Re: [Freeipa-users] WARNING: Do not upgrade FreeIPA deployments to Fedora 20 final (yet)
On Sunday, December 22, 2013 05:42:27 AM Alexander Bokovoy wrote:
> Hi,
>
> an update on the issue of upgrading Fedora 19 to Fedora 20 for FreeIPA
> deployments.
>
> An updated 389-ds-base package, 1.3.2.9-1.fc20 is in updates-testing
> repository. Updated slapi-nis package, 0.52-1.fc20, is in updates-testing
> as well.
>
> I've tested that using fedora-upgrade tool to upgrade from Fedora 19 to
> Fedora 20 does work if you have updates-testing repository enabled and that
> FreeIPA is continuing to work afterwards.
>
> I've initiated move of 389-ds-base to updates stable repository. Once it
> reach out there, I'll lift a warning on freeipa.org and publish a final
> update.
>
> Happy holidays!
>
> - Original Message -
>
> > From: "Alexander Bokovoy"
> > To: freeipa-users@redhat.com
> > Sent: Tuesday, December 17, 2013 11:14:34 AM
> > Subject: [Freeipa-users] WARNING: Do not upgrade FreeIPA deployments
> > to Fedora 20 final (yet)>
> >
> >
> > Greetings!
> >
> >
> >
> > As many of you are aware, Fedora Project releases Fedora 20 today,
> > Tuesday, December 17th. This post serves as a warning against upgrading
> > your FreeIPA deployments to Fedora 20 using release images. Please check
> > Fedora 20 Common Bugs page https://fedoraproject.org/wiki/Common_F20_bugs
> > for the complete list of issues.
> >
> >
> >
> > FreeIPA relies heavily on 389-ds Directory Server. Fedora 20 introduces
> > new version series of 389-ds, 1.3.2.x. Along with multiple enhancements,
> > unfortunately, few bugs went into the version currently available in
> > Fedora 20 stable tree. These bugs are causing crashes under certain
> > conditions and we don't recommend updating your existing configurations
> > due to these consequences.
> >
> >
> >
> > As an update to the Fedora 20 Common Bugs page, over last night fellow
> > developers from 389-ds and slapi-nis projects have fixed
> > https://bugzilla.redhat.com/show_bug.cgi?id=1043546 and
> > https://bugzilla.redhat.com/show_bug.cgi?id=1041732 but there will be
> > some delay before the builds featuring the fixes will appear in Fedora
> > 20 updates repository. Remaining bugs are under investigation.
> >
> >
> >
> > I'll post an update note once we'll get remaining issues fixed and
> > packages
> > pushed to Fedora 20 updates repository.
> >
> >
> >
> > --
> > / Alexander Bokovoy
I've been waiting patiently for F20 to "settle" before upgrading my two VM
installations of FreeIPA:
ipa1 (original master)
ipa2 (clone)
I'm considering doing a "yum upgrade" this weekend and was wondering if any
users had found any "gotchas"? One that I can think of is the addition of the
following in F20's default /etc/krb5.conf:
[libdefaults]
...
default_ccache_name = KEYRING:persistent:%{uid}
...
I've seen on some of my freshly installed F20 FreeIPA clients that this option
is no longer present after ipa-client-install. On those clients, I've
manually added it post client install and things seem to work OK with the
exception of SELinux errors reported here:
https://bugzilla.redhat.com/show_bug.cgi?id=1001703
Should I place this option in /etc/krb5.conf on the masters before/after the
yum upgrade (or at all)?
Should I run "ipactl stop" prior to running the yum upgrade?
Of note, I'm considering the "yum upgrade" option rather than creating F20
replicas of F19 masters due to:
https://fedorahosted.org/pki/ticket/816
https://fedorahosted.org/389/ticket/47721
Any guidance is appreciated. Thanks, and have a good weekend.
-A
--
Anthony - http://messinet.com - http://messinet.com/~amessina/gallery
8F89 5E72 8DF0 BCF0 10BE 9967 92DC 35DC B001 4A4E
signature.asc
Description: This is a digitally signed message part.
