On 03/14/2014 01:34 PM, Petr Viktorin wrote:
On 03/14/2014 12:37 PM, Alexander Bokovoy wrote:
On Fri, 14 Mar 2014, Petr Viktorin wrote:
On 03/14/2014 10:29 AM, Alexander Bokovoy wrote:
On Thu, 13 Mar 2014, Martin Kosek wrote:
On 03/13/2014 03:15 PM, Martin Kosek wrote:
On 03/13/2014 09:09 AM, Martin Kosek wrote:
When Dogtag 10 based FreeIPA replica is being installed for a
Dogtag 9
based master, the PKI database is not updated and miss several ACLs
which prevent some of the PKI functions, e.g. an ability to create
other clones.

Add an update file to do the database update. Content is based on
recommendation from PKI team:
  * https://bugzilla.redhat.com/show_bug.cgi?id=1075118#c9

This update file can be removed when Dogtag database upgrades are
in PKI component. Upstream tickets:
  * https://fedorahosted.org/pki/ticket/710 (database upgrade
  * https://fedorahosted.org/pki/ticket/906 (checking database


I found few issues with the patch:
- New update file was not added to Makefile.am
- PKI was not restarted after LDAP updates so it did not pick up the
ACLs and
replica installation will crash anyway. Now the PKI is always
restarted at the
end of server/replica installation.


FYI - I was just confirmed that this patch finally fixed the issue
even in
automatized environment (beaker).


With this patch in place, can we release 3.3.6 and update FreeIPA in
Fedora 19 and Fedora 20? There are already reports on IRC from people
trying to migrate via replica from CentOS to Fedora.

I have started testing this on RHEL 6.4 (master) → f20 git master with
this patch (replica), but ran into
https://fedorahosted.org/pki/ticket/816. I don't think we should
release until that is fixed.
Did you try git master or ipa-3-3 branch? It is unclear from your

I got the same problem on both. I haven't tried on f19 yet; it may be a
f20 only issue.

The issue is unrelated to this patch, so ACK from me.
Pushed to:
master: b3c2197b7e4ed18a7febe3efa6396c2272ebccca
ipa-3-3: 9bc032f9ec0c44e83550d6f87f72e9395c3093d9


Freeipa-devel mailing list

Reply via email to