As far as my concerns above, I added the following to /etc/krb5.conf after
> the upgrade, but before the reboot:
>
> default_ccache_name = KEYRING:persistent:%{uid}
>
> And I did not issue "ipactl stop" prior to the upgrade.
>
> The only post-upgrade issue I am seeing is invalid characters passed to
> dirsrv queries when using FreeIPA web interface:
>
> https://fedorahosted.org/freeipa/ticket/4214
Thanks for the report. I think I found the root cause, patch sent.
Martin
More information about the Freeipa-users
mailing list