Attached patch fixes an upgrade issue with mismatched SELinux labels (see commit comment).
Fixes ticket #4815 Simo. -- Simo Sorce * Red Hat, Inc * New York
>From 221b644485e04ebaac8370167b449b2998bda9da Mon Sep 17 00:00:00 2001 From: Simo Sorce <s...@redhat.com> Date: Tue, 16 Dec 2014 14:47:42 -0500 Subject: [PATCH] Remove the removal of the ccache It is not necessary to remove the ccache on upgrades on modern IPA servers, even if the ccache contains stale data either it is re-initialized by mod_auth_kerb or a new ccache collection is created (if completely unrelated credentials were present), at least when using DIR or keyring ccaches. This line causes wrong SELinux labels to be set in the kernel keyring on uprades, which the cause the apache server to fail to use th ccache. Fixes: #4815 --- install/tools/ipa-upgradeconfig | 1 - 1 file changed, 1 deletion(-) mode change 100644 => 100755 install/tools/ipa-upgradeconfig diff --git a/install/tools/ipa-upgradeconfig b/install/tools/ipa-upgradeconfig old mode 100644 new mode 100755 index c25ab5431fb39945aa4f7a4bfe55d77f3a1791db..71fe5195d7e8dc1f46b50bef40d08b205ff607fb --- a/install/tools/ipa-upgradeconfig +++ b/install/tools/ipa-upgradeconfig @@ -1337,7 +1337,6 @@ def main(): fstore.restore_file(removed_sysconfig_file) http = httpinstance.HTTPInstance(fstore) - http.remove_httpd_ccache() http.configure_selinux_for_httpd() http.change_mod_nss_port_from_http() -- 2.1.0
_______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel