Thank you for your reply. We are using CentOS currently for our FreeIPA servers, as per your advice we will skip the full OS automatic patching. If we limit the automated patching to just target kernel packages, will that be risk free?
-Suchi On Thu, Jun 17, 2021 at 1:00 PM Rob Crittenden <rcrit...@redhat.com> wrote: > Suchismita Panda via FreeIPA-users wrote: > > Thanks all for the reply. > > > > Circling back again - We have to do the normal OS upgrade for the > > FreeIPA servers and would like to exclude the FreeIPA package to be > > upgraded. I would like to know the name of the Freeipa packages which > > should be held back from automatic upgrade. > > > > A list would be really helpful. > > It's a tricky question. IPA is more than just the freeipa-* packages. > It's 389-ds, pki-*, sssd-*, a ton of python packages, openldap client > libraries, openssl, nss, bind, krb5. And that's just off the top of my > head. > > In a CentOS/RHEL environment we discourage picking and choosing packages > to upgrade since we only test against what is in a given release. In > Fedora things are bit more fluid so we do the best we can with Requires, > but it isn't feasible to set dependencies on every possible package. > > So by blocking freeipa-server and freeipa-client you'll likely hit the > highlights but no promises nothing will break. There can be big > differences between Fedora releases. > > rob > > > > > On Thu, Apr 15, 2021 at 1:34 PM <hedr...@rutgers.edu > > <mailto:hedr...@rutgers.edu>> wrote: > > > > We haven’t had a failure in the last couple of updates. But there > > have been enough problems in upgrades that we do it manually. In > > fact we duplicate all of our VMs, setting up a duplicate set of > > servers, and first try the upgrade on them before we do it in > > production. We have too many eggs in one basket to risk problems > > with IPA. > > > > > On Mar 31, 2021, at 2:45 PM, Suchismita Panda via FreeIPA-users > > <freeipa-users@lists.fedorahosted.org > > <mailto:freeipa-users@lists.fedorahosted.org>> wrote: > > > > > > Hi, > > > > > > I would like to know the best practice for patching FreeIPA-Server > > packages. We generally have daily patching enabled in our servers. > > Will it be a good idea to do automatic patching of FreeIPA-Server > > packages? > > > > > > If we want to restrict the FreeIPA-Server packages from > > automatomatic upgrade and rather keep it for manual upgrade, what > > are the packages we should hold back with a version restriction? And > > how frequently should we do the manual upgrade? If the > > FreeIPA-client packages are upgraded regularly by daily > > patching(yum-cron or unattended upgrade) will there be any problem > > with authentication, if the FreeIPA-Servers are behind version > upgrade? > > > > > > We have two FreeIPA environments, one with CentOS7 and another > > with CentOS8. And we have FreeIPA clients mostly with Ubuntu(18 and > > 20) and CentOS (7 and 8). > > > > > > Any help and guidance is appreciated. > > > > > > Thanks > > > Suchi > > > _______________________________________________ > > > FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org > > <mailto:freeipa-users@lists.fedorahosted.org> > > > To unsubscribe send an email to > > freeipa-users-le...@lists.fedorahosted.org > > <mailto:freeipa-users-le...@lists.fedorahosted.org> > > > Fedora Code of Conduct: > > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > > > List Guidelines: > > https://fedoraproject.org/wiki/Mailing_list_guidelines > > > List Archives: > > > https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org > > > Do not reply to spam on the list, report it: > > https://pagure.io/fedora-infrastructure > > > > > > _______________________________________________ > > FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org > > To unsubscribe send an email to > freeipa-users-le...@lists.fedorahosted.org > > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > > List Archives: > https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org > > Do not reply to spam on the list, report it: > https://pagure.io/fedora-infrastructure > > > >
_______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
