On ma, 16 loka 2017, Charles Hedrick via FreeIPA-users wrote:
I just installed a new replica on Centos 7.3. Our existing servers are
also on Centos 7.3, and use IPA 4.4, which comes with Centos 7.3. I was
somewhat surprised to find that my new replica was IPA 4.5 with a newer
version of sssd as well. It appears that the replica install process
did the Centos 7.4 upgrades for ipa and sssd, though the rest of the
system is still Cento 7.3. The resulting system works, with only minor
differences in behavior in sssd. But it was unexpected.

We’ll do a full Centos 7.4 upgrade at the next major break, but had
been holding off doing that during a semester.

It’s moderately important to me not to get unexpected versions of
software. I didn’t even notice the difference until the replica was in
production. In a sense that’s good, because it means 4.5 works fine.
But we could also have discovered it that hard way …
This is not related to FreeIPA but is how CentOS (and RHEL, to some
degree) maintain their repositories.


CentOS Linux releases minor (point in time) versions of our major
branches. Two very important things about CentOS Linux branches are:

   The CentOS Project provides updates or other changes ONLY for the
   latest version of each major branch. Thus, if the latest minor
   version of CentOS-6 is version 6.6 then the CentOS Project only
   provides updated software for this minor version in the 6 branch. If
   you are using an older minor version than the latest in a given
   branch, then you are missing security and bugfix updates.

        <!> Note: Any minor version is just a snapshot with previous
        updates, plus the latest batch of new upstream updates, rolled
        into a new [base] repo with an initially empty [updates] repo.

        {i} Tip: There is a CentOS Vault containing older CentOS trees.
        This vault is a picture of the older tree when it was removed
        from the main tree, and does not receive updates. It should only
be used for reference.
   When setting up yum repositories on CentOS Linux you should ONLY use
   the single digit for the active branch, which corresponds to the
   CentOS Linux major branch. For example,
   http://mirror.centos.org/centos/5/ ,
   http://mirror.centos.org/centos/6/ , or
   http://mirror.centos.org/centos/7/ . This is because we move all
   older minor branches to http://vault.centos.org/ . Remember from the
   prior bullet point, no updates are ever added to minor versions of
CentOS Linux once in the vault.

/ Alexander Bokovoy
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to