On 29/06/15 16:03, Fraser Tweedale wrote:
On Thu, Jun 25, 2015 at 11:23:01AM +0200, Martin Basti wrote:
On 19/06/15 09:28, Fraser Tweedale wrote:
The attached patches fix upgrade issues when pki is also updated
>from pre 10.2.4.
pki dependency is bumped to 10.2.5 - the official builds should be
done Friday (US time) but it is available from my copr[1]. If
someone wants to add to official freeipa COPR in meantime the SRPM
is here[2].
[1] https://copr.fedoraproject.org/coprs/ftweedal/freeipa/
[2] https://ftweedal.fedorapeople.org/pki-core-10.2.5-0.2.fc21.src.rpm
Thanks,
Fraser
Thank you.
1)
I cannot apply patches.
Rebased patches attached.
2)
IMO patch 0020 was fixed with my patch 266
It seems we are hitting another case of LDAP disconnection during
upgrade; without 0020 the upgrade fails. There might be a better
way so let me know if you have ideas.
3)
This print should not be there
+
+ print cs_cfg
+ for profile_id in profile_ids:
Thakns; removed.
4)
This is unused variable, it is defined later
+ cs_cfg = None
Thanks; removed.
5)
Can you add there log.error or log.debug instead of pass please?
+ # enable the profile
+ try:
+ profile_api.enable_profile(profile_id)
+ except errors.RemoteRetrieveError:
+ pass
You've got it. Also did this a few lines up where the profile is
disabled.
I will test it later.
--
Martin Basti
Thank you,
Fraser
PATCH 0020 - NACK see my patch 269, it fixes root cause. (IMO with
reworked patch 21 it is not needed)
PATCH 0021 - NACK, it runs whole upgrade machinery again. Patch how to
fix it is attached. Sorry I didn't notice it last time.
PATCH 0022 - LGTM
--
Martin Basti
From 2c5e865357b20adff2636be5e5a9723777dc0131 Mon Sep 17 00:00:00 2001
From: Martin Basti <mba...@redhat.com>
Date: Mon, 29 Jun 2015 17:38:46 +0200
Subject: [PATCH] fix fraser ca schema
---
ipaserver/install/server/upgrade.py | 15 ++++++---------
1 file changed, 6 insertions(+), 9 deletions(-)
diff --git a/ipaserver/install/server/upgrade.py b/ipaserver/install/server/upgrade.py
index 2376b86d105984b97ab0e0709328242b49828069..395b762ff41404763e8f796192ce5ba537c2a1bf 100644
--- a/ipaserver/install/server/upgrade.py
+++ b/ipaserver/install/server/upgrade.py
@@ -31,6 +31,7 @@ from ipaserver.install import service
from ipaserver.install import cainstance
from ipaserver.install import certs
from ipaserver.install import otpdinstance
+from ipaserver.install import schemaupdate
from ipaserver.install import sysupgrade
from ipaserver.install import dnskeysyncinstance
from ipaserver.install.upgradeinstance import IPAUpgrade
@@ -1260,18 +1261,14 @@ def ca_upgrade_schema(ca):
root_logger.info('CA is not configured')
return False
- realm = krbV.default_context().default_realm
- upgrade = IPAUpgrade(realm,
- schema_files=['/usr/share/pki/server/conf/schema-certProfile.ldif'])
+ schema_files=['/usr/share/pki/server/conf/schema-certProfile.ldif']
try:
- upgrade.create_instance()
- except BadSyntax:
- raise RuntimeError(
- 'Bad syntax detected in CA schema file(s).', 1)
- except RuntimeError:
+ modified = schemaupdate.update_schema(schema_files, ldapi=True)
+ except Exception as e:
+ root_logger.error("%s", e)
raise RuntimeError('CA schema upgrade failed.', 1)
else:
- if upgrade.modified:
+ if modified:
root_logger.info('CA schema update complete')
return True
else:
--
2.4.3
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
