On 29/06/15 16:03, Fraser Tweedale wrote:
On Thu, Jun 25, 2015 at 11:23:01AM +0200, Martin Basti wrote:
On 19/06/15 09:28, Fraser Tweedale wrote:
The attached patches fix upgrade issues when pki is also updated
>from pre 10.2.4.
pki dependency is bumped to 10.2.5 - the official builds should be
done Friday (US time) but it is available from my copr[1].  If
someone wants to add to official freeipa COPR in meantime the SRPM
is here[2].

[1] https://copr.fedoraproject.org/coprs/ftweedal/freeipa/
[2] https://ftweedal.fedorapeople.org/pki-core-10.2.5-0.2.fc21.src.rpm


Thank you.

I cannot apply patches.

Rebased patches attached.

IMO patch 0020 was fixed with my patch 266

It seems we are hitting another case of LDAP disconnection during
upgrade; without 0020 the upgrade fails.  There might be a better
way so let me know if you have ideas.

This print should not be there
+    print cs_cfg
+    for profile_id in profile_ids:

Thakns; removed.

This is unused variable,  it is defined later
+   cs_cfg = None

Thanks; removed.

Can you add there log.error or log.debug instead of pass please?
+        # enable the profile
+        try:
+            profile_api.enable_profile(profile_id)
+        except errors.RemoteRetrieveError:
+            pass

You've got it.  Also did this a few lines up where the profile is

I will test it later.

Martin Basti

Thank you,
PATCH 0020 - NACK see my patch 269, it fixes root cause. (IMO with reworked patch 21 it is not needed)

PATCH 0021 - NACK, it runs whole upgrade machinery again. Patch how to fix it is attached. Sorry I didn't notice it last time.


Martin Basti

From 2c5e865357b20adff2636be5e5a9723777dc0131 Mon Sep 17 00:00:00 2001
From: Martin Basti <mba...@redhat.com>
Date: Mon, 29 Jun 2015 17:38:46 +0200
Subject: [PATCH] fix fraser ca schema

 ipaserver/install/server/upgrade.py | 15 ++++++---------
 1 file changed, 6 insertions(+), 9 deletions(-)

diff --git a/ipaserver/install/server/upgrade.py b/ipaserver/install/server/upgrade.py
index 2376b86d105984b97ab0e0709328242b49828069..395b762ff41404763e8f796192ce5ba537c2a1bf 100644
--- a/ipaserver/install/server/upgrade.py
+++ b/ipaserver/install/server/upgrade.py
@@ -31,6 +31,7 @@ from ipaserver.install import service
 from ipaserver.install import cainstance
 from ipaserver.install import certs
 from ipaserver.install import otpdinstance
+from ipaserver.install import schemaupdate
 from ipaserver.install import sysupgrade
 from ipaserver.install import dnskeysyncinstance
 from ipaserver.install.upgradeinstance import IPAUpgrade
@@ -1260,18 +1261,14 @@ def ca_upgrade_schema(ca):
         root_logger.info('CA is not configured')
         return False
-    realm = krbV.default_context().default_realm
-    upgrade = IPAUpgrade(realm,
-        schema_files=['/usr/share/pki/server/conf/schema-certProfile.ldif'])
+    schema_files=['/usr/share/pki/server/conf/schema-certProfile.ldif']
-        upgrade.create_instance()
-    except BadSyntax:
-        raise RuntimeError(
-            'Bad syntax detected in CA schema file(s).', 1)
-    except RuntimeError:
+        modified = schemaupdate.update_schema(schema_files, ldapi=True)
+    except Exception as e:
+        root_logger.error("%s", e)
         raise RuntimeError('CA schema upgrade failed.', 1)
-        if upgrade.modified:
+        if modified:
             root_logger.info('CA schema update complete')
             return True

Manage your subscription for the Freeipa-devel mailing list:
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to