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] WARNING: Do not upgrade FreeIPA deployments to Fedora 20 final (yet)
Hi, an update on the issue of upgrading Fedora 19 to Fedora 20 for FreeIPA deployments. An updated 389-ds-base package, 1.3.2.9-1.fc20 is in updates-testing repository. Updated slapi-nis package, 0.52-1.fc20, is in updates-testing as well. I've tested that using fedora-upgrade tool to upgrade from Fedora 19 to Fedora 20 does work if you have updates-testing repository enabled and that FreeIPA is continuing to work afterwards. I've initiated move of 389-ds-base to updates stable repository. Once it reach out there, I'll lift a warning on freeipa.org and publish a final update. Happy holidays! - Original Message - > From: "Alexander Bokovoy" > To: freeipa-users@redhat.com > Sent: Tuesday, December 17, 2013 11:14:34 AM > Subject: [Freeipa-users] WARNING: Do not upgrade FreeIPA deployments to > Fedora 20 final (yet) > > Greetings! > > As many of you are aware, Fedora Project releases Fedora 20 today, > Tuesday, December 17th. This post serves as a warning against upgrading > your FreeIPA deployments to Fedora 20 using release images. Please check > Fedora 20 Common Bugs page https://fedoraproject.org/wiki/Common_F20_bugs > for the complete list of issues. > > FreeIPA relies heavily on 389-ds Directory Server. Fedora 20 introduces > new version series of 389-ds, 1.3.2.x. Along with multiple enhancements, > unfortunately, few bugs went into the version currently available in > Fedora 20 stable tree. These bugs are causing crashes under certain > conditions and we don't recommend updating your existing configurations > due to these consequences. > > As an update to the Fedora 20 Common Bugs page, over last night fellow > developers from 389-ds and slapi-nis projects have fixed > https://bugzilla.redhat.com/show_bug.cgi?id=1043546 and > https://bugzilla.redhat.com/show_bug.cgi?id=1041732 but there will be > some delay before the builds featuring the fixes will appear in Fedora > 20 updates repository. Remaining bugs are under investigation. > > I'll post an update note once we'll get remaining issues fixed and packages > pushed to Fedora 20 updates repository. > > -- > / Alexander Bokovoy > > ___ > Freeipa-users mailing list > Freeipa-users@redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-users > -- / Alexander Bokovoy ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] WARNING: Do not upgrade FreeIPA deployments to Fedora 20 final (yet)
On Tue, 17 Dec 2013, KodaK wrote: I took a look at the bugs page and I didn't see it mentioned, but I'm asking anyway: is anyone aware of any client-side issues on fedora IRT IPA? We have some fedora workstations that auth against IPA in RHEL 6. We are unaware of any problems with Fedora clients versus RHEL 6 IPA server. Obviously, some IPA CLI commands will not work against the older server but still will be visible in the CLI help, but the rest should be working. -- / Alexander Bokovoy ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] WARNING: Do not upgrade FreeIPA deployments to Fedora 20 final (yet)
I took a look at the bugs page and I didn't see it mentioned, but I'm asking anyway: is anyone aware of any client-side issues on fedora IRT IPA? We have some fedora workstations that auth against IPA in RHEL 6. On Tue, Dec 17, 2013 at 3:14 AM, Alexander Bokovoy wrote: > Greetings! > > As many of you are aware, Fedora Project releases Fedora 20 today, > Tuesday, December 17th. This post serves as a warning against upgrading > your FreeIPA deployments to Fedora 20 using release images. Please check > Fedora 20 Common Bugs page https://fedoraproject.org/wiki/Common_F20_bugs > for the complete list of issues. > > FreeIPA relies heavily on 389-ds Directory Server. Fedora 20 introduces > new version series of 389-ds, 1.3.2.x. Along with multiple enhancements, > unfortunately, few bugs went into the version currently available in > Fedora 20 stable tree. These bugs are causing crashes under certain > conditions and we don't recommend updating your existing configurations > due to these consequences. > > As an update to the Fedora 20 Common Bugs page, over last night fellow > developers from 389-ds and slapi-nis projects have fixed > https://bugzilla.redhat.com/show_bug.cgi?id=1043546 and > https://bugzilla.redhat.com/show_bug.cgi?id=1041732 but there will be > some delay before the builds featuring the fixes will appear in Fedora > 20 updates repository. Remaining bugs are under investigation. > > I'll post an update note once we'll get remaining issues fixed and packages > pushed to Fedora 20 updates repository. > > -- > / Alexander Bokovoy > > ___ > Freeipa-users mailing list > Freeipa-users@redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-users > -- The government is going to read our mail anyway, might as well make it tough for them. GPG Public key ID: B6A1A7C6 ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
[Freeipa-users] WARNING: Do not upgrade FreeIPA deployments to Fedora 20 final (yet)
Greetings! As many of you are aware, Fedora Project releases Fedora 20 today, Tuesday, December 17th. This post serves as a warning against upgrading your FreeIPA deployments to Fedora 20 using release images. Please check Fedora 20 Common Bugs page https://fedoraproject.org/wiki/Common_F20_bugs for the complete list of issues. FreeIPA relies heavily on 389-ds Directory Server. Fedora 20 introduces new version series of 389-ds, 1.3.2.x. Along with multiple enhancements, unfortunately, few bugs went into the version currently available in Fedora 20 stable tree. These bugs are causing crashes under certain conditions and we don't recommend updating your existing configurations due to these consequences. As an update to the Fedora 20 Common Bugs page, over last night fellow developers from 389-ds and slapi-nis projects have fixed https://bugzilla.redhat.com/show_bug.cgi?id=1043546 and https://bugzilla.redhat.com/show_bug.cgi?id=1041732 but there will be some delay before the builds featuring the fixes will appear in Fedora 20 updates repository. Remaining bugs are under investigation. I'll post an update note once we'll get remaining issues fixed and packages pushed to Fedora 20 updates repository. -- / Alexander Bokovoy ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